Bugzilla – Bug 840485
VUL-0: Firefox 24.0/17.0.9esr security release
Last modified: 2020-04-05 18:17:21 UTC
2013-09-17 is the announced release date for the following Mozilla applications which contain security fixes (as always) (https://wiki.mozilla.org/Releases): Firefox 24.0 Firefox 17.0.9esr xulrunner 17.0.9esr Seamonkey 2.21 Thunderbird 17.0.9esr Thunderbird 24.0 (minimum NSPR 4.10 and NSS 3.15.1 requirements I think already met with last update round) I'll provide updates for openSUSE distributions as usual with one exception where I'd like to get some feedback: Thunderbird will do a big version update to 24.0 for non-esr versions. Since esr and non esr versions were 99,9% identical in the 17.0 series we have the choice to update to 17.0.9esr or 24.0 for released distributions which will only move the major upgrade around 12 weeks so I'm in favor to follow the big update now already.
Wolfgang, thanks for the heads up.
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (840485) was mentioned in https://build.opensuse.org/request/show/199437 Factory / MozillaFirefox https://build.opensuse.org/request/show/199439 Factory / MozillaThunderbird https://build.opensuse.org/request/show/199442 Evergreen:11.2:Test / firefox-esr https://build.opensuse.org/request/show/199443 Evergreen:11.2:Test / thunderbird-esr https://build.opensuse.org/request/show/199445 12.3 / xulrunner17 https://build.opensuse.org/request/show/199446 12.2 / xulrunner17 https://build.opensuse.org/request/show/199447 12.3 / MozillaFirefox https://build.opensuse.org/request/show/199448 12.2 / MozillaFirefox https://build.opensuse.org/request/show/199449 12.3 / MozillaThunderbird https://build.opensuse.org/request/show/199450 12.2 / MozillaThunderbird
This is an autogenerated message for OBS integration: This bug (840485) was mentioned in https://build.opensuse.org/request/show/199438 Maintenance / https://build.opensuse.org/request/show/199440 Maintenance /
This is an autogenerated message for OBS integration: This bug (840485) was mentioned in https://build.opensuse.org/request/show/199470 Factory / seamonkey https://build.opensuse.org/request/show/199472 12.3 / seamonkey https://build.opensuse.org/request/show/199473 12.2 / seamonkey
This is an autogenerated message for OBS integration: This bug (840485) was mentioned in https://build.opensuse.org/request/show/199471 Maintenance /
http://www.mozilla.org/en-US/firefox/17.0.9/releasenotes/ > Fixed in Firefox ESR 17.0.9 > --------------------------- > MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object > * (CVE-2013-1737) > MFSA 2013-90 Memory corruption involving scrolling > * use-after-free in mozilla::layout::ScrollbarActivity (CVE-2013-1735) > * Memory corruption in nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736) > MFSA 2013-89 Buffer overflow with multi-column, lists, and floats > * buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats (CVE-2013-1732) > MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes > * compartment mismatch in nsXBLBinding::DoInitJSClass (CVE-2013-1730) > MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification > * MAR signature bypass in Updater could lead to downgrade (CVE-2013-1726) > MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption > * ABORT: bad scope for new JSObjects: 'js::IsObjectInContextCompartment(lccx.GetScopeForNewJSObjects(), cx)' under ReparentWrapper / document.open (CVE-2013-1725) > MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning > * Heap-use-after-free in nsAnimationManager::BuildAnimations (CVE-2013-1722) > MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) > * Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0 (CVE-2013-1718) > * Memory safety bugs fixed in Firefox 24.0 (CVE-2013-1719) > MFSA 2013-65 Buffer underflow when generating CRMF requests > * ASAN heap-buffer-overflow (read 1) in cryptojs_interpret_key_gen_type (CVE-2013-1705) https://www.mozilla.org/security/known-vulnerabilities/firefox.html > Fixed in Firefox 24 > ------------------- > MFSA 2013-92 GC hazard with default compartments and frame chain restoration > * GC hazard with default compartments and frame chain restoration (CVE-2013-1738) > MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object > * (CVE-2013-1737) > MFSA 2013-90 Memory corruption involving scrolling > * use-after-free in mozilla::layout::ScrollbarActivity (CVE-2013-1735) > * Memory corruption in nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736) > MFSA 2013-89 Buffer overflow with multi-column, lists, and floats > * buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats (CVE-2013-1732) > MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes > * compartment mismatch in nsXBLBinding::DoInitJSClass (CVE-2013-1730) > MFSA 2013-87 Shared object library loading from writable location > * Android looks for .so in public directory (CVE-2013-1731) > MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers > * Texture in Inspector's 3D View showing parts of the OS and other applications (CVE-2013-1729) > MFSA 2013-85 Uninitialized data in IonMonkey > * valgrind errors in JS testsuite ("conditional jumps on uninitialized data") (CVE-2013-1728) > MFSA 2013-84 Same-origin bypass through symbolic links > * Subverting Same-Origin Policy for Local Contents by Symbolic Link (CVE-2013-1727) > MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification > * MAR signature bypass in Updater could lead to downgrade (CVE-2013-1726) > MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption > * ABORT: bad scope for new JSObjects: 'js::IsObjectInContextCompartment(lccx.GetScopeForNewJSObjects(), cx)' under ReparentWrapper / document.open (CVE-2013-1725) > MFSA 2013-81 Use-after-free with select element > * Heap-use-after-free in mozilla::dom::HTMLFormElement::IsDefaultSubmitElement (CVE-2013-1724) > MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed > * NativeKey should not continue handling key message if widget is destroyed after dispatching event (CVE-2013-1723) > MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning > * Heap-use-after-free in nsAnimationManager::BuildAnimations (CVE-2013-1722) > MFSA 2013-78 Integer overflow in ANGLE library > * ANGLE libGLESv2 Integer Overflow (CVE-2013-1721) > MFSA 2013-77 Improper state in HTML5 Tree Builder with templates > * Heap-buffer-overflow READ in nsHtml5TreeBuilder::resetTheInsertionMode() (CVE-2013-1720) > MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) > * Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0 (CVE-2013-1718) > * Memory safety bugs fixed in Firefox 24.0 (CVE-2013-1719)
Petr, please prepare 17.0.9esr SLE updates.
The SWAMPID for this issue is 54447. This issue was rated as important. Please submit fixed packages until 2013-09-25. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
This is an autogenerated message for OBS integration: This bug (840485) was mentioned in https://build.opensuse.org/request/show/199621 Factory / MozillaThunderbird
This is an autogenerated message for OBS integration: This bug (840485) was mentioned in https://build.opensuse.org/request/show/199664 Factory / seamonkey
