|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: MozillaFirefox 6 / 3.6.20 security update round | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | General | Assignee: | Petr Cerny <pcerny> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Critical | ||
| Priority: | P1 - Urgent | CC: | meissner, msvec, security-team, wolfgang |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | maint:released:11.3:42735 maint:released:11.3:42754 maint:released:11.4:42754 maint:released:11.3:42713 maint:released:11.3:42718 maint:released:11.4:42718 maint:released:11.4:42717 maint:released:11.3:42839 maint:released:11.4:42839 maint:released:11.4:42712 maint:released:sle10-sp4:42716 maint:released:sle11-sp1:42714 maint:released:sle10-sp3:42715 CVSSv2:NVD:CVE-2011-0084:10.0:(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:RedHat:CVE-2011-0084:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) | ||
| Found By: | Third Party Developer/Partner | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Marcus Meissner
2011-08-15 11:19:02 UTC
The SWAMPID for this issue is 42663. This issue was rated as important. Please submit fixed packages until 2011-08-22. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team. I had filed bug 711954 about it. (and obviously didn't add the right people ;-)) *** Bug 711954 has been marked as a duplicate of this bug. *** yes ;)
from your bug:
MozillaFirefox 3.6.20
mozilla-xulrunner192 1.9.2.20
MozillaFirefox 6 ("security" update to 5)
MozillaThunderbird 3.1.12
MozillaThunderbird 6 ("security" update to 5)
And another one: Seamonkey 2.2 -> 2.3 firefox 6:
Mozilla Foundation Security Advisory 2011-29 (MFSA 2011-29)
* Miscellaneous memory safety hazards:
Mozilla identified and fixed several memory safety bugs in the
browser engine used in Firefox 4, Firefox 5 and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.
Aral Yaman reported a WebGL crash which affected Firefox 4 and Firefox 5.
(CVE-2011-2989)
Vivekanand Bolajwar reported a JavaScript crash which affected Firefox 4
and Firefox 5. (CVE-2011-2991)
Bert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg
reader which affected Firefox 4 and Firefox 5. (CVE-2011-2992)
Mozilla developers and community members Robert Kaiser, Jesse Ruderman,
moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers,
Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety
issues which affected Firefox 4 and Firefox 5. (CVE-2011-2985)
* Unsigned scripts can call script inside signed JAR
Rafael Gieschke reported that unsigned JavaScript could call into script
inside a signed JAR thereby inheriting the identity of the site that
signed the JAR as well as any permissions that a user had granted the
signed JAR. (CVE-2011-2993)
* String crash using WebGL shaders
Michael Jordon of Context IS reported that an overly long shader program
could cause a buffer overrun and crash in a string class used to store
the shader source code. (CVE-2011-2988)
* Heap overflow in ANGLE library
Michael Jordon of Context IS reported a potentially exploitable heap
overflow in the ANGLE library used by Mozilla's WebGL implementation. (CVE-2011-2987)
* Crash in SVGTextElement.getCharNumAtPosition()
Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that a SVG text manipulation routine contained a dangling
pointer vulnerability. (CVE-2011-0084)
* Credential leakage using Content Security Policy reports
