seamonkey-2.40-6.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10218 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z seamonkey-2.40-6.1 on GA media These are all security issues fixed in the seamonkey-2.40-6.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10218 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10218 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2008-5913/ SUSE CVE CVE-2008-5913 page https://www.suse.com/security/cve/CVE-2009-0040/ SUSE CVE CVE-2009-0040 page https://www.suse.com/security/cve/CVE-2009-0771/ SUSE CVE CVE-2009-0771 page https://www.suse.com/security/cve/CVE-2009-0772/ SUSE CVE CVE-2009-0772 page https://www.suse.com/security/cve/CVE-2009-0773/ SUSE CVE CVE-2009-0773 page https://www.suse.com/security/cve/CVE-2009-0774/ SUSE CVE CVE-2009-0774 page https://www.suse.com/security/cve/CVE-2009-0776/ SUSE CVE CVE-2009-0776 page https://www.suse.com/security/cve/CVE-2009-1044/ SUSE CVE CVE-2009-1044 page https://www.suse.com/security/cve/CVE-2009-1169/ SUSE CVE CVE-2009-1169 page https://www.suse.com/security/cve/CVE-2009-1571/ SUSE CVE CVE-2009-1571 page https://www.suse.com/security/cve/CVE-2009-3388/ SUSE CVE CVE-2009-3388 page https://www.suse.com/security/cve/CVE-2009-3389/ SUSE CVE CVE-2009-3389 page https://www.suse.com/security/cve/CVE-2009-3555/ SUSE CVE CVE-2009-3555 page https://www.suse.com/security/cve/CVE-2009-3979/ SUSE CVE CVE-2009-3979 page https://www.suse.com/security/cve/CVE-2009-3980/ SUSE CVE CVE-2009-3980 page https://www.suse.com/security/cve/CVE-2009-3982/ SUSE CVE CVE-2009-3982 page https://www.suse.com/security/cve/CVE-2009-3983/ SUSE CVE CVE-2009-3983 page https://www.suse.com/security/cve/CVE-2009-3984/ SUSE CVE CVE-2009-3984 page https://www.suse.com/security/cve/CVE-2009-3985/ SUSE CVE CVE-2009-3985 page https://www.suse.com/security/cve/CVE-2009-3988/ SUSE CVE CVE-2009-3988 page https://www.suse.com/security/cve/CVE-2010-0159/ SUSE CVE CVE-2010-0159 page https://www.suse.com/security/cve/CVE-2010-0160/ SUSE CVE CVE-2010-0160 page https://www.suse.com/security/cve/CVE-2010-0162/ SUSE CVE CVE-2010-0162 page https://www.suse.com/security/cve/CVE-2010-0173/ SUSE CVE CVE-2010-0173 page https://www.suse.com/security/cve/CVE-2010-0174/ SUSE CVE CVE-2010-0174 page https://www.suse.com/security/cve/CVE-2010-0175/ SUSE CVE CVE-2010-0175 page https://www.suse.com/security/cve/CVE-2010-0176/ SUSE CVE CVE-2010-0176 page https://www.suse.com/security/cve/CVE-2010-0177/ SUSE CVE CVE-2010-0177 page https://www.suse.com/security/cve/CVE-2010-0178/ SUSE CVE CVE-2010-0178 page https://www.suse.com/security/cve/CVE-2010-0179/ SUSE CVE CVE-2010-0179 page https://www.suse.com/security/cve/CVE-2010-0181/ SUSE CVE CVE-2010-0181 page https://www.suse.com/security/cve/CVE-2010-0182/ SUSE CVE CVE-2010-0182 page https://www.suse.com/security/cve/CVE-2010-0183/ SUSE CVE CVE-2010-0183 page https://www.suse.com/security/cve/CVE-2010-0654/ SUSE CVE CVE-2010-0654 page https://www.suse.com/security/cve/CVE-2010-1121/ SUSE CVE CVE-2010-1121 page https://www.suse.com/security/cve/CVE-2010-1125/ SUSE CVE CVE-2010-1125 page https://www.suse.com/security/cve/CVE-2010-1196/ SUSE CVE CVE-2010-1196 page https://www.suse.com/security/cve/CVE-2010-1197/ SUSE CVE CVE-2010-1197 page https://www.suse.com/security/cve/CVE-2010-1198/ SUSE CVE CVE-2010-1198 page https://www.suse.com/security/cve/CVE-2010-1199/ SUSE CVE CVE-2010-1199 page https://www.suse.com/security/cve/CVE-2010-1200/ SUSE CVE CVE-2010-1200 page https://www.suse.com/security/cve/CVE-2010-1201/ SUSE CVE CVE-2010-1201 page https://www.suse.com/security/cve/CVE-2010-1202/ SUSE CVE CVE-2010-1202 page https://www.suse.com/security/cve/CVE-2010-1203/ SUSE CVE CVE-2010-1203 page https://www.suse.com/security/cve/CVE-2010-1205/ SUSE CVE CVE-2010-1205 page https://www.suse.com/security/cve/CVE-2010-1206/ SUSE CVE CVE-2010-1206 page https://www.suse.com/security/cve/CVE-2010-1208/ SUSE CVE CVE-2010-1208 page https://www.suse.com/security/cve/CVE-2010-1209/ SUSE CVE CVE-2010-1209 page https://www.suse.com/security/cve/CVE-2010-1211/ SUSE CVE CVE-2010-1211 page https://www.suse.com/security/cve/CVE-2010-1212/ SUSE CVE CVE-2010-1212 page https://www.suse.com/security/cve/CVE-2010-1213/ SUSE CVE CVE-2010-1213 page https://www.suse.com/security/cve/CVE-2010-1214/ SUSE CVE CVE-2010-1214 page https://www.suse.com/security/cve/CVE-2010-1585/ SUSE CVE CVE-2010-1585 page https://www.suse.com/security/cve/CVE-2010-2751/ SUSE CVE CVE-2010-2751 page https://www.suse.com/security/cve/CVE-2010-2752/ SUSE CVE CVE-2010-2752 page https://www.suse.com/security/cve/CVE-2010-2753/ SUSE CVE CVE-2010-2753 page https://www.suse.com/security/cve/CVE-2010-2754/ SUSE CVE CVE-2010-2754 page https://www.suse.com/security/cve/CVE-2010-2760/ SUSE CVE CVE-2010-2760 page https://www.suse.com/security/cve/CVE-2010-2763/ SUSE CVE CVE-2010-2763 page https://www.suse.com/security/cve/CVE-2010-2764/ SUSE CVE CVE-2010-2764 page https://www.suse.com/security/cve/CVE-2010-2765/ SUSE CVE CVE-2010-2765 page https://www.suse.com/security/cve/CVE-2010-2766/ SUSE CVE CVE-2010-2766 page https://www.suse.com/security/cve/CVE-2010-2767/ SUSE CVE CVE-2010-2767 page https://www.suse.com/security/cve/CVE-2010-2768/ SUSE CVE CVE-2010-2768 page https://www.suse.com/security/cve/CVE-2010-2769/ SUSE CVE CVE-2010-2769 page https://www.suse.com/security/cve/CVE-2010-3166/ SUSE CVE CVE-2010-3166 page https://www.suse.com/security/cve/CVE-2010-3167/ SUSE CVE CVE-2010-3167 page https://www.suse.com/security/cve/CVE-2010-3168/ SUSE CVE CVE-2010-3168 page https://www.suse.com/security/cve/CVE-2010-3169/ SUSE CVE CVE-2010-3169 page https://www.suse.com/security/cve/CVE-2010-3170/ SUSE CVE CVE-2010-3170 page https://www.suse.com/security/cve/CVE-2010-3173/ SUSE CVE CVE-2010-3173 page https://www.suse.com/security/cve/CVE-2010-3174/ SUSE CVE CVE-2010-3174 page https://www.suse.com/security/cve/CVE-2010-3175/ SUSE CVE CVE-2010-3175 page https://www.suse.com/security/cve/CVE-2010-3176/ SUSE CVE CVE-2010-3176 page https://www.suse.com/security/cve/CVE-2010-3177/ SUSE CVE CVE-2010-3177 page https://www.suse.com/security/cve/CVE-2010-3178/ SUSE CVE CVE-2010-3178 page https://www.suse.com/security/cve/CVE-2010-3179/ SUSE CVE CVE-2010-3179 page https://www.suse.com/security/cve/CVE-2010-3180/ SUSE CVE CVE-2010-3180 page https://www.suse.com/security/cve/CVE-2010-3182/ SUSE CVE CVE-2010-3182 page https://www.suse.com/security/cve/CVE-2010-3183/ SUSE CVE CVE-2010-3183 page https://www.suse.com/security/cve/CVE-2010-3765/ SUSE CVE CVE-2010-3765 page https://www.suse.com/security/cve/CVE-2010-3766/ SUSE CVE CVE-2010-3766 page https://www.suse.com/security/cve/CVE-2010-3767/ SUSE CVE CVE-2010-3767 page https://www.suse.com/security/cve/CVE-2010-3768/ SUSE CVE CVE-2010-3768 page https://www.suse.com/security/cve/CVE-2010-3769/ SUSE CVE CVE-2010-3769 page https://www.suse.com/security/cve/CVE-2010-3770/ SUSE CVE CVE-2010-3770 page https://www.suse.com/security/cve/CVE-2010-3771/ SUSE CVE CVE-2010-3771 page https://www.suse.com/security/cve/CVE-2010-3772/ SUSE CVE CVE-2010-3772 page https://www.suse.com/security/cve/CVE-2010-3773/ SUSE CVE CVE-2010-3773 page https://www.suse.com/security/cve/CVE-2010-3775/ SUSE CVE CVE-2010-3775 page https://www.suse.com/security/cve/CVE-2010-3776/ SUSE CVE CVE-2010-3776 page https://www.suse.com/security/cve/CVE-2010-3777/ SUSE CVE CVE-2010-3777 page https://www.suse.com/security/cve/CVE-2010-3778/ SUSE CVE CVE-2010-3778 page https://www.suse.com/security/cve/CVE-2011-0051/ SUSE CVE CVE-2011-0051 page https://www.suse.com/security/cve/CVE-2011-0053/ SUSE CVE CVE-2011-0053 page https://www.suse.com/security/cve/CVE-2011-0054/ SUSE CVE CVE-2011-0054 page https://www.suse.com/security/cve/CVE-2011-0055/ SUSE CVE CVE-2011-0055 page https://www.suse.com/security/cve/CVE-2011-0056/ SUSE CVE CVE-2011-0056 page https://www.suse.com/security/cve/CVE-2011-0057/ SUSE CVE CVE-2011-0057 page https://www.suse.com/security/cve/CVE-2011-0059/ SUSE CVE CVE-2011-0059 page https://www.suse.com/security/cve/CVE-2011-0061/ SUSE CVE CVE-2011-0061 page https://www.suse.com/security/cve/CVE-2011-0062/ SUSE CVE CVE-2011-0062 page https://www.suse.com/security/cve/CVE-2011-0084/ SUSE CVE CVE-2011-0084 page https://www.suse.com/security/cve/CVE-2011-1187/ SUSE CVE CVE-2011-1187 page https://www.suse.com/security/cve/CVE-2011-2366/ SUSE CVE CVE-2011-2366 page https://www.suse.com/security/cve/CVE-2011-2367/ SUSE CVE CVE-2011-2367 page https://www.suse.com/security/cve/CVE-2011-2368/ SUSE CVE CVE-2011-2368 page https://www.suse.com/security/cve/CVE-2011-2369/ SUSE CVE CVE-2011-2369 page https://www.suse.com/security/cve/CVE-2011-2370/ SUSE CVE CVE-2011-2370 page https://www.suse.com/security/cve/CVE-2011-2371/ SUSE CVE CVE-2011-2371 page https://www.suse.com/security/cve/CVE-2011-2372/ SUSE CVE CVE-2011-2372 page https://www.suse.com/security/cve/CVE-2011-2373/ SUSE CVE CVE-2011-2373 page https://www.suse.com/security/cve/CVE-2011-2374/ SUSE CVE CVE-2011-2374 page https://www.suse.com/security/cve/CVE-2011-2375/ SUSE CVE CVE-2011-2375 page https://www.suse.com/security/cve/CVE-2011-2377/ SUSE CVE CVE-2011-2377 page https://www.suse.com/security/cve/CVE-2011-2985/ SUSE CVE CVE-2011-2985 page https://www.suse.com/security/cve/CVE-2011-2986/ SUSE CVE CVE-2011-2986 page https://www.suse.com/security/cve/CVE-2011-2988/ SUSE CVE CVE-2011-2988 page https://www.suse.com/security/cve/CVE-2011-2989/ SUSE CVE CVE-2011-2989 page https://www.suse.com/security/cve/CVE-2011-2990/ SUSE CVE CVE-2011-2990 page https://www.suse.com/security/cve/CVE-2011-2991/ SUSE CVE CVE-2011-2991 page https://www.suse.com/security/cve/CVE-2011-2992/ SUSE CVE CVE-2011-2992 page https://www.suse.com/security/cve/CVE-2011-2993/ SUSE CVE CVE-2011-2993 page https://www.suse.com/security/cve/CVE-2011-2995/ SUSE CVE CVE-2011-2995 page https://www.suse.com/security/cve/CVE-2011-2996/ SUSE CVE CVE-2011-2996 page https://www.suse.com/security/cve/CVE-2011-2997/ SUSE CVE CVE-2011-2997 page https://www.suse.com/security/cve/CVE-2011-3000/ SUSE CVE CVE-2011-3000 page https://www.suse.com/security/cve/CVE-2011-3001/ SUSE CVE CVE-2011-3001 page https://www.suse.com/security/cve/CVE-2011-3002/ SUSE CVE CVE-2011-3002 page https://www.suse.com/security/cve/CVE-2011-3003/ SUSE CVE CVE-2011-3003 page https://www.suse.com/security/cve/CVE-2011-3004/ SUSE CVE CVE-2011-3004 page https://www.suse.com/security/cve/CVE-2011-3005/ SUSE CVE CVE-2011-3005 page https://www.suse.com/security/cve/CVE-2011-3026/ SUSE CVE CVE-2011-3026 page https://www.suse.com/security/cve/CVE-2011-3062/ SUSE CVE CVE-2011-3062 page https://www.suse.com/security/cve/CVE-2011-3101/ SUSE CVE CVE-2011-3101 page https://www.suse.com/security/cve/CVE-2011-3232/ SUSE CVE CVE-2011-3232 page https://www.suse.com/security/cve/CVE-2011-3648/ SUSE CVE CVE-2011-3648 page https://www.suse.com/security/cve/CVE-2011-3650/ SUSE CVE CVE-2011-3650 page https://www.suse.com/security/cve/CVE-2011-3651/ SUSE CVE CVE-2011-3651 page https://www.suse.com/security/cve/CVE-2011-3652/ SUSE CVE CVE-2011-3652 page https://www.suse.com/security/cve/CVE-2011-3654/ SUSE CVE CVE-2011-3654 page https://www.suse.com/security/cve/CVE-2011-3655/ SUSE CVE CVE-2011-3655 page https://www.suse.com/security/cve/CVE-2011-3658/ SUSE CVE CVE-2011-3658 page https://www.suse.com/security/cve/CVE-2011-3659/ SUSE CVE CVE-2011-3659 page https://www.suse.com/security/cve/CVE-2011-3660/ SUSE CVE CVE-2011-3660 page https://www.suse.com/security/cve/CVE-2011-3661/ SUSE CVE CVE-2011-3661 page https://www.suse.com/security/cve/CVE-2011-3663/ SUSE CVE CVE-2011-3663 page https://www.suse.com/security/cve/CVE-2012-0441/ SUSE CVE CVE-2012-0441 page https://www.suse.com/security/cve/CVE-2012-0442/ SUSE CVE CVE-2012-0442 page https://www.suse.com/security/cve/CVE-2012-0443/ SUSE CVE CVE-2012-0443 page https://www.suse.com/security/cve/CVE-2012-0444/ SUSE CVE CVE-2012-0444 page https://www.suse.com/security/cve/CVE-2012-0445/ SUSE CVE CVE-2012-0445 page https://www.suse.com/security/cve/CVE-2012-0446/ SUSE CVE CVE-2012-0446 page https://www.suse.com/security/cve/CVE-2012-0447/ SUSE CVE CVE-2012-0447 page https://www.suse.com/security/cve/CVE-2012-0449/ SUSE CVE CVE-2012-0449 page https://www.suse.com/security/cve/CVE-2012-0451/ SUSE CVE CVE-2012-0451 page https://www.suse.com/security/cve/CVE-2012-0452/ SUSE CVE CVE-2012-0452 page https://www.suse.com/security/cve/CVE-2012-0455/ SUSE CVE CVE-2012-0455 page https://www.suse.com/security/cve/CVE-2012-0456/ SUSE CVE CVE-2012-0456 page https://www.suse.com/security/cve/CVE-2012-0457/ SUSE CVE CVE-2012-0457 page https://www.suse.com/security/cve/CVE-2012-0458/ SUSE CVE CVE-2012-0458 page https://www.suse.com/security/cve/CVE-2012-0459/ SUSE CVE CVE-2012-0459 page https://www.suse.com/security/cve/CVE-2012-0460/ SUSE CVE CVE-2012-0460 page https://www.suse.com/security/cve/CVE-2012-0461/ SUSE CVE CVE-2012-0461 page https://www.suse.com/security/cve/CVE-2012-0462/ SUSE CVE CVE-2012-0462 page https://www.suse.com/security/cve/CVE-2012-0463/ SUSE CVE CVE-2012-0463 page https://www.suse.com/security/cve/CVE-2012-0464/ SUSE CVE CVE-2012-0464 page https://www.suse.com/security/cve/CVE-2012-0467/ SUSE CVE CVE-2012-0467 page https://www.suse.com/security/cve/CVE-2012-0468/ SUSE CVE CVE-2012-0468 page https://www.suse.com/security/cve/CVE-2012-0469/ SUSE CVE CVE-2012-0469 page https://www.suse.com/security/cve/CVE-2012-0470/ SUSE CVE CVE-2012-0470 page https://www.suse.com/security/cve/CVE-2012-0471/ SUSE CVE CVE-2012-0471 page https://www.suse.com/security/cve/CVE-2012-0472/ SUSE CVE CVE-2012-0472 page https://www.suse.com/security/cve/CVE-2012-0473/ SUSE CVE CVE-2012-0473 page https://www.suse.com/security/cve/CVE-2012-0474/ SUSE CVE CVE-2012-0474 page https://www.suse.com/security/cve/CVE-2012-0475/ SUSE CVE CVE-2012-0475 page https://www.suse.com/security/cve/CVE-2012-0477/ SUSE CVE CVE-2012-0477 page https://www.suse.com/security/cve/CVE-2012-0478/ SUSE CVE CVE-2012-0478 page https://www.suse.com/security/cve/CVE-2012-0479/ SUSE CVE CVE-2012-0479 page https://www.suse.com/security/cve/CVE-2012-0759/ SUSE CVE CVE-2012-0759 page https://www.suse.com/security/cve/CVE-2012-1937/ SUSE CVE CVE-2012-1937 page https://www.suse.com/security/cve/CVE-2012-1938/ SUSE CVE CVE-2012-1938 page https://www.suse.com/security/cve/CVE-2012-1940/ SUSE CVE CVE-2012-1940 page https://www.suse.com/security/cve/CVE-2012-1941/ SUSE CVE CVE-2012-1941 page https://www.suse.com/security/cve/CVE-2012-1944/ SUSE CVE CVE-2012-1944 page https://www.suse.com/security/cve/CVE-2012-1945/ SUSE CVE CVE-2012-1945 page https://www.suse.com/security/cve/CVE-2012-1946/ SUSE CVE CVE-2012-1946 page https://www.suse.com/security/cve/CVE-2012-1947/ SUSE CVE CVE-2012-1947 page https://www.suse.com/security/cve/CVE-2012-1948/ SUSE CVE CVE-2012-1948 page https://www.suse.com/security/cve/CVE-2012-1949/ SUSE CVE CVE-2012-1949 page https://www.suse.com/security/cve/CVE-2012-1951/ SUSE CVE CVE-2012-1951 page https://www.suse.com/security/cve/CVE-2012-1952/ SUSE CVE CVE-2012-1952 page https://www.suse.com/security/cve/CVE-2012-1953/ SUSE CVE CVE-2012-1953 page https://www.suse.com/security/cve/CVE-2012-1954/ SUSE CVE CVE-2012-1954 page https://www.suse.com/security/cve/CVE-2012-1955/ SUSE CVE CVE-2012-1955 page https://www.suse.com/security/cve/CVE-2012-1956/ SUSE CVE CVE-2012-1956 page https://www.suse.com/security/cve/CVE-2012-1957/ SUSE CVE CVE-2012-1957 page https://www.suse.com/security/cve/CVE-2012-1958/ SUSE CVE CVE-2012-1958 page https://www.suse.com/security/cve/CVE-2012-1959/ SUSE CVE CVE-2012-1959 page https://www.suse.com/security/cve/CVE-2012-1960/ SUSE CVE CVE-2012-1960 page https://www.suse.com/security/cve/CVE-2012-1961/ SUSE CVE CVE-2012-1961 page https://www.suse.com/security/cve/CVE-2012-1962/ SUSE CVE CVE-2012-1962 page https://www.suse.com/security/cve/CVE-2012-1963/ SUSE CVE CVE-2012-1963 page https://www.suse.com/security/cve/CVE-2012-1967/ SUSE CVE CVE-2012-1967 page https://www.suse.com/security/cve/CVE-2012-1970/ SUSE CVE CVE-2012-1970 page https://www.suse.com/security/cve/CVE-2012-1972/ SUSE CVE CVE-2012-1972 page https://www.suse.com/security/cve/CVE-2012-1973/ SUSE CVE CVE-2012-1973 page https://www.suse.com/security/cve/CVE-2012-1974/ SUSE CVE CVE-2012-1974 page https://www.suse.com/security/cve/CVE-2012-1975/ SUSE CVE CVE-2012-1975 page https://www.suse.com/security/cve/CVE-2012-1976/ SUSE CVE CVE-2012-1976 page https://www.suse.com/security/cve/CVE-2012-3956/ SUSE CVE CVE-2012-3956 page https://www.suse.com/security/cve/CVE-2012-3957/ SUSE CVE CVE-2012-3957 page https://www.suse.com/security/cve/CVE-2012-3958/ SUSE CVE CVE-2012-3958 page https://www.suse.com/security/cve/CVE-2012-3959/ SUSE CVE CVE-2012-3959 page https://www.suse.com/security/cve/CVE-2012-3960/ SUSE CVE CVE-2012-3960 page https://www.suse.com/security/cve/CVE-2012-3961/ SUSE CVE CVE-2012-3961 page https://www.suse.com/security/cve/CVE-2012-3962/ SUSE CVE CVE-2012-3962 page https://www.suse.com/security/cve/CVE-2012-3963/ SUSE CVE CVE-2012-3963 page https://www.suse.com/security/cve/CVE-2012-3964/ SUSE CVE CVE-2012-3964 page https://www.suse.com/security/cve/CVE-2012-3966/ SUSE CVE CVE-2012-3966 page https://www.suse.com/security/cve/CVE-2012-3967/ SUSE CVE CVE-2012-3967 page https://www.suse.com/security/cve/CVE-2012-3968/ SUSE CVE CVE-2012-3968 page https://www.suse.com/security/cve/CVE-2012-3969/ SUSE CVE CVE-2012-3969 page https://www.suse.com/security/cve/CVE-2012-3970/ SUSE CVE CVE-2012-3970 page https://www.suse.com/security/cve/CVE-2012-3971/ SUSE CVE CVE-2012-3971 page https://www.suse.com/security/cve/CVE-2012-3972/ SUSE CVE CVE-2012-3972 page https://www.suse.com/security/cve/CVE-2012-3975/ SUSE CVE CVE-2012-3975 page https://www.suse.com/security/cve/CVE-2012-3976/ SUSE CVE CVE-2012-3976 page https://www.suse.com/security/cve/CVE-2012-3978/ SUSE CVE CVE-2012-3978 page https://www.suse.com/security/cve/CVE-2012-3982/ SUSE CVE CVE-2012-3982 page https://www.suse.com/security/cve/CVE-2012-3983/ SUSE CVE CVE-2012-3983 page https://www.suse.com/security/cve/CVE-2012-3984/ SUSE CVE CVE-2012-3984 page https://www.suse.com/security/cve/CVE-2012-3985/ SUSE CVE CVE-2012-3985 page https://www.suse.com/security/cve/CVE-2012-3986/ SUSE CVE CVE-2012-3986 page https://www.suse.com/security/cve/CVE-2012-3988/ SUSE CVE CVE-2012-3988 page https://www.suse.com/security/cve/CVE-2012-3989/ SUSE CVE CVE-2012-3989 page https://www.suse.com/security/cve/CVE-2012-3990/ SUSE CVE CVE-2012-3990 page https://www.suse.com/security/cve/CVE-2012-3991/ SUSE CVE CVE-2012-3991 page https://www.suse.com/security/cve/CVE-2012-3992/ SUSE CVE CVE-2012-3992 page https://www.suse.com/security/cve/CVE-2012-3993/ SUSE CVE CVE-2012-3993 page https://www.suse.com/security/cve/CVE-2012-3994/ SUSE CVE CVE-2012-3994 page https://www.suse.com/security/cve/CVE-2012-3995/ SUSE CVE CVE-2012-3995 page https://www.suse.com/security/cve/CVE-2012-4179/ SUSE CVE CVE-2012-4179 page https://www.suse.com/security/cve/CVE-2012-4180/ SUSE CVE CVE-2012-4180 page https://www.suse.com/security/cve/CVE-2012-4181/ SUSE CVE CVE-2012-4181 page https://www.suse.com/security/cve/CVE-2012-4182/ SUSE CVE CVE-2012-4182 page https://www.suse.com/security/cve/CVE-2012-4183/ SUSE CVE CVE-2012-4183 page https://www.suse.com/security/cve/CVE-2012-4184/ SUSE CVE CVE-2012-4184 page https://www.suse.com/security/cve/CVE-2012-4185/ SUSE CVE CVE-2012-4185 page https://www.suse.com/security/cve/CVE-2012-4186/ SUSE CVE CVE-2012-4186 page https://www.suse.com/security/cve/CVE-2012-4187/ SUSE CVE CVE-2012-4187 page https://www.suse.com/security/cve/CVE-2012-4188/ SUSE CVE CVE-2012-4188 page https://www.suse.com/security/cve/CVE-2012-4191/ SUSE CVE CVE-2012-4191 page https://www.suse.com/security/cve/CVE-2012-4192/ SUSE CVE CVE-2012-4192 page https://www.suse.com/security/cve/CVE-2012-4193/ SUSE CVE CVE-2012-4193 page https://www.suse.com/security/cve/CVE-2012-4194/ SUSE CVE CVE-2012-4194 page https://www.suse.com/security/cve/CVE-2012-4195/ SUSE CVE CVE-2012-4195 page https://www.suse.com/security/cve/CVE-2012-4196/ SUSE CVE CVE-2012-4196 page https://www.suse.com/security/cve/CVE-2012-4201/ SUSE CVE CVE-2012-4201 page https://www.suse.com/security/cve/CVE-2012-4202/ SUSE CVE CVE-2012-4202 page https://www.suse.com/security/cve/CVE-2012-4204/ SUSE CVE CVE-2012-4204 page https://www.suse.com/security/cve/CVE-2012-4205/ SUSE CVE CVE-2012-4205 page https://www.suse.com/security/cve/CVE-2012-4207/ SUSE CVE CVE-2012-4207 page https://www.suse.com/security/cve/CVE-2012-4208/ SUSE CVE CVE-2012-4208 page https://www.suse.com/security/cve/CVE-2012-4209/ SUSE CVE CVE-2012-4209 page https://www.suse.com/security/cve/CVE-2012-4212/ SUSE CVE