Bug 861847 - VUL-0: Firefox 27/24.3.0 security release
VUL-0: Firefox 27/24.3.0 security release
Status: RESOLVED FIXED
: CVE-2014-1491 CVE-2014-1477 CVE-2014-1479 CVE-2014-1482 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Petr Cerny
Security Team bot
maint:released:sle11-sp3:56175 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-02-03 15:08 UTC by Wolfgang Rosenauer
Modified: 2020-04-05 18:17 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Rosenauer 2014-02-03 15:08:10 UTC
https://wiki.mozilla.org/Releases

Upcoming new Firefox (& Co) releases for February, 4th

Firefox 27
Firefox 24.3.0
Thunderbird 24.3.0
Seamonkey 2.24
(speaking for Factory we might want mozjs24-24.3.0 as well)

Required as a minimal stack are
NSPR 4.10.2
NSS 3.15.4 (see also bug 859055)
Comment 1 Bernhard Wiedemann 2014-02-05 07:00:44 UTC
This is an autogenerated message for OBS integration:
This bug (861847) was mentioned in
https://build.opensuse.org/request/show/220926 Factory / MozillaFirefox
https://build.opensuse.org/request/show/220928 13.1 / MozillaFirefox
https://build.opensuse.org/request/show/220929 12.3 / MozillaFirefox
https://build.opensuse.org/request/show/220930 Factory / MozillaThunderbird
https://build.opensuse.org/request/show/220931 13.1 / MozillaThunderbird
https://build.opensuse.org/request/show/220932 12.3 / MozillaThunderbird
https://build.opensuse.org/request/show/220933 Evergreen:11.4 / MozillaThunderbird
https://build.opensuse.org/request/show/220934 Factory / seamonkey
https://build.opensuse.org/request/show/220935 13.1 / seamonkey
https://build.opensuse.org/request/show/220936 12.3 / seamonkey
https://build.opensuse.org/request/show/220938 Evergreen:11.4 / MozillaFirefox
Comment 3 Swamp Workflow Management 2014-02-05 23:01:21 UTC
bugbot adjusting priority
Comment 4 Alexander Bergmann 2014-02-06 08:41:41 UTC
Mozilla Foundation Security Advisory: 
(http://www.mozilla.org/security/announce/)

-- February 4, 2014 --

mfsa2014-01: (Critical)
Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345)
Memory safety bugs fixed in Firefox 27.0 (CVE-2014-1478)

mfsa2014-02: (High)
Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348)

mfsa2014-03: (Moderate)
Download "open file" dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480)

mfsa2014-04: (Critical)
Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356)

mfsa2014-05: (Moderate)
caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360)

mfsa2014-06: (Moderate)
Fennec leaks profile path to logcat (CVE-2014-1484)

mfsa2014-07: (Moderate)
CSP should block XSLT as script, not as style (CVE-2014-1485)

mfsa2014-08: (Critical)
imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486)

mfsa2014-09: (High)
Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487)

mfsa2014-10: (Low)
settings & history ID bug (CVE-2014-1489)

mfsa2014-11: (Critical)
Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488)

mfsa2014-12: (High)
TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300)
Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289)

