[security-announce] openSUSE-SU-2012:0258-1: critical: MozillaFirefox to 10.0.1

[security-announce] openSUSE-SU-2012:0258-1: critical: MozillaFirefox to 10.0.1
14-Feb-2012 13:08

openSUSE Security Update: MozillaFirefox to 10.0.1 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0258-1 Rating: critical References: #746616 Cross-References: CVE-2012-0452 Affected Produc…

More…

Be aware that this affects not only openSUSE 11.4 but also openSUSE 12.1 (and probably also Factory and Evergreen:11.2):

Regards
Martin

Re: [opensuse-security] Fwd: [security-announce] openSUSE-SU-2012:0258-1

Re: [opensuse-security] Fwd: [security-announce] openSUSE-SU-2012:0258-1: critical: MozillaFirefox to 10.0.1

From: Marcus Meissner <meissner@xxxxxxx>
Date: Wed, 15 Feb 2012 15:42:48 +0100
Message-id: <20120215144248.GE23954@suse.de>

On Wed, Feb 15, 2012 at 03:19:50PM +0100, pistazienfresser wrote:

[QUOTE] Hello,

why is openSUSE 12.1 not listed under "Affected Products" in the
security-announce but in the OBS/in bugzilla ?

openSUSE 12.1 does not currently publish security notices
as a new workflow is used and still being implemented on it.
Sadly this takes longer than expected so all the goods known
from earlier releases like 11.4 are not there yet.

I will push harder to get the notices running again.

And yes, it is affected by this problem.

Ciao, Marcus

Regards
Martin

https://bugzilla.novell.com/show_bug.cgi?id=746616#c4

[Quote]
Bernhard Wiedemann 2012-02-13 00:00:13 UTC

This is an autogenerated message for OBS integration:
This bug (746616) was mentioned in
https://build.opensuse.org/request/show/104181 11.4 / MozillaFirefox
https://build.opensuse.org/request/show/104182 12.1 / MozillaFirefox
https://build.opensuse.org/request/show/104183 Factory / MozillaFirefox
https://build.opensuse.org/request/show/104184 12.1 / MozillaThunderbird
https://build.opensuse.org/request/show/104185 Factory / MozillaThunderbird
https://build.opensuse.org/request/show/104186 11.4 / seamonkey
https://build.opensuse.org/request/show/104187 12.1 / seamonkey
https://build.opensuse.org/request/show/104188 Evergreen:11.2 / seamonkey
https://build.opensuse.org/request/show/104189 Factory / seamonkey
https://build.opensuse.org/request/show/104191 12.1 / xulrunner
https://build.opensuse.org/request/show/104192 Factory / xulrunner
---------- Forwarded message ----------
From: <opensuse-security@xxxxxxxxxxxx>
Date: 2012/2/14
Subject: [security-announce] openSUSE-SU-2012:0258-1: critical:
MozillaFirefox to 10.0.1
To: opensuse-security-announce@xxxxxxxxxxxx


  openSUSE Security Update: MozillaFirefox to 10.0.1
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0258-1
Rating:             critical
References:         #746616
Cross-References:   CVE-2012-0452
Affected Products:
                   openSUSE 11.4
______________________________________________________________________________

  An update that fixes one vulnerability is now available. It
  includes two new package versions.

Description:

  MozillaFirefox was updated to 10.0.1 to fix critical bugs
  and security issue.

  Following security issue was fixed: CVE-2012-0452: Mozilla
  developers Andrew McCreight and Olli Pettay found that
  ReadPrototypeBindings will leave a XBL binding in a hash
  table even when the function fails. If this occurs, when
  the cycle collector reads this hash table and attempts to
  do a virtual method on this binding a crash will occur.
  This crash may be potentially exploitable.

  Firefox 9 and earlier are not affected by this
  vulnerability.

  https://www.mozilla.org/security/announce/2012/mfsa2012-10.h
  tml


Patch Instructions:

  To install this openSUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - openSUSE 11.4:

     zypper in -t patch MozillaFirefox-5799 seamonkey-5804

  To bring your system up-to-date, use "zypper patch".


Package List:

  - openSUSE 11.4 (i586 x86_64) [New Version: 10.0.1 and 2.7.1]:

     MozillaFirefox-10.0.1-0.2.1
     MozillaFirefox-branding-upstream-10.0.1-0.2.1
     MozillaFirefox-buildsymbols-10.0.1-0.2.1
     MozillaFirefox-devel-10.0.1-0.2.1
     MozillaFirefox-translations-common-10.0.1-0.2.1
     MozillaFirefox-translations-other-10.0.1-0.2.1
     seamonkey-2.7.1-0.2.1
     seamonkey-dom-inspector-2.7.1-0.2.1
     seamonkey-irc-2.7.1-0.2.1
     seamonkey-translations-common-2.7.1-0.2.1
     seamonkey-translations-other-2.7.1-0.2.1
     seamonkey-venkman-2.7.1-0.2.1


References:

  [CVE-2012-0452](http://support.novell.com/security/cve/CVE-2012-0452.html)
  https://bugzilla.novell.com/746616

…]
[/QUOTE]
…]
[/QUOTE]