CVE-2012-4212 page https://www.suse.com/security/cve/CVE-2012-4213/ SUSE CVE CVE-2012-4213 page https://www.suse.com/security/cve/CVE-2012-4214/ SUSE CVE CVE-2012-4214 page https://www.suse.com/security/cve/CVE-2012-4215/ SUSE CVE CVE-2012-4215 page https://www.suse.com/security/cve/CVE-2012-4216/ SUSE CVE CVE-2012-4216 page https://www.suse.com/security/cve/CVE-2012-4217/ SUSE CVE CVE-2012-4217 page https://www.suse.com/security/cve/CVE-2012-4218/ SUSE CVE CVE-2012-4218 page https://www.suse.com/security/cve/CVE-2012-5829/ SUSE CVE CVE-2012-5829 page https://www.suse.com/security/cve/CVE-2012-5830/ SUSE CVE CVE-2012-5830 page https://www.suse.com/security/cve/CVE-2012-5833/ SUSE CVE CVE-2012-5833 page https://www.suse.com/security/cve/CVE-2012-5835/ SUSE CVE CVE-2012-5835 page https://www.suse.com/security/cve/CVE-2012-5836/ SUSE CVE CVE-2012-5836 page https://www.suse.com/security/cve/CVE-2012-5838/ SUSE CVE CVE-2012-5838 page https://www.suse.com/security/cve/CVE-2012-5839/ SUSE CVE CVE-2012-5839 page https://www.suse.com/security/cve/CVE-2012-5840/ SUSE CVE CVE-2012-5840 page https://www.suse.com/security/cve/CVE-2012-5841/ SUSE CVE CVE-2012-5841 page https://www.suse.com/security/cve/CVE-2012-5842/ SUSE CVE CVE-2012-5842 page https://www.suse.com/security/cve/CVE-2012-5843/ SUSE CVE CVE-2012-5843 page https://www.suse.com/security/cve/CVE-2013-0743/ SUSE CVE CVE-2013-0743 page https://www.suse.com/security/cve/CVE-2013-0744/ SUSE CVE CVE-2013-0744 page https://www.suse.com/security/cve/CVE-2013-0745/ SUSE CVE CVE-2013-0745 page https://www.suse.com/security/cve/CVE-2013-0746/ SUSE CVE CVE-2013-0746 page https://www.suse.com/security/cve/CVE-2013-0747/ SUSE CVE CVE-2013-0747 page https://www.suse.com/security/cve/CVE-2013-0748/ SUSE CVE CVE-2013-0748 page https://www.suse.com/security/cve/CVE-2013-0749/ SUSE CVE CVE-2013-0749 page https://www.suse.com/security/cve/CVE-2013-0750/ SUSE CVE CVE-2013-0750 page https://www.suse.com/security/cve/CVE-2013-0751/ SUSE CVE CVE-2013-0751 page https://www.suse.com/security/cve/CVE-2013-0752/ SUSE CVE CVE-2013-0752 page https://www.suse.com/security/cve/CVE-2013-0753/ SUSE CVE CVE-2013-0753 page https://www.suse.com/security/cve/CVE-2013-0754/ SUSE CVE CVE-2013-0754 page https://www.suse.com/security/cve/CVE-2013-0755/ SUSE CVE CVE-2013-0755 page https://www.suse.com/security/cve/CVE-2013-0756/ SUSE CVE CVE-2013-0756 page https://www.suse.com/security/cve/CVE-2013-0757/ SUSE CVE CVE-2013-0757 page https://www.suse.com/security/cve/CVE-2013-0758/ SUSE CVE CVE-2013-0758 page https://www.suse.com/security/cve/CVE-2013-0760/ SUSE CVE CVE-2013-0760 page https://www.suse.com/security/cve/CVE-2013-0761/ SUSE CVE CVE-2013-0761 page https://www.suse.com/security/cve/CVE-2013-0762/ SUSE CVE CVE-2013-0762 page https://www.suse.com/security/cve/CVE-2013-0763/ SUSE CVE CVE-2013-0763 page https://www.suse.com/security/cve/CVE-2013-0764/ SUSE CVE CVE-2013-0764 page https://www.suse.com/security/cve/CVE-2013-0765/ SUSE CVE CVE-2013-0765 page https://www.suse.com/security/cve/CVE-2013-0766/ SUSE CVE CVE-2013-0766 page https://www.suse.com/security/cve/CVE-2013-0767/ SUSE CVE CVE-2013-0767 page https://www.suse.com/security/cve/CVE-2013-0768/ SUSE CVE CVE-2013-0768 page https://www.suse.com/security/cve/CVE-2013-0769/ SUSE CVE CVE-2013-0769 page https://www.suse.com/security/cve/CVE-2013-0770/ SUSE CVE CVE-2013-0770 page https://www.suse.com/security/cve/CVE-2013-0771/ SUSE CVE CVE-2013-0771 page https://www.suse.com/security/cve/CVE-2013-0772/ SUSE CVE CVE-2013-0772 page https://www.suse.com/security/cve/CVE-2013-0773/ SUSE CVE CVE-2013-0773 page https://www.suse.com/security/cve/CVE-2013-0774/ SUSE CVE CVE-2013-0774 page https://www.suse.com/security/cve/CVE-2013-0775/ SUSE CVE CVE-2013-0775 page https://www.suse.com/security/cve/CVE-2013-0776/ SUSE CVE CVE-2013-0776 page https://www.suse.com/security/cve/CVE-2013-0777/ SUSE CVE CVE-2013-0777 page https://www.suse.com/security/cve/CVE-2013-0778/ SUSE CVE CVE-2013-0778 page https://www.suse.com/security/cve/CVE-2013-0779/ SUSE CVE CVE-2013-0779 page https://www.suse.com/security/cve/CVE-2013-0780/ SUSE CVE CVE-2013-0780 page https://www.suse.com/security/cve/CVE-2013-0781/ SUSE CVE CVE-2013-0781 page https://www.suse.com/security/cve/CVE-2013-0782/ SUSE CVE CVE-2013-0782 page https://www.suse.com/security/cve/CVE-2013-0783/ SUSE CVE CVE-2013-0783 page https://www.suse.com/security/cve/CVE-2013-0787/ SUSE CVE CVE-2013-0787 page https://www.suse.com/security/cve/CVE-2013-0788/ SUSE CVE CVE-2013-0788 page https://www.suse.com/security/cve/CVE-2013-0789/ SUSE CVE CVE-2013-0789 page https://www.suse.com/security/cve/CVE-2013-0792/ SUSE CVE CVE-2013-0792 page https://www.suse.com/security/cve/CVE-2013-0793/ SUSE CVE CVE-2013-0793 page https://www.suse.com/security/cve/CVE-2013-0794/ SUSE CVE CVE-2013-0794 page https://www.suse.com/security/cve/CVE-2013-0795/ SUSE CVE CVE-2013-0795 page https://www.suse.com/security/cve/CVE-2013-0796/ SUSE CVE CVE-2013-0796 page https://www.suse.com/security/cve/CVE-2013-0800/ SUSE CVE CVE-2013-0800 page https://www.suse.com/security/cve/CVE-2013-1682/ SUSE CVE CVE-2013-1682 page https://www.suse.com/security/cve/CVE-2013-1683/ SUSE CVE CVE-2013-1683 page https://www.suse.com/security/cve/CVE-2013-1684/ SUSE CVE CVE-2013-1684 page https://www.suse.com/security/cve/CVE-2013-1685/ SUSE CVE CVE-2013-1685 page https://www.suse.com/security/cve/CVE-2013-1686/ SUSE CVE CVE-2013-1686 page https://www.suse.com/security/cve/CVE-2013-1687/ SUSE CVE CVE-2013-1687 page https://www.suse.com/security/cve/CVE-2013-1688/ SUSE CVE CVE-2013-1688 page https://www.suse.com/security/cve/CVE-2013-1690/ SUSE CVE CVE-2013-1690 page https://www.suse.com/security/cve/CVE-2013-1692/ SUSE CVE CVE-2013-1692 page https://www.suse.com/security/cve/CVE-2013-1693/ SUSE CVE CVE-2013-1693 page https://www.suse.com/security/cve/CVE-2013-1694/ SUSE CVE CVE-2013-1694 page https://www.suse.com/security/cve/CVE-2013-1695/ SUSE CVE CVE-2013-1695 page https://www.suse.com/security/cve/CVE-2013-1696/ SUSE CVE CVE-2013-1696 page https://www.suse.com/security/cve/CVE-2013-1697/ SUSE CVE CVE-2013-1697 page https://www.suse.com/security/cve/CVE-2013-1698/ SUSE CVE CVE-2013-1698 page https://www.suse.com/security/cve/CVE-2013-1699/ SUSE CVE CVE-2013-1699 page https://www.suse.com/security/cve/CVE-2013-1701/ SUSE CVE CVE-2013-1701 page https://www.suse.com/security/cve/CVE-2013-1702/ SUSE CVE CVE-2013-1702 page https://www.suse.com/security/cve/CVE-2013-1704/ SUSE CVE CVE-2013-1704 page https://www.suse.com/security/cve/CVE-2013-1705/ SUSE CVE CVE-2013-1705 page https://www.suse.com/security/cve/CVE-2013-1708/ SUSE CVE CVE-2013-1708 page https://www.suse.com/security/cve/CVE-2013-1709/ SUSE CVE CVE-2013-1709 page https://www.suse.com/security/cve/CVE-2013-1710/ SUSE CVE CVE-2013-1710 page https://www.suse.com/security/cve/CVE-2013-1711/ SUSE CVE CVE-2013-1711 page https://www.suse.com/security/cve/CVE-2013-1713/ SUSE CVE CVE-2013-1713 page https://www.suse.com/security/cve/CVE-2013-1714/ SUSE CVE CVE-2013-1714 page https://www.suse.com/security/cve/CVE-2013-1717/ SUSE CVE CVE-2013-1717 page https://www.suse.com/security/cve/CVE-2013-1718/ SUSE CVE CVE-2013-1718 page https://www.suse.com/security/cve/CVE-2013-1719/ SUSE CVE CVE-2013-1719 page https://www.suse.com/security/cve/CVE-2013-1720/ SUSE CVE CVE-2013-1720 page https://www.suse.com/security/cve/CVE-2013-1721/ SUSE CVE CVE-2013-1721 page https://www.suse.com/security/cve/CVE-2013-1722/ SUSE CVE CVE-2013-1722 page https://www.suse.com/security/cve/CVE-2013-1723/ SUSE CVE CVE-2013-1723 page https://www.suse.com/security/cve/CVE-2013-1724/ SUSE CVE CVE-2013-1724 page https://www.suse.com/security/cve/CVE-2013-1725/ SUSE CVE CVE-2013-1725 page https://www.suse.com/security/cve/CVE-2013-1728/ SUSE CVE CVE-2013-1728 page https://www.suse.com/security/cve/CVE-2013-1730/ SUSE CVE CVE-2013-1730 page https://www.suse.com/security/cve/CVE-2013-1732/ SUSE CVE CVE-2013-1732 page https://www.suse.com/security/cve/CVE-2013-1735/ SUSE CVE CVE-2013-1735 page https://www.suse.com/security/cve/CVE-2013-1736/ SUSE CVE CVE-2013-1736 page https://www.suse.com/security/cve/CVE-2013-1737/ SUSE CVE CVE-2013-1737 page https://www.suse.com/security/cve/CVE-2013-1738/ SUSE CVE CVE-2013-1738 page https://www.suse.com/security/cve/CVE-2013-5590/ SUSE CVE CVE-2013-5590 page https://www.suse.com/security/cve/CVE-2013-5591/ SUSE CVE CVE-2013-5591 page https://www.suse.com/security/cve/CVE-2013-5592/ SUSE CVE CVE-2013-5592 page https://www.suse.com/security/cve/CVE-2013-5593/ SUSE CVE CVE-2013-5593 page https://www.suse.com/security/cve/CVE-2013-5595/ SUSE CVE CVE-2013-5595 page https://www.suse.com/security/cve/CVE-2013-5596/ SUSE CVE CVE-2013-5596 page https://www.suse.com/security/cve/CVE-2013-5597/ SUSE CVE CVE-2013-5597 page https://www.suse.com/security/cve/CVE-2013-5598/ SUSE CVE CVE-2013-5598 page https://www.suse.com/security/cve/CVE-2013-5599/ SUSE CVE CVE-2013-5599 page https://www.suse.com/security/cve/CVE-2013-5600/ SUSE CVE CVE-2013-5600 page https://www.suse.com/security/cve/CVE-2013-5601/ SUSE CVE CVE-2013-5601 page https://www.suse.com/security/cve/CVE-2013-5602/ SUSE CVE CVE-2013-5602 page https://www.suse.com/security/cve/CVE-2013-5603/ SUSE CVE CVE-2013-5603 page https://www.suse.com/security/cve/CVE-2013-5604/ SUSE CVE CVE-2013-5604 page https://www.suse.com/security/cve/CVE-2013-5609/ SUSE CVE CVE-2013-5609 page https://www.suse.com/security/cve/CVE-2013-5610/ SUSE CVE CVE-2013-5610 page https://www.suse.com/security/cve/CVE-2013-5611/ SUSE CVE CVE-2013-5611 page https://www.suse.com/security/cve/CVE-2013-5612/ SUSE CVE CVE-2013-5612 page https://www.suse.com/security/cve/CVE-2013-5613/ SUSE CVE CVE-2013-5613 page https://www.suse.com/security/cve/CVE-2013-5614/ SUSE CVE CVE-2013-5614 page https://www.suse.com/security/cve/CVE-2013-5615/ SUSE CVE CVE-2013-5615 page https://www.suse.com/security/cve/CVE-2013-5616/ SUSE CVE CVE-2013-5616 page https://www.suse.com/security/cve/CVE-2013-5618/ SUSE CVE CVE-2013-5618 page https://www.suse.com/security/cve/CVE-2013-5619/ SUSE CVE CVE-2013-5619 page https://www.suse.com/security/cve/CVE-2013-6629/ SUSE CVE CVE-2013-6629 page https://www.suse.com/security/cve/CVE-2013-6630/ SUSE CVE CVE-2013-6630 page https://www.suse.com/security/cve/CVE-2013-6671/ SUSE CVE CVE-2013-6671 page https://www.suse.com/security/cve/CVE-2013-6672/ SUSE CVE CVE-2013-6672 page https://www.suse.com/security/cve/CVE-2013-6673/ SUSE CVE CVE-2013-6673 page https://www.suse.com/security/cve/CVE-2014-1477/ SUSE CVE CVE-2014-1477 page https://www.suse.com/security/cve/CVE-2014-1478/ SUSE CVE CVE-2014-1478 page https://www.suse.com/security/cve/CVE-2014-1479/ SUSE CVE CVE-2014-1479 page https://www.suse.com/security/cve/CVE-2014-1480/ SUSE CVE CVE-2014-1480 page https://www.suse.com/security/cve/CVE-2014-1481/ SUSE CVE CVE-2014-1481 page https://www.suse.com/security/cve/CVE-2014-1482/ SUSE CVE CVE-2014-1482 page https://www.suse.com/security/cve/CVE-2014-1483/ SUSE CVE CVE-2014-1483 page https://www.suse.com/security/cve/CVE-2014-1485/ SUSE CVE CVE-2014-1485 page https://www.suse.com/security/cve/CVE-2014-1486/ SUSE CVE CVE-2014-1486 page https://www.suse.com/security/cve/CVE-2014-1487/ SUSE CVE CVE-2014-1487 page https://www.suse.com/security/cve/CVE-2014-1488/ SUSE CVE CVE-2014-1488 page https://www.suse.com/security/cve/CVE-2014-1490/ SUSE CVE CVE-2014-1490 page https://www.suse.com/security/cve/CVE-2014-1491/ SUSE CVE CVE-2014-1491 page https://www.suse.com/security/cve/CVE-2014-1492/ SUSE CVE CVE-2014-1492 page https://www.suse.com/security/cve/CVE-2014-1493/ SUSE CVE CVE-2014-1493 page https://www.suse.com/security/cve/CVE-2014-1494/ SUSE CVE CVE-2014-1494 page https://www.suse.com/security/cve/CVE-2014-1497/ SUSE CVE CVE-2014-1497 page https://www.suse.com/security/cve/CVE-2014-1498/ SUSE CVE CVE-2014-1498 page https://www.suse.com/security/cve/CVE-2014-1499/ SUSE CVE CVE-2014-1499 page https://www.suse.com/security/cve/CVE-2014-1500/ SUSE CVE CVE-2014-1500 page https://www.suse.com/security/cve/CVE-2014-1502/ SUSE CVE CVE-2014-1502 page https://www.suse.com/security/cve/CVE-2014-1504/ SUSE CVE CVE-2014-1504 page https://www.suse.com/security/cve/CVE-2014-1505/ SUSE CVE CVE-2014-1505 page https://www.suse.com/security/cve/CVE-2014-1508/ SUSE CVE CVE-2014-1508 page https://www.suse.com/security/cve/CVE-2014-1509/ SUSE CVE CVE-2014-1509 page https://www.suse.com/security/cve/CVE-2014-1510/ SUSE CVE CVE-2014-1510 page https://www.suse.com/security/cve/CVE-2014-1511/ SUSE CVE CVE-2014-1511 page https://www.suse.com/security/cve/CVE-2014-1512/ SUSE CVE CVE-2014-1512 page https://www.suse.com/security/cve/CVE-2014-1513/ SUSE CVE CVE-2014-1513 page https://www.suse.com/security/cve/CVE-2014-1514/ SUSE CVE CVE-2014-1514 page https://www.suse.com/security/cve/CVE-2014-1518/ SUSE CVE CVE-2014-1518 page https://www.suse.com/security/cve/CVE-2014-1519/ SUSE CVE CVE-2014-1519 page https://www.suse.com/security/cve/CVE-2014-1522/ SUSE CVE CVE-2014-1522 page https://www.suse.com/security/cve/CVE-2014-1523/ SUSE CVE CVE-2014-1523 page https://www.suse.com/security/cve/CVE-2014-1524/ SUSE CVE CVE-2014-1524 page https://www.suse.com/security/cve/CVE-2014-1525/ SUSE CVE CVE-2014-1525 page https://www.suse.com/security/cve/CVE-2014-1526/ SUSE CVE CVE-2014-1526 page https://www.suse.com/security/cve/CVE-2014-1528/ SUSE CVE CVE-2014-1528 page https://www.suse.com/security/cve/CVE-2014-1529/ SUSE CVE CVE-2014-1529 page https://www.suse.com/security/cve/CVE-2014-1530/ SUSE CVE CVE-2014-1530 page https://www.suse.com/security/cve/CVE-2014-1531/ SUSE CVE CVE-2014-1531 page https://www.suse.com/security/cve/CVE-2014-1532/ SUSE CVE CVE-2014-1532 page https://www.suse.com/security/cve/CVE-2014-1533/ SUSE CVE CVE-2014-1533 page https://www.suse.com/security/cve/CVE-2014-1534/ SUSE CVE CVE-2014-1534 page https://www.suse.com/security/cve/CVE-2014-1536/ SUSE CVE CVE-2014-1536 page https://www.suse.com/security/cve/CVE-2014-1537/ SUSE CVE CVE-2014-1537 page https://www.suse.com/security/cve/CVE-2014-1538/ SUSE CVE CVE-2014-1538 page https://www.suse.com/security/cve/CVE-2014-1539/ SUSE CVE CVE-2014-1539 page https://www.suse.com/security/cve/CVE-2014-1540/ SUSE CVE CVE-2014-1540 page https://www.suse.com/security/cve/CVE-2014-1541/ SUSE CVE CVE-2014-1541 page https://www.suse.com/security/cve/CVE-2014-1542/ SUSE CVE CVE-2014-1542 page https://www.suse.com/security/cve/CVE-2014-1543/ SUSE CVE CVE-2014-1543 page https://www.suse.com/security/cve/CVE-2014-1545/ SUSE CVE CVE-2014-1545 page https://www.suse.com/security/cve/CVE-2014-1574/ SUSE CVE CVE-2014-1574 page https://www.suse.com/security/cve/CVE-2014-1575/ SUSE CVE CVE-2014-1575 page https://www.suse.com/security/cve/CVE-2014-1576/ SUSE CVE CVE-2014-1576 page https://www.suse.com/security/cve/CVE-2014-1577/ SUSE CVE CVE-2014-1577 page https://www.suse.com/security/cve/CVE-2014-1578/ SUSE CVE CVE-2014-1578 page https://www.suse.com/security/cve/CVE-2014-1580/ SUSE CVE CVE-2014-1580 page https://www.suse.com/security/cve/CVE-2014-1581/ SUSE CVE CVE-2014-1581 page https://www.suse.com/security/cve/CVE-2014-1582/ SUSE CVE CVE-2014-1582 page https://www.suse.com/security/cve/CVE-2014-1583/ SUSE CVE CVE-2014-1583 page https://www.suse.com/security/cve/CVE-2014-1584/ SUSE CVE CVE-2014-1584 page https://www.suse.com/security/cve/CVE-2014-1585/ SUSE CVE CVE-2014-1585 page https://www.suse.com/security/cve/CVE-2014-1586/ SUSE CVE CVE-2014-1586 page https://www.suse.com/security/cve/CVE-2014-1587/ SUSE CVE CVE-2014-1587 page https://www.suse.com/security/cve/CVE-2014-1588/ SUSE CVE CVE-2014-1588 page https://www.suse.com/security/cve/CVE-2014-1589/ SUSE CVE CVE-2014-1589 page https://www.suse.com/security/cve/CVE-2014-1590/ SUSE CVE CVE-2014-1590 page https://www.suse.com/security/cve/CVE-2014-1591/ SUSE CVE CVE-2014-1591 page https://www.suse.com/security/cve/CVE-2014-1592/ SUSE CVE CVE-2014-1592 page https://www.suse.com/security/cve/CVE-2014-1593/ SUSE CVE CVE-2014-1593 page https://www.suse.com/security/cve/CVE-2014-1594/ SUSE CVE CVE-2014-1594 page https://www.suse.com/security/cve/CVE-2014-8634/ SUSE CVE CVE-2014-8634 page https://www.suse.com/security/cve/CVE-2014-8635/ SUSE CVE CVE-2014-8635 page https://www.suse.com/security/cve/CVE-2014-8636/ SUSE CVE CVE-2014-8636 page https://www.suse.com/security/cve/CVE-2014-8637/ SUSE CVE CVE-2014-8637 page https://www.suse.com/security/cve/CVE-2014-8638/ SUSE CVE CVE-2014-8638 page https://www.suse.com/security/cve/CVE-2014-8639/ SUSE CVE CVE-2014-8639 page https://www.suse.com/security/cve/CVE-2014-8640/ SUSE CVE CVE-2014-8640 page https://www.suse.com/security/cve/CVE-2014-8641/ SUSE CVE CVE-2014-8641 page https://www.suse.com/security/cve/CVE-2014-8642/ SUSE CVE CVE-2014-8642 page https://www.suse.com/security/cve/CVE-2014-8643/ SUSE CVE CVE-2014-8643 page https://www.suse.com/security/cve/CVE-2015-0817/ SUSE CVE CVE-2015-0817 page https://www.suse.com/security/cve/CVE-2015-0818/ SUSE CVE CVE-2015-0818 page https://www.suse.com/security/cve/CVE-2015-0819/ SUSE CVE CVE-2015-0819 page https://www.suse.com/security/cve/CVE-2015-0820/ SUSE CVE CVE-2015-0820 page https://www.suse.com/security/cve/CVE-2015-0821/ SUSE CVE CVE-2015-0821 page https://www.suse.com/security/cve/CVE-2015-0822/ SUSE CVE CVE-2015-0822 page https://www.suse.com/security/cve/CVE-2015-0823/ SUSE CVE CVE-2015-0823 page https://www.suse.com/security/cve/CVE-2015-0824/ SUSE CVE CVE-2015-0824 page https://www.suse.com/security/cve/CVE-2015-0825/ SUSE CVE CVE-2015-0825 page https://www.suse.com/security/cve/CVE-2015-0826/ SUSE CVE CVE-2015-0826 page https://www.suse.com/security/cve/CVE-2015-0827/ SUSE CVE CVE-2015-0827 page https://www.suse.com/security/cve/CVE-2015-0828/ SUSE CVE CVE-2015-0828 page https://www.suse.com/security/cve/CVE-2015-0829/ SUSE CVE CVE-2015-0829 page https://www.suse.com/security/cve/CVE-2015-0830/ SUSE CVE CVE-2015-0830 page https://www.suse.com/security/cve/CVE-2015-0831/ SUSE CVE CVE-2015-0831 page https://www.suse.com/security/cve/CVE-2015-0832/ SUSE CVE CVE-2015-0832 page https://www.suse.com/security/cve/CVE-2015-0833/ SUSE CVE CVE-2015-0833 page https://www.suse.com/security/cve/CVE-2015-0834/ SUSE CVE CVE-2015-0834 page https://www.suse.com/security/cve/CVE-2015-0835/ SUSE CVE CVE-2015-0835 page https://www.suse.com/security/cve/CVE-2015-0836/ SUSE CVE CVE-2015-0836 page https://www.suse.com/security/cve/CVE-2015-4500/ SUSE CVE CVE-2015-4500 page https://www.suse.com/security/cve/CVE-2015-4501/ SUSE CVE CVE-2015-4501 page https://www.suse.com/security/cve/CVE-2015-4502/ SUSE CVE CVE-2015-4502 page https://www.suse.com/security/cve/CVE-2015-4503/ SUSE CVE CVE-2015-4503 page https://www.suse.com/security/cve/CVE-2015-4504/ SUSE CVE CVE-2015-4504 page https://www.suse.com/security/cve/CVE-2015-4505/ SUSE CVE CVE-2015-4505 page https://www.suse.com/security/cve/CVE-2015-4506/ SUSE CVE CVE-2015-4506 page https://www.suse.com/security/cve/CVE-2015-4507/ SUSE CVE CVE-2015-4507 page https://www.suse.com/security/cve/CVE-2015-4509/ SUSE CVE CVE-2015-4509 page https://www.suse.com/security/cve/CVE-2015-4510/ SUSE CVE CVE-2015-4510 page https://www.suse.com/security/cve/CVE-2015-4511/ SUSE CVE CVE-2015-4511 page https://www.suse.com/security/cve/CVE-2015-4512/ SUSE CVE CVE-2015-4512 page https://www.suse.com/security/cve/CVE-2015-4513/ SUSE CVE CVE-2015-4513 page https://www.suse.com/security/cve/CVE-2015-4514/ SUSE CVE CVE-2015-4514 page https://www.suse.com/security/cve/CVE-2015-4515/ SUSE CVE CVE-2015-4515 page https://www.suse.com/security/cve/CVE-2015-4516/ SUSE CVE CVE-2015-4516 page https://www.suse.com/security/cve/CVE-2015-4517/ SUSE CVE CVE-2015-4517 page https://www.suse.com/security/cve/CVE-2015-4518/ SUSE CVE CVE-2015-4518 page https://www.suse.com/security/cve/CVE-2015-4519/ SUSE CVE CVE-2015-4519 page https://www.suse.com/security/cve/CVE-2015-4520/ SUSE CVE CVE-2015-4520 page https://www.suse.com/security/cve/CVE-2015-4521/ SUSE CVE CVE-2015-4521 page https://www.suse.com/security/cve/CVE-2015-4522/ SUSE CVE CVE-2015-4522 page https://www.suse.com/security/cve/CVE-2015-7174/ SUSE CVE CVE-2015-7174 page https://www.suse.com/security/cve/CVE-2015-7175/ SUSE CVE CVE-2015-7175 page https://www.suse.com/security/cve/CVE-2015-7176/ SUSE CVE CVE-2015-7176 page https://www.suse.com/security/cve/CVE-2015-7177/ SUSE CVE CVE-2015-7177 page https://www.suse.com/security/cve/CVE-2015-7178/ SUSE CVE CVE-2015-7178 page https://www.suse.com/security/cve/CVE-2015-7179/ SUSE CVE CVE-2015-7179 page https://www.suse.com/security/cve/CVE-2015-7180/ SUSE CVE CVE-2015-7180 page https://www.suse.com/security/cve/CVE-2015-7181/ SUSE CVE CVE-2015-7181 page