mfsa2014-13: (High)
Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309)
Comment 6 Swamp Workflow Management 2014-02-07 09:00:11 UTC
The SWAMPID for this issue is 56169.
This issue was rated as important.
Please submit fixed packages until 2014-02-14.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 7 Swamp Workflow Management 2014-02-08 12:04:21 UTC
openSUSE-SU-2014:0213-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 861847
CVE References: CVE-2013-1740,CVE-2014-1477,CVE-2014-1478,CVE-2014-1479,CVE-2014-1481,CVE-2014-1482,CVE-2014-1486,CVE-2014-1487,CVE-2014-1490,CVE-2014-1491
Sources used:
openSUSE 11.4 (src):    MozillaFirefox-24.3.0-99.1, MozillaThunderbird-24.3.0-85.1, mozilla-nss-3.15.4-78.1
Comment 8 Alexander Bergmann 2014-02-10 10:44:16 UTC
*** Bug 862348 has been marked as a duplicate of this bug. ***
Comment 13 Swamp Workflow Management 2014-02-18 09:13:51 UTC
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations, libfreebl3, libfreebl3-32bit, libfreebl3-64bit, libfreebl3-x86, libsoftokn3, libsoftokn3-32bit, libsoftokn3-64bit, libsoftokn3-x86, mozilla-nss, mozilla-nss-32bit, mozilla-nss-64bit, mozilla-nss-debuginfo, mozilla-nss-debuginfo-32bit, mozilla-nss-debuginfo-64bit, mozilla-nss-debuginfo-x86, mozilla-nss-debugsource, mozilla-nss-devel, mozilla-nss-tools, mozilla-nss-x86
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 14 Swamp Workflow Management 2014-02-18 12:25:48 UTC
SUSE-SU-2014:0248-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 859055,861847
CVE References: CVE-2014-1477,CVE-2014-1479,CVE-2014-1480,CVE-2014-1481,CVE-2014-1482,CVE-2014-1483,CVE-2014-1484,CVE-2014-1485,CVE-2014-1486,CVE-2014-1487,CVE-2014-1488,CVE-2014-1489,CVE-2014-1490,CVE-2014-1491
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    MozillaFirefox-24.3.0esr-0.8.1, mozilla-nss-3.15.4-0.7.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    MozillaFirefox-24.3.0esr-0.8.1, mozilla-nss-3.15.4-0.7.1
SUSE Linux Enterprise Server 11 SP3 (src):    MozillaFirefox-24.3.0esr-0.8.1, MozillaFirefox-branding-SLED-24-0.7.14, mozilla-nss-3.15.4-0.7.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    MozillaFirefox-24.3.0esr-0.8.1, MozillaFirefox-branding-SLED-24-0.7.14, mozilla-nss-3.15.4-0.7.1
Comment 16 Victor Pereira 2014-02-19 10:40:27 UTC
*** Bug 862345 has been marked as a duplicate of this bug. ***
Comment 17 Victor Pereira 2014-02-19 10:40:36 UTC
*** Bug 862356 has been marked as a duplicate of this bug. ***
Comment 18 Victor Pereira 2014-02-19 10:41:05 UTC
*** Bug 862289 has been marked as a duplicate of this bug. ***
Comment 19 Swamp Workflow Management 2014-02-19 15:04:21 UTC
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations, firefox-libstdc++6, libfreebl3, mozilla-nss, mozilla-nss-debuginfo, mozilla-nss-debugsource, mozilla-nss-devel, mozilla-nss-tools
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 20 Swamp Workflow Management 2014-02-19 16:50:20 UTC
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations, firefox-libgcc_s1, firefox-libstdc++6, libfreebl3, libfreebl3-32bit, libfreebl3-x86, mozilla-nspr, mozilla-nspr-32bit, mozilla-nspr-debuginfo, mozilla-nspr-debuginfo-32bit, mozilla-nspr-debuginfo-x86, mozilla-nspr-debugsource, mozilla-nspr-devel, mozilla-nspr-x86, mozilla-nss, mozilla-nss-32bit, mozilla-nss-debuginfo, mozilla-nss-debuginfo-32bit, mozilla-nss-debuginfo-x86, mozilla-nss-debugsource, mozilla-nss-devel, mozilla-nss-tools, mozilla-nss-x86
Products:
SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64)
SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
Comment 21 Swamp Workflow Management 2014-02-19 16:55:50 UTC