*** Bug 841354 has been marked as a duplicate of this bug. ***
openSUSE-SU-2013:1491-1: An update that fixes 15 vulnerabilities is now available. Category: security (moderate) Bug References: 840485 CVE References: CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1721,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738 Sources used: openSUSE 12.3 (src): seamonkey-2.21-1.21.2 openSUSE 12.2 (src): seamonkey-2.21-2.50.1
openSUSE-SU-2013:1493-1: An update that fixes 15 vulnerabilities is now available. Category: security (moderate) Bug References: 840485,840551 CVE References: CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1721,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738 Sources used: openSUSE 12.3 (src): MozillaFirefox-24.0-1.33.1 openSUSE 12.2 (src): MozillaFirefox-24.0-2.59.1
openSUSE-SU-2013:1495-1: An update that fixes 14 vulnerabilities is now available. Category: security (moderate) Bug References: 840485 CVE References: CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738 Sources used: openSUSE 12.3 (src): MozillaThunderbird-24.0-61.25.2 openSUSE 12.2 (src): MozillaThunderbird-24.0-49.55.1
openSUSE-SU-2013:1496-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 840485 CVE References: CVE-2013-1705,CVE-2013-1718,CVE-2013-1722,CVE-2013-1725,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737 Sources used: openSUSE 12.3 (src): xulrunner-17.0.9-2.1 openSUSE 12.2 (src): xulrunner-17.0.9-2.1
Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-devel, MozillaFirefox-translations Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
This is an autogenerated message for OBS integration: This bug (840485) was mentioned in https://build.opensuse.org/request/show/201366 Factory / xulrunner
openSUSE-SU-2013:1499-1: An update that fixes 15 vulnerabilities is now available. Category: security (moderate) Bug References: 840485,840551 CVE References: CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1721,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738 Sources used: openSUSE 11.4 (src): MozillaFirefox-24.0-87.3, MozillaThunderbird-24.0-73.3, seamonkey-2.21-77.3
This is an autogenerated message for OBS integration: This bug (840485) was mentioned in https://build.opensuse.org/request/show/201498 Evergreen:11.2 / firefox-esr https://build.opensuse.org/request/show/201499 Evergreen:11.2 / thunderbird-esr
released
This is an autogenerated message for OBS integration: This bug (840485) was mentioned in https://build.opensuse.org/request/show/205271 Factory / xulrunner https://build.opensuse.org/request/show/205272 13.1 / xulrunner https://build.opensuse.org/request/show/205273 12.3 / xulrunner https://build.opensuse.org/request/show/205274 12.2 / xulrunner
openSUSE-SU-2013:1633-1: An update that fixes 23 vulnerabilities is now available. Category: security (important) Bug References: 840485,847708 CVE References: CVE-2013-1705,CVE-2013-1718,CVE-2013-1722,CVE-2013-1725,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-5590,CVE-2013-5591,CVE-2013-5592,CVE-2013-5593,CVE-2013-5595,CVE-2013-5596,CVE-2013-5597,CVE-2013-5598,CVE-2013-5599,CVE-2013-5600,CVE-2013-5601,CVE-2013-5602,CVE-2013-5603,CVE-2013-5604 Sources used: openSUSE 12.3 (src): MozillaFirefox-25.0-1.39.1, MozillaThunderbird-24.1.0-61.31.1, mozilla-nspr-4.10.1-1.18.1, xulrunner-17.0.10-1.30.2 openSUSE 12.2 (src): MozillaFirefox-25.0-2.63.1, MozillaThunderbird-24.1.0-49.59.2, mozilla-nspr-4.10.1-1.20.1, xulrunner-17.0.10-2.56.2
