Bug 13293

Summary: Firefox and Thunderbird 24.5
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: filorin, sysadmin-bugs, tmb, wrw105
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/596802/
Whiteboard: MGA3TOO has_procedure advisory mga4-64-ok mga3-64-ok mga4-32-ok mga3-32-ok
Source RPM: firefox, thunderbird CVE:
Status comment:

Description David Walser 2014-04-30 22:14:27 CEST 
RedHat has issued advisories on April 29:
https://rhn.redhat.com/errata/RHSA-2014-0448.html
https://rhn.redhat.com/errata/RHSA-2014-0449.html

Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron.

Advisory:
========================

Updated firefox and thunderbird packages fix security vulnerabilities:

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to
crash or, potentially, execute arbitrary code with the privileges of the
user running it (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529,
CVE-2014-1531).

A use-after-free flaw was found in the way Firefox and Thunderbird resolved
hosts in certain circumstances. An attacker could use this flaw to crash
Firefox or Thunderbird or, potentially, execute arbitrary code with the
privileges of the user running it (CVE-2014-1532).

An out-of-bounds read flaw was found in the way Firefox and Thunderbird
decoded JPEG images. Loading a web page containing a specially crafted JPEG
image could cause Firefox or Thunderbird to crash (CVE-2014-1523).

A flaw was found in the way Firefox and Thunderbird handled browser
navigations through history. An attacker could possibly use this flaw to
cause the address bar of the browser to display a web page name while
loading content from an entirely different web page, which could allow for
cross-site scripting (XSS) attacks (CVE-2014-1530).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532
http://www.mozilla.org/security/announce/2014/mfsa2014-34.html
http://www.mozilla.org/security/announce/2014/mfsa2014-37.html
http://www.mozilla.org/security/announce/2014/mfsa2014-38.html
http://www.mozilla.org/security/announce/2014/mfsa2014-42.html
http://www.mozilla.org/security/announce/2014/mfsa2014-43.html
http://www.mozilla.org/security/announce/2014/mfsa2014-44.html
http://www.mozilla.org/security/announce/2014/mfsa2014-46.html
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
https://rhn.redhat.com/errata/RHSA-2014-0448.html
https://rhn.redhat.com/errata/RHSA-2014-0449.html
========================