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations, firefox-libgcc_s1, firefox-libstdc++6, libfreebl3, libfreebl3-32bit, libfreebl3-x86, mozilla-nspr, mozilla-nspr-32bit, mozilla-nspr-debuginfo, mozilla-nspr-debuginfo-32bit, mozilla-nspr-debuginfo-x86, mozilla-nspr-debugsource, mozilla-nspr-devel, mozilla-nspr-x86, mozilla-nss, mozilla-nss-32bit, mozilla-nss-debuginfo, mozilla-nss-debuginfo-32bit, mozilla-nss-debuginfo-x86, mozilla-nss-debugsource, mozilla-nss-devel, mozilla-nss-tools, mozilla-nss-x86
Products:
SLE-DEBUGINFO 11-SP2 (i386, s390x, x86_64)
SLE-SERVER 11-SP2-LTSS (i386, s390x, x86_64)
Comment 22 Swamp Workflow Management 2014-02-19 20:04:32 UTC
SUSE-SU-2014:0248-2: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 859055,861847
CVE References: CVE-2014-1477,CVE-2014-1479,CVE-2014-1480,CVE-2014-1481,CVE-2014-1482,CVE-2014-1483,CVE-2014-1484,CVE-2014-1485,CVE-2014-1486,CVE-2014-1487,CVE-2014-1488,CVE-2014-1489,CVE-2014-1490,CVE-2014-1491
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    MozillaFirefox-24.3.0esr-0.4.2.2, MozillaFirefox-branding-SLED-24-0.4.10.4, firefox-gcc47-4.7.2_20130108-0.16.1, mozilla-nspr-4.10.2-0.3.2, mozilla-nss-3.15.4-0.4.2.1
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    MozillaFirefox-24.3.0esr-0.4.2.2, MozillaFirefox-branding-SLED-24-0.4.10.4, firefox-gcc47-4.7.2_20130108-0.16.1, mozilla-nspr-4.10.2-0.3.2, mozilla-nss-3.15.4-0.4.2.1
Comment 27 Bernhard Wiedemann 2014-03-19 08:00:16 UTC
This is an autogenerated message for OBS integration:
This bug (861847) was mentioned in
https://build.opensuse.org/request/show/226677 Factory / xulrunner
Comment 28 Swamp Workflow Management 2014-03-21 22:04:40 UTC
openSUSE-SU-2014:0419-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 861847,862831,865539,868603
CVE References: CVE-2014-1477,CVE-2014-1478,CVE-2014-1479,CVE-2014-1480,CVE-2014-1481,CVE-2014-1482,CVE-2014-1483,CVE-2014-1485,CVE-2014-1486,CVE-2014-1487,CVE-2014-1488,CVE-2014-1490,CVE-2014-1491,CVE-2014-1493,CVE-2014-1494,CVE-2014-1497,CVE-2014-1498,CVE-2014-1499,CVE-2014-1500,CVE-2014-1502,CVE-2014-1504,CVE-2014-1505,CVE-2014-1508,CVE-2014-1509,CVE-2014-1510,CVE-2014-1511,CVE-2014-1512,CVE-2014-1513,CVE-2014-1514
Sources used:
openSUSE 11.4 (src):    MozillaFirefox-24.4.0-107.3, MozillaThunderbird-24.4.0-89.2, mozilla-nspr-4.10.4-40.1, mozilla-nss-3.15.5-82.1
Comment 29 Swamp Workflow Management 2014-03-25 14:04:49 UTC
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-devel, MozillaFirefox-translations, firefox-atk, firefox-atk-debuginfo, firefox-atk-devel, firefox-atk-doc, firefox-atk-lang, firefox-cairo, firefox-cairo-debuginfo, firefox-cairo-devel, firefox-cairo-doc, firefox-fontconfig, firefox-fontconfig-debuginfo, firefox-fontconfig-devel, firefox-freetype2, firefox-freetype2-debuginfo, firefox-freetype2-devel, firefox-glib2, firefox-glib2-debuginfo, firefox-glib2-devel, firefox-glib2-doc, firefox-glib2-lang, firefox-gtk2, firefox-gtk2-debuginfo, firefox-gtk2-devel, firefox-gtk2-doc, firefox-gtk2-lang, firefox-libgcc_s1, firefox-libstdc++6, firefox-pango, firefox-pango-debuginfo, firefox-pango-devel, firefox-pango-doc, firefox-pcre, firefox-pcre-debuginfo, firefox-pcre-devel, firefox-pixman, firefox-pixman-debuginfo, firefox-pixman-devel, mozilla-nspr, mozilla-nspr-debuginfo, mozilla-nspr-devel, mozilla-nss, mozilla-nss-debuginfo, mozilla-nss-devel, mozilla-nss-tools, mozilla-xulrunner191, mozilla-xulrunner191-debuginfo, mozilla-xulrunner191-devel, mozilla-xulrunner191-gnomevfs, mozilla-xulrunner191-translations, mozilla-xulrunner192, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-translations, python-xpcom191
Products:
SLE-DEBUGINFO 10-SP3-TERADATA (x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 30 Marcus Meissner 2014-03-26 09:12:24 UTC
close
Comment 31 Swamp Workflow Management 2014-09-09 16:22:19 UTC
openSUSE-SU-2014:1100-1: An update that fixes 475 vulnerabilities is now available.

