Bug 840485

Summary: VUL-0: Firefox 24.0/17.0.9esr security release
Product: [openSUSE] openSUSE 12.3 Reporter: Wolfgang Rosenauer <wolfgang>
Component: FirefoxAssignee: E-mail List <bnc-team-mozilla>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P2 - High CC: abergmann, giecrilj, meissner, pcerny, security-team
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:released:sle11-sp1:54448 maint:released:sle11-sp2:54449 CVSSv2:NVD:CVE-2013-1719:10.0:(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:NVD:CVE-2013-1721:9.3:(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVSSv2:NVD:CVE-2013-1723:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:NVD:CVE-2013-1724:9.3:(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVSSv2:NVD:CVE-2013-1728:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:NVD:CVE-2013-1729:2.6:(AV:N/AC:H/Au:N/C:P/I:N/A:N) CVSSv2:NVD:CVE-2013-1731:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2013-1738:9.3:(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVSSv2:RedHat:CVE-2013-1719:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2013-1721:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2013-1723:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2013-1724:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2013-1728:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2013-1729:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2013-1738:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Deadline: 2013-09-25   

Description Wolfgang Rosenauer 2013-09-16 07:13:14 UTC 
2013-09-17 is the announced release date for the following Mozilla applications which contain security fixes (as always) (https://wiki.mozilla.org/Releases):

Firefox 24.0
Firefox 17.0.9esr
xulrunner 17.0.9esr
Seamonkey 2.21
Thunderbird 17.0.9esr
Thunderbird 24.0

(minimum NSPR 4.10 and NSS 3.15.1 requirements I think already met with last update round)

I'll provide updates for openSUSE distributions as usual with one exception where I'd like to get some feedback:
Thunderbird will do a big version update to 24.0 for non-esr versions. Since esr and non esr versions were 99,9% identical in the 17.0 series we have the choice to update to 17.0.9esr or 24.0 for released distributions which will only move the major upgrade around 12 weeks so I'm in favor to follow the big update now already.
Comment 1 Alexander Bergmann 2013-09-16 10:07:39 UTC 
Wolfgang, thanks for the heads up.
Comment 2 Swamp Workflow Management 2013-09-16 22:00:10 UTC 
bugbot adjusting priority
Comment 3 Bernhard Wiedemann 2013-09-17 20:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (840485) was mentioned in
https://build.opensuse.org/request/show/199437 Factory / MozillaFirefox
https://build.opensuse.org/request/show/199439 Factory / MozillaThunderbird
https://build.opensuse.org/request/show/199442 Evergreen:11.2:Test / firefox-esr
https://build.opensuse.org/request/show/199443 Evergreen:11.2:Test / thunderbird-esr
https://build.opensuse.org/request/show/199445 12.3 / xulrunner17
https://build.opensuse.org/request/show/199446 12.2 / xulrunner17
https://build.opensuse.org/request/show/199447 12.3 / MozillaFirefox
https://build.opensuse.org/request/show/199448 12.2 / MozillaFirefox
https://build.opensuse.org/request/show/199449 12.3 / MozillaThunderbird
https://build.opensuse.org/request/show/199450 12.2 / MozillaThunderbird
Comment 4 Bernhard Wiedemann 2013-09-17 20:00:33 UTC 
This is an autogenerated message for OBS integration:
This bug (840485) was mentioned in
https://build.opensuse.org/request/show/199438 Maintenance / 
https://build.opensuse.org/request/show/199440 Maintenance /
Comment 5 Bernhard Wiedemann 2013-09-18 07:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (840485) was mentioned in
https://build.opensuse.org/request/show/199470 Factory / seamonkey
https://build.opensuse.org/request/show/199472 12.3 / seamonkey
https://build.opensuse.org/request/show/199473 12.2 / seamonkey
Comment 6 Bernhard Wiedemann 2013-09-18 07:00:23 UTC 
This is an autogenerated message for OBS integration:
This bug (840485) was mentioned in
https://build.opensuse.org/request/show/199471 Maintenance /
Comment 7 Alexander Bergmann 2013-09-18 08:12:48 UTC 
http://www.mozilla.org/en-US/firefox/17.0.9/releasenotes/