Mike Cardwell reported that Content Security Policy violation reports
failed to strip out proxy authorization credentials from the list of
request headers. Daniel Veditz reported that redirecting to a website
with Content Security Policy resulted in the incorrect resolution of
hosts in the constructed policy. (CVE-2011-2990)
* Cross-origin data theft using canvas and Windows D2D
nasalislarvatus3000 reported that when using Windows D2D hardware
acceleration, image data from one domain could be inserted into a
canvas and read by a different domain. (CVE-2011-2986)
3.6.20: Mozilla Foundation Security Advisory 2011-30 (MFSA 2011-30) * Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Firefox 3.6. (CVE-2011-2982) * Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084) * Privilege escalation using event handlers Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in event management code that would permit JavaScript to be run in the wrong context, including that of a different website or potentially in a chrome-privileged context. (CVE-2011-2981) * Dangling pointer vulnerability in appendChild Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that appendChild did not correctly account for DOM objects it operated upon and could be exploited to dereference an invalid pointer. (CVE-2011-2378) * Privilege escalation dropping a tab element in content area Mozilla security researcher moz_bug_r_a4 reported that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area. (CVE-2011-2984) * Binary planting vulnerability in ThinkPadSensor::Startup Security researcher Mitja Kolsek of Acros Security reported that ThinkPadSensor::Startup could potentially be exploited to load a malicious DLL into the running process. (CVE-2011-2980) (This issue is likely Windows only) * Private data leakage using RegExp.input Security researcher shutdown reported that data from other domains could be read when RegExp.input was set. (CVE-2011-2983) wolfgang, I do not see the 11.3 MozillaThunderbird? (11.4 is there) 11.4 neither, there is just a enigmal release nr fix in the local submit. seamonkey 2.3: Mozilla Foundation Security Advisory 2011-33 * Miscellaneous memory safety hazards (rv:4.0) Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Aral Yaman reported a WebGL crash which affected SeaMonkey 2.2. (CVE-2011-2989) Vivekanand Bolajwar reported a JavaScript crash which affected SeaMonkey 2.2. (CVE-2011-2991) Bert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected SeaMonkey 2.2. (CVE-2011-2992) Mozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected SeaMonkey 2.2. (CVE-2011-2985) * Unsigned scripts can call script inside signed JAR Rafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. (CVE-2011-2993) * String crash using WebGL shaders Michael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. (CVE-2011-2988) * Heap overflow in ANGLE library Michael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla's WebGL implementation. (CVE-2011-2987) * Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084) * Credential leakage using Content Security Policy reports Mike Cardwell reported that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Daniel Veditz reported that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. (CVE-2011-2990) * Cross-origin data theft using canvas and Windows D2D nasalislarvatus3000 reported that when