Category: security (important)
Bug References: 104586,354469,385739,390992,417869,41903,429179,439841,441084,455804,484321,503151,518603,527418,528406,529180,542809,559819,576969,582276,586567,593807,603356,622506,637303,642502,645315,649492,657016,664211,667155,689281,701296,712224,714931,720264,726758,728520,732898,733002,737533,744275,746616,747328,749440,750044,755060,758408,765204,771583,777588,783533,786522,790140,796895,804248,808243,813026,819204,825935,833389,840485,847708,854370,861847,868603,875378,876833,881874,887746,894201,894370
CVE References: CVE-2007-3089,CVE-2007-3285,CVE-2007-3656,CVE-2007-3670,CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738,CVE-2008-0016,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235,CVE-2008-1236,CVE-2008-1237,CVE-2008-3835,CVE-2008-4058,CVE-2008-4059,CVE-2008-4060,CVE-2008-4061,CVE-2008-4062,CVE-2008-4063,CVE-2008-4064,CVE-2008-4065,CVE-2008-4066,CVE-2008-4067,CVE-2008-4068,CVE-2008-4070,CVE-2008-5012,CVE-2008-5014,CVE-2008-5016,CVE-2008-5017,CVE-2008-5018,CVE-2008-5021,CVE-2008-5022,CVE-2008-5024,CVE-2008-5500,CVE-2008-5501,CVE-2008-5502,CVE-2008-5503,CVE-2008-5506,CVE-2008-5507,CVE-2008-5508,CVE-2008-5510,CVE-2008-5511,CVE-2008-5512,CVE-2009-0040,CVE-2009-0771,CVE-2009-0772,CVE-2009-0773,CVE-2009-0774,CVE-2009-0776,CVE-2009-1571,CVE-2009-3555,CVE-2010-0159,CVE-2010-0173,CVE-2010-0174,CVE-2010-0175,CVE-2010-0176,CVE-2010-0182,CVE-2010-0654,CVE-2010-1121,CVE-2010-1196,CVE-2010-1199,CVE-2010-1200,CVE-2010-1201,CVE-2010-1202,CVE-2010-1203,CVE-2010-1205,CVE-2010-1211,CVE-2010-1212,CVE-2010-1213,CVE-2010-1585,CVE-2010-2752,CVE-2010-2753,CVE-2010-2754,CVE-2010-2760,CVE-2010-2762,CVE-2010-2764,CVE-2010-2765,CVE-2010-2766,CVE-2010-2767,CVE-2010-2768,CVE-2010-2769,CVE-2010-3166,CVE-2010-3167,CVE-2010-3168,CVE-2010-3169,CVE-2010-3170,CVE-2010-3173,CVE-2010-3174,CVE-2010-3175,CVE-2010-3176,CVE-2010-3178,CVE-2010-3179,CVE-2010-3180,CVE-2010-3182,CVE-2010-3183,CVE-2010-3765,CVE-2010-3768,CVE-2010-3769,CVE-2010-3776,CVE-2010-3777,CVE-2010-3778,CVE-2011-0053,CVE-2011-0061,CVE-2011-0062,CVE-2011-0069,CVE-2011-0070,CVE-2011-0072,CVE-2011-0074,CVE-2011-0075,CVE-2011-0077,CVE-2011-0078,CVE-2011-0080,CVE-2011-0081,CVE-2011-0083,CVE-2011-0084,CVE-2011-0085,CVE-2011-1187,CVE-2011-2362,CVE-2011-2363,CVE-2011-2364,CVE-2011-2365,CVE-2011-2371,CVE-2011-2372,CVE-2011-2373,CVE-2011-2374,CVE-2011