remote code execution

Please Install the Updated Packages.

Mozilla released a round of security updates. Mozilla Firefox was updated to version 6 on openSUSE 11.4, Mozilla Firefox was updated to version 3.6.20 on openSUSE 11.3 and SUSE Linux Enterprise 10 and 11. Seamonkey was updated to 2.3 on openSUSE 11.3,11.4 Mozilla Thunderbird was updated to 3.1.2 on openSUSE 11.3,11.4. Mozilla XULRunner was updated to 1.9.2.20. The updates bring new features, fix bugs and security issues. Mozilla Firefox 6: http://www.mozilla.org/security/announce/2011/mfsa2011-29.html Mozilla Firefox 3.6.20: http://www.mozilla.org/security/announce/2011/mfsa2011-30.html Mozilla Seamonkey 2.3: http://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla Thunderbird: http://www.mozilla.org/security/announce/2011/mfsa2011-32.html * Miscellaneous memory safety hazards: Mozilla identified and fixed several memory safety bugs in the browser engine used in Firefox 4, Firefox 5 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Thunderbird 3.1. CVE-2011-2982 Aral Yaman reported a WebGL crash which affected Firefox 4 and Firefox 5. CVE-2011-2989 Vivekanand Bolajwar reported a JavaScript crash which affected Firefox 4 and Firefox 5. CVE-2011-2991 Bert Hubert and Theo Snelleman of Fox-IT reported a crash in the OGG reader which affected Firefox 4 and Firefox 5. CVE-2011-2992 Mozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected Firefox 4 and Firefox 5. CVE-2011-2985 * Unsigned scripts can call script inside signed JAR Rafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. CVE-2011-2993 * String crash using WebGL shaders Michael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. CVE-2011-2988 * Heap overflow in ANGLE library Michael Jordon of Context IS reported a potentially exploitable heap overf ... Description truncated, for more information please check the Reference URL

MozillaFirefox,MozillaThunderbird,seamonkey on openSUSE 11.3, openSUSE 11.4

• http://www.suse.com/support/security/advisories/2011_37_firefox.html

---

Updated on 2015-03-25