> Fixed in Firefox ESR 17.0.9
> ---------------------------
> MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object 
> * (CVE-2013-1737)
> MFSA 2013-90 Memory corruption involving scrolling
> * use-after-free in mozilla::layout::ScrollbarActivity (CVE-2013-1735)
> * Memory corruption in nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736)
> MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
> * buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats (CVE-2013-1732)
> MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
> * compartment mismatch in nsXBLBinding::DoInitJSClass (CVE-2013-1730)
> MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
> * MAR signature bypass in Updater could lead to downgrade (CVE-2013-1726)
> MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
> * ABORT: bad scope for new JSObjects: 'js::IsObjectInContextCompartment(lccx.GetScopeForNewJSObjects(), cx)' under ReparentWrapper / document.open (CVE-2013-1725)
> MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
> * Heap-use-after-free in nsAnimationManager::BuildAnimations (CVE-2013-1722)
> MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
> * Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0 (CVE-2013-1718)
> * Memory safety bugs fixed in Firefox 24.0 (CVE-2013-1719)
> MFSA 2013-65 Buffer underflow when generating CRMF requests
> * ASAN heap-buffer-overflow (read 1) in cryptojs_interpret_key_gen_type (CVE-2013-1705)

https://www.mozilla.org/security/known-vulnerabilities/firefox.html

> Fixed in Firefox 24
> -------------------
> MFSA 2013-92 GC hazard with default compartments and frame chain restoration
> * GC hazard with default compartments and frame chain restoration (CVE-2013-1738)
> MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
> * (CVE-2013-1737)
> MFSA 2013-90 Memory corruption involving scrolling
> * use-after-free in mozilla::layout::ScrollbarActivity (CVE-2013-1735)
> * Memory corruption in nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736)
> MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
> * buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats (CVE-2013-1732)
> MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
> * compartment mismatch in nsXBLBinding::DoInitJSClass (CVE-2013-1730)
> MFSA 2013-87 Shared object library loading from writable location
> * Android looks for .so in public directory (CVE-2013-1731)
> MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers
> * Texture in Inspector's 3D View showing parts of the OS and other applications (CVE-2013-1729)
> MFSA 2013-85 Uninitialized data in IonMonkey
> * valgrind errors in JS testsuite ("conditional jumps on uninitialized data") (CVE-2013-1728)
> MFSA 2013-84 Same-origin bypass through symbolic links
> * Subverting Same-Origin Policy for Local Contents by Symbolic Link (CVE-2013-1727)
> MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
> * MAR signature bypass in Updater could lead to downgrade (CVE-2013-1726)
> MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
> * ABORT: bad scope for new JSObjects: 'js::IsObjectInContextCompartment(lccx.GetScopeForNewJSObjects(), cx)' under ReparentWrapper / document.open (CVE-2013-1725)
> MFSA 2013-81 Use-after-free with select element
> * Heap-use-after-free in mozilla::dom::HTMLFormElement::IsDefaultSubmitElement (CVE-2013-1724)
> MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
> * NativeKey should not continue handling key message if widget is destroyed after dispatching event (CVE-2013-1723)
> MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
> * Heap-use-after-free in nsAnimationManager::BuildAnimations (CVE-2013-1722)
> MFSA 2013-78 Integer overflow in ANGLE library
> * ANGLE libGLESv2 Integer Overflow (CVE-2013-1721)
> MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
> * Heap-buffer-overflow READ in nsHtml5TreeBuilder::resetTheInsertionMode() (CVE-2013-1720)
> MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
> * Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0 (CVE-2013-1718)
> * Memory safety bugs fixed in Firefox 24.0 (CVE-2013-1719)
Comment 8 Alexander Bergmann 2013-09-18 08:16:06 UTC 
Petr, please prepare 17.0.9esr SLE updates.
Comment 9 Swamp Workflow Management 2013-09-18 09:16:30 UTC 
The SWAMPID for this issue is 54447.
This issue was rated as important.
Please submit fixed packages until 2013-09-25.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 10 Bernhard Wiedemann 2013-09-18 13:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (840485) was mentioned in
https://build.opensuse.org/request/show/199621 Factory / MozillaThunderbird
Comment 11 Bernhard Wiedemann 2013-09-18 21:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (840485) was mentioned in
https://build.opensuse.org/request/show/199664 Factory / seamonkey
Comment 14 Wolfgang Rosenauer 2013-09-19 19:29:41 UTC 
*** Bug 841354 has been marked as a duplicate of this bug. ***
Comment 15 Swamp Workflow Management 2013-09-27 14:04:23 UTC 
openSUSE-SU-2013:1491-1: An update that fixes 15 vulnerabilities is now available.