-2376,CVE-2011-2377,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2991,CVE-2011-2992,CVE-2011-3000,CVE-2011-3001,CVE-2011-3005,CVE-2011-3026,CVE-2011-3062,CVE-2011-3101,CVE-2011-3232,CVE-2011-3648,CVE-2011-3650,CVE-2011-3651,CVE-2011-3652,CVE-2011-3654,CVE-2011-3655,CVE-2011-3658,CVE-2011-3659,CVE-2011-3660,CVE-2011-3661,CVE-2011-3663,CVE-2012-0441,CVE-2012-0442,CVE-2012-0443,CVE-2012-0444,CVE-2012-0445,CVE-2012-0446,CVE-2012-0447,CVE-2012-0449,CVE-2012-0451,CVE-2012-0452,CVE-2012-0455,CVE-2012-0456,CVE-2012-0457,CVE-2012-0458,CVE-2012-0459,CVE-2012-0460,CVE-2012-0461,CVE-2012-0462,CVE-2012-0463,CVE-2012-0464,CVE-2012-0467,CVE-2012-0468,CVE-2012-0469,CVE-2012-0470,CVE-2012-0471,CVE-2012-0472,CVE-2012-0473,CVE-2012-0474,CVE-2012-0475,CVE-2012-0477,CVE-2012-0478,CVE-2012-0479,CVE-2012-0759,CVE-2012-1937,CVE-2012-1938,CVE-2012-1940,CVE-2012-1941,CVE-2012-1944,CVE-2012-1945,CVE-2012-1946,CVE-2012-1947,CVE-2012-1948,CVE-2012-1949,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1956,CVE-2012-1957,CVE-2012-1958,CVE-2012-1959,CVE-2012-1960,CVE-2012-1961,CVE-2012-1962,CVE-2012-1963,CVE-2012-1967,CVE-2012-1970,CVE-2012-1972,CVE-2012-1973,CVE-2012-1974,CVE-2012-1975,CVE-2012-1976,CVE-2012-3956,CVE-2012-3957,CVE-2012-3958,CVE-2012-3959,CVE-2012-3960,CVE-2012-3961,CVE-2012-3962,CVE-2012-3963,CVE-2012-3964,CVE-2012-3966,CVE-2012-3967,CVE-2012-3968,CVE-2012-3969,CVE-2012-3970,CVE-2012-3971,CVE-2012-3972,CVE-2012-3975,CVE-2012-3978,CVE-2012-3980,CVE-2012-3982,CVE-2012-3983,CVE-2012-3984,CVE-2012-3985,CVE-2012-3986,CVE-2012-3988,CVE-2012-3989,CVE-2012-3990,CVE-2012-3991,CVE-2012-3992,CVE-2012-3993,CVE-2012-3994,CVE-2012-3995,CVE-2012-4179,CVE-2012-4180,CVE-2012-4181,CVE-2012-4182,CVE-2012-4183,CVE-2012-4184,CVE-2012-4185,CVE-2012-4186,CVE-2012-4187,CVE-2012-4188,CVE-2012-4191,CVE-2012-4192,CVE-2012-4193,CVE-2012-4194,CVE-2012-4195,CVE-2012-4196,CVE-2012-4201,CVE-2012-4202,CVE-2012-4204,CVE-2012-4205,CVE-2012-4207,CVE-2012-4208,CVE-2012-4209,CVE-2012-4212,CVE-2012-4213,CVE-2012-4214,CVE-2012-4215,CVE-2012-4216,CVE-2012-4217,CVE-2012-4218,CVE-2012-5829,CVE-2012-5830,CVE-2012-5833,CVE-2012-5835,CVE-2012-5836,CVE-2012-5837,CVE-2012-5838,CVE-2012-5839,CVE-2012-5840,CVE-2012-5841,CVE-2012-5842,CVE-2012-5843,CVE-2013-0743,CVE-2013-0744,CVE-2013-0745,CVE-2013-0746,CVE-2013-0747,CVE-2013-0748,CVE-2013-0749,CVE-2013-0750,CVE-2013-0752,CVE-2013