using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain. (CVE-2011-2986) so: MozillaThunderbird for oS: missing But also SLE submits missing: Petr? I will provide Thunderbird asap. I'm travelling and it just needs fixing up the changelogs. There is a problem with seamonkey on 11.3. Version 2.3 is the only current supported version but afaik fails to build on 11.3 because of too old yasm. How do we proceed with that? This is an autogenerated message for OBS integration: This bug (712224) was mentioned in https://build.opensuse.org/request/show/79168 11.4 / MozillaThunderbird https://build.opensuse.org/request/show/79169 11.3 / MozillaThunderbird https://build.opensuse.org/request/show/79170 Evergreen:11.2 / MozillaThunderbird https://build.opensuse.org/request/show/79171 Evergreen:11.1 / MozillaThunderbird why does just seamonkey fail with yasm? I guess we could update yasm to a newer version by gut feeling. (In reply to comment #14) > why does just seamonkey fail with yasm? Because the higher requirement came with Gecko 2 and we still have Gecko 1.9.2 backed apps only on 11.3 and older > I guess we could update yasm to a newer version by gut feeling. That's your call. In the mozilla repo I'm using a newer yasm for older dists w/o issues. i will just put up a 11.3 yasm update to 11.4 level. package and patchinfo si already submittedc. ff 6 on 11.4 did not build due to: checking for NSPR - version >= 4.8.8... no configure: error: your don't have NSPR installed or your version is too old *** Fix above errors and then restart with "make -f client.mk build" So we need to rev NSPR and probably also NSS. Wolfgang, could you submit the current mozilla-nss and -nspr too for 11.4? We just take it with this update. (Should we do it for 11.3 too? will seamonkey 2.3 require it?) Will submit them asap. Seamonkey will require them as well as it's the same engine as FF6 Update released for: yasm, yasm-debuginfo, yasm-debugsource, yasm-devel Products: openSUSE 11.3 (debug, i586, x86_64) Update released for: mozilla-nspr, mozilla-nspr-debuginfo, mozilla-nspr-debugsource, mozilla-nspr-devel Products: openSUSE 11.3 (debug, i586, x86_64) openSUSE 11.4 (debug, i586, x86_64) Update released for: libfreebl3, libfreebl3-debuginfo, libsoftokn3, libsoftokn3-debuginfo, mozilla-nss, mozilla-nss-certs, mozilla-nss-certs-debuginfo, mozilla-nss-debuginfo, mozilla-nss-debugsource, mozilla-nss-devel, mozilla-nss-sysinit, mozilla-nss-sysinit-debuginfo, mozilla-nss-tools, mozilla-nss-tools-debuginfo Products: openSUSE 11.3 (debug, i586, x86_64) openSUSE 11.4 (debug, i586, x86_64) Sorry for late submission 14399 home:pcerny:SLE-11/mozilla-xulrunner192 -> SUSE:SLE-11:Update:Test 14400 home:pcerny:SLE-11/MozillaFirefox -> SUSE:SLE-11:Update:Test 14401 home:pcerny:SLE-10-SP3/mozilla-xulrunner192 -> SUSE:SLE-10-SP3:Update:Test 14402 home:pcerny:SLE-10-SP3/MozillaFirefox -> SUSE:SLE-10-SP3:Update:Test (This should also fix Bug 713027) Thunderbird: Mozilla Foundation Security Advisory 2011-32 (MFSA 2011-32) http://www.mozilla.org/security/announce/2011/mfsa2011-32.html Many of the issues listed below are not exploitable through mail since JavaScript is disabled by default in Thunderbird. These particular issues may be triggered while viewing RSS feeds and displaying full remote content rather than the feed summary. Addons that expose browser functionality may also enable such issues to be exploited. * Miscellaneous