Pronađeni su i otklonjeni brojni propusti paketa Mozilla XULRunner i Firefox. Ovi nedostaci mogli su omogućiti zlonamjernom korisniku da ugrozi komunikaciju između preglednika i poslužitelja, pokrene proizvoljni programski kod te izvede DoS napad.

   openSUSE Security Update: xulrunner to 14.0.1
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0924-1
Rating:             critical
References:         #771583 
Cross-References:   CVE-2012-1948 CVE-2012-1949 CVE-2012-1950
                    CVE-2012-1951 CVE-2012-1952 CVE-2012-1953
                    CVE-2012-1954 CVE-2012-1955 CVE-2012-1957
                    CVE-2012-1958 CVE-2012-1959 CVE-2012-1960
                    CVE-2012-1961 CVE-2012-1962 CVE-2012-1963
                    CVE-2012-1965 CVE-2012-1966 CVE-2012-1967
                   
Affected Products:
                    openSUSE 12.1
______________________________________________________________________________

   An update that fixes 18 vulnerabilities is now available.

Description:

   Mozilla XULRunner was updated to 14.0.1, fixing bugs and
   security issues:



   Following security issues were fixed: MFSA 2012-42: Mozilla
   developers identified and fixed several memory safety bugs
   in the browser engine used in Firefox and other
   Mozilla-based products. Some of these bugs showed evidence
   of memory corruption under certain circumstances, and we
   presume that with enough effort at least some of these
   could be exploited to run arbitrary code.

   CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler,
   Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey,
   and Kyle Huey reported memory safety problems and crashes
   that affect Firefox 13.

   CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian
   Holler, and Bill McCloskey reported memory safety problems
   and crashes that affect Firefox ESR 10 and Firefox 13.


   MFSA 2012-43 / CVE-2012-1950: Security researcher Mario
   Gomes andresearch firm Code Audit Labs reported a mechanism
   to short-circuit page loads through drag and drop to the
   addressbar by canceling the page load. This causes the
   address of the previously site entered to be displayed in
   the addressbar instead of the currently loaded page. This
   could lead to potential phishing attacks on users.

   MFSA 2012-44

   Google security researcher Abhishek Arya used the Address
   Sanitizer tool to uncover four issues: two use-after-free
   problems, one out of bounds read bug, and a bad cast. The
   first use-after-free problem is caused when an array of
   nsSMILTimeValueSpec objects is destroyed but attempts are
   made to call into objects in this array later. The second
   use-after-free problem is in nsDocument::AdoptNode when it
   adopts into an empty document and then adopts into another
   document, emptying the first one. The heap buffer overflow
   is in ElementAnimations when data is read off of end of an
   array and then pointers are dereferenced. The bad cast
   happens when nsTableFrame::InsertFrames is called with
   frames in aFrameList that are a mix of row group frames and
   column group frames. AppendFrames is not able to handle
   this mix.

   All four of these issues are potentially exploitable.
   CVE-2012-1951: Heap-use-after-free in
   nsSMILTimeValueSpec::IsEventBased CVE-2012-1954:
   Heap-use-after-free in nsDocument::AdoptNode CVE-2012-1953:
   Out of bounds read in ElementAnimations::EnsureStyleRuleFor
   CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames


   MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz
   Mlynski reported an issue with spoofing of the location
   property. In this issue, calls to history.forward and
   history.back are used to navigate to a site while
   displaying the previous site in the addressbar but changing
   the baseURI to the newer site. This can be used for
   phishing by allowing the user input form or other data on
   the newer, attacking, site while appearing to be on the
   older, displayed site.

   MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher
   moz_bug_r_a4 reported a cross-site scripting (XSS) attack
   through the context menu using a data: URL. In this issue,
   context menu functionality ("View Image", "Show only this
   frame", and "View background image") are disallowed in a
   javascript: URL but allowed in a data: URL, allowing for
   XSS. This can lead to arbitrary code execution.

   MFSA 2012-47 / CVE-2012-1957: Security researcher Mario
   Heiderich reported that javascript could be executed in the
   HTML feed-view using tag within the RSS . This problem is
   due to tags not being filtered out during parsing and can
   lead to a potential cross-site scripting (XSS) attack. The
   flaw existed in a parser utility class and could affect
   other parts of the browser or add-ons which rely on that
   class to sanitize untrusted input.


   MFSA 2012-48 / CVE-2012-1958: Security researcher Arthur
   Gerkis used the Address Sanitizer tool to find a
   use-after-free in nsGlobalWindow::PageHidden when
   mFocusedContent is released and oldFocusedContent is used
   afterwards. This use-after-free could possibly allow for
   remote code execution.


   MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby
   Holley found that same-compartment security wrappers (SCSW)
   can be bypassed by passing them to another compartment.
   Cross-compartment wrappers often do not go through SCSW,

   but have a filtering policy built into them. When an object
   is wrapped cross-compartment, the SCSW is stripped off and,
   when the object is read read back, it is not known that
   SCSW was previously present, resulting in a bypassing of
   SCSW. This could result in untrusted content having access
   to the XBL that implements browser functionality.

   MFSA 2012-50 / CVE-2012-1960: Google developer Tony Payne
   reported an out of bounds (OOB) read in QCMS, Mozillaâ??s
   color management library. With a carefully crafted color
   profile portions of a user's memory could be incorporated
   into a transformed image and possibly deciphered.


   MFSA 2012-51 / CVE-2012-1961: Bugzilla developer FrÄ