openSUSE-SU-2012:1345-1 -- Suse MozillaFirefoxID: oval:org.secpod.oval:def:400396 | Date: (C)2012-12-31 (M)2021-09-12 |
Class: PATCH | Family: unix |
The Mozilla suite received following security updates : Mozilla Firefox was updated to 16.0.1. Mozilla Seamonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. * MFSA 2012-88/CVE-2012-4191 Miscellaneous memory safety hazards * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 defaultValue security checks not applied * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards * MFSA 2012-75/CVE-2012-3984 select element persistance allows for attacks * MFSA 2012-76/CVE-2012-3985 Continued access to initial origin after setting document.domain * MFSA 2012-77/CVE-2012-3986 Some DOMWindowUtils methods bypass security checks * MFSA 2012-79/CVE-2012-3988 DOS and crash with full screen and history navigation * MFSA 2012-80/CVE-2012-3989 Crash with invalid cast when using instanceof operator * MFSA 2012-81/CVE-2012-3991 GetProperty function can bypass security checks * MFSA 2012-82/CVE-2012-3994 top object and location property accessible by plugins * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 Chrome Object Wrapper does not disallow acces to privileged functions or properties * MFSA 2012-84/CVE-2012-3992 Spoofing and script injection through location.hash * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer * MFSA 2012-87/CVE-2012-3990