Updated packages in core/updates_testing:
========================
firefox-24.5.0-1.mga3
firefox-devel-24.5.0-1.mga3
firefox-af-24.5.0-1.mga3
firefox-ar-24.5.0-1.mga3
firefox-as-24.5.0-1.mga3
firefox-ast-24.5.0-1.mga3
firefox-be-24.5.0-1.mga3
firefox-bg-24.5.0-1.mga3
firefox-bn_IN-24.5.0-1.mga3
firefox-bn_BD-24.5.0-1.mga3
firefox-br-24.5.0-1.mga3
firefox-bs-24.5.0-1.mga3
firefox-ca-24.5.0-1.mga3
firefox-cs-24.5.0-1.mga3
firefox-csb-24.5.0-1.mga3
firefox-cy-24.5.0-1.mga3
firefox-da-24.5.0-1.mga3
firefox-de-24.5.0-1.mga3
firefox-el-24.5.0-1.mga3
firefox-en_GB-24.5.0-1.mga3
firefox-en_ZA-24.5.0-1.mga3
firefox-eo-24.5.0-1.mga3
firefox-es_AR-24.5.0-1.mga3
firefox-es_CL-24.5.0-1.mga3
firefox-es_ES-24.5.0-1.mga3
firefox-es_MX-24.5.0-1.mga3
firefox-et-24.5.0-1.mga3
firefox-eu-24.5.0-1.mga3
firefox-fa-24.5.0-1.mga3
firefox-ff-24.5.0-1.mga3
firefox-fi-24.5.0-1.mga3
firefox-fr-24.5.0-1.mga3
firefox-fy-24.5.0-1.mga3
firefox-ga_IE-24.5.0-1.mga3
firefox-gd-24.5.0-1.mga3
firefox-gl-24.5.0-1.mga3
firefox-gu_IN-24.5.0-1.mga3
firefox-he-24.5.0-1.mga3
firefox-hi-24.5.0-1.mga3
firefox-hr-24.5.0-1.mga3
firefox-hu-24.5.0-1.mga3
firefox-hy-24.5.0-1.mga3
firefox-id-24.5.0-1.mga3
firefox-is-24.5.0-1.mga3
firefox-it-24.5.0-1.mga3
firefox-ja-24.5.0-1.mga3
firefox-kk-24.5.0-1.mga3
firefox-ko-24.5.0-1.mga3
firefox-km-24.5.0-1.mga3
firefox-kn-24.5.0-1.mga3
firefox-ku-24.5.0-1.mga3
firefox-lg-24.5.0-1.mga3
firefox-lij-24.5.0-1.mga3
firefox-lt-24.5.0-1.mga3
firefox-lv-24.5.0-1.mga3
firefox-mai-24.5.0-1.mga3
firefox-mk-24.5.0-1.mga3
firefox-ml-24.5.0-1.mga3
firefox-mr-24.5.0-1.mga3
firefox-nb_NO-24.5.0-1.mga3
firefox-nl-24.5.0-1.mga3
firefox-nn_NO-24.5.0-1.mga3
firefox-nso-24.5.0-1.mga3
firefox-or-24.5.0-1.mga3
firefox-pa_IN-24.5.0-1.mga3
firefox-pl-24.5.0-1.mga3
firefox-pt_BR-24.5.0-1.mga3
firefox-pt_PT-24.5.0-1.mga3
firefox-ro-24.5.0-1.mga3
firefox-ru-24.5.0-1.mga3
firefox-si-24.5.0-1.mga3
firefox-sk-24.5.0-1.mga3
firefox-sl-24.5.0-1.mga3
firefox-sq-24.5.0-1.mga3
firefox-sr-24.5.0-1.mga3
firefox-sv_SE-24.5.0-1.mga3
firefox-ta-24.5.0-1.mga3
firefox-ta_LK-24.5.0-1.mga3
firefox-te-24.5.0-1.mga3
firefox-th-24.5.0-1.mga3
firefox-tr-24.5.0-1.mga3
firefox-uk-24.5.0-1.mga3
firefox-vi-24.5.0-1.mga3
firefox-zh_CN-24.5.0-1.mga3
firefox-zh_TW-24.5.0-1.mga3
firefox-zu-24.5.0-1.mga3
thunderbird-24.5.0-1.mga3
thunderbird-enigmail-24.5.0-1.mga3
nsinstall-24.5.0-1.mga3
thunderbird-ar-24.5.0-1.mga3
thunderbird-ast-24.5.0-1.mga3
thunderbird-be-24.5.0-1.mga3
thunderbird-bg-24.5.0-1.mga3
thunderbird-bn_BD-24.5.0-1.mga3
thunderbird-br-24.5.0-1.mga3
thunderbird-ca-24.5.0-1.mga3
thunderbird-cs-24.5.0-1.mga3
thunderbird-da-24.5.0-1.mga3
thunderbird-de-24.5.0-1.mga3
thunderbird-el-24.5.0-1.mga3
thunderbird-en_GB-24.5.0-1.mga3
thunderbird-es_AR-24.5.0-1.mga3
thunderbird-es_ES-24.5.0-1.mga3
thunderbird-et-24.5.0-1.mga3
thunderbird-eu-24.5.0-1.mga3
thunderbird-fi-24.5.0-1.mga3