Category: security (moderate)
Bug References: 840485
CVE References: CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1721,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738
Sources used:
openSUSE 12.3 (src):    seamonkey-2.21-1.21.2
openSUSE 12.2 (src):    seamonkey-2.21-2.50.1
Comment 16 Swamp Workflow Management 2013-09-27 14:04:59 UTC 
openSUSE-SU-2013:1493-1: An update that fixes 15 vulnerabilities is now available.

Category: security (moderate)
Bug References: 840485,840551
CVE References: CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1721,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738
Sources used:
openSUSE 12.3 (src):    MozillaFirefox-24.0-1.33.1
openSUSE 12.2 (src):    MozillaFirefox-24.0-2.59.1
Comment 17 Swamp Workflow Management 2013-09-27 14:05:56 UTC 
openSUSE-SU-2013:1495-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 840485
CVE References: CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738
Sources used:
openSUSE 12.3 (src):    MozillaThunderbird-24.0-61.25.2
openSUSE 12.2 (src):    MozillaThunderbird-24.0-49.55.1
Comment 18 Swamp Workflow Management 2013-09-27 14:06:17 UTC 
openSUSE-SU-2013:1496-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 840485
CVE References: CVE-2013-1705,CVE-2013-1718,CVE-2013-1722,CVE-2013-1725,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737
Sources used:
openSUSE 12.3 (src):    xulrunner-17.0.9-2.1
openSUSE 12.2 (src):    xulrunner-17.0.9-2.1
Comment 19 Swamp Workflow Management 2013-09-27 14:06:32 UTC 
Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-devel, MozillaFirefox-translations
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 20 Swamp Workflow Management 2013-09-27 14:06:52 UTC 
Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 21 Swamp Workflow Management 2013-09-27 15:58:38 UTC 
Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 22 Swamp Workflow Management 2013-09-27 16:10:13 UTC 
Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 23 Bernhard Wiedemann 2013-09-29 12:00:08 UTC 
This is an autogenerated message for OBS integration:
This bug (840485) was mentioned in
https://build.opensuse.org/request/show/201366 Factory / xulrunner
Comment 24 Swamp Workflow Management 2013-09-29 12:04:19 UTC 
openSUSE-SU-2013:1499-1: An update that fixes 15 vulnerabilities is now available.

Category: security (moderate)
Bug References: 840485,840551
CVE References: CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1721,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738
Sources used:
openSUSE 11.4 (src):    MozillaFirefox-24.0-87.3, MozillaThunderbird-24.0-73.3, seamonkey-2.21-77.3
Comment 25 Bernhard Wiedemann 2013-09-30 15:01:16 UTC 
This is an autogenerated message for OBS integration:
This bug (840485) was mentioned in
https://build.opensuse.org/request/show/201498 Evergreen:11.2 / firefox-esr
https://build.opensuse.org/request/show/201499 Evergreen:11.2 / thunderbird-esr
Comment 26 Marcus Meissner 2013-10-09 12:30:35 UTC 
released
Comment 27 Bernhard Wiedemann 2013-10-30 17:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (840485) was mentioned in
https://build.opensuse.org/request/show/205271 Factory / xulrunner
https://build.opensuse.org/request/show/205272 13.1 / xulrunner
https://build.opensuse.org/request/show/205273 12.3 / xulrunner
https://build.opensuse.org/request/show/205274 12.2 / xulrunner
Comment 28 Swamp Workflow Management 2013-11-07 09:04:20 UTC 
openSUSE-SU-2013:1633-1: An update that fixes 23 vulnerabilities is now available.