https://www.suse.com/security/cve/CVE-2015-7182/ SUSE CVE CVE-2015-7182 page https://www.suse.com/security/cve/CVE-2015-7183/ SUSE CVE CVE-2015-7183 page https://www.suse.com/security/cve/CVE-2015-7185/ SUSE CVE CVE-2015-7185 page https://www.suse.com/security/cve/CVE-2015-7186/ SUSE CVE CVE-2015-7186 page https://www.suse.com/security/cve/CVE-2015-7187/ SUSE CVE CVE-2015-7187 page https://www.suse.com/security/cve/CVE-2015-7188/ SUSE CVE CVE-2015-7188 page https://www.suse.com/security/cve/CVE-2015-7189/ SUSE CVE CVE-2015-7189 page https://www.suse.com/security/cve/CVE-2015-7190/ SUSE CVE CVE-2015-7190 page https://www.suse.com/security/cve/CVE-2015-7191/ SUSE CVE CVE-2015-7191 page https://www.suse.com/security/cve/CVE-2015-7192/ SUSE CVE CVE-2015-7192 page https://www.suse.com/security/cve/CVE-2015-7193/ SUSE CVE CVE-2015-7193 page https://www.suse.com/security/cve/CVE-2015-7194/ SUSE CVE CVE-2015-7194 page https://www.suse.com/security/cve/CVE-2015-7195/ SUSE CVE CVE-2015-7195 page https://www.suse.com/security/cve/CVE-2015-7196/ SUSE CVE CVE-2015-7196 page https://www.suse.com/security/cve/CVE-2015-7197/ SUSE CVE CVE-2015-7197 page https://www.suse.com/security/cve/CVE-2015-7198/ SUSE CVE CVE-2015-7198 page https://www.suse.com/security/cve/CVE-2015-7199/ SUSE CVE CVE-2015-7199 page https://www.suse.com/security/cve/CVE-2015-7200/ SUSE CVE CVE-2015-7200 page https://www.suse.com/security/cve/CVE-2015-7201/ SUSE CVE CVE-2015-7201 page https://www.suse.com/security/cve/CVE-2015-7202/ SUSE CVE CVE-2015-7202 page https://www.suse.com/security/cve/CVE-2015-7203/ SUSE CVE CVE-2015-7203 page https://www.suse.com/security/cve/CVE-2015-7204/ SUSE CVE CVE-2015-7204 page https://www.suse.com/security/cve/CVE-2015-7205/ SUSE CVE CVE-2015-7205 page https://www.suse.com/security/cve/CVE-2015-7207/ SUSE CVE CVE-2015-7207 page https://www.suse.com/security/cve/CVE-2015-7208/ SUSE CVE CVE-2015-7208 page https://www.suse.com/security/cve/CVE-2015-7210/ SUSE CVE CVE-2015-7210 page https://www.suse.com/security/cve/CVE-2015-7211/ SUSE CVE CVE-2015-7211 page https://www.suse.com/security/cve/CVE-2015-7212/ SUSE CVE CVE-2015-7212 page https://www.suse.com/security/cve/CVE-2015-7213/ SUSE CVE CVE-2015-7213 page https://www.suse.com/security/cve/CVE-2015-7214/ SUSE CVE CVE-2015-7214 page https://www.suse.com/security/cve/CVE-2015-7215/ SUSE CVE CVE-2015-7215 page https://www.suse.com/security/cve/CVE-2015-7216/ SUSE CVE CVE-2015-7216 page https://www.suse.com/security/cve/CVE-2015-7217/ SUSE CVE CVE-2015-7217 page https://www.suse.com/security/cve/CVE-2015-7218/ SUSE CVE CVE-2015-7218 page https://www.suse.com/security/cve/CVE-2015-7219/ SUSE CVE CVE-2015-7219 page https://www.suse.com/security/cve/CVE-2015-7220/ SUSE CVE CVE-2015-7220 page https://www.suse.com/security/cve/CVE-2015-7221/ SUSE CVE CVE-2015-7221 page https://www.suse.com/security/cve/CVE-2015-7222/ SUSE CVE CVE-2015-7222 page https://www.suse.com/security/cve/CVE-2015-7223/ SUSE CVE CVE-2015-7223 page https://www.suse.com/security/cve/CVE-2015-7575/ SUSE CVE CVE-2015-7575 page https://www.suse.com/security/cve/CVE-2016-6354/ SUSE CVE CVE-2016-6354 page openSUSE Tumbleweed seamonkey-2.40-6.1 seamonkey-dom-inspector-2.40-6.1 seamonkey-irc-2.40-6.1 seamonkey-translations-common-2.40-6.1 seamonkey-translations-other-2.40-6.1 seamonkey-2.40-6.1 as a component of openSUSE Tumbleweed seamonkey-dom-inspector-2.40-6.1 as a component of openSUSE Tumbleweed seamonkey-irc-2.40-6.1 as a component of openSUSE Tumbleweed seamonkey-translations-common-2.40-6.1 as a component of openSUSE Tumbleweed seamonkey-translations-other-2.40-6.1 as a component of openSUSE Tumbleweed The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." CVE-2008-5913 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-5913.html CVE-2008-5913 https://bugzilla.suse.com/468762 SUSE Bug 468762 https://bugzilla.suse.com/603356 SUSE Bug 603356 The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. CVE-2009-0040 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-0040.html CVE-2009-0040 https://bugzilla.suse.com/472745 SUSE Bug 472745 https://bugzilla.suse.com/478625 SUSE Bug 478625 https://bugzilla.suse.com/608040 SUSE Bug 608040 The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. CVE-2009-0771 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-0771.html CVE-2009-0771 https://bugzilla.suse.com/478625 SUSE Bug 478625 The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. CVE-2009-0772 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-0772.html CVE-2009-0772 https://bugzilla.suse.com/478625 SUSE Bug 478625 The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. CVE-2009-0773 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-0773.html CVE-2009-0773 https://bugzilla.suse.com/478625 SUSE Bug 478625 The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. CVE-2009-0774 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-0774.html CVE-2009-0774 https://bugzilla.suse.com/478625 SUSE Bug 478625 nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. CVE-2009-0776 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-0776.html CVE-2009-0776 https://bugzilla.suse.com/465291 SUSE Bug 465291 https://bugzilla.suse.com/478625 SUSE Bug 478625 Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. CVE-2009-1044 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1044.html CVE-2009-1044 https://bugzilla.suse.com/465291 SUSE Bug 465291 https://bugzilla.suse.com/488955 SUSE Bug 488955 The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. CVE-2009-1169 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1169.html CVE-2009-1169 https://bugzilla.suse.com/488955 SUSE Bug 488955 https://bugzilla.suse.com/509766 SUSE Bug 509766 https://bugzilla.suse.com/510964 SUSE Bug 510964 https://bugzilla.suse.com/515951 SUSE Bug 515951 Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. CVE-2009-1571 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1571.html CVE-2009-1571 https://bugzilla.suse.com/576969 SUSE Bug 576969 https://bugzilla.suse.com/581160 SUSE Bug 581160 https://bugzilla.suse.com/584499 SUSE Bug 584499 liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." CVE-2009-3388 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3388.html CVE-2009-3388 https://bugzilla.suse.com/559807 SUSE Bug 559807 Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. CVE-2009-3389 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3389.html CVE-2009-3389 https://bugzilla.suse.com/559807 SUSE Bug 559807 https://bugzilla.suse.com/581722 SUSE Bug 581722 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. CVE-2009-3555 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3555.html CVE-2009-3555 https://bugzilla.suse.com/1077582 SUSE Bug 1077582 https://bugzilla.suse.com/459468 SUSE Bug 459468 https://bugzilla.suse.com/552497 SUSE Bug 552497 https://bugzilla.suse.com/553641 SUSE Bug 553641 https://bugzilla.suse.com/554069 SUSE Bug 554069 https://bugzilla.suse.com/554084 SUSE Bug 554084 https://bugzilla.suse.com/554085 SUSE Bug 554085 https://bugzilla.suse.com/555177 SUSE Bug 555177 https://bugzilla.suse.com/557168 SUSE Bug 557168 https://bugzilla.suse.com/564507 SUSE Bug 564507 https://bugzilla.suse.com/566041 SUSE Bug 566041 https://bugzilla.suse.com/584292 SUSE Bug 584292 https://bugzilla.suse.com/586567 SUSE Bug 586567 https://bugzilla.suse.com/588996 SUSE Bug 588996 https://bugzilla.suse.com/590826 SUSE Bug 590826 https://bugzilla.suse.com/592589 SUSE Bug 592589 https://bugzilla.suse.com/594415 SUSE Bug 594415 https://bugzilla.suse.com/604782 SUSE Bug 604782 https://bugzilla.suse.com/614753 SUSE Bug 614753 https://bugzilla.suse.com/622073 SUSE Bug 622073 https://bugzilla.suse.com/623905 SUSE Bug 623905 https://bugzilla.suse.com/629905 SUSE Bug 629905 https://bugzilla.suse.com/642531 SUSE Bug 642531 https://bugzilla.suse.com/646073 SUSE Bug 646073 https://bugzilla.suse.com/646906 SUSE Bug 646906 https://bugzilla.suse.com/648140 SUSE Bug 648140 https://bugzilla.suse.com/648950 SUSE Bug 648950 https://bugzilla.suse.com/659926 SUSE Bug 659926 https://bugzilla.suse.com/670152 SUSE Bug 670152 https://bugzilla.suse.com/704832 SUSE Bug 704832 https://bugzilla.suse.com/728876 SUSE Bug 728876 https://bugzilla.suse.com/729181 SUSE Bug 729181 https://bugzilla.suse.com/753357 SUSE Bug 753357 https://bugzilla.suse.com/791794 SUSE Bug 791794 https://bugzilla.suse.com/799454 SUSE Bug 799454 https://bugzilla.suse.com/815621 SUSE Bug 815621 https://bugzilla.suse.com/905347 SUSE Bug 905347 https://bugzilla.suse.com/979060 SUSE Bug 979060 https://bugzilla.suse.com/986238 SUSE Bug 986238 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3979 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3979.html CVE-2009-3979 https://bugzilla.suse.com/559807 SUSE Bug 559807 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3980 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3980.html CVE-2009-3980 https://bugzilla.suse.com/559807 SUSE Bug 559807 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3982 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3982.html CVE-2009-3982 https://bugzilla.suse.com/559807 SUSE Bug 559807 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. CVE-2009-3983 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3983.html CVE-2009-3983 https://bugzilla.suse.com/559807 SUSE Bug 559807 https://bugzilla.suse.com/590499 SUSE Bug 590499 https://bugzilla.suse.com/607935 SUSE Bug 607935 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. CVE-2009-3984 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3984.html CVE-2009-3984 https://bugzilla.suse.com/559807 SUSE Bug 559807 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. CVE-2009-3985 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3985.html CVE-2009-3985 https://bugzilla.suse.com/559807 SUSE Bug 559807 Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. CVE-2009-3988 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3988.html CVE-2009-3988 https://bugzilla.suse.com/576969 SUSE Bug 576969 https://bugzilla.suse.com/581160 SUSE Bug 581160 https://bugzilla.suse.com/584499 SUSE Bug 584499 The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. CVE-2010-0159 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0159.html CVE-2010-0159 https://bugzilla.suse.com/576969 SUSE Bug 576969 https://bugzilla.suse.com/581160 SUSE Bug 581160 https://bugzilla.suse.com/584499 SUSE Bug 584499 The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. CVE-2010-0160 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0160.html CVE-2010-0160 https://bugzilla.suse.com/576969 SUSE Bug 576969 https://bugzilla.suse.com/581160 SUSE Bug 581160 https://bugzilla.suse.com/584499 SUSE Bug 584499 Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. CVE-2010-0162 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0162.html CVE-2010-0162 https://bugzilla.suse.com/576969 SUSE Bug 576969 https://bugzilla.suse.com/581160 SUSE Bug 581160 https://bugzilla.suse.com/584499 SUSE Bug 584499 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-0173 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0173.html CVE-2010-0173 https://bugzilla.suse.com/586567 SUSE Bug 586567 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-0174 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0174.html CVE-2010-0174 https://bugzilla.suse.com/586567 SUSE Bug 586567 Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. CVE-2010-0175 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0175.html CVE-2010-0175 https://bugzilla.suse.com/586567 SUSE Bug 586567 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." CVE-2010-0176 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0176.html CVE-2010-0176 https://bugzilla.suse.com/586567 SUSE Bug 586567 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability." CVE-2010-0177 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0177.html CVE-2010-0177 https://bugzilla.suse.com/586567 SUSE Bug 586567 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. CVE-2010-0178 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0178.html CVE-2010-0178 https://bugzilla.suse.com/586567 SUSE Bug 586567 Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. CVE-2010-0179 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0179.html CVE-2010-0179 https://bugzilla.suse.com/586567 SUSE Bug 586567 https://bugzilla.suse.com/657016 SUSE Bug 657016 Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images. CVE-2010-0181 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0181.html CVE-2010-0181 https://bugzilla.suse.com/586567 SUSE Bug 586567 The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. CVE-2010-0182 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0182.html CVE-2010-0182 https://bugzilla.suse.com/586567 SUSE Bug 586567 Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus. CVE-2010-0183 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0183.html CVE-2010-0183 https://bugzilla.suse.com/603356 SUSE Bug 603356 https://bugzilla.suse.com/617399 SUSE Bug 617399 Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. CVE-2010-0654 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0654.html CVE-2010-0654 https://bugzilla.suse.com/583603 SUSE Bug 583603 https://bugzilla.suse.com/622506 SUSE Bug 622506 Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. CVE-2010-1121 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1121.html CVE-2010-1121 https://bugzilla.suse.com/603356 SUSE Bug 603356 The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. CVE-2010-1125 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1125.html CVE-2010-1125 https://bugzilla.suse.com/603356 SUSE Bug 603356 Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. CVE-2010-1196 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1196.html CVE-2010-1196 https://bugzilla.suse.com/603356 SUSE Bug 603356 https://bugzilla.suse.com/617399 SUSE Bug 617399 Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document. CVE-2010-1197 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1197.html CVE-2010-1197 https://bugzilla.suse.com/603356 SUSE Bug 603356 https://bugzilla.suse.com/617399 SUSE Bug 617399 Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances. CVE-2010-1198 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1198.html CVE-2010-1198 https://bugzilla.suse.com/603356 SUSE Bug 603356 https://bugzilla.suse.com/617399 SUSE Bug 617399 Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. CVE-2010-1199 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1199.html CVE-2010-1199 https://bugzilla.suse.com/603356 SUSE Bug 603356 https://bugzilla.suse.com/617399 SUSE Bug 617399 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-1200 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1200.html CVE-2010-1200 https://bugzilla.suse.com/603356 SUSE Bug 603356 https://bugzilla.suse.com/617399 SUSE Bug 617399 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-1201 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1201.html CVE-2010-1201 https://bugzilla.suse.com/603356 SUSE Bug 603356 https://bugzilla.suse.com/617399 SUSE Bug 617399 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-1202 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1202.html CVE-2010-1202 https://bugzilla.suse.com/603356 SUSE Bug 603356 https://bugzilla.suse.com/617399 SUSE Bug 617399 The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp. CVE-2010-1203 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1203.html CVE-2010-1203 https://bugzilla.suse.com/603356 SUSE Bug 603356 https://bugzilla.suse.com/617399 SUSE Bug 617399 Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. CVE-2010-1205 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1205.html CVE-2010-1205 https://bugzilla.suse.com/1188284 SUSE Bug 1188284 https://bugzilla.suse.com/617866 SUSE Bug 617866 https://bugzilla.suse.com/622506 SUSE Bug 622506 https://bugzilla.suse.com/639941 SUSE Bug 639941 https://bugzilla.suse.com/854395 SUSE Bug 854395 The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. CVE-2010-1206 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1206.html CVE-2010-1206 https://bugzilla.suse.com/618183 SUSE Bug 618183 https://bugzilla.suse.com/622506 SUSE Bug 622506 Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count. CVE-2010-1208 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1208.html CVE-2010-1208 https://bugzilla.suse.com/622506 SUSE Bug 622506 Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. CVE-2010-1209 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1209.html CVE-2010-1209 https://bugzilla.suse.com/622506 SUSE Bug 622506 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-1211 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1211.html CVE-2010-1211 https://bugzilla.suse.com/622506 SUSE Bug 622506 js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function. CVE-2010-1212 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1212.html CVE-2010-1212 https://bugzilla.suse.com/622506 SUSE Bug 622506 The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. CVE-2010-1213 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1213.html CVE-2010-1213 https://bugzilla.suse.com/622506 SUSE Bug 622506 Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements. CVE-2010-1214 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1214.html CVE-2010-1214 https://bugzilla.suse.com/622506 SUSE Bug 622506 The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. CVE-2010-1585 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1585.html CVE-2010-1585 https://bugzilla.suse.com/667155 SUSE Bug 667155 https://bugzilla.suse.com/679570 SUSE Bug 679570 The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions. CVE-2010-2751 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2751.html CVE-2010-2751 https://bugzilla.suse.com/622506 SUSE Bug 622506 Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers. CVE-2010-2752 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2752.html CVE-2010-2752 https://bugzilla.suse.com/622506 SUSE Bug 622506 Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. CVE-2010-2753 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2753.html CVE-2010-2753 https://bugzilla.suse.com/622506 SUSE Bug 622506 https://bugzilla.suse.com/637303 SUSE Bug 637303 dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. CVE-2010-2754 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2754.html CVE-2010-2754 https://bugzilla.suse.com/622506 SUSE Bug 622506 Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. CVE-2010-2760 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2760.html CVE-2010-2760 https://bugzilla.suse.com/637303 SUSE Bug 637303 https://bugzilla.suse.com/638109 SUSE Bug 638109 The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function. CVE-2010-2763 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2763.html CVE-2010-2763 https://bugzilla.suse.com/637303 SUSE Bug 637303 https://bugzilla.suse.com/638109 SUSE Bug 638109 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests. CVE-2010-2764 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2764.html CVE-2010-2764 https://bugzilla.suse.com/637303 SUSE Bug 637303 https://bugzilla.suse.com/638109 SUSE Bug 638109 Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. CVE-2010-2765 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2765.html CVE-2010-2765 https://bugzilla.suse.com/637303 SUSE Bug 637303 https://bugzilla.suse.com/638109 SUSE Bug 638109 The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object. CVE-2010-2766 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2766.html CVE-2010-2766 https://bugzilla.suse.com/637303 SUSE Bug 637303 https://bugzilla.suse.com/638109 SUSE Bug 638109 The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." CVE-2010-2767 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2767.html CVE-2010-2767 https://bugzilla.suse.com/637303 SUSE Bug 637303 https://bugzilla.suse.com/638109 SUSE Bug 638109 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. CVE-2010-2768 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2768.html CVE-2010-2768 https://bugzilla.suse.com/637303 SUSE Bug 637303 https://bugzilla.suse.com/638109 SUSE Bug 638109 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled. CVE-2010-2769 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2769.html CVE-2010-2769 https://bugzilla.suse.com/637303 SUSE Bug 637303 https://bugzilla.suse.com/638109 SUSE Bug 638109 Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. CVE-2010-3166 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3166.html CVE-2010-3166 https://bugzilla.suse.com/637303 SUSE Bug 637303 https://bugzilla.suse.com/638109 SUSE Bug 638109 