![]() ![]() 11 of these issues received a high severity rating. Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. opensuse-buildservice 12.3: nothing provides mozilla > 4.10.7 by Felix Miata 30 Aug 14. The new releases bring 19 security fixes in Firefox 110 and 14 for Firefox ESR 102.8. The vulnerability allows a remote non-authenticated attacker to read and manipulate data. If interested, please see the complete list of changes in this release. As always, you re encouraged to tell us what you think, or file a bug in Bugzilla. Products under Long Term Service Pack support and receiving important and critical security fixes.CWE-ID: CWE-20 - Improper Input Validation Notes (First offered to Firefox ESR users on May 14, 2013) Check out 'What s New' for this version of Firefox ESR below. SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 The following are the detailed results of the automated Mozmill test runs. Products under general support and receiving all security fixes. Checklist DONE Functional automation DONE Manual tests DONE Bug fix verifications DONE Update automation on esrtest channel DONE Sign-off email sent to drivers DONE Update automation on esr channel Automated Tests. SUSE product lifecycles are documented on the lifecycle page. The updates are grouped by state of their lifecycle. If in doubt, feel free to contact us for clarification. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. Description The installed version of Thunderbird ESR is earlier than 17.0.11 and is, therefore, potentially affected by a code execution vulnerability related to the function NullCipher in the file ssl/ssl3con.c and handling handshake packets. Please note that this evaluation state might be work in progress, incomplete or outdated. Synopsis The remote Windows host contains a mail client that is potentially affected by a code execution vulnerability. Status of this issue by product and package SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 ![]() ![]() Patchnames: SUSE Linux Enterprise Server 11 SP4 GA mozilla-nspr-32bit-4.10.7-0.3.3 SUSE Linux Enterprise Software Development Kit 11 SP4 GA mozilla-nspr-devel-4.10.7-0.3.3 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP2 Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA mozilla-nspr-devel-4.10.7-0.3.3 SUSE Linux Enterprise Software Development Kit 11 SP4 Mozilla Firefox MSI for version ESR 17.0.11 FrontMotion Mozilla Firefox MSI for version ESR 17.0.11 NovemDraconPern Uncategorized 0 Released Mozilla Firefox MSI for version ESR 17.0.11 and FrontMotion Firefox Community Edition version ESR 17.0. Solution Upgrade to Firefox ESR 17.0.11 or later. SUSE Linux Enterprise Server for SAP Applications 11 SP4 Description The installed version of Firefox ESR is a version prior to 17.0.11 and is, therefore, potentially affected by a code execution vulnerability related to the function 'NullCipher' in the file 'ssl/ssl3con.c' and handling handshake packets. This issue is currently rated as having moderate severity. Overall state of this security issue: Resolved Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |