Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 187	Published: Mon, 01 Dec 2008 20:31:17  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-12295 - Security update for jasper - SLES9
Severity: <Unspecified>
Fixlet ID: 1229501
Fixlet Link: http://download.novell.com/Download?buildid=MR2ePenvoOU~

Fixlet Description: A security update for jasper is now available. Everyone using jasper should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112501 - Security update for yast2-backup - SLED10 SP1
Severity: <Unspecified>
Fixlet ID: 811250101
Fixlet Link: http://download.novell.com/Download?buildid=Kw8jxfKePkE~

Fixlet Description: This updated of yast2-backup fixes a shellcode injection vulnerability and improves handling of symlinks for the backup process. (CVE-2008-4636) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112501 - Security update for yast2-backup - SLES10 SP1
Severity: <Unspecified>
Fixlet ID: 811250103
Fixlet Link: http://download.novell.com/Download?buildid=6_BALMqJ_6M~

Fixlet Description: This updated of yast2-backup fixes a shellcode injection vulnerability and improves handling of symlinks for the backup process. (CVE-2008-4636) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112502 - Security update for gecko-sdk and mozilla-xulrunner - SLED10 SP1
Severity: <Unspecified>
Fixlet ID: 811250201
Fixlet Link: http://download.novell.com/Download?buildid=96H-b2rG8u8~

Fixlet Description: This update backports the latest security fixes to the Mozilla XULRunner engine. It fixes following security issues:     CVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.  CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker.  NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.  CVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2. x before 2.0.0.18 and SeaMonkey 1. x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.  CVE-2008-5014 / MFSA 2008-50: jslock. cpp in Mozilla Firefox 3. x before 3.0.2, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window. __proto__. __proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.  CVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3. x before 3.0.4, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.  CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape. cpp in the browser engine in Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.  CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.  CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.  CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.  CVE-2008-5023 / MFSA 2008-57: Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.  CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.  CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192. js. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112502 - Security update for gecko-sdk and mozilla-xulrunner - SLES10 SP1
Severity: <Unspecified>
Fixlet ID: 811250203
Fixlet Link: http://download.novell.com/Download?buildid=Lkj0Wsjno4Q~

Fixlet Description: This update backports the latest security fixes to the Mozilla XULRunner engine. It fixes following security issues:     CVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.  CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker.  NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.  CVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2. x before 2.0.0.18 and SeaMonkey 1. x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.  CVE-2008-5014 / MFSA 2008-50: jslock. cpp in Mozilla Firefox 3. x before 3.0.2, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window. __proto__. __proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.  CVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3. x before 3.0.4, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.  CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape. cpp in the browser engine in Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.  CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.  CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.  CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.  CVE-2008-5023 / MFSA 2008-57: Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.  CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.  CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192. js. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112503 - Security update for gecko-sdk and mozilla-xulrunner - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 811250301
Fixlet Link: http://download.novell.com/Download?buildid=kOpmnV5hN2M~

Fixlet Description: This update backports the latest security fixes to the Mozilla XULRunner engine. It fixes following security issues:     CVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.  CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker.  NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.  CVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2. x before 2.0.0.18 and SeaMonkey 1. x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.  CVE-2008-5014 / MFSA 2008-50: jslock. cpp in Mozilla Firefox 3. x before 3.0.2, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window. __proto__. __proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.  CVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3. x before 3.0.4, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.  CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape. cpp in the browser engine in Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.  CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.  CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.  CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.  CVE-2008-5023 / MFSA 2008-57: Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.  CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.  CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192. js. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112503 - Security update for gecko-sdk and mozilla-xulrunner - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 811250303
Fixlet Link: http://download.novell.com/Download?buildid=rk-8OH4YODY~

Fixlet Description: This update backports the latest security fixes to the Mozilla XULRunner engine. It fixes following security issues:     CVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.  CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker.  NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.  CVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2. x before 2.0.0.18 and SeaMonkey 1. x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.  CVE-2008-5014 / MFSA 2008-50: jslock. cpp in Mozilla Firefox 3. x before 3.0.2, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window. __proto__. __proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.  CVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3. x before 3.0.4, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.  CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape. cpp in the browser engine in Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.  CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.  CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.  CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.  CVE-2008-5023 / MFSA 2008-57: Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.  CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.  CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192. js. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112504 - Security update for Linux Kernel (x86) - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 811250401
Fixlet Link: http://download.novell.com/Download?buildid=jHQjGnfN_p4~