memory safety hazards (rv:1.9.2.20) Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Thunderbird 3.1 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Thunderbird 3.1. (CVE-2011-2982) * Crash in SVGTextElement.getCharNumAtPosition() Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. (CVE-2011-0084) * Privilege escalation using event handlers Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in event management code that would permit JavaScript to be run in the wrong context, including that of a different website or potentially in a chrome-privileged context. (CVE-2011-2981) * Dangling pointer vulnerability in appendChild Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that appendChild did not correctly account for DOM objects it operated upon and could be exploited to dereference an invalid pointer. (CVE-2011-2378) * Privilege escalation dropping a tab element in content area Mozilla security researcher moz_bug_r_a4 reported that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area. (CVE-2011-2984) * Binary planting vulnerability in ThinkPadSensor::Startup Security researcher Mitja Kolsek of Acros Security reported that ThinkPadSensor::Startup could potentially be exploited to load a malicious DLL into the running process. (CVE-2011-2980) * Private data leakage using RegExp.input Security researcher shutdown reported that data from other domains could be read when RegExp.input was set. (CVE-2011-2983) Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations-common, MozillaFirefox-translations-other, mozilla-js192, mozilla-js192-debuginfo, mozilla-xulrunner192, mozilla-xulrunner192-buildsymbols, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-debugsource, mozilla-xulrunner192-devel, mozilla-xulrunner192-devel-debuginfo, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-debuginfo, mozilla-xulrunner192-translations-common, mozilla-xulrunner192-translations-other Products: openSUSE 11.3 (debug, i586, x86_64) Update released for: seamonkey, seamonkey-debuginfo, seamonkey-debugsource, seamonkey-dom-inspector, seamonkey-irc, seamonkey-translations-common, seamonkey-translations-other, seamonkey-venkman Products: openSUSE 11.3 (debug, i586, x86_64) openSUSE 11.4 (debug, i586, x86_64) Update released for: mozilla-js192, mozilla-js192-debuginfo, mozilla-xulrunner192, mozilla-xulrunner192-buildsymbols, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-debugsource, mozilla-xulrunner192-devel, mozilla-xulrunner192-devel-debuginfo, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-debuginfo, mozilla-xulrunner192-translations-common, mozilla-xulrunner192-translations-other Products: openSUSE 11.4 (debug, i586, x86_64) Update released for: MozillaThunderbird, MozillaThunderbird-buildsymbols, MozillaThunderbird-debuginfo, MozillaThunderbird-debugsource, MozillaThunderbird-devel, MozillaThunderbird-devel-debuginfo, MozillaThunderbird-translations-common, MozillaThunderbird-translations-other, enigmail, enigmail-debuginfo Products: openSUSE 11.3 (debug, i586, x86_64) openSUSE 11.4 (debug, i586, x86_64) Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-buildsymbols, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations-common, MozillaFirefox-translations-other Products: openSUSE 11.4 (debug, i586, x86_64) released all I guess. Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-translations, mozilla-xulrunner192, mozilla-xulrunner192-32bit, mozilla-xulrunner192-64bit, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-32bit, mozilla-xulrunner192-gnome-64bit, mozilla-xulrunner192-gnome-x86, mozilla-xulrunner192-translations, mozilla-xulrunner192-translations-32bit, mozilla-xulrunner192-translations-64bit, mozilla-xulrunner192-translations-x86, mozilla-xulrunner192-x86 Products: SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64) Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-translations, mozilla-xulrunner192, mozilla-xulrunner192-32bit, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-debuginfo-32bit, mozilla-xulrunner192-debuginfo-x86, mozilla-xulrunner192-debugsource, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-32bit, mozilla-xulrunner192-gnome-x86, mozilla-xulrunner192-translations, mozilla-xulrunner192-translations-32bit, mozilla-xulrunner192-translations-x86, mozilla-xulrunner192-x86 Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64) SLES4VMWARE 11-SP1 (i386, x86_64) Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-translations, mozilla-xulrunner192, mozilla-xulrunner192-32bit, mozilla-xulrunner192-64bit, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-32bit, mozilla-xulrunner192-gnome-64bit, mozilla-xulrunner192-gnome-x86, mozilla-xulrunner192-translations, mozilla-xulrunner192-translations-32bit, mozilla-xulrunner192-translations-64bit, mozilla-xulrunner192-translations-x86, mozilla-xulrunner192-x86 Products: SLE-DEBUGINFO 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SAP-APL 10-SP3 (x86_64) SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64) Should there be an update to MozillaFirefox-branding-openSUSE? After I installed the Firefox update in 11.4, Firefox complained that "openSUSE Firefox Extensions" was incompatible with 6.0 and disabled it. That extension is not very important and we got reports that it may cause a bug with tab groups in Firefox 6 and above. Therefore we decided not to wait for investigation of that issue before releasing Firefox. openSUSE-SU-2012:0567-1: An update that fixes 38 vulnerabilities is now available. Category: security (moderate) Bug References: 712224,714931,720264,726758,728520,732898,733002,744275,746616,747328,749440,750044,755060,758408 CVE References: CVE-2011-1187,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2991,CVE-2011-2992,CVE-2011-3005,CVE-2011-3062,CVE-2011-3232,CVE-2011-3651,CVE-2011-3652,CVE-2011-3654,CVE-2011-3655,CVE-2011-3658,CVE-2011-3660,CVE-2011-3661,CVE-2011-3663,CVE-2012-0445,CVE-2012-0446,CVE-2012-0447,CVE-2012-0451,CVE-2012-0452,CVE-2012-0459,CVE-2012-0460,CVE-2012-0467,CVE-2012-0468,CVE-2012-0469,CVE-2012-0470,CVE-2012-0471,CVE-2012-0472,CVE-2012-0473,CVE-2012-0474,CVE-2012-0475,CVE-2012-0477,CVE-2012-0478,CVE-2012-0479 Sources used: openSUSE 12.1 (src): MozillaFirefox-12.0-2.26.1, MozillaThunderbird-12.0-33.20.1, seamonkey-2.9-2.18.1, xulrunner-12.0-2.26.1 openSUSE 11.4 (src): MozillaFirefox-12.0-18.1, MozillaThunderbird-12.0-18.1, seamonkey-2.9-18.1 openSUSE-SU-2014:1100-1: An update that fixes 475 vulnerabilities is now available. Category: security (important) Bug References: 