SUSE-SU-2015:0446-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2015/suse-su-20150446-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0446-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:0446-1
Upstream
  • CVE-2013-1701
  • CVE-2013-1702
  • CVE-2013-1705
  • CVE-2013-1706
  • CVE-2013-1707
  • CVE-2013-1709
  • CVE-2013-1710
  • CVE-2013-1712
  • CVE-2013-1713
  • CVE-2013-1714
  • CVE-2013-1717
  • CVE-2013-1718
  • CVE-2013-1722
  • CVE-2013-1725
  • CVE-2013-1726
  • CVE-2013-1730
  • CVE-2013-1732
  • CVE-2013-1735
  • CVE-2013-1736
  • CVE-2013-1737
  • CVE-2015-0822
  • CVE-2015-0827
  • CVE-2015-0831
  • CVE-2015-0836
Related
  • CVE-2013-1701
  • CVE-2013-1702
  • CVE-2013-1705
  • CVE-2013-1706
  • CVE-2013-1707
  • CVE-2013-1709
  • CVE-2013-1710
  • CVE-2013-1712
  • CVE-2013-1713
  • CVE-2013-1714
  • CVE-2013-1717
  • CVE-2013-1718
  • CVE-2013-1722
  • CVE-2013-1725
  • CVE-2013-1726
  • CVE-2013-1730
  • CVE-2013-1732
  • CVE-2013-1735
  • CVE-2013-1736
  • CVE-2013-1737
  • CVE-2015-0822
  • CVE-2015-0827
  • CVE-2015-0831
  • CVE-2015-0836
Published
2013-09-19T11:00:29Z
Modified
2026-02-04T03:40:58.482514Z
Summary
Security update for Mozilla Firefox
Details

This update to Firefox 17.0.9esr (bnc#840485) addresses:

* MFSA 2013-91 User-defined properties on DOM proxies get the wrong
  'this' object
      o (CVE-2013-1737)
* MFSA 2013-90 Memory corruption involving scrolling
      o use-after-free in mozilla::layout::ScrollbarActivity
        (CVE-2013-1735)
      o Memory corruption in nsGfxScrollFrameInner::IsLTR()
        (CVE-2013-1736)
* MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
      o buffer overflow at nsFloatManager::GetFlowArea() with multicol,
        list, floats (CVE-2013-1732)
* MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
      o compartment mismatch in nsXBLBinding::DoInitJSClass
        (CVE-2013-1730)
* MFSA 2013-83 Mozilla Updater does not lock MAR file after signature
  verification
      o MAR signature bypass in Updater could lead to downgrade
        (CVE-2013-1726)
* MFSA 2013-82 Calling scope for new Javascript objects can lead to
  memory corruption
      o ABORT: bad scope for new JSObjects: ReparentWrapper /
        document.open (CVE-2013-1725)
* MFSA 2013-79 Use-after-free in Animation Manager during stylesheet
  cloning
      o Heap-use-after-free in nsAnimationManager::BuildAnimations
        (CVE-2013-1722)
* MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 /
  rv:17.0.9)
      o Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0
        (CVE-2013-1718)
* MFSA 2013-65 Buffer underflow when generating CRMF requests
      o ASAN heap-buffer-overflow (read 1) in
        cryptojs_interpret_key_gen_type (CVE-2013-1705)

Security Issue references:

* CVE-2013-1737
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737>
* CVE-2013-1735
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735>
* CVE-2013-1736
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736>
* CVE-2013-1732
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732>
* CVE-2013-1730
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730>
* CVE-2013-1726
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726>
* CVE-2013-1725
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725>
* CVE-2013-1722
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722>
* CVE-2013-1718
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718>
* CVE-2013-1705
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1705>
References

Affected packages