thunderbird-fr-24.5.0-1.mga3
thunderbird-fy-24.5.0-1.mga3
thunderbird-ga-24.5.0-1.mga3
thunderbird-gd-24.5.0-1.mga3
thunderbird-gl-24.5.0-1.mga3
thunderbird-he-24.5.0-1.mga3
thunderbird-hr-24.5.0-1.mga3
thunderbird-hu-24.5.0-1.mga3
thunderbird-hy-24.5.0-1.mga3
thunderbird-id-24.5.0-1.mga3
thunderbird-is-24.5.0-1.mga3
thunderbird-it-24.5.0-1.mga3
thunderbird-ja-24.5.0-1.mga3
thunderbird-ko-24.5.0-1.mga3
thunderbird-lt-24.5.0-1.mga3
thunderbird-nb_NO-24.5.0-1.mga3
thunderbird-nl-24.5.0-1.mga3
thunderbird-nn_NO-24.5.0-1.mga3
thunderbird-pl-24.5.0-1.mga3
thunderbird-pa_IN-24.5.0-1.mga3
thunderbird-pt_BR-24.5.0-1.mga3
thunderbird-pt_PT-24.5.0-1.mga3
thunderbird-ro-24.5.0-1.mga3
thunderbird-ru-24.5.0-1.mga3
thunderbird-si-24.5.0-1.mga3
thunderbird-sk-24.5.0-1.mga3
thunderbird-sl-24.5.0-1.mga3
thunderbird-sq-24.5.0-1.mga3
thunderbird-sv_SE-24.5.0-1.mga3
thunderbird-ta_LK-24.5.0-1.mga3
thunderbird-tr-24.5.0-1.mga3
thunderbird-uk-24.5.0-1.mga3
thunderbird-vi-24.5.0-1.mga3
thunderbird-zh_CN-24.5.0-1.mga3
thunderbird-zh_TW-24.5.0-1.mga3
firefox-24.5.0-1.mga4
firefox-devel-24.5.0-1.mga4
firefox-af-24.5.0-1.mga4
firefox-ar-24.5.0-1.mga4
firefox-as-24.5.0-1.mga4
firefox-ast-24.5.0-1.mga4
firefox-be-24.5.0-1.mga4
firefox-bg-24.5.0-1.mga4
firefox-bn_IN-24.5.0-1.mga4
firefox-bn_BD-24.5.0-1.mga4
firefox-br-24.5.0-1.mga4
firefox-bs-24.5.0-1.mga4
firefox-ca-24.5.0-1.mga4
firefox-cs-24.5.0-1.mga4
firefox-csb-24.5.0-1.mga4
firefox-cy-24.5.0-1.mga4
firefox-da-24.5.0-1.mga4
firefox-de-24.5.0-1.mga4
firefox-el-24.5.0-1.mga4
firefox-en_GB-24.5.0-1.mga4
firefox-en_ZA-24.5.0-1.mga4
firefox-eo-24.5.0-1.mga4
firefox-es_AR-24.5.0-1.mga4
firefox-es_CL-24.5.0-1.mga4
firefox-es_ES-24.5.0-1.mga4
firefox-es_MX-24.5.0-1.mga4
firefox-et-24.5.0-1.mga4
firefox-eu-24.5.0-1.mga4
firefox-fa-24.5.0-1.mga4
firefox-ff-24.5.0-1.mga4
firefox-fi-24.5.0-1.mga4
firefox-fr-24.5.0-1.mga4
firefox-fy-24.5.0-1.mga4
firefox-ga_IE-24.5.0-1.mga4
firefox-gd-24.5.0-1.mga4
firefox-gl-24.5.0-1.mga4
firefox-gu_IN-24.5.0-1.mga4
firefox-he-24.5.0-1.mga4
firefox-hi-24.5.0-1.mga4
firefox-hr-24.5.0-1.mga4
firefox-hu-24.5.0-1.mga4
firefox-hy-24.5.0-1.mga4
firefox-id-24.5.0-1.mga4
firefox-is-24.5.0-1.mga4
firefox-it-24.5.0-1.mga4
firefox-ja-24.5.0-1.mga4
firefox-kk-24.5.0-1.mga4
firefox-ko-24.5.0-1.mga4
firefox-km-24.5.0-1.mga4
firefox-kn-24.5.0-1.mga4
firefox-ku-24.5.0-1.mga4
firefox-lg-24.5.0-1.mga4
firefox-lij-24.5.0-1.mga4
firefox-lt-24.5.0-1.mga4
firefox-lv-24.5.0-1.mga4
firefox-mai-24.5.0-1.mga4
firefox-mk-24.5.0-1.mga4
firefox-ml-24.5.0-1.mga4
firefox-mr-24.5.0-1.mga4
firefox-nb_NO-24.5.0-1.mga4
firefox-nl-24.5.0-1.mga4
firefox-nn_NO-24.5.0-1.mga4
firefox-nso-24.5.0-1.mga4
firefox-or-24.5.0-1.mga4
firefox-pa_IN-24.5.0-1.mga4
firefox-pl-24.5.0-1.mga4
firefox-pt_BR-24.5.0-1.mga4
firefox-pt_PT-24.5.0-1.mga4
firefox-ro-24.5.0-1.mga4
firefox-ru-24.5.0-1.mga4
firefox-si-24.5.0-1.mga4