The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability." CVE-2010-3167 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3167.html CVE-2010-3167 https://bugzilla.suse.com/637303 SUSE Bug 637303 https://bugzilla.suse.com/638109 SUSE Bug 638109 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties. CVE-2010-3168 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3168.html CVE-2010-3168 https://bugzilla.suse.com/637303 SUSE Bug 637303 https://bugzilla.suse.com/638109 SUSE Bug 638109 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-3169 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3169.html CVE-2010-3169 https://bugzilla.suse.com/637303 SUSE Bug 637303 https://bugzilla.suse.com/638109 SUSE Bug 638109 Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2010-3170 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3170.html CVE-2010-3170 https://bugzilla.suse.com/637290 SUSE Bug 637290 https://bugzilla.suse.com/645315 SUSE Bug 645315 https://bugzilla.suse.com/652858 SUSE Bug 652858 https://bugzilla.suse.com/868629 SUSE Bug 868629 The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. CVE-2010-3173 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3173.html CVE-2010-3173 https://bugzilla.suse.com/645315 SUSE Bug 645315 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-3174 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3174.html CVE-2010-3174 https://bugzilla.suse.com/645315 SUSE Bug 645315 https://bugzilla.suse.com/652858 SUSE Bug 652858 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-3175 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3175.html CVE-2010-3175 https://bugzilla.suse.com/645315 SUSE Bug 645315 https://bugzilla.suse.com/652858 SUSE Bug 652858 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-3176 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3176.html CVE-2010-3176 https://bugzilla.suse.com/645315 SUSE Bug 645315 https://bugzilla.suse.com/652858 SUSE Bug 652858 Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. CVE-2010-3177 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3177.html CVE-2010-3177 https://bugzilla.suse.com/645315 SUSE Bug 645315 https://bugzilla.suse.com/652858 SUSE Bug 652858 Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. CVE-2010-3178 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3178.html CVE-2010-3178 https://bugzilla.suse.com/645315 SUSE Bug 645315 https://bugzilla.suse.com/652858 SUSE Bug 652858 Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. CVE-2010-3179 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3179.html CVE-2010-3179 https://bugzilla.suse.com/645315 SUSE Bug 645315 https://bugzilla.suse.com/652858 SUSE Bug 652858 Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. CVE-2010-3180 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3180.html CVE-2010-3180 https://bugzilla.suse.com/645315 SUSE Bug 645315 https://bugzilla.suse.com/652858 SUSE Bug 652858 A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. CVE-2010-3182 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3182.html CVE-2010-3182 https://bugzilla.suse.com/642502 SUSE Bug 642502 https://bugzilla.suse.com/645315 SUSE Bug 645315 https://bugzilla.suse.com/652858 SUSE Bug 652858 The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. CVE-2010-3183 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3183.html CVE-2010-3183 https://bugzilla.suse.com/645315 SUSE Bug 645315 https://bugzilla.suse.com/652858 SUSE Bug 652858 Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. CVE-2010-3765 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3765.html CVE-2010-3765 https://bugzilla.suse.com/649492 SUSE Bug 649492 https://bugzilla.suse.com/652858 SUSE Bug 652858 Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node. CVE-2010-3766 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3766.html CVE-2010-3766 https://bugzilla.suse.com/657016 SUSE Bug 657016 Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements. CVE-2010-3767 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3767.html CVE-2010-3767 https://bugzilla.suse.com/657016 SUSE Bug 657016 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules. CVE-2010-3768 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3768.html CVE-2010-3768 https://bugzilla.suse.com/657016 SUSE Bug 657016 The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. CVE-2010-3769 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3769.html CVE-2010-3769 https://bugzilla.suse.com/657016 SUSE Bug 657016 Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering. CVE-2010-3770 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3770.html CVE-2010-3770 https://bugzilla.suse.com/657016 SUSE Bug 657016 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI. CVE-2010-3771 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3771.html CVE-2010-3771 https://bugzilla.suse.com/657016 SUSE Bug 657016 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element. CVE-2010-3772 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3772.html CVE-2010-3772 https://bugzilla.suse.com/657016 SUSE Bug 657016 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179. CVE-2010-3773 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3773.html CVE-2010-3773 https://bugzilla.suse.com/657016 SUSE Bug 657016 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used. CVE-2010-3775 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3775.html CVE-2010-3775 https://bugzilla.suse.com/657016 SUSE Bug 657016 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-3776 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3776.html CVE-2010-3776 https://bugzilla.suse.com/657016 SUSE Bug 657016 Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-3777 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3777.html CVE-2010-3777 https://bugzilla.suse.com/657016 SUSE Bug 657016 Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2010-3778 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3778.html CVE-2010-3778 https://bugzilla.suse.com/657016 SUSE Bug 657016 Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. CVE-2011-0051 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0051.html CVE-2011-0051 https://bugzilla.suse.com/667155 SUSE Bug 667155 https://bugzilla.suse.com/679570 SUSE Bug 679570 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2011-0053 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0053.html CVE-2011-0053 https://bugzilla.suse.com/667155 SUSE Bug 667155 https://bugzilla.suse.com/679570 SUSE Bug 679570 Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue. CVE-2011-0054 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0054.html CVE-2011-0054 https://bugzilla.suse.com/667155 SUSE Bug 667155 https://bugzilla.suse.com/679570 SUSE Bug 679570 Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection. CVE-2011-0055 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0055.html CVE-2011-0055 https://bugzilla.suse.com/667155 SUSE Bug 667155 https://bugzilla.suse.com/679570 SUSE Bug 679570 Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue. CVE-2011-0056 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0056.html CVE-2011-0056 https://bugzilla.suse.com/667155 SUSE Bug 667155 https://bugzilla.suse.com/679570 SUSE Bug 679570 Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection. CVE-2011-0057 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0057.html CVE-2011-0057 https://bugzilla.suse.com/667155 SUSE Bug 667155 https://bugzilla.suse.com/679570 SUSE Bug 679570 Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. CVE-2011-0059 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0059.html CVE-2011-0059 https://bugzilla.suse.com/667155 SUSE Bug 667155 https://bugzilla.suse.com/679570 SUSE Bug 679570 Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. CVE-2011-0061 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0061.html CVE-2011-0061 https://bugzilla.suse.com/667155 SUSE Bug 667155 https://bugzilla.suse.com/679570 SUSE Bug 679570 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2011-0062 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0062.html CVE-2011-0062 https://bugzilla.suse.com/667155 SUSE Bug 667155 https://bugzilla.suse.com/679570 SUSE Bug 679570 The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." CVE-2011-0084 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0084.html CVE-2011-0084 https://bugzilla.suse.com/712224 SUSE Bug 712224 Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." CVE-2011-1187 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1187.html CVE-2011-1187 https://bugzilla.suse.com/758408 SUSE Bug 758408 Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. CVE-2011-2366 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2366.html CVE-2011-2366 https://bugzilla.suse.com/701296 SUSE Bug 701296 The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors. CVE-2011-2367 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2367.html CVE-2011-2367 https://bugzilla.suse.com/701296 SUSE Bug 701296 The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. CVE-2011-2368 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2368.html CVE-2011-2368 https://bugzilla.suse.com/701296 SUSE Bug 701296 Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity. CVE-2011-2369 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2369.html CVE-2011-2369 https://bugzilla.suse.com/701296 SUSE Bug 701296 Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors. CVE-2011-2370 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2370.html CVE-2011-2370 https://bugzilla.suse.com/701296 SUSE Bug 701296 Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. CVE-2011-2371 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2371.html CVE-2011-2371 https://bugzilla.suse.com/701296 SUSE Bug 701296 Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. CVE-2011-2372 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2372.html CVE-2011-2372 https://bugzilla.suse.com/720264 SUSE Bug 720264 Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. CVE-2011-2373 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2373.html CVE-2011-2373 https://bugzilla.suse.com/701296 SUSE Bug 701296 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2011-2374 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2374.html CVE-2011-2374 https://bugzilla.suse.com/701296 SUSE Bug 701296 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2011-2375 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2375.html CVE-2011-2375 https://bugzilla.suse.com/701296 SUSE Bug 701296 Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. CVE-2011-2377 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2377.html CVE-2011-2377 https://bugzilla.suse.com/701296 SUSE Bug 701296 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2011-2985 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2985.html CVE-2011-2985 https://bugzilla.suse.com/712224 SUSE Bug 712224 Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. CVE-2011-2986 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2986.html CVE-2011-2986 https://bugzilla.suse.com/712224 SUSE Bug 712224 Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader. CVE-2011-2988 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2988.html CVE-2011-2988 https://bugzilla.suse.com/712224 SUSE Bug 712224 The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. CVE-2011-2989 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2989.html CVE-2011-2989 https://bugzilla.suse.com/712224 SUSE Bug 712224 The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects. CVE-2011-2990 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2990.html CVE-2011-2990 https://bugzilla.suse.com/712224 SUSE Bug 712224 The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. CVE-2011-2991 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2991.html CVE-2011-2991 https://bugzilla.suse.com/712224 SUSE Bug 712224 The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. CVE-2011-2992 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2992.html CVE-2011-2992 https://bugzilla.suse.com/712224 SUSE Bug 712224 The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801. CVE-2011-2993 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2993.html CVE-2011-2993 https://bugzilla.suse.com/712224 SUSE Bug 712224 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2011-2995 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2995.html CVE-2011-2995 https://bugzilla.suse.com/720264 SUSE Bug 720264 Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2011-2996 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2996.html CVE-2011-2996 https://bugzilla.suse.com/720264 SUSE Bug 720264 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2011-2997 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2997.html CVE-2011-2997 https://bugzilla.suse.com/720264 SUSE Bug 720264 Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. CVE-2011-3000 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3000.html CVE-2011-3000 https://bugzilla.suse.com/720264 SUSE Bug 720264 Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. CVE-2011-3001 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3001.html CVE-2011-3001 https://bugzilla.suse.com/720264 SUSE Bug 720264 Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow. CVE-2011-3002 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3002.html CVE-2011-3002 https://bugzilla.suse.com/720264 SUSE Bug 720264 Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. CVE-2011-3003 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3003.html CVE-2011-3003 https://bugzilla.suse.com/720264 SUSE Bug 720264 The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. CVE-2011-3004 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3004.html CVE-2011-3004 https://bugzilla.suse.com/720264 SUSE Bug 720264 Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. CVE-2011-3005 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3005.html CVE-2011-3005 https://bugzilla.suse.com/720264 SUSE Bug 720264 Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. CVE-2011-3026 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3026.html CVE-2011-3026 https://bugzilla.suse.com/747311 SUSE Bug 747311 https://bugzilla.suse.com/747327 SUSE Bug 747327 https://bugzilla.suse.com/747328 SUSE Bug 747328 https://bugzilla.suse.com/773612 SUSE Bug 773612 https://bugzilla.suse.com/854395 SUSE Bug 854395 Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file. CVE-2011-3062 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3062.html CVE-2011-3062 https://bugzilla.suse.com/754458 SUSE Bug 754458 https://bugzilla.suse.com/758408 SUSE Bug 758408 Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products. CVE-2011-3101 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3101.html CVE-2011-3101 https://bugzilla.suse.com/762481 SUSE Bug 762481 https://bugzilla.suse.com/765204 SUSE Bug 765204 YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. CVE-2011-3232 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3232.html CVE-2011-3232 https://bugzilla.suse.com/720264 SUSE Bug 720264 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. CVE-2011-3648 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3648.html CVE-2011-3648 Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. CVE-2011-3650 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3650.html CVE-2011-3650 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2011-3651 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3651.html CVE-2011-3651 The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. CVE-2011-3652 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3652.html CVE-2011-3652 The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. CVE-2011-3654 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3654.html CVE-2011-3654 Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. CVE-2011-3655 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3655.html CVE-2011-3655 The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. CVE-2011-3658 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3658.html CVE-2011-3658 https://bugzilla.suse.com/737533 SUSE Bug 737533 https://bugzilla.suse.com/746591 SUSE Bug 746591 https://bugzilla.suse.com/750044 SUSE Bug 750044 Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. CVE-2011-3659 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3659.html CVE-2011-3659 https://bugzilla.suse.com/744275 SUSE Bug 744275 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors. CVE-2011-3660 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3660.html CVE-2011-3660 https://bugzilla.suse.com/737533 SUSE Bug 737533 YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. CVE-2011-3661 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3661.html CVE-2011-3661 https://bugzilla.suse.com/737533 SUSE Bug 737533 Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page. CVE-2011-3663 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3663.html CVE-2011-3663 https://bugzilla.suse.com/737533 SUSE Bug 737533 The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. CVE-2012-0441 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0441.html CVE-2012-0441 https://bugzilla.suse.com/765204 SUSE Bug 765204 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-0442 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0442.html CVE-2012-0442 https://bugzilla.suse.com/744275 SUSE Bug 744275 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-0443 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0443.html CVE-2012-0443 https://bugzilla.suse.com/744275 SUSE Bug 744275 Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. CVE-2012-0444 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0444.html CVE-2012-0444 https://bugzilla.suse.com/744275 SUSE Bug 744275 https://bugzilla.suse.com/747912 SUSE Bug 747912 Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. CVE-2012-0445 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0445.html CVE-2012-0445 https://bugzilla.suse.com/744275 SUSE Bug 744275 Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects. CVE-2012-0446 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0446.html CVE-2012-0446 https://bugzilla.suse.com/744275 SUSE Bug 744275 Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. CVE-2012-0447 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0447.html CVE-2012-0447 https://bugzilla.suse.com/744275 SUSE Bug 744275 Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. CVE-2012-0449 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0449.html CVE-2012-0449 https://bugzilla.suse.com/744275 SUSE Bug 744275 CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers. CVE-2012-0451 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0451.html CVE-2012-0451 https://bugzilla.suse.com/746591 SUSE Bug 746591 https://bugzilla.suse.com/750044 SUSE Bug 750044 https://bugzilla.suse.com/752168 SUSE Bug 752168 Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding. CVE-2012-0452 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0452.html CVE-2012-0452 https://bugzilla.suse.com/746616 SUSE Bug 746616 https://bugzilla.suse.com/746663 SUSE Bug 746663 Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue. CVE-2012-0455 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0455.html CVE-2012-0455 https://bugzilla.suse.com/746591 SUSE Bug 746591 https://bugzilla.suse.com/750044 SUSE Bug 750044 https://bugzilla.suse.com/752168 SUSE Bug 752168 The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read. CVE-2012-0456 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0456.html CVE-2012-0456 https://bugzilla.suse.com/746591 SUSE Bug 746591 https://bugzilla.suse.com/750044 SUSE Bug 750044 https://bugzilla.suse.com/752168 SUSE Bug 752168 Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation. CVE-2012-0457 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0457.html CVE-2012-0457 https://bugzilla.suse.com/746591 SUSE Bug 746591 https://bugzilla.suse.com/750044 SUSE Bug 750044 https://bugzilla.suse.com/752168 SUSE Bug 752168 Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context. CVE-2012-0458 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0458.html CVE-2012-0458 https://bugzilla.suse.com/746591 SUSE Bug 746591 https://bugzilla.suse.com/750044 SUSE Bug 750044 https://bugzilla.suse.com/752168 SUSE Bug 752168 The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe. CVE-2012-0459 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0459.html CVE-2012-0459 https://bugzilla.suse.com/746591 SUSE Bug 746591 https://bugzilla.suse.com/750044 SUSE Bug 750044 https://bugzilla.suse.com/752168 SUSE Bug 752168 Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page. CVE-2012-0460 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0460.html CVE-2012-0460 https://bugzilla.suse.com/746591 SUSE Bug 746591 https://bugzilla.suse.com/750044 SUSE Bug 750044 https://bugzilla.suse.com/752168 SUSE Bug 752168 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-0461 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0461.html CVE-2012-0461 https://bugzilla.suse.com/746591 SUSE Bug 746591 https://bugzilla.suse.com/750044 SUSE Bug 750044 https://bugzilla.suse.com/752168 SUSE Bug 752168 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-0462 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0462.html CVE-2012-0462 https://bugzilla.suse.com/746591 SUSE Bug 746591 https://bugzilla.suse.com/750044 SUSE Bug 750044 https://bugzilla.suse.com/752168 SUSE Bug 752168 The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android. CVE-2012-0463 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0463.html CVE-2012-0463 https://bugzilla.suse.com/746591 SUSE Bug 746591 https://bugzilla.suse.com/750044 SUSE Bug 750044 https://bugzilla.suse.com/752168 SUSE Bug 752168 Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. CVE-2012-0464 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0464.html CVE-2012-0464 https://bugzilla.suse.com/746591 SUSE Bug 746591 https://bugzilla.suse.com/750044 SUSE Bug 750044 https://bugzilla.suse.com/752168 SUSE Bug 752168 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-0467 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0467.html CVE-2012-0467 https://bugzilla.suse.com/758408 SUSE Bug 758408 The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. CVE-2012-0468 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0468.html CVE-2012-0468 https://bugzilla.suse.com/758408 SUSE Bug 758408 Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. CVE-2012-0469 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0469.html CVE-2012-0469 https://bugzilla.suse.com/758408 SUSE Bug 758408 Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems." CVE-2012-0470 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0470.html CVE-2012-0470 https://bugzilla.suse.com/758408 SUSE Bug 758408 Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set. CVE-2012-0471 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0471.html CVE-2012-0471 https://bugzilla.suse.com/758408 SUSE Bug 758408 The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. CVE-2012-0472 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0472.html CVE-2012-0472 https://bugzilla.suse.com/758408 SUSE Bug 758408 The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. CVE-2012-0473 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0473.html CVE-2012-0473 https://bugzilla.suse.com/758408 SUSE Bug 758408 Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." CVE-2012-0474 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0474.html CVE-2012-0474 https://bugzilla.suse.com/758408 SUSE Bug 758408 Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. CVE-2012-0475 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0475.html CVE-2012-0475 https://bugzilla.suse.com/758408 SUSE Bug 758408 Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set. CVE-2012-0477 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0477.html CVE-2012-0477 https://bugzilla.suse.com/758408 SUSE Bug 758408 The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. CVE-2012-0478 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0478.html CVE-2012-0478 https://bugzilla.suse.com/758408 SUSE Bug 758408 Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. CVE-2012-0479 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0479.html CVE-2012-0479 https://bugzilla.suse.com/758408 SUSE Bug 758408 Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0771. CVE-2012-0759 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0759.html CVE-2012-0759 https://bugzilla.suse.com/796895 SUSE Bug 796895 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-1937 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1937.html CVE-2012-1937 https://bugzilla.suse.com/765204 SUSE Bug 765204 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components. CVE-2012-1938 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1938.html CVE-2012-1938 https://bugzilla.suse.com/765204 SUSE Bug 765204 Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. CVE-2012-1940 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1940.html CVE-2012-1940 https://bugzilla.suse.com/765204 SUSE Bug 765204 Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. CVE-2012-1941 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1941.html CVE-2012-1941 https://bugzilla.suse.com/765204 SUSE Bug 765204 The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document. CVE-2012-1944 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1944.html CVE-2012-1944 https://bugzilla.suse.com/765204 SUSE Bug 765204 Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. CVE-2012-1945 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1945.html CVE-2012-1945 https://bugzilla.suse.com/765204 SUSE Bug 765204 Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node. CVE-2012-1946 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1946.html CVE-2012-1946 https://bugzilla.suse.com/765204 SUSE Bug 765204 Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. CVE-2012-1947 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1947.html CVE-2012-1947 https://bugzilla.suse.com/765204 SUSE Bug 765204 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-1948 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1948.html CVE-2012-1948 https://bugzilla.suse.com/771583 SUSE Bug 771583 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-1949 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1949.html CVE-2012-1949 https://bugzilla.suse.com/771583 SUSE Bug 771583 Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing. CVE-2012-1951 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1951.html CVE-2012-1951 https://bugzilla.suse.com/771583 SUSE Bug 771583 The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. CVE-2012-1952 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1952.html CVE-2012-1952 https://bugzilla.suse.com/771583 SUSE Bug 771583 The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. CVE-2012-1953 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1953.html CVE-2012-1953 https://bugzilla.suse.com/771583 SUSE Bug 771583 Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. CVE-2012-1954 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1954.html CVE-2012-1954 https://bugzilla.suse.com/771583 SUSE Bug 771583 Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. CVE-2012-1955 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1955.html CVE-2012-1955 https://bugzilla.suse.com/771583 SUSE Bug 771583 Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. CVE-2012-1956 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1956.html CVE-2012-1956 https://bugzilla.suse.com/777588 SUSE Bug 777588 An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed. CVE-2012-1957 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1957.html CVE-2012-1957 https://bugzilla.suse.com/771583 SUSE Bug 771583 Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. CVE-2012-1958 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1958.html CVE-2012-1958 https://bugzilla.suse.com/771583 SUSE Bug 771583 Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content. CVE-2012-1959 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1959.html CVE-2012-1959 https://bugzilla.suse.com/771583 SUSE Bug 771583 The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. CVE-2012-1960 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1960.html CVE-2012-1960 https://bugzilla.suse.com/771583 SUSE Bug 771583 Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. CVE-2012-1961 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1961.html CVE-2012-1961 https://bugzilla.suse.com/771583 SUSE Bug 771583 Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. CVE-2012-1962 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1962.html CVE-2012-1962 https://bugzilla.suse.com/771583 SUSE Bug 771583 The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation. CVE-2012-1963 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1963.html CVE-2012-1963 https://bugzilla.suse.com/771583 SUSE Bug 771583 Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. CVE-2012-1967 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1967.html CVE-2012-1967 https://bugzilla.suse.com/771583 SUSE Bug 771583 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-1970 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1970.html CVE-2012-1970 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-1972 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1972.html CVE-2012-1972 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-1973 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1973.html CVE-2012-1973 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-1974 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1974.html CVE-2012-1974 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-1975 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1975.html CVE-2012-1975 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-1976 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1976.html CVE-2012-1976 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-3956 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3956.html CVE-2012-3956 https://bugzilla.suse.com/777588 SUSE Bug 777588 Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2012-3957 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3957.html CVE-2012-3957 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-3958 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3958.html CVE-2012-3958 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-3959 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3959.html CVE-2012-3959 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-3960 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3960.html CVE-2012-3960 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-3961 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3961.html CVE-2012-3961 https://bugzilla.suse.com/777588 SUSE Bug 777588 Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document. CVE-2012-3962 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3962.html CVE-2012-3962 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2012-3963 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3963.html CVE-2012-3963 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-3964 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3964.html CVE-2012-3964 https://bugzilla.suse.com/777588 SUSE Bug 777588 Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component. CVE-2012-3966 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3966.html CVE-2012-3966 https://bugzilla.suse.com/777588 SUSE Bug 777588 The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. CVE-2012-3967 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3967.html CVE-2012-3967 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. CVE-2012-3968 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3968.html CVE-2012-3968 https://bugzilla.suse.com/777588 SUSE Bug 777588 Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. CVE-2012-3969 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3969.html CVE-2012-3969 https://bugzilla.suse.com/777588 SUSE Bug 777588 Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. CVE-2012-3970 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3970.html CVE-2012-3970 https://bugzilla.suse.com/777588 SUSE Bug 777588 Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. CVE-2012-3971 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3971.html CVE-2012-3971 https://bugzilla.suse.com/777588 SUSE Bug 777588 The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. CVE-2012-3972 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3972.html CVE-2012-3972 https://bugzilla.suse.com/777588 SUSE Bug 777588 The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code. CVE-2012-3975 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3975.html CVE-2012-3975 https://bugzilla.suse.com/777588 SUSE Bug 777588 Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. CVE-2012-3976 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3976.html CVE-2012-3976 https://bugzilla.suse.com/777588 SUSE Bug 777588 The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. CVE-2012-3978 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3978.html CVE-2012-3978 https://bugzilla.suse.com/777588 SUSE Bug 777588 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-3982 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3982.html CVE-2012-3982 https://bugzilla.suse.com/783533 SUSE Bug 783533 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-3983 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3983.html CVE-2012-3983 https://bugzilla.suse.com/783533 SUSE Bug 783533 Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. CVE-2012-3984 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3984.html CVE-2012-3984 https://bugzilla.suse.com/783533 SUSE Bug 783533 Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set. CVE-2012-3985 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3985.html CVE-2012-3985 https://bugzilla.suse.com/783533 SUSE Bug 783533 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. CVE-2012-3986 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3986.html CVE-2012-3986 https://bugzilla.suse.com/783533 SUSE Bug 783533 Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation. CVE-2012-3988 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3988.html CVE-2012-3988 https://bugzilla.suse.com/783533 SUSE Bug 783533 Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site. CVE-2012-3989 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3989.html CVE-2012-3989 https://bugzilla.suse.com/783533 SUSE Bug 783533 Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. CVE-2012-3990 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3990.html CVE-2012-3990 https://bugzilla.suse.com/783533 SUSE Bug 783533 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. CVE-2012-3991 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3991.html CVE-2012-3991 https://bugzilla.suse.com/783533 SUSE Bug 783533 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. CVE-2012-3992 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3992.html CVE-2012-3992 https://bugzilla.suse.com/783533 SUSE Bug 783533 The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. CVE-2012-3993 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3993.html CVE-2012-3993 https://bugzilla.suse.com/783533 SUSE Bug 783533 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property. CVE-2012-3994 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3994.html CVE-2012-3994 https://bugzilla.suse.com/783533 SUSE Bug 783533 The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2012-3995 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3995.html CVE-2012-3995 https://bugzilla.suse.com/783533 SUSE Bug 783533 Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4179 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4179.html CVE-2012-4179 https://bugzilla.suse.com/783533 SUSE Bug 783533 Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2012-4180 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4180.html CVE-2012-4180 https://bugzilla.suse.com/783533 SUSE Bug 783533 Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4181 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4181.html CVE-2012-4181 https://bugzilla.suse.com/783533 SUSE Bug 783533 Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4182 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4182.html CVE-2012-4182 https://bugzilla.suse.com/783533 SUSE Bug 783533 Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4183 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4183.html CVE-2012-4183 https://bugzilla.suse.com/783533 SUSE Bug 783533 The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. CVE-2012-4184 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4184.html CVE-2012-4184 https://bugzilla.suse.com/783533 SUSE Bug 783533 Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4185 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4185.html CVE-2012-4185 https://bugzilla.suse.com/783533 SUSE Bug 783533 Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2012-4186 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4186.html CVE-2012-4186 https://bugzilla.suse.com/783533 SUSE Bug 783533 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors. CVE-2012-4187 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4187.html CVE-2012-4187 https://bugzilla.suse.com/783533 SUSE Bug 783533 Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2012-4188 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4188.html CVE-2012-4188 https://bugzilla.suse.com/783533 SUSE Bug 783533 The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. CVE-2012-4191 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4191.html CVE-2012-4191 Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193. CVE-2012-4192 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4192.html CVE-2012-4192 Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. CVE-2012-4193 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4193.html CVE-2012-4193 https://bugzilla.suse.com/783533 SUSE Bug 783533 Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. CVE-2012-4194 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4194.html CVE-2012-4194 https://bugzilla.suse.com/786522 SUSE Bug 786522 The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. CVE-2012-4195 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4195.html CVE-2012-4195 https://bugzilla.suse.com/786522 SUSE Bug 786522 Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. CVE-2012-4196 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4196.html CVE-2012-4196 https://bugzilla.suse.com/786522 SUSE Bug 786522 The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. CVE-2012-4201 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4201.html CVE-2012-4201 https://bugzilla.suse.com/790140 SUSE Bug 790140 Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. CVE-2012-4202 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4202.html CVE-2012-4202 https://bugzilla.suse.com/790140 SUSE Bug 790140 The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. CVE-2012-4204 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4204.html CVE-2012-4204 https://bugzilla.suse.com/790140 SUSE Bug 790140 Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. CVE-2012-4205 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4205.html CVE-2012-4205 https://bugzilla.suse.com/790140 SUSE Bug 790140 The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. CVE-2012-4207 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4207.html CVE-2012-4207 https://bugzilla.suse.com/790140 SUSE Bug 790140 The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. CVE-2012-4208 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4208.html CVE-2012-4208 https://bugzilla.suse.com/790140 SUSE Bug 790140 Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin. CVE-2012-4209 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4209.html CVE-2012-4209 https://bugzilla.suse.com/790140 SUSE Bug 790140 Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4212 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4212.html CVE-2012-4212 https://bugzilla.suse.com/790140 SUSE Bug 790140 Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4213 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4213.html CVE-2012-4213 https://bugzilla.suse.com/790140 SUSE Bug 790140 Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840. CVE-2012-4214 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4214.html CVE-2012-4214 https://bugzilla.suse.com/790140 SUSE Bug 790140 Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4215 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4215.html CVE-2012-4215 https://bugzilla.suse.com/790140 SUSE Bug 790140 Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4216 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4216.html CVE-2012-4216 https://bugzilla.suse.com/790140 SUSE Bug 790140 Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4217 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4217.html CVE-2012-4217 https://bugzilla.suse.com/790140 