Fixlet Description: This update fixes numerous bugs in the SUSE Linux Enterprise 10 Service Pack 2 kernel. No security fixes are contained in this round. Please refer to the RPM changelog of the package for a full list of changes. Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112504 - Security update for Linux Kernel (x86) - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 811250405
Fixlet Link: http://download.novell.com/Download?buildid=Ji2Xot4HCdI~

Fixlet Description: This update fixes numerous bugs in the SUSE Linux Enterprise 10 Service Pack 2 kernel. No security fixes are contained in this round. Please refer to the RPM changelog of the package for a full list of changes. Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112601 - Security update for jasper - SLED10 SP1
Severity: <Unspecified>
Fixlet ID: 811260105
Fixlet Link: http://download.novell.com/Download?buildid=i3vZsIKdnJY~

Fixlet Description: A security update for jasper  is now available. Everyone using jasper should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112601 - Security update for jasper - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 811260107
Fixlet Link: http://download.novell.com/Download?buildid=rNVt40NHkzQ~

Fixlet Description: A security update for jasper  is now available. Everyone using jasper should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112601 - Security update for jasper - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 811260109
Fixlet Link: http://download.novell.com/Download?buildid=ceiFDatcMkU~

Fixlet Description: A security update for jasper  is now available. Everyone using jasper should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112601 - Security update for jasper - SLES10 SP1
Severity: <Unspecified>
Fixlet ID: 811260111
Fixlet Link: http://download.novell.com/Download?buildid=3r3rIHgXMFo~

Fixlet Description: A security update for jasper  is now available. Everyone using jasper should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112602 - Security update for MozillaFirefox - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 811260201
Fixlet Link: http://download.novell.com/Download?buildid=Dlozsg1pz-w~

Fixlet Description: This update brings the Mozilla Firefox browser to version 2.0.0.18. It fixes following security issues:     CVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.  CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker.  NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.  CVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2. x before 2.0.0.18 and SeaMonkey 1. x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.  CVE-2008-5014 / MFSA 2008-50: jslock. cpp in Mozilla Firefox 3. x before 3.0.2, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window. __proto__. __proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.  CVE-2008-5015 / MFSA 2008-51: Mozilla Firefox 3. x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.  CVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3. x before 3.0.4, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.  CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape. cpp in the browser engine in Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.  CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.  CVE-2008-5019 / MFSA 2008-53: The session restore feature in Mozilla Firefox 3. x before 3.0.4 and 2. x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.  CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.  CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.  CVE-2008-5023 / MFSA 2008-57: Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.  CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.  CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192. js. This update also changes a previous security fix that removed functionality required by customers. This issue was MFSA 2007-34 'Possible file stealing through sftp protocol', where the fix just disabled sftp:// and smb:// blindly. Those protocols can now reenabled selectively by changing the gconf property /apps/firefox/general/allowed_indirect_gnomevfs_loads to include smb: and sftp: Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8112602 - Security update for MozillaFirefox - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 811260203
Fixlet Link: http://download.novell.com/Download?buildid=0WtJj0v6dIE~

Fixlet Description: This update brings the Mozilla Firefox browser to version 2.0.0.18. It fixes following security issues:     CVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.  CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker.  NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.  CVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2. x before 2.0.0.18 and SeaMonkey 1. x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.  CVE-2008-5014 / MFSA 2008-50: jslock. cpp in Mozilla Firefox 3. x before 3.0.2, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window. __proto__. __proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.  CVE-2008-5015 / MFSA 2008-51: Mozilla Firefox 3. x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.  CVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3. x before 3.0.4, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.  CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape. cpp in the browser engine in Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.  CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.  CVE-2008-5019 / MFSA 2008-53: The session restore feature in Mozilla Firefox 3. x before 3.0.4 and 2. x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.  CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.  CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.  CVE-2008-5023 / MFSA 2008-57: Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.  CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3. x before 3.0.4, Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.  CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2. x before 2.0.0.18, Thunderbird 2. x before 2.0.0.18, and SeaMonkey 1. x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192. js. This update also changes a previous security fix that removed functionality required by customers. This issue was MFSA 2007-34 'Possible file stealing through sftp protocol', where the fix just disabled sftp:// and smb:// blindly. Those protocols can now reenabled selectively by changing the gconf property /apps/firefox/general/allowed_indirect_gnomevfs_loads to include smb: and sftp: Install this update. Please see patch page for more detailed information.