Category: security (important)
Bug References: 840485,847708
CVE References: CVE-2013-1705,CVE-2013-1718,CVE-2013-1722,CVE-2013-1725,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-5590,CVE-2013-5591,CVE-2013-5592,CVE-2013-5593,CVE-2013-5595,CVE-2013-5596,CVE-2013-5597,CVE-2013-5598,CVE-2013-5599,CVE-2013-5600,CVE-2013-5601,CVE-2013-5602,CVE-2013-5603,CVE-2013-5604
Sources used:
openSUSE 12.3 (src):    MozillaFirefox-25.0-1.39.1, MozillaThunderbird-24.1.0-61.31.1, mozilla-nspr-4.10.1-1.18.1, xulrunner-17.0.10-1.30.2
openSUSE 12.2 (src):    MozillaFirefox-25.0-2.63.1, MozillaThunderbird-24.1.0-49.59.2, mozilla-nspr-4.10.1-1.20.1, xulrunner-17.0.10-2.56.2
Comment 29 Swamp Workflow Management 2014-09-09 16:21:35 UTC 
openSUSE-SU-2014:1100-1: An update that fixes 475 vulnerabilities is now available.

Category: security (important)
Bug References: 104586,354469,385739,390992,417869,41903,429179,439841,441084,455804,484321,503151,518603,527418,528406,529180,542809,559819,576969,582276,586567,593807,603356,622506,637303,642502,645315,649492,657016,664211,667155,689281,701296,712224,714931,720264,726758,728520,732898,733002,737533,744275,746616,747328,749440,750044,755060,758408,765204,771583,777588,783533,786522,790140,796895,804248,808243,813026,819204,825935,833389,840485,847708,854370,861847,868603,875378,876833,881874,887746,894201,894370
CVE References: CVE-2007-3089,CVE-2007-3285,CVE-2007-3656,CVE-2007-3670,CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738,CVE-2008-0016,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235,CVE-2008-1236,CVE-2008-1237,CVE-2008-3835,CVE-2008-4058,CVE-2008-4059,CVE-2008-4060,CVE-2008-4061,CVE-2008-4062,CVE-2008-4063,CVE-2008-4064,CVE-2008-4065,CVE-2008-4066,CVE-2008-4067,CVE-2008-4068,CVE-2008-4070,CVE-2008-5012,CVE-2008-5014,CVE-2008-5016,CVE-2008-5017,CVE-2008-5018,CVE-2008-5021,CVE-2008-5022,CVE-2008-5024,CVE-2008-5500,CVE-2008-5501,CVE-2008-5502,CVE-2008-5503,CVE-2008-5506,CVE-2008-5507,CVE-2008-5508,CVE-2008-5510,CVE-2008-5511,CVE-2008-5512,CVE-2009-0040,CVE-2009-0771,CVE-2009-0772,CVE-2009-0773,CVE-2009-0774,CVE-2009-0776,CVE-2009-1571,CVE-2009-3555,CVE-2010-0159,CVE-2010-0173,CVE-2010-0174,CVE-2010-0175,CVE-2010-0176,CVE-2010-0182,CVE-2010-0654,CVE-2010-1121,CVE-2010-1196,CVE-2010-1199,CVE-2010-1200,CVE-2010-1201,CVE-2010-1202,CVE-2010-1203,CVE-2010-1205,CVE-2010-1211,CVE-2010-1212,CVE-2010-1213,CVE-2010-1585,CVE-2010-2752,CVE-2010-2753,CVE-2010-2754,CVE-2010-2760,CVE-2010-2762,CVE-2010-2764,CVE-2010-2765,CVE-2010-2766,CVE-2010-2767,CVE-2010-2768,CVE-2010-2769,CVE-2010-3166,CVE-2010-3167,CVE-2010-3168,CVE-2010-3169,CVE-2010-3170,CVE-2010-3173