104586,354469,385739,390992,417869,41903,429179,439841,441084,455804,484321,503151,518603,527418,528406,529180,542809,559819,576969,582276,586567,593807,603356,622506,637303,642502,645315,649492,657016,664211,667155,689281,701296,712224,714931,720264,726758,728520,732898,733002,737533,744275,746616,747328,749440,750044,755060,758408,765204,771583,777588,783533,786522,790140,796895,804248,808243,813026,819204,825935,833389,840485,847708,854370,861847,868603,875378,876833,881874,887746,894201,894370 CVE References: CVE-2007-3089,CVE-2007-3285,CVE-2007-3656,CVE-2007-3670,CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738,CVE-2008-0016,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235,CVE-2008-1236,CVE-2008-1237,CVE-2008-3835,CVE-2008-4058,CVE-2008-4059,CVE-2008-4060,CVE-2008-4061,CVE-2008-4062,CVE-2008-4063,CVE-2008-4064,CVE-2008-4065,CVE-2008-4066,CVE-2008-4067,CVE-2008-4068,CVE-2008-4070,CVE-2008-5012,CVE-2008-5014,CVE-2008-5016,CVE-2008-5017,CVE-2008-5018,CVE-2008-5021,CVE-2008-5022,CVE-2008-5024,CVE-2008-5500,CVE-2008-5501,CVE-2008-5502,CVE-2008-5503,CVE-2008-5506,CVE-2008-5507,CVE-2008-5508,CVE-2008-5510,CVE-2008-5511,CVE-2008-5512,CVE-2009-0040,CVE-2009-0771,CVE-2009-0772,CVE-2009-0773,CVE-2009-0774,CVE-2009-0776,CVE-2009-1571,CVE-2009-3555,CVE-2010-0159,CVE-2010-0173,CVE-2010-0174,CVE-2010-0175,CVE-2010-0176,CVE-2010-0182,CVE-2010-0654,CVE-2010-1121,CVE-2010-1196,CVE-2010-1199,CVE-2010-1200,CVE-2010-1201,CVE-2010-1202,CVE-2010-1203,CVE-2010-1205,CVE-2010-1211,CVE-2010-1212,CVE-2010-1213,CVE-2010-1585,CVE-2010-2752,CVE-2010-2753,CVE-2010-2754,CVE-2010-2760,CVE-2010-2762,CVE-2010-2764,CVE-2010-2765,CVE-2010-2766,CVE-2010-2767,CVE-2010-2768,CVE-2010-2769,CVE-2010-3166,CVE-2010-3167,CVE-2010-3168,CVE-2010-3169,CVE-2010-3170,CVE-2010-3173,CVE-2010-3174,CVE-2010-3175,CVE-2010-3176,CVE-2010-3178,CVE-2010-3179,CVE-2010-3180,CVE-2010-3182,CVE-2010-3183,CVE-2010-3765,CVE-2010-3768,CVE-2010-3769,CVE-2010-3776,CVE-2010-3777,CVE-2010-3778,CVE-2011-0053,CVE-2011-0061,CVE-2011-0062,CVE-2011-0069,CVE-2011-0070,CVE-2011-0072,CVE-2011-0074,CVE-2011-0075,CVE-2011-0077,CVE-2011-0078,CVE-2011-0080,CVE-2011-0081,CVE-2011-0083,CVE-2011-0084,CVE-2011-0085,CVE-2011-1187,CVE-2011-2362,CVE-2011-2363,CVE-2011-2364,CVE-2011-2365,CVE-2011-2371,CVE-2011-2372,CVE-2011-2373,CVE-2011-2374,CVE-2011-2376,CVE-2011-2377,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2991,CVE-2011-2992,CVE-2011-3000,CVE-2011-3001,CVE-2011-3005,CVE-2011-3026,CVE-2011-3062,CVE-2011-3101,CVE-2011-3232,CVE-2011-3648,CVE-2011-3650,CVE-2011-3651,CVE-2011-3652,CVE-2011-3654,CVE-2011-3655,CVE-2011-3658,CVE-2011-3659,CVE-2011-3660,CVE-2011-3661,CVE-2011-3663,CVE-2012-0441,CVE-2012-0442,CVE-2012-0443,CVE-2012-0444,CVE-2012-0445,CVE-2012-0446,CVE-2012-0447,CVE-2012-0449,CVE-2012-0451,CVE-2012-0452,CVE-2012-0455,CVE-2012-0456,CVE-2012-0457,CVE-2012-0458,CVE-2012-0459,CVE-2012-0460,CVE-2012-0461,CVE-2012-0462,CVE-2012-0463,CVE-2012-0464,CVE-2012-0467,CVE-2012-0468,CVE-2012-0469,CVE-2012-0470,CVE-2012-0471,CVE-2012-0472,CVE-2012-0473,CVE-2012-0474,CVE-2012-0475,CVE-2012-0477,CVE-2012-0478,CVE-2012-0479,CVE-2012-0759,CVE-2012-1937,CVE-2012-1938,CVE-2012-1940,CVE-2012-1941,CVE-2012-1944,CVE-2012-1945,CVE-2012-1946,CVE-2012-1947,CVE-2012-1948,CVE-2012-1949,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1956,CVE-2012-1957,CVE-2012-1958,CVE-2012-1959,CVE-2012-1960,CVE-2012-1961,CVE-2012-1962,CVE-2012-1963,CVE-2012-1967,CVE-2012-1970,CVE-2012-1972,CVE-2012-1973,CVE-2012-1974,CVE-2012-1975,CVE-2012-1976,CVE-2012-3956,CVE-2012-3957,CVE-2012-3958,CVE-2012-3959,CVE-2012-3960,CVE-2012-3961,CVE-2012-3962,CVE-2012-3963,CVE-2012-3964,CVE-2012