SUSE Bug 790140 Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4218 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4218.html CVE-2012-4218 https://bugzilla.suse.com/790140 SUSE Bug 790140 Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2012-5829 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5829.html CVE-2012-5829 https://bugzilla.suse.com/790140 SUSE Bug 790140 https://bugzilla.suse.com/796895 SUSE Bug 796895 Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. CVE-2012-5830 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5830.html CVE-2012-5830 https://bugzilla.suse.com/790140 SUSE Bug 790140 The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter. CVE-2012-5833 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5833.html CVE-2012-5833 https://bugzilla.suse.com/790140 SUSE Bug 790140 Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data. CVE-2012-5835 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5835.html CVE-2012-5835 https://bugzilla.suse.com/790140 SUSE Bug 790140 Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. CVE-2012-5836 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5836.html CVE-2012-5836 https://bugzilla.suse.com/790140 SUSE Bug 790140 The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions. CVE-2012-5838 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5838.html CVE-2012-5838 https://bugzilla.suse.com/790140 SUSE Bug 790140 Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2012-5839 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5839.html CVE-2012-5839 https://bugzilla.suse.com/790140 SUSE Bug 790140 Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214. CVE-2012-5840 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5840.html CVE-2012-5840 https://bugzilla.suse.com/790140 SUSE Bug 790140 Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. CVE-2012-5841 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5841.html CVE-2012-5841 https://bugzilla.suse.com/790140 SUSE Bug 790140 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-5842 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5842.html CVE-2012-5842 https://bugzilla.suse.com/790140 SUSE Bug 790140 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-5843 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5843.html CVE-2012-5843 https://bugzilla.suse.com/790140 SUSE Bug 790140 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none. CVE-2013-0743 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0743.html CVE-2013-0743 https://bugzilla.suse.com/796895 SUSE Bug 796895 Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups. CVE-2013-0744 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0744.html CVE-2013-0744 https://bugzilla.suse.com/796895 SUSE Bug 796895 The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects. CVE-2013-0745 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0745.html CVE-2013-0745 https://bugzilla.suse.com/796895 SUSE Bug 796895 Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection. CVE-2013-0746 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0746.html CVE-2013-0746 https://bugzilla.suse.com/796895 SUSE Bug 796895 The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event. CVE-2013-0747 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0747.html CVE-2013-0747 https://bugzilla.suse.com/796895 SUSE Bug 796895 The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object. CVE-2013-0748 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0748.html CVE-2013-0748 https://bugzilla.suse.com/796895 SUSE Bug 796895 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-0749 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0749.html CVE-2013-0749 https://bugzilla.suse.com/796895 SUSE Bug 796895 Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow. CVE-2013-0750 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0750.html CVE-2013-0750 https://bugzilla.suse.com/796895 SUSE Bug 796895 Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. CVE-2013-0751 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0751.html CVE-2013-0751 https://bugzilla.suse.com/796895 SUSE Bug 796895 Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content. CVE-2013-0752 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0752.html CVE-2013-0752 https://bugzilla.suse.com/796895 SUSE Bug 796895 Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content. CVE-2013-0753 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0753.html CVE-2013-0753 https://bugzilla.suse.com/796895 SUSE Bug 796895 Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects. CVE-2013-0754 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0754.html CVE-2013-0754 https://bugzilla.suse.com/796895 SUSE Bug 796895 Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer. CVE-2013-0755 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0755.html CVE-2013-0755 https://bugzilla.suse.com/796895 SUSE Bug 796895 Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection. CVE-2013-0756 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0756.html CVE-2013-0756 https://bugzilla.suse.com/796895 SUSE Bug 796895 The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document. CVE-2013-0757 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0757.html CVE-2013-0757 https://bugzilla.suse.com/796895 SUSE Bug 796895 Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. CVE-2013-0758 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0758.html CVE-2013-0758 https://bugzilla.suse.com/796895 SUSE Bug 796895 Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. CVE-2013-0760 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0760.html CVE-2013-0760 https://bugzilla.suse.com/796895 SUSE Bug 796895 Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2013-0761 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0761.html CVE-2013-0761 https://bugzilla.suse.com/796895 SUSE Bug 796895 Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2013-0762 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0762.html CVE-2013-0762 https://bugzilla.suse.com/796895 SUSE Bug 796895 Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. CVE-2013-0763 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0763.html CVE-2013-0763 https://bugzilla.suse.com/796895 SUSE Bug 796895 The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data. CVE-2013-0764 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0764.html CVE-2013-0764 https://bugzilla.suse.com/796895 SUSE Bug 796895 Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. CVE-2013-0765 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0765.html CVE-2013-0765 https://bugzilla.suse.com/804248 SUSE Bug 804248 Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2013-0766 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0766.html CVE-2013-0766 https://bugzilla.suse.com/796895 SUSE Bug 796895 The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-0767 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0767.html CVE-2013-0767 https://bugzilla.suse.com/796895 SUSE Bug 796895 Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values. CVE-2013-0768 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0768.html CVE-2013-0768 https://bugzilla.suse.com/796895 SUSE Bug 796895 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-0769 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0769.html CVE-2013-0769 https://bugzilla.suse.com/796895 SUSE Bug 796895 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-0770 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0770.html CVE-2013-0770 https://bugzilla.suse.com/796895 SUSE Bug 796895 Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. CVE-2013-0771 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0771.html CVE-2013-0771 https://bugzilla.suse.com/796895 SUSE Bug 796895 The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image. CVE-2013-0772 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0772.html CVE-2013-0772 https://bugzilla.suse.com/804248 SUSE Bug 804248 The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. CVE-2013-0773 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0773.html CVE-2013-0773 https://bugzilla.suse.com/804248 SUSE Bug 804248 Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors. CVE-2013-0774 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0774.html CVE-2013-0774 https://bugzilla.suse.com/804248 SUSE Bug 804248 Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. CVE-2013-0775 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0775.html CVE-2013-0775 https://bugzilla.suse.com/804248 SUSE Bug 804248 Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. CVE-2013-0776 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0776.html CVE-2013-0776 https://bugzilla.suse.com/804248 SUSE Bug 804248 Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2013-0777 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0777.html CVE-2013-0777 https://bugzilla.suse.com/804248 SUSE Bug 804248 The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-0778 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0778.html CVE-2013-0778 https://bugzilla.suse.com/804248 SUSE Bug 804248 The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-0779 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0779.html CVE-2013-0779 https://bugzilla.suse.com/804248 SUSE Bug 804248 Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties. CVE-2013-0780 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0780.html CVE-2013-0780 https://bugzilla.suse.com/804248 SUSE Bug 804248 Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2013-0781 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0781.html CVE-2013-0781 https://bugzilla.suse.com/804248 SUSE Bug 804248 Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2013-0782 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0782.html CVE-2013-0782 https://bugzilla.suse.com/804248 SUSE Bug 804248 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-0783 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0783.html CVE-2013-0783 https://bugzilla.suse.com/804248 SUSE Bug 804248 Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. CVE-2013-0787 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0787.html CVE-2013-0787 https://bugzilla.suse.com/808243 SUSE Bug 808243 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-0788 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0788.html CVE-2013-0788 https://bugzilla.suse.com/813026 SUSE Bug 813026 https://bugzilla.suse.com/819204 SUSE Bug 819204 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors. CVE-2013-0789 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0789.html CVE-2013-0789 https://bugzilla.suse.com/813026 SUSE Bug 813026 https://bugzilla.suse.com/819204 SUSE Bug 819204 Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image. CVE-2013-0792 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0792.html CVE-2013-0792 https://bugzilla.suse.com/813026 SUSE Bug 813026 https://bugzilla.suse.com/819204 SUSE Bug 819204 Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. CVE-2013-0793 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0793.html CVE-2013-0793 https://bugzilla.suse.com/819204 SUSE Bug 819204 Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. CVE-2013-0794 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0794.html CVE-2013-0794 https://bugzilla.suse.com/813026 SUSE Bug 813026 https://bugzilla.suse.com/819204 SUSE Bug 819204 The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. CVE-2013-0795 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0795.html CVE-2013-0795 https://bugzilla.suse.com/813026 SUSE Bug 813026 https://bugzilla.suse.com/819204 SUSE Bug 819204 The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. CVE-2013-0796 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0796.html CVE-2013-0796 https://bugzilla.suse.com/813026 SUSE Bug 813026 https://bugzilla.suse.com/819204 SUSE Bug 819204 Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. CVE-2013-0800 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0800.html CVE-2013-0800 https://bugzilla.suse.com/813026 SUSE Bug 813026 https://bugzilla.suse.com/819204 SUSE Bug 819204 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-1682 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1682.html CVE-2013-1682 https://bugzilla.suse.com/825935 SUSE Bug 825935 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-1683 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1683.html CVE-2013-1683 https://bugzilla.suse.com/1150035 SUSE Bug 1150035 https://bugzilla.suse.com/825935 SUSE Bug 825935 Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. CVE-2013-1684 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1684.html CVE-2013-1684 https://bugzilla.suse.com/825935 SUSE Bug 825935 Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. CVE-2013-1685 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1685.html CVE-2013-1685 https://bugzilla.suse.com/825935 SUSE Bug 825935 Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2013-1686 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1686.html CVE-2013-1686 https://bugzilla.suse.com/825935 SUSE Bug 825935 The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site. CVE-2013-1687 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1687.html CVE-2013-1687 https://bugzilla.suse.com/825935 SUSE Bug 825935 The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site. CVE-2013-1688 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1688.html CVE-2013-1688 https://bugzilla.suse.com/825935 SUSE Bug 825935 Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. CVE-2013-1690 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1690.html CVE-2013-1690 https://bugzilla.suse.com/825935 SUSE Bug 825935 Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site. CVE-2013-1692 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1692.html CVE-2013-1692 https://bugzilla.suse.com/825935 SUSE Bug 825935 The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code. CVE-2013-1693 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1693.html CVE-2013-1693 https://bugzilla.suse.com/825935 SUSE Bug 825935 The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag. CVE-2013-1694 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1694.html CVE-2013-1694 https://bugzilla.suse.com/825935 SUSE Bug 825935 Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element. CVE-2013-1695 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1695.html CVE-2013-1695 https://bugzilla.suse.com/825935 SUSE Bug 825935 Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses. CVE-2013-1696 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1696.html CVE-2013-1696 https://bugzilla.suse.com/825935 SUSE Bug 825935 The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. CVE-2013-1697 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1697.html CVE-2013-1697 https://bugzilla.suse.com/825935 SUSE Bug 825935 The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME elements. CVE-2013-1698 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1698.html CVE-2013-1698 https://bugzilla.suse.com/825935 SUSE Bug 825935 The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters. CVE-2013-1699 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1699.html CVE-2013-1699 https://bugzilla.suse.com/825935 SUSE Bug 825935 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-1701 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1701.html CVE-2013-1701 https://bugzilla.suse.com/833389 SUSE Bug 833389 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-1702 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1702.html CVE-2013-1702 https://bugzilla.suse.com/833389 SUSE Bug 833389 Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event. CVE-2013-1704 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1704.html CVE-2013-1704 https://bugzilla.suse.com/833389 SUSE Bug 833389 Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request. CVE-2013-1705 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1705.html CVE-2013-1705 https://bugzilla.suse.com/833389 SUSE Bug 833389 https://bugzilla.suse.com/840485 SUSE Bug 840485 Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function. CVE-2013-1708 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1708.html CVE-2013-1708 https://bugzilla.suse.com/833389 SUSE Bug 833389 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document. CVE-2013-1709 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1709.html CVE-2013-1709 https://bugzilla.suse.com/833389 SUSE Bug 833389 The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. CVE-2013-1710 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1710.html CVE-2013-1710 https://bugzilla.suse.com/833389 SUSE Bug 833389 The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object. CVE-2013-1711 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1711.html CVE-2013-1711 https://bugzilla.suse.com/833389 SUSE Bug 833389 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. CVE-2013-1713 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1713.html CVE-2013-1713 https://bugzilla.suse.com/833389 SUSE Bug 833389 The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. CVE-2013-1714 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1714.html CVE-2013-1714 https://bugzilla.suse.com/833389 SUSE Bug 833389 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. CVE-2013-1717 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1717.html CVE-2013-1717 https://bugzilla.suse.com/833389 SUSE Bug 833389 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-1718 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1718.html CVE-2013-1718 https://bugzilla.suse.com/840485 SUSE Bug 840485 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-1719 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1719.html CVE-2013-1719 https://bugzilla.suse.com/840485 SUSE Bug 840485 The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state. CVE-2013-1720 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1720.html CVE-2013-1720 https://bugzilla.suse.com/840485 SUSE Bug 840485 Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site. CVE-2013-1721 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1721.html CVE-2013-1721 https://bugzilla.suse.com/840485 SUSE Bug 840485 Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning. CVE-2013-1722 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1722.html CVE-2013-1722 https://bugzilla.suse.com/840485 SUSE Bug 840485 The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. CVE-2013-1723 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1723.html CVE-2013-1723 https://bugzilla.suse.com/840485 SUSE Bug 840485 Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element. CVE-2013-1724 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1724.html CVE-2013-1724 https://bugzilla.suse.com/840485 SUSE Bug 840485 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. CVE-2013-1725 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1725.html CVE-2013-1725 https://bugzilla.suse.com/840485 SUSE Bug 840485 The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. CVE-2013-1728 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1728.html CVE-2013-1728 https://bugzilla.suse.com/840485 SUSE Bug 840485 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. CVE-2013-1730 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1730.html CVE-2013-1730 https://bugzilla.suse.com/840485 SUSE Bug 840485 Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout. CVE-2013-1732 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1732.html CVE-2013-1732 https://bugzilla.suse.com/840485 SUSE Bug 840485 Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling. CVE-2013-1735 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1735.html CVE-2013-1735 https://bugzilla.suse.com/840485 SUSE Bug 840485 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes. CVE-2013-1736 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1736.html CVE-2013-1736 https://bugzilla.suse.com/840485 SUSE Bug 840485 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. CVE-2013-1737 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1737.html CVE-2013-1737 https://bugzilla.suse.com/840485 SUSE Bug 840485 Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration. CVE-2013-1738 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1738.html CVE-2013-1738 https://bugzilla.suse.com/840485 SUSE Bug 840485 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-5590 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5590.html CVE-2013-5590 https://bugzilla.suse.com/847708 SUSE Bug 847708 Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-5591 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5591.html CVE-2013-5591 https://bugzilla.suse.com/847708 SUSE Bug 847708 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-5592 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5592.html CVE-2013-5592 https://bugzilla.suse.com/847708 SUSE Bug 847708 The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element. CVE-2013-5593 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5593.html CVE-2013-5593 https://bugzilla.suse.com/847708 SUSE Bug 847708 The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page. CVE-2013-5595 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5595.html CVE-2013-5595 https://bugzilla.suse.com/847708 SUSE Bug 847708 The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com. CVE-2013-5596 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5596.html CVE-2013-5596 https://bugzilla.suse.com/847708 SUSE Bug 847708 Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache. CVE-2013-5597 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5597.html CVE-2013-5597 https://bugzilla.suse.com/847708 SUSE Bug 847708 PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object. CVE-2013-5598 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5598.html CVE-2013-5598 https://bugzilla.suse.com/847708 SUSE Bug 847708 Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event. CVE-2013-5599 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5599.html CVE-2013-5599 https://bugzilla.suse.com/847708 SUSE Bug 847708 Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL. CVE-2013-5600 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5600.html CVE-2013-5600 https://bugzilla.suse.com/847708 SUSE Bug 847708 Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API. CVE-2013-5601 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5601.html CVE-2013-5601 https://bugzilla.suse.com/847708 SUSE Bug 847708 The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies. CVE-2013-5602 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5602.html CVE-2013-5602 https://bugzilla.suse.com/847708 SUSE Bug 847708 Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates. CVE-2013-5603 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5603.html CVE-2013-5603 https://bugzilla.suse.com/847708 SUSE Bug 847708 The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents. CVE-2013-5604 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5604.html CVE-2013-5604 https://bugzilla.suse.com/847708 SUSE Bug 847708 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-5609 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5609.html CVE-2013-5609 https://bugzilla.suse.com/854370 SUSE Bug 854370 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-5610 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5610.html CVE-2013-5610 https://bugzilla.suse.com/854370 SUSE Bug 854370 Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. CVE-2013-5611 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5611.html CVE-2013-5611 https://bugzilla.suse.com/854370 SUSE Bug 854370 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header. CVE-2013-5612 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5612.html CVE-2013-5612 https://bugzilla.suse.com/854370 SUSE Bug 854370 Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. CVE-2013-5613 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5613.html CVE-2013-5613 https://bugzilla.suse.com/854370 SUSE Bug 854370 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. CVE-2013-5614 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5614.html CVE-2013-5614 https://bugzilla.suse.com/854370 SUSE Bug 854370 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors. CVE-2013-5615 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5615.html CVE-2013-5615 https://bugzilla.suse.com/854370 SUSE Bug 854370 Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners. CVE-2013-5616 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5616.html CVE-2013-5616 https://bugzilla.suse.com/854370 SUSE Bug 854370 Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection. CVE-2013-5618 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5618.html CVE-2013-5618 https://bugzilla.suse.com/854370 SUSE Bug 854370 Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. CVE-2013-5619 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5619.html CVE-2013-5619 https://bugzilla.suse.com/854370 SUSE Bug 854370 The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. CVE-2013-6629 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6629.html CVE-2013-6629 https://bugzilla.suse.com/850430 SUSE Bug 850430 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 https://bugzilla.suse.com/880246 SUSE Bug 880246 The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. CVE-2013-6630 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6630.html CVE-2013-6630 https://bugzilla.suse.com/850430 SUSE Bug 850430 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. CVE-2013-6671 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6671.html CVE-2013-6671 https://bugzilla.suse.com/854370 SUSE Bug 854370 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. CVE-2013-6672 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6672.html CVE-2013-6672 https://bugzilla.suse.com/854370 SUSE Bug 854370 Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. CVE-2013-6673 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6673.html CVE-2013-6673 https://bugzilla.suse.com/854370 SUSE Bug 854370 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-1477 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1477.html CVE-2014-1477 https://bugzilla.suse.com/861847 SUSE Bug 861847 https://bugzilla.suse.com/862345 SUSE Bug 862345 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors. CVE-2014-1478 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1478.html CVE-2014-1478 https://bugzilla.suse.com/861847 SUSE Bug 861847 The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes. CVE-2014-1479 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1479.html CVE-2014-1479 https://bugzilla.suse.com/861847 SUSE Bug 861847 https://bugzilla.suse.com/862348 SUSE Bug 862348 The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. CVE-2014-1480 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1480.html CVE-2014-1480 https://bugzilla.suse.com/861847 SUSE Bug 861847 Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. CVE-2014-1481 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1481.html CVE-2014-1481 https://bugzilla.suse.com/861847 SUSE Bug 861847 https://bugzilla.suse.com/862309 SUSE Bug 862309 RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create. CVE-2014-1482 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1482.html CVE-2014-1482 https://bugzilla.suse.com/861847 SUSE Bug 861847 https://bugzilla.suse.com/862356 SUSE Bug 862356 Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions. CVE-2014-1483 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1483.html CVE-2014-1483 https://bugzilla.suse.com/861847 SUSE Bug 861847 https://bugzilla.suse.com/862360 SUSE Bug 862360 The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions. CVE-2014-1485 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1485.html CVE-2014-1485 https://bugzilla.suse.com/861847 SUSE Bug 861847 Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. CVE-2014-1486 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1486.html CVE-2014-1486 https://bugzilla.suse.com/861847 SUSE Bug 861847 The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. CVE-2014-1487 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1487.html CVE-2014-1487 https://bugzilla.suse.com/861847 SUSE Bug 861847 The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. CVE-2014-1488 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1488.html CVE-2014-1488 https://bugzilla.suse.com/861847 SUSE Bug 861847 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. CVE-2014-1490 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1490.html CVE-2014-1490 https://bugzilla.suse.com/861847 SUSE Bug 861847 https://bugzilla.suse.com/862300 SUSE Bug 862300 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. CVE-2014-1491 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1491.html CVE-2014-1491 https://bugzilla.suse.com/861847 SUSE Bug 861847 https://bugzilla.suse.com/862289 SUSE Bug 862289 The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate. CVE-2014-1492 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1492.html CVE-2014-1492 https://bugzilla.suse.com/869827 SUSE Bug 869827 https://bugzilla.suse.com/926974 SUSE Bug 926974 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-1493 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1493.html CVE-2014-1493 https://bugzilla.suse.com/868603 SUSE Bug 868603 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-1494 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1494.html CVE-2014-1494 https://bugzilla.suse.com/868603 SUSE Bug 868603 The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. CVE-2014-1497 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1497.html CVE-2014-1497 https://bugzilla.suse.com/868603 SUSE Bug 868603 The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. CVE-2014-1498 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1498.html CVE-2014-1498 https://bugzilla.suse.com/868603 SUSE Bug 868603 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt. CVE-2014-1499 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1499.html CVE-2014-1499 https://bugzilla.suse.com/868603 SUSE Bug 868603 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. CVE-2014-1500 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1500.html CVE-2014-1500 https://bugzilla.suse.com/868603 SUSE Bug 868603 The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. CVE-2014-1502 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1502.html CVE-2014-1502 https://bugzilla.suse.com/868603 SUSE Bug 868603 The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. CVE-2014-1504 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1504.html CVE-2014-1504 https://bugzilla.suse.com/868603 SUSE Bug 868603 The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693. CVE-2014-1505 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1505.html CVE-2014-1505 https://bugzilla.suse.com/868603 SUSE Bug 868603 The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. CVE-2014-1508 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1508.html CVE-2014-1508 https://bugzilla.suse.com/868603 SUSE Bug 868603 Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document. CVE-2014-1509 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1509.html CVE-2014-1509 https://bugzilla.suse.com/868603 SUSE Bug 868603 https://bugzilla.suse.com/869339 SUSE Bug 869339 The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. CVE-2014-1510 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1510.html CVE-2014-1510 https://bugzilla.suse.com/868603 SUSE Bug 868603 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. CVE-2014-1511 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1511.html CVE-2014-1511 https://bugzilla.suse.com/868603 SUSE Bug 868603 Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects. CVE-2014-1512 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1512.html CVE-2014-1512 https://bugzilla.suse.com/868603 SUSE Bug 868603 TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site. CVE-2014-1513 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1513.html CVE-2014-1513 https://bugzilla.suse.com/868603 SUSE Bug 868603 vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class. CVE-2014-1514 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1514.html CVE-2014-1514 https://bugzilla.suse.com/868603 SUSE Bug 868603 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-1518 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1518.html CVE-2014-1518 https://bugzilla.suse.com/875803 SUSE Bug 875803 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-1519 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1519.html CVE-2014-1519 The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content. CVE-2014-1522 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1522.html CVE-2014-1522 Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. CVE-2014-1523 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1523.html CVE-2014-1523 https://bugzilla.suse.com/875803 SUSE Bug 875803 The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. CVE-2014-1524 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1524.html CVE-2014-1524 https://bugzilla.suse.com/875803 SUSE Bug 875803 The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document. CVE-2014-1525 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1525.html CVE-2014-1525 The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects. CVE-2014-1526 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1526.html CVE-2014-1526 The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element. CVE-2014-1528 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1528.html CVE-2014-1528 The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted. CVE-2014-1529 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1529.html CVE-2014-1529 https://bugzilla.suse.com/875803 SUSE Bug 875803 The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation. CVE-2014-1530 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1530.html CVE-2014-1530 https://bugzilla.suse.com/875378 SUSE Bug 875378 https://bugzilla.suse.com/875803 SUSE Bug 875803 Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. CVE-2014-1531 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1531.html CVE-2014-1531 https://bugzilla.suse.com/875803 SUSE Bug 875803 Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution. CVE-2014-1532 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1532.html CVE-2014-1532 https://bugzilla.suse.com/875803 SUSE Bug 875803 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-1533 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1533.html CVE-2014-1533 https://bugzilla.suse.com/881874 SUSE Bug 881874 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-1534 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1534.html CVE-2014-1534 The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2014-1536 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1536.html CVE-2014-1536 Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2014-1537 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1537.html CVE-2014-1537 Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2014-1538 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1538.html CVE-2014-1538 Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. CVE-2014-1539 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1539.html CVE-2014-1539 Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. CVE-2014-1540 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1540.html CVE-2014-1540 Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. CVE-2014-1541 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1541.html CVE-2014-1541 Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. CVE-2014-1542 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1542.html CVE-2014-1542 Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device. CVE-2014-1543 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1543.html CVE-2014-1543 Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. CVE-2014-1545 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1545.html CVE-2014-1545 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-1574 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1574.html CVE-2014-1574 https://bugzilla.suse.com/900941 SUSE Bug 900941 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors. CVE-2014-1575 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1575.html CVE-2014-1575 https://bugzilla.suse.com/900941 SUSE Bug 900941 Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style. CVE-2014-1576 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1576.html CVE-2014-1576 https://bugzilla.suse.com/900941 SUSE Bug 900941 The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value. CVE-2014-1577 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1577.html CVE-2014-1577 https://bugzilla.suse.com/900941 SUSE Bug 900941 The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback. CVE-2014-1578 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1578.html CVE-2014-1578 https://bugzilla.suse.com/900941 SUSE Bug 900941 Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element. CVE-2014-1580 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1580.html CVE-2014-1580 https://bugzilla.suse.com/900941 SUSE Bug 900941 Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. CVE-2014-1581 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1581.html CVE-2014-1581 https://bugzilla.suse.com/900941 SUSE Bug 900941 The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority. CVE-2014-1582 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1582.html CVE-2014-1582 https://bugzilla.suse.com/900941 SUSE Bug 900941 The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm. CVE-2014-1583 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1583.html CVE-2014-1583 https://bugzilla.suse.com/900941 SUSE Bug 900941 The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user. CVE-2014-1584 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1584.html CVE-2014-1584 https://bugzilla.suse.com/900941 SUSE Bug 900941 The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming. CVE-2014-1585 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1585.html CVE-2014-1585 https://bugzilla.suse.com/900941 SUSE Bug 900941 content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away. CVE-2014-1586 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1586.html CVE-2014-1586 https://bugzilla.suse.com/900941 SUSE Bug 900941 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-1587 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1587.html CVE-2014-1587 https://bugzilla.suse.com/908009 SUSE Bug 908009 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-1588 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1588.html CVE-2014-1588 https://bugzilla.suse.com/908009 SUSE Bug 908009 Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding. CVE-2014-1589 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1589.html CVE-2014-1589 https://bugzilla.suse.com/908009 SUSE Bug 908009 The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object. CVE-2014-1590 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1590.html CVE-2014-1590 https://bugzilla.suse.com/908009 SUSE Bug 908009 Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect. CVE-2014-1591 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1591.html CVE-2014-1591 https://bugzilla.suse.com/908009 SUSE Bug 908009 Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. CVE-2014-1592 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1592.html CVE-2014-1592 https://bugzilla.suse.com/908009 SUSE Bug 908009 Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. CVE-2014-1593 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1593.html CVE-2014-1593 https://bugzilla.suse.com/908009 SUSE Bug 908009 Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. CVE-2014-1594 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1594.html CVE-2014-1594 https://bugzilla.suse.com/908009 SUSE Bug 908009 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-8634 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8634.html CVE-2014-8634 https://bugzilla.suse.com/913064 SUSE Bug 913064 https://bugzilla.suse.com/913096 SUSE Bug 913096 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-8635 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8635.html CVE-2014-8635 The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. CVE-2014-8636 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8636.html CVE-2014-8636 https://bugzilla.suse.com/913096 SUSE Bug 913096 https://bugzilla.suse.com/913102 SUSE Bug 913102 Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element. CVE-2014-8637 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8637.html CVE-2014-8637 https://bugzilla.suse.com/913096 SUSE Bug 913096 https://bugzilla.suse.com/913103 SUSE Bug 913103 The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. CVE-2014-8638 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8638.html CVE-2014-8638 https://bugzilla.suse.com/913068 SUSE Bug 913068 