SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey,mozilla SUSE-SA:2008:050

Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
The Mozilla suite of programs was updated to fix various security problems and bugs. MozillaFirefox 2.0.0.* were updated to version 2.0.0.17. MozillaFirefox 3.0.1 was updated to version 3.0.3. (openSUSE 11.0) MozillaThunderbird was updated to version 2.0.0.17. seamonkey was updated to version 1.1.12. Older browser versions have received backported fixes. Packages have been released over the last 2 weeks. Security problems fixed: CVE-2008-4069: XBM image uninitialized memory reading CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before execution CVE-2008-4065: Stripped BOM characters bug CVE-2008-4066: HTML escaped low surrogates bug MFSA 2008-42 Crashes with evidence of memory corruption CVE-2008-4061: Jesse Ruderman reported a crash in the layout engine. CVE-2008-4062: Igor Bukanov, Philip Taylor, Georgi Guninski, and Antoine Labour reported crashes in the JavaScript engine. CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers reported crashes in the layout engine which only affected Firefox 3. CVE-2008-4064: David Maciejak and Drew Yao reported crashes in graphics rendering which only affected Firefox 3. MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution CVE-2008-4058: XPCnativeWrapper pollution bugs CVE-2008-4059: XPCnativeWrapper pollution (Firefox 2) CVE-2008-4060: Documents without script handling objects CVE-2008-3837: Forced mouse drag CVE-2008-3836: Privilege escalation using feed preview page and XSS flaw CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation CVE-2008-0016: UTF-8 URL stack buffer overflow For more details: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html http://www.mozilla.org/security/known-vulnerabilities/firefox20.html http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
Affected
MozillaFirefox,MozillaThunderbird,seamonkey,mozilla on openSUSE 10.2, openSUSE 10.3, openSUSE 11.0, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SLE SDK 10 SP2, SUSE Linux Enterprise Server 10 SP1, SUSE Linux Enterprise Desktop 10 SP2, SUSE Linux Enterprise 10 SP2 DEBUGINFO, SUSE Linux Enterprise Server 10 SP2
References