openSUSE-SU-2014:1100-1: An update that fixes 475 vulnerabilities is now available. Category: security (important) Bug References: 104586,354469,385739,390992,417869,41903,429179,439841,441084,455804,484321,503151,518603,527418,528406,529180,542809,559819,576969,582276,586567,593807,603356,622506,637303,642502,645315,649492,657016,664211,667155,689281,701296,712224,714931,720264,726758,728520,732898,733002,737533,744275,746616,747328,749440,750044,755060,758408,765204,771583,777588,783533,786522,790140,796895,804248,808243,813026,819204,825935,833389,840485,847708,854370,861847,868603,875378,876833,881874,887746,894201,894370 CVE References: CVE-2007-3089,CVE-2007-3285,CVE-2007-3656,CVE-2007-3670,CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738,CVE-2008-0016,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235,CVE-2008-1236,CVE-2008-1237,CVE-2008-3835,CVE-2008-4058,CVE-2008-4059,CVE-2008-4060,CVE-2008-4061,CVE-2008-4062,CVE-2008-4063,CVE-2008-4064,CVE-2008-4065,CVE-2008-4066,CVE-2008-4067,CVE-2008-4068,CVE-2008-4070,CVE-2008-5012,CVE-2008-5014,CVE-2008-5016,CVE-2008-5017,CVE-2008-5018,CVE-2008-5021,CVE-2008-5022,CVE-2008-5024,CVE-2008-5500,CVE-2008-5501,CVE-2008-5502,CVE-2008-5503,CVE-2008-5506,CVE-2008-5507,CVE-2008-5508,CVE-2008-5510,CVE-2008-5511,CVE-2008-5512,CVE-2009-0040,CVE-2009-0771,CVE-2009-0772,CVE-2009-0773,CVE-2009-0774,CVE-2009-0776,CVE-2009-1571,CVE-2009-3555,CVE-2010-0159,CVE-2010-0173,CVE-2010-0174,CVE-2010-0175,CVE-2010-0176,CVE-2010-0182,CVE-2010-0654,CVE-2010-1121,CVE-2010-1196,CVE-2010-1199,CVE-2010-1200,CVE-2010-1201,CVE-2010-1202,CVE-2010-1203,CVE-2010-1205,CVE-2010-1211,CVE-2010-1212,CVE-2010-1213,CVE-2010-1585,CVE-2010-2752,CVE-2010-2753,CVE-2010-2754,CVE-2010-2760,CVE-2010-2762,CVE-2010-2764,CVE-2010-2765,CVE-2010-2766,CVE-2010-2767,CVE-2010-2768,CVE-2010-2769,CVE-2010-3166,CVE-2010-3167,CVE-2010-3168,CVE-2010-3169,CVE-2010-3170,CVE-2010-3173,CVE-2010-3174,CVE-2010-3175,CVE-2010-3176,CVE-2010-3178,CVE-2010-3179,CVE-2010-3180,CVE-2010-3182,CVE-2010-3183,CVE-2010-3765,CVE-2010-3768,CVE-2010-3769,CVE-2010-3776,CVE-2010-3777,CVE-2010-3778,CVE-2011-0053,CVE-2011-0061,CVE-2011-0062,CVE-2011-0069,CVE-2011-0070,CVE-2011-0072,CVE-2011-0074,CVE-2011-0075,CVE-2011-0077,CVE-2011-0078,CVE-2011-0080,CVE-2011-0081,CVE-2011-0083,CVE-2011-0084,CVE-2011-0085,CVE-2011-1187,CVE-2011-2362,CVE-2011-2363,CVE-2011-2364,CVE-2011-2365,CVE-2011-2371,CVE-2011-2372,CVE-2011-2373,CVE-2011-2374,CVE-2011-2376,CVE-2011-2377,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2991,CVE-2011-2992,CVE-2011-3000,CVE-2011-3001,CVE-2011-3005,CVE-2011-3026,CVE-2011-3062,CVE-2011-3101,CVE-2011-3232,CVE-2011-3648,CVE-2011-3650,CVE-2011-3651,CVE-2011-3652,CVE-2011-3654,CVE-2011-3655,CVE-2011-3658,CVE-2011-3659,CVE-2011-3660,CVE-2011-3661,CVE-2011-3663,CVE-2012-0441,CVE-2012-0442,CVE-2012-0443,CVE-2012-0444,CVE-2012-0445,CVE-2012-0446,CVE-2012-0447,CVE-2012-0449,CVE-2012-0451,CVE-2012-0452,CVE-2012-0455,CVE-2012-0456,CVE-2012-0457,CVE-2012-0458,CVE-2012-0459,CVE-2012-0460,CVE-2012-0461,CVE-2012-0462,CVE-2012-0463,CVE-2012-0464,CVE-2012-0467,CVE-2012-0468,CVE-2012-0469,CVE-2012-0470,CVE-2012-0471,CVE-2012-0472,CVE-2012-0473,CVE-2012-0474,CVE-2012-0475,CVE-2012-0477,CVE-2012-0478,CVE-2012-0479,CVE-2012-0759,CVE-2012-1937,CVE-2012-1938,CVE-2012-1940,CVE-2012-1941,CVE-2012-1944,CVE-2012-1945,CVE-2012-1946,CVE-2012-1947,CVE-2012-1948,CVE-2012-1949,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1956,CVE-2012-1957,CVE-2012-1958,CVE-2012-1959,CVE-2012-1960,CVE-2012-1961,CVE-2012-1962,CVE-2012-1963,CVE-2012-1967,CVE-2012-1970,CVE-2012-1972,CVE-2012-1973,CVE-2012