-0753,CVE-2013-0754,CVE-2013-0755,CVE-2013-0756,CVE-2013-0757,CVE-2013-0758,CVE-2013-0760,CVE-2013-0761,CVE-2013-0762,CVE-2013-0763,CVE-2013-0764,CVE-2013-0766,CVE-2013-0767,CVE-2013-0768,CVE-2013-0769,CVE-2013-0770,CVE-2013-0771,CVE-2013-0773,CVE-2013-0774,CVE-2013-0775,CVE-2013-0776,CVE-2013-0780,CVE-2013-0782,CVE-2013-0783,CVE-2013-0787,CVE-2013-0788,CVE-2013-0789,CVE-2013-0793,CVE-2013-0795,CVE-2013-0796,CVE-2013-0800,CVE-2013-0801,CVE-2013-1669,CVE-2013-1670,CVE-2013-1674,CVE-2013-1675,CVE-2013-1676,CVE-2013-1677,CVE-2013-1678,CVE-2013-1679,CVE-2013-1680,CVE-2013-1681,CVE-2013-1682,CVE-2013-1684,CVE-2013-1685,CVE-2013-1686,CVE-2013-1687,CVE-2013-1690,CVE-2013-1692,CVE-2013-1693,CVE-2013-1694,CVE-2013-1697,CVE-2013-1701,CVE-2013-1709,CVE-2013-1710,CVE-2013-1713,CVE-2013-1714,CVE-2013-1717,CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738,CVE-2013-5590,CVE-2013-5591,CVE-2013-5592,CVE-2013-5593,CVE-2013-5595,CVE-2013-5596,CVE-2013-5597,CVE-2013-5599,CVE-2013-5600,CVE-2013-5601,CVE-2013-5602,CVE-2013-5603,CVE-2013-5604,CVE-2013-5609,CVE-2013-5610,CVE-2013-5611,CVE-2013-5612,CVE-2013-5613,CVE-2013-5614,CVE-2013-5615,CVE-2013-5616,CVE-2013-5618,CVE-2013-5619,CVE-2013-6629,CVE-2013-6630,CVE-2013-6671,CVE-2013-6672,CVE-2013-6673,CVE-2014-1477,CVE-2014-1478,CVE-2014-1479,CVE-2014-1480,CVE-2014-1481,CVE-2014-1482,CVE-2014-1483,CVE-2014-1484,CVE-2014-1485,CVE-2014-1486,CVE-2014-1487,CVE-2014-1488,CVE-2014-1489,CVE-2014-1490,CVE-2014-1491,CVE-2014-1492,CVE-2014-1493,CVE-2014-1494,CVE-2014-1497,CVE-2014-1498,CVE-2014-1499,CVE-2014-1500,CVE-2014-1502,CVE-2014-1504,CVE-2014-1505,CVE-2014-1508,CVE-2014-1509,CVE-2014-1510,CVE-2014-1511,CVE-2014-1512,CVE-2014-1513,CVE-2014-1514,CVE-2014-1518,CVE-2014-1519,CVE-2014-1522,CVE-2014-1523,CVE-2014-1524,CVE-2014-1525,CVE-2014-1526,CVE-2014-1528,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532,CVE-2014-1533,CVE-2014-1534,CVE-2014-1536,CVE-2014-1537,CVE-2014-1538,CVE-2014-1539,CVE-2014-1540,CVE-2014-1541,CVE-2014-1542,CVE-2014-1543,CVE-2014-1544,CVE-2014-1545,CVE-2014-1547,CVE-2014-1548,CVE-2014-1549,CVE-2014-1550,CVE-2014-1552,CVE-2014-1553,CVE-2014-1555,CVE-2014-1556,CVE-2014-1557,CVE-2014-1558,CVE-2014-1559,CVE-2014-1560,CVE-2014-1561,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567
Sources used:
openSUSE 11.4 (src):    MozillaFirefox-24.8.0-127.1, mozilla-nss-3.16.4-94.1