-3966,CVE-2012-3967,CVE-2012-3968,CVE-2012-3969,CVE-2012-3970,CVE-2012-3971,CVE-2012-3972,CVE-2012-3975,CVE-2012-3978,CVE-2012-3980,CVE-2012-3982,CVE-2012-3983,CVE-2012-3984,CVE-2012-3985,CVE-2012-3986,CVE-2012-3988,CVE-2012-3989,CVE-2012-3990,CVE-2012-3991,CVE-2012-3992,CVE-2012-3993,CVE-2012-3994,CVE-2012-3995,CVE-2012-4179,CVE-2012-4180,CVE-2012-4181,CVE-2012-4182,CVE-2012-4183,CVE-2012-4184,CVE-2012-4185,CVE-2012-4186,CVE-2012-4187,CVE-2012-4188,CVE-2012-4191,CVE-2012-4192,CVE-2012-4193,CVE-2012-4194,CVE-2012-4195,CVE-2012-4196,CVE-2012-4201,CVE-2012-4202,CVE-2012-4204,CVE-2012-4205,CVE-2012-4207,CVE-2012-4208,CVE-2012-4209,CVE-2012-4212,CVE-2012-4213,CVE-2012-4214,CVE-2012-4215,CVE-2012-4216,CVE-2012-4217,CVE-2012-4218,CVE-2012-5829,CVE-2012-5830,CVE-2012-5833,CVE-2012-5835,CVE-2012-5836,CVE-2012-5837,CVE-2012-5838,CVE-2012-5839,CVE-2012-5840,CVE-2012-5841,CVE-2012-5842,CVE-2012-5843,CVE-2013-0743,CVE-2013-0744,CVE-2013-0745,CVE-2013-0746,CVE-2013-0747,CVE-2013-0748,CVE-2013-0749,CVE-2013-0750,CVE-2013-0752,CVE-2013-0753,CVE-2013-0754,CVE-2013-0755,CVE-2013-0756,CVE-2013-0757,CVE-2013-0758,CVE-2013-0760,CVE-2013-0761,CVE-2013-0762,CVE-2013-0763,CVE-2013-0764,CVE-2013-0766,CVE-2013-0767,CVE-2013-0768,CVE-2013-0769,CVE-2013-0770,CVE-2013-0771,CVE-2013-0773,CVE-2013-0774,CVE-2013-0775,CVE-2013-0776,CVE-2013-0780,CVE-2013-0782,CVE-2013-0783,CVE-2013-0787,CVE-2013-0788,CVE-2013-0789,CVE-2013-0793,CVE-2013-0795,CVE-2013-0796,CVE-2013-0800,CVE-2013-0801,CVE-2013-1669,CVE-2013-1670,CVE-2013-1674,CVE-2013-1675,CVE-2013-1676,CVE-2013-1677,CVE-2013-1678,CVE-2013-1679,CVE-2013-1680,CVE-2013-1681,CVE-2013-1682,CVE-2013-1684,CVE-2013-1685,CVE-2013-1686,CVE-2013-1687,CVE-2013-1690,CVE-2013-1692,CVE-2013-1693,CVE-2013-1694,CVE-2013-1697,CVE-2013-1701,CVE-2013-1709,CVE-2013-1710,CVE-2013-1713,CVE-2013-1714,CVE-2013-1717,CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738,CVE-2013-5590,CVE-2013-5591,CVE-2013-5592,CVE-2013-5593,CVE-2013-5595,CVE-2013-5596,CVE-2013-5597,CVE-2013-5599,CVE-2013-5600,CVE-2013-5601,CVE-2013-5602,CVE-2013-5603,CVE-2013-5604,CVE-2013-5609,CVE-2013-5610,CVE-2013-5611,CVE-2013-5612,CVE-2013-5613,CVE-2013-5614,CVE-2013-5615,CVE-2013-5616,CVE-2013-5618,CVE-2013-5619,CVE-2013-6629,CVE-2013-6630,CVE-2013-6671,CVE-2013-6672,CVE-2013-6673,CVE-2014-1477,CVE-2014-1478,CVE-2014-1479,CVE-2014-1480,CVE-2014-1481,CVE-2014-1482,CVE-2014-1483,CVE-2014-1484,CVE-2014-1485,CVE-2014-1486,CVE-2014-1487,CVE-2014-1488,CVE-2014-1489,CVE-2014-1490,CVE-2014-1491,CVE-2014-1492,CVE-2014-1493,CVE-2014-1494,CVE-2014-1497,CVE-2014-1498,CVE-2014-1499,CVE-2014-1500,CVE-2014-1502,CVE-2014-1504,CVE-2014-1505,CVE-2014-1508,CVE-2014-1509,CVE-2014-1510,CVE-2014-1511,CVE-2014-1512,CVE-2014-1513,CVE-2014-1514,CVE-2014-1518,CVE-2014-1519,CVE-2014-1522,CVE-2014-1523,CVE-2014-1524,CVE-2014-1525,CVE-2014-1526,CVE-2014-1528,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532,CVE-2014-1533,CVE-2014-1534,CVE-2014-1536,CVE-2014-1537,CVE-2014-1538,CVE-2014-1539,CVE-2014-1540,CVE-2014-1541,CVE-2014-1542,CVE-2014-1543,CVE-2014-1544,CVE-2014-1545,CVE-2014-1547,CVE-2014-1548,CVE-2014-1549,CVE-2014-1550,CVE-2014-1552,CVE-2014-1553,CVE-2014-1555,CVE-2014-1556,CVE-2014-1557,CVE-2014-1558,CVE-2014-1559,CVE-2014-1560,CVE-2014-1561,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567 Sources used: openSUSE 11.4 (src): MozillaFirefox-24.8.0-127.1, mozilla-nss-3.16.4-94.1 |