-1974,CVE-2012-1975,CVE-2012-1976,CVE-2012-3956,CVE-2012-3957,CVE-2012-3958,CVE-2012-3959,CVE-2012-3960,CVE-2012-3961,CVE-2012-3962,CVE-2012-3963,CVE-2012-3964,CVE-2012-3966,CVE-2012-3967,CVE-2012-3968,CVE-2012-3969,CVE-2012-3970,CVE-2012-3971,CVE-2012-3972,CVE-2012-3975,CVE-2012-3978,CVE-2012-3980,CVE-2012-3982,CVE-2012-3983,CVE-2012-3984,CVE-2012-3985,CVE-2012-3986,CVE-2012-3988,CVE-2012-3989,CVE-2012-3990,CVE-2012-3991,CVE-2012-3992,CVE-2012-3993,CVE-2012-3994,CVE-2012-3995,CVE-2012-4179,CVE-2012-4180,CVE-2012-4181,CVE-2012-4182,CVE-2012-4183,CVE-2012-4184,CVE-2012-4185,CVE-2012-4186,CVE-2012-4187,CVE-2012-4188,CVE-2012-4191,CVE-2012-4192,CVE-2012-4193,CVE-2012-4194,CVE-2012-4195,CVE-2012-4196,CVE-2012-4201,CVE-2012-4202,CVE-2012-4204,CVE-2012-4205,CVE-2012-4207,CVE-2012-4208,CVE-2012-4209,CVE-2012-4212,CVE-2012-4213,CVE-2012-4214,CVE-2012-4215,CVE-2012-4216,CVE-2012-4217,CVE-2012-4218,CVE-2012-5829,CVE-2012-5830,CVE-2012-5833,CVE-2012-5835,CVE-2012-5836,CVE-2012-5837,CVE-2012-5838,CVE-2012-5839,CVE-2012-5840,CVE-2012-5841,CVE-2012-5842,CVE-2012-5843,CVE-2013-0743,CVE-2013-0744,CVE-2013-0745,CVE-2013-0746,CVE-2013-0747,CVE-2013-0748,CVE-2013-0749,CVE-2013-0750,CVE-2013-0752,CVE-2013-0753,CVE-2013-0754,CVE-2013-0755,CVE-2013-0756,CVE-2013-0757,CVE-2013-0758,CVE-2013-0760,CVE-2013-0761,CVE-2013-0762,CVE-2013-0763,CVE-2013-0764,CVE-2013-0766,CVE-2013-0767,CVE-2013-0768,CVE-2013-0769,CVE-2013-0770,CVE-2013-0771,CVE-2013-0773,CVE-2013-0774,CVE-2013-0775,CVE-2013-0776,CVE-2013-0780,CVE-2013-0782,CVE-2013-0783,CVE-2013-0787,CVE-2013-0788,CVE-2013-0789,CVE-2013-0793,CVE-2013-0795,CVE-2013-0796,CVE-2013-0800,CVE-2013-0801,CVE-2013-1669,CVE-2013-1670,CVE-2013-1674,CVE-2013-1675,CVE-2013-1676,CVE-2013-1677,CVE-2013-1678,CVE-2013-1679,CVE-2013-1680,CVE-2013-1681,CVE-2013-1682,CVE-2013-1684,CVE-2013-1685,CVE-2013-1686,CVE-2013-1687,CVE-2013-1690,CVE-2013-1692,CVE-2013-1693,CVE-2013-1694,CVE-2013-1697,CVE-2013-1701,CVE-2013-1709,CVE-2013-1710,CVE-2013-1713,CVE-2013-1714,CVE-2013-1717,CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738,CVE-2013-5590,CVE-2013-5591,CVE-2013-5592,CVE-2013-5593,CVE-2013-5595,CVE-2013-5596,CVE-2013-5597,CVE-2013-5599,CVE-2013-5600,CVE-2013-5601,CVE-2013-5602,CVE-2013-5603,CVE-2013-5604,CVE-2013-5609,CVE-2013-5610,CVE-2013-5611,CVE-2013-5612,CVE-2013-5613,CVE-2013-5614,CVE-2013-5615,CVE-2013-5616,CVE-2013-5618,CVE-2013-5619,CVE-2013-6629,CVE-2013-6630,CVE-2013-6671,CVE-2013-6672,CVE-2013-6673,CVE-2014-1477,CVE-2014-1478,CVE-2014-1479,CVE-2014-1480,CVE-2014-1481,CVE-2014-1482,CVE-2014-1483,CVE-2014-1484,CVE-2014-1485,CVE-2014-1486,CVE-2014-1487,CVE-2014-1488,CVE-2014-1489,CVE-2014-1490,CVE-2014-1491,CVE-2014-1492,CVE-2014-1493,CVE-2014-1494,CVE-2014-1497,CVE-2014-1498,CVE-2014-1499,CVE-2014-1500,CVE-2014-1502,CVE-2014-1504,CVE-2014-1505,CVE-2014-1508,CVE-2014-1509,CVE-2014-1510,CVE-2014-1511,CVE-2014-1512,CVE-2014-1513,CVE-2014-1514,CVE-2014-1518,CVE-2014-1519,CVE-2014-1522,CVE-2014-1523,CVE-2014-1524,CVE-2014-1525,CVE-2014-1526,CVE-2014-1528,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532,CVE-2014-1533,CVE-2014-1534,CVE-2014-1536,CVE-2014-1537,CVE-2014-1538,CVE-2014-1539,CVE-2014-1540,CVE-2014-1541,CVE-2014-1542,CVE-2014-1543,CVE-2014-1544,CVE-2014-1545,CVE-2014-1547,CVE-2014-1548,CVE-2014-1549,CVE-2014-1550,CVE-2014-1552,CVE-2014-1553,CVE-2014-1555,CVE-2014-1556,CVE-2014-1557,CVE-2014-1558,CVE-2014-1559,CVE-2014-1560,CVE-2014-1561,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567 Sources used: openSUSE 11.4 (src): MozillaFirefox-24.8.0-127.1, mozilla-nss-3.16.4-94.1