https://bugzilla.suse.com/913096 SUSE Bug 913096 Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. CVE-2014-8639 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8639.html CVE-2014-8639 https://bugzilla.suse.com/913066 SUSE Bug 913066 https://bugzilla.suse.com/913096 SUSE Bug 913096 The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls. CVE-2014-8640 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8640.html CVE-2014-8640 https://bugzilla.suse.com/913096 SUSE Bug 913096 https://bugzilla.suse.com/913104 SUSE Bug 913104 Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. CVE-2014-8641 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8641.html CVE-2014-8641 https://bugzilla.suse.com/913067 SUSE Bug 913067 https://bugzilla.suse.com/913096 SUSE Bug 913096 Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate. CVE-2014-8642 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8642.html CVE-2014-8642 https://bugzilla.suse.com/913222 SUSE Bug 913222 Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process. CVE-2014-8643 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8643.html CVE-2014-8643 The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. CVE-2015-0817 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0817.html CVE-2015-0817 https://bugzilla.suse.com/923495 SUSE Bug 923495 https://bugzilla.suse.com/923534 SUSE Bug 923534 Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. CVE-2015-0818 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0818.html CVE-2015-0818 https://bugzilla.suse.com/923495 SUSE Bug 923495 https://bugzilla.suse.com/923534 SUSE Bug 923534 The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site. CVE-2015-0819 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0819.html CVE-2015-0819 https://bugzilla.suse.com/917597 SUSE Bug 917597 Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site. CVE-2015-0820 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0820.html CVE-2015-0820 https://bugzilla.suse.com/917597 SUSE Bug 917597 Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. CVE-2015-0821 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0821.html CVE-2015-0821 https://bugzilla.suse.com/917597 SUSE Bug 917597 The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. CVE-2015-0822 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0822.html CVE-2015-0822 https://bugzilla.suse.com/910669 SUSE Bug 910669 https://bugzilla.suse.com/917597 SUSE Bug 917597 https://bugzilla.suse.com/923534 SUSE Bug 923534 https://bugzilla.suse.com/924515 SUSE Bug 924515 Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_parse function. CVE-2015-0823 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0823.html CVE-2015-0823 https://bugzilla.suse.com/917597 SUSE Bug 917597 The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing. CVE-2015-0824 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0824.html CVE-2015-0824 https://bugzilla.suse.com/917597 SUSE Bug 917597 Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback. CVE-2015-0825 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0825.html CVE-2015-0825 https://bugzilla.suse.com/917597 SUSE Bug 917597 The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operation. CVE-2015-0826 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0826.html CVE-2015-0826 https://bugzilla.suse.com/917597 SUSE Bug 917597 Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. CVE-2015-0827 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0827.html CVE-2015-0827 https://bugzilla.suse.com/910669 SUSE Bug 910669 https://bugzilla.suse.com/917597 SUSE Bug 917597 https://bugzilla.suse.com/923534 SUSE Bug 923534 https://bugzilla.suse.com/924515 SUSE Bug 924515 Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data. CVE-2015-0828 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0828.html CVE-2015-0828 https://bugzilla.suse.com/917597 SUSE Bug 917597 Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback. CVE-2015-0829 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0829.html CVE-2015-0829 https://bugzilla.suse.com/917597 SUSE Bug 917597 The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content. CVE-2015-0830 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0830.html CVE-2015-0830 https://bugzilla.suse.com/917597 SUSE Bug 917597 Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. CVE-2015-0831 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0831.html CVE-2015-0831 https://bugzilla.suse.com/910669 SUSE Bug 910669 https://bugzilla.suse.com/917597 SUSE Bug 917597 https://bugzilla.suse.com/923534 SUSE Bug 923534 https://bugzilla.suse.com/924515 SUSE Bug 924515 Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character. CVE-2015-0832 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0832.html CVE-2015-0832 https://bugzilla.suse.com/917597 SUSE Bug 917597 Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll. CVE-2015-0833 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0833.html CVE-2015-0833 https://bugzilla.suse.com/923534 SUSE Bug 923534 The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window. CVE-2015-0834 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0834.html CVE-2015-0834 https://bugzilla.suse.com/917597 SUSE Bug 917597 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-0835 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0835.html CVE-2015-0835 https://bugzilla.suse.com/910669 SUSE Bug 910669 https://bugzilla.suse.com/917597 SUSE Bug 917597 https://bugzilla.suse.com/924515 SUSE Bug 924515 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-0836 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0836.html CVE-2015-0836 https://bugzilla.suse.com/910669 SUSE Bug 910669 https://bugzilla.suse.com/917597 SUSE Bug 917597 https://bugzilla.suse.com/923534 SUSE Bug 923534 https://bugzilla.suse.com/924515 SUSE Bug 924515 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-4500 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4500.html CVE-2015-4500 https://bugzilla.suse.com/947003 SUSE Bug 947003 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-4501 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4501.html CVE-2015-4501 https://bugzilla.suse.com/947003 SUSE Bug 947003 js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site. CVE-2015-4502 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4502.html CVE-2015-4502 https://bugzilla.suse.com/947003 SUSE Bug 947003 The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application. CVE-2015-4503 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4503.html CVE-2015-4503 https://bugzilla.suse.com/947003 SUSE Bug 947003 The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image. CVE-2015-4504 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4504.html CVE-2015-4504 https://bugzilla.suse.com/947003 SUSE Bug 947003 updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service. CVE-2015-4505 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4505.html CVE-2015-4505 https://bugzilla.suse.com/947003 SUSE Bug 947003 Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file. CVE-2015-4506 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4506.html CVE-2015-4506 https://bugzilla.suse.com/947003 SUSE Bug 947003 The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site. CVE-2015-4507 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4507.html CVE-2015-4507 https://bugzilla.suse.com/947003 SUSE Bug 947003 Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176. CVE-2015-4509 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4509.html CVE-2015-4509 https://bugzilla.suse.com/947003 SUSE Bug 947003 Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation. CVE-2015-4510 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4510.html CVE-2015-4510 https://bugzilla.suse.com/947003 SUSE Bug 947003 Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video. CVE-2015-4511 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4511.html CVE-2015-4511 https://bugzilla.suse.com/947003 SUSE Bug 947003 gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering. CVE-2015-4512 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4512.html CVE-2015-4512 https://bugzilla.suse.com/947003 SUSE Bug 947003 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-4513 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4513.html CVE-2015-4513 https://bugzilla.suse.com/952810 SUSE Bug 952810 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-4514 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4514.html CVE-2015-4514 https://bugzilla.suse.com/952810 SUSE Bug 952810 Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message. CVE-2015-4515 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4515.html CVE-2015-4515 https://bugzilla.suse.com/952810 SUSE Bug 952810 Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs. CVE-2015-4516 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4516.html CVE-2015-4516 https://bugzilla.suse.com/947003 SUSE Bug 947003 NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-4517 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4517.html CVE-2015-4517 https://bugzilla.suse.com/947003 SUSE Bug 947003 The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL. CVE-2015-4518 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4518.html CVE-2015-4518 https://bugzilla.suse.com/952810 SUSE Bug 952810 Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element. CVE-2015-4519 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4519.html CVE-2015-4519 https://bugzilla.suse.com/947003 SUSE Bug 947003 Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header. CVE-2015-4520 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4520.html CVE-2015-4520 https://bugzilla.suse.com/947003 SUSE Bug 947003 The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-4521 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4521.html CVE-2015-4521 https://bugzilla.suse.com/947003 SUSE Bug 947003 The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." CVE-2015-4522 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4522.html CVE-2015-4522 https://bugzilla.suse.com/947003 SUSE Bug 947003 The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." CVE-2015-7174 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7174.html CVE-2015-7174 https://bugzilla.suse.com/947003 SUSE Bug 947003 The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." CVE-2015-7175 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7175.html CVE-2015-7175 https://bugzilla.suse.com/947003 SUSE Bug 947003 The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-7176 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7176.html CVE-2015-7176 https://bugzilla.suse.com/947003 SUSE Bug 947003 The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-7177 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7177.html CVE-2015-7177 https://bugzilla.suse.com/947003 SUSE Bug 947003 The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content. CVE-2015-7178 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7178.html CVE-2015-7178 https://bugzilla.suse.com/947003 SUSE Bug 947003 The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content. CVE-2015-7179 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7179.html CVE-2015-7179 https://bugzilla.suse.com/947003 SUSE Bug 947003 The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-7180 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7180.html CVE-2015-7180 https://bugzilla.suse.com/947003 SUSE Bug 947003 The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. CVE-2015-7181 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7181.html CVE-2015-7181 https://bugzilla.suse.com/952810 SUSE Bug 952810 Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. CVE-2015-7182 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7182.html CVE-2015-7182 https://bugzilla.suse.com/952810 SUSE Bug 952810 Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. CVE-2015-7183 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7183.html CVE-2015-7183 https://bugzilla.suse.com/952810 SUSE Bug 952810 https://bugzilla.suse.com/962977 SUSE Bug 962977 Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code. CVE-2015-7185 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7185.html CVE-2015-7185 https://bugzilla.suse.com/952810 SUSE Bug 952810 Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document. CVE-2015-7186 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7186.html CVE-2015-7186 https://bugzilla.suse.com/952810 SUSE Bug 952810 The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension. CVE-2015-7187 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7187.html CVE-2015-7187 https://bugzilla.suse.com/952810 SUSE Bug 952810 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string. CVE-2015-7188 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7188.html CVE-2015-7188 https://bugzilla.suse.com/952810 SUSE Bug 952810 Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code. CVE-2015-7189 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7189.html CVE-2015-7189 https://bugzilla.suse.com/952810 SUSE Bug 952810 The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application. CVE-2015-7190 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7190.html CVE-2015-7190 https://bugzilla.suse.com/952810 SUSE Bug 952810 Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)." CVE-2015-7191 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7191.html CVE-2015-7191 https://bugzilla.suse.com/952810 SUSE Bug 952810 The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. CVE-2015-7192 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7192.html CVE-2015-7192 https://bugzilla.suse.com/952810 SUSE Bug 952810 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. CVE-2015-7193 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7193.html CVE-2015-7193 https://bugzilla.suse.com/952810 SUSE Bug 952810 Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive. CVE-2015-7194 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7194.html CVE-2015-7194 https://bugzilla.suse.com/952810 SUSE Bug 952810 The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect. CVE-2015-7195 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7195.html CVE-2015-7195 https://bugzilla.suse.com/952810 SUSE Bug 952810 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. CVE-2015-7196 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7196.html CVE-2015-7196 https://bugzilla.suse.com/952810 SUSE Bug 952810 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code. CVE-2015-7197 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7197.html CVE-2015-7197 https://bugzilla.suse.com/952810 SUSE Bug 952810 Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data. CVE-2015-7198 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7198.html CVE-2015-7198 https://bugzilla.suse.com/952810 SUSE Bug 952810 The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document. CVE-2015-7199 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7199.html CVE-2015-7199 https://bugzilla.suse.com/952810 SUSE Bug 952810 The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. CVE-2015-7200 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7200.html CVE-2015-7200 https://bugzilla.suse.com/952810 SUSE Bug 952810 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-7201 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7201.html CVE-2015-7201 https://bugzilla.suse.com/959277 SUSE Bug 959277 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-7202 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7202.html CVE-2015-7202 https://bugzilla.suse.com/959277 SUSE Bug 959277 Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. CVE-2015-7203 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7203.html CVE-2015-7203 https://bugzilla.suse.com/959277 SUSE Bug 959277 Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. CVE-2015-7204 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7204.html CVE-2015-7204 https://bugzilla.suse.com/959277 SUSE Bug 959277 Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. CVE-2015-7205 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7205.html CVE-2015-7205 https://bugzilla.suse.com/959277 SUSE Bug 959277 Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300. CVE-2015-7207 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7207.html CVE-2015-7207 https://bugzilla.suse.com/959277 SUSE Bug 959277 Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. CVE-2015-7208 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7208.html CVE-2015-7208 https://bugzilla.suse.com/959277 SUSE Bug 959277 https://bugzilla.suse.com/963637 SUSE Bug 963637 Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. CVE-2015-7210 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7210.html CVE-2015-7210 https://bugzilla.suse.com/959277 SUSE Bug 959277 Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. CVE-2015-7211 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7211.html CVE-2015-7211 https://bugzilla.suse.com/959277 SUSE Bug 959277 Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. CVE-2015-7212 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7212.html CVE-2015-7212 https://bugzilla.suse.com/959277 SUSE Bug 959277 Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. CVE-2015-7213 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7213.html CVE-2015-7213 https://bugzilla.suse.com/959277 SUSE Bug 959277 Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. CVE-2015-7214 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7214.html CVE-2015-7214 https://bugzilla.suse.com/959277 SUSE Bug 959277 The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. CVE-2015-7215 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7215.html CVE-2015-7215 https://bugzilla.suse.com/959277 SUSE Bug 959277 The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. CVE-2015-7216 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7216.html CVE-2015-7216 https://bugzilla.suse.com/959277 SUSE Bug 959277 The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. CVE-2015-7217 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7217.html CVE-2015-7217 https://bugzilla.suse.com/959277 SUSE Bug 959277 The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation. CVE-2015-7218 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7218.html CVE-2015-7218 https://bugzilla.suse.com/959277 SUSE Bug 959277 The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. CVE-2015-7219 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7219.html CVE-2015-7219 https://bugzilla.suse.com/959277 SUSE Bug 959277 Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. CVE-2015-7220 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7220.html CVE-2015-7220 https://bugzilla.suse.com/959277 SUSE Bug 959277 Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. CVE-2015-7221 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7221.html CVE-2015-7221 https://bugzilla.suse.com/959277 SUSE Bug 959277 Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow. CVE-2015-7222 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7222.html CVE-2015-7222 https://bugzilla.suse.com/959277 SUSE Bug 959277 The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. CVE-2015-7223 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7223.html CVE-2015-7223 https://bugzilla.suse.com/959277 SUSE Bug 959277 Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. CVE-2015-7575 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7575.html CVE-2015-7575 https://bugzilla.suse.com/959888 SUSE Bug 959888 https://bugzilla.suse.com/960402 SUSE Bug 960402 https://bugzilla.suse.com/960996 SUSE Bug 960996 https://bugzilla.suse.com/961280 SUSE Bug 961280 https://bugzilla.suse.com/961281 SUSE Bug 961281 https://bugzilla.suse.com/961282 SUSE Bug 961282 https://bugzilla.suse.com/961283 SUSE Bug 961283 https://bugzilla.suse.com/961284 SUSE Bug 961284 https://bugzilla.suse.com/961290 SUSE Bug 961290 https://bugzilla.suse.com/961357 SUSE Bug 961357 https://bugzilla.suse.com/962743 SUSE Bug 962743 https://bugzilla.suse.com/963937 SUSE Bug 963937 https://bugzilla.suse.com/967521 SUSE Bug 967521 https://bugzilla.suse.com/981087 SUSE Bug 981087 Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. CVE-2016-6354 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 low 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6354.html CVE-2016-6354 https://bugzilla.suse.com/1026047 SUSE Bug 1026047 https://bugzilla.suse.com/1035082 SUSE Bug 1035082 https://bugzilla.suse.com/1035209 SUSE Bug 1035209 https://bugzilla.suse.com/990856 SUSE Bug 990856