,CVE-2010-3174,CVE-2010-3175,CVE-2010-3176,CVE-2010-3178,CVE-2010-3179,CVE-2010-3180,CVE-2010-3182,CVE-2010-3183,CVE-2010-3765,CVE-2010-3768,CVE-2010-3769,CVE-2010-3776,CVE-2010-3777,CVE-2010-3778,CVE-2011-0053,CVE-2011-0061,CVE-2011-0062,CVE-2011-0069,CVE-2011-0070,CVE-2011-0072,CVE-2011-0074,CVE-2011-0075,CVE-2011-0077,CVE-2011-0078,CVE-2011-0080,CVE-2011-0081,CVE-2011-0083,CVE-2011-0084,CVE-2011-0085,CVE-2011-1187,CVE-2011-2362,CVE-2011-2363,CVE-2011-2364,CVE-2011-2365,CVE-2011-2371,CVE-2011-2372,CVE-2011-2373,CVE-2011-2374,CVE-2011-2376,CVE-2011-2377,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2991,CVE-2011-2992,CVE-2011-3000,CVE-2011-3001,CVE-2011-3005,CVE-2011-3026,CVE-2011-3062,CVE-2011-3101,CVE-2011-3232,CVE-2011-3648,CVE-2011-3650,CVE-2011-3651,CVE-2011-3652,CVE-2011-3654,CVE-2011-3655,CVE-2011-3658,CVE-2011-3659,CVE-2011-3660,CVE-2011-3661,CVE-2011-3663,CVE-2012-0441,CVE-2012-0442,CVE-2012-0443,CVE-2012-0444,CVE-2012-0445,CVE-2012-0446,CVE-2012-0447,CVE-2012-0449,CVE-2012-0451,CVE-2012-0452,CVE-2012-0455,CVE-2012-0456,CVE-2012-0457,CVE-2012-0458,CVE-2012-0459,CVE-2012-0460,CVE-2012-0461,CVE-2012-0462,CVE-2012-0463,CVE-2012-0464,CVE-2012-0467,CVE-2012-0468,CVE-2012-0469,CVE-2012-0470,CVE-2012-0471,CVE-2012-0472,CVE-2012-0473,CVE-2012-0474,CVE-2012-0475,CVE-2012-0477,CVE-2012-0478,CVE-2012-0479,CVE-2012-0759,CVE-2012-1937,CVE-2012-1938,CVE-2012-1940,CVE-2012-1941,CVE-2012-1944,CVE-2012-1945,CVE-2012-1946,CVE-2012-1947,CVE-2012-1948,CVE-2012-1949,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1956,CVE-2012-1957,CVE-2012-1958,CVE-2012-1959,CVE-2012-1960,CVE-2012-1961,CVE-2012-1962,CVE-2012-1963,CVE-2012-1967,CVE-2012-1970,CVE-2012-1972,CVE-2012-1973,CVE-2012-1974,CVE-2012-1975,CVE-2012-1976,CVE-2012-3956,CVE-2012-3957,CVE-2012-3958,CVE-2012-3959,CVE-2012-3960,CVE-2012-3961,CVE-2012-3962,CVE-2012-3963,CVE-2012-3964,CVE-2012-3966,CVE-2012-3967,CVE-2012-3968,CVE-2012-3969,CVE-2012-3970,CVE-2012-3971,CVE-2012-3972,CVE-2012-3975,CVE-2012-3978,CVE-2012-3980,CVE-2012-3982,CVE-2012-3983,CVE-2012-3984,CVE-2012-3985,CVE-2012-3986,CVE-2012-3988,CVE-2012-3989,CVE-2012-3990,CVE-2012-3991,CVE-2012-3992,CVE-2012-3993,CVE-2012-3994,CVE-2012-3995,CVE-2012-4179,CVE-2012-4180,CVE-2012-4181,CVE-2012-4182,CVE-2012-4183,CVE-2012-4184,CVE-2012-4185,CVE-2012-4186,CVE-2012-4187,CVE-2012-4188,CVE-2012-4191,CVE-2012-4192,CVE-2012-4193,CVE-2012-4194,CVE-2012-4195,CVE-2012-4196,CVE-2012-4201,CVE-2012-4202,CVE-2012-4204,CVE-2012-4205,CVE-2012-4207,CVE-2012-4208,CVE-2012-4209,CVE-2012-4212,CVE-2012-4213,CVE-2012-4214,CVE-2012-4215,CVE-2012-4216,CVE-2012-4217,CVE-2012-4218,CVE-2012-5829,CVE-2012-5830,CVE-2012-5833,CVE-2012-5835,CVE-2012-5836,CVE-2012-5837,CVE-2012-5838,CVE-2012-5839,CVE-2012-5840,CVE-2012-5841,CVE-2012-5842,CVE-2012-5843,CVE-2013-0743,CVE-2013-0744,CVE-2013-0745,CVE-2013-0746,CVE-2013-0747,CVE-2013-0748,CVE-2013-0749,CVE-2013-0750,CVE-2013-0752,CVE-2013-0753,CVE-2013-0754,CVE-2013-0755,CVE-2013-0756,CVE-2013-0757,CVE-2013-0758,CVE-2013-0760,CVE-2013-0761,CVE-2013-0762,CVE-2013-0763,CVE-2013-0764,CVE-2013-0766,CVE-2013-0767,CVE-2013-0768,CVE-2013-0769,CVE-2013-0770,CVE-2013-0771,CVE-2013-0773,CVE-2013-0774,CVE-2013-0775,CVE-2013-0776,CVE-2013-0780,CVE-2013-0782,CVE-2013-0783,CVE-2013-0787,CVE-2013-0788,CVE-2013-0789,CVE-2013-0793,CVE-2013-0795,CVE-2013-0796,CVE-2013-0800,CVE-2013-0801,CVE-2013-1669,CVE-2013-1670,CVE-2013-1674,CVE-2013-1675,CVE-2013-1676,CVE-2013-1677,CVE-2013-1678,CVE-2013-1679,CVE-2013-1680,CVE-2013-1681,CVE-2013-1682,CVE-2013-1684,CVE-2013-1685,CVE-2013-1686,CVE-2013-1687,CVE-2013-1690,CVE-2013-1692,CVE-2013-1693,CVE-2013-1694,CVE-2013-1697,CVE-2013-1701,CVE-2013-1709,CVE-2013-1710,CVE-2013-1713,CVE-2013-1714,CVE-2013-1717,CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738,CVE-2013-5590,CVE-2013-5591,CVE-2013-5592,CVE-2013-5593,CVE-2013-5595,CVE-2013-5596,CVE-2013-5597,CVE-2013-5599,CVE-2013-5600,CVE-2013-5601,CVE-2013-5602,CVE-2013-5603,CVE-2013-5604,CVE-2013-5609,CVE-2013-5610,CVE-2013-5611,CVE-2013-5612,CVE-2013-5613,CVE-2013-5614,CVE-2013-5615,CVE-2013-5616,CVE-2013-5618,CVE-2013-5619,CVE-2013-6629,CVE-2013-6630,CVE-2013-6671,CVE-2013-6672,CVE-2013-6673,CVE-2014-1477,CVE-2014-1478,CVE-2014-1479,CVE-2014-1480,CVE-2014-1481,CVE-2014-1482,CVE-2014-1483,CVE-2014-1484,CVE-2014-1485,CVE-2014-1486,CVE-2014-1487,CVE-2014-1488,CVE-2014-1489,CVE-2014-1490,CVE-2014-1491,CVE-2014-1492,CVE-2014-1493,CVE-2014-1494,CVE-2014-1497,CVE-2014-1498,CVE-2014-1499,CVE-2014-1500,CVE-2014-1502,CVE-2014-1504,CVE-2014-1505,CVE-2014-1508,CVE-2014-1509,CVE-2014-1510,CVE-2014-1511,CVE-2014-1512,CVE-2014-1513,CVE-2014-1514,CVE-2014-1518,CVE-2014-1519,CVE-2014-1522,CVE-2014-1523,CVE-2014-1524,CVE-2014-1525,CVE-2014-1526,CVE-2014-1528,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532,CVE-2014-1533,CVE-2014-1534,CVE-2014-1536,CVE-2014-1537,CVE-2014-1538,CVE-2014-1539,CVE-2014-1540,CVE-2014-1541,CVE-2014-1542,CVE-2014-1543,CVE-2014-1544,CVE-2014-1545,CVE-2014-1547,CVE-2014-1548,CVE-2014-1549,CVE-2014-1550,CVE-2014-1552,CVE-2014-1553,CVE-2014-1555,CVE-2014-1556,CVE-2014-1557,CVE-2014-1558,CVE-2014-1559,CVE-2014-1560,CVE-2014-1561,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567
Sources used:
openSUSE 11.4 (src):    MozillaFirefox-24.8.0-127.1, mozilla-nss-3.16.4-94.1