firefox-sk-24.5.0-1.mga4
firefox-sl-24.5.0-1.mga4
firefox-sq-24.5.0-1.mga4
firefox-sr-24.5.0-1.mga4
firefox-sv_SE-24.5.0-1.mga4
firefox-ta-24.5.0-1.mga4
firefox-ta_LK-24.5.0-1.mga4
firefox-te-24.5.0-1.mga4
firefox-th-24.5.0-1.mga4
firefox-tr-24.5.0-1.mga4
firefox-uk-24.5.0-1.mga4
firefox-vi-24.5.0-1.mga4
firefox-zh_CN-24.5.0-1.mga4
firefox-zh_TW-24.5.0-1.mga4
firefox-zu-24.5.0-1.mga4
thunderbird-24.5.0-1.mga4
thunderbird-enigmail-24.5.0-1.mga4
nsinstall-24.5.0-1.mga4
thunderbird-ar-24.5.0-1.mga4
thunderbird-ast-24.5.0-1.mga4
thunderbird-be-24.5.0-1.mga4
thunderbird-bg-24.5.0-1.mga4
thunderbird-bn_BD-24.5.0-1.mga4
thunderbird-br-24.5.0-1.mga4
thunderbird-ca-24.5.0-1.mga4
thunderbird-cs-24.5.0-1.mga4
thunderbird-da-24.5.0-1.mga4
thunderbird-de-24.5.0-1.mga4
thunderbird-el-24.5.0-1.mga4
thunderbird-en_GB-24.5.0-1.mga4
thunderbird-es_AR-24.5.0-1.mga4
thunderbird-es_ES-24.5.0-1.mga4
thunderbird-et-24.5.0-1.mga4
thunderbird-eu-24.5.0-1.mga4
thunderbird-fi-24.5.0-1.mga4
thunderbird-fr-24.5.0-1.mga4
thunderbird-fy-24.5.0-1.mga4
thunderbird-ga-24.5.0-1.mga4
thunderbird-gd-24.5.0-1.mga4
thunderbird-gl-24.5.0-1.mga4
thunderbird-he-24.5.0-1.mga4
thunderbird-hr-24.5.0-1.mga4
thunderbird-hu-24.5.0-1.mga4
thunderbird-hy-24.5.0-1.mga4
thunderbird-id-24.5.0-1.mga4
thunderbird-is-24.5.0-1.mga4
thunderbird-it-24.5.0-1.mga4
thunderbird-ja-24.5.0-1.mga4
thunderbird-ko-24.5.0-1.mga4
thunderbird-lt-24.5.0-1.mga4
thunderbird-nb_NO-24.5.0-1.mga4
thunderbird-nl-24.5.0-1.mga4
thunderbird-nn_NO-24.5.0-1.mga4
thunderbird-pl-24.5.0-1.mga4
thunderbird-pa_IN-24.5.0-1.mga4
thunderbird-pt_BR-24.5.0-1.mga4
thunderbird-pt_PT-24.5.0-1.mga4
thunderbird-ro-24.5.0-1.mga4
thunderbird-ru-24.5.0-1.mga4
thunderbird-si-24.5.0-1.mga4
thunderbird-sk-24.5.0-1.mga4
thunderbird-sl-24.5.0-1.mga4
thunderbird-sq-24.5.0-1.mga4
thunderbird-sv_SE-24.5.0-1.mga4
thunderbird-ta_LK-24.5.0-1.mga4
thunderbird-tr-24.5.0-1.mga4
thunderbird-uk-24.5.0-1.mga4
thunderbird-vi-24.5.0-1.mga4
thunderbird-zh_CN-24.5.0-1.mga4
thunderbird-zh_TW-24.5.0-1.mga4

from SRPMS:
firefox-24.5.0-1.mga3.src.rpm
firefox-l10n-24.5.0-1.mga3.src.rpm
thunderbird-24.5.0-1.mga3.src.rpm
thunderbird-l10n-24.5.0-1.mga3.src.rpm
firefox-24.5.0-1.mga4.src.rpm
firefox-l10n-24.5.0-1.mga4.src.rpm
thunderbird-24.5.0-1.mga4.src.rpm
thunderbird-l10n-24.5.0-1.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
David Walser 2014-04-30 22:14:32 CEST

Whiteboard: (none) => MGA3TOO

Comment 1 Bill Wilkinson 2014-05-01 04:06:27 CEST 
Usual tests, mga4-64
Firefox:
general browsing, sunspider for javascript, javatester.org version to test java plugin, acid3, youtube for flash, all OK.

Thunderbird:
send/receive/move/delete mail on imap/smtp all OK.

CC: (none) => wrw105
Whiteboard: MGA3TOO => MGA3TOO mga4-64-ok

Comment 2 Bill Wilkinson 2014-05-01 04:45:32 CEST 
tested mga3-64 as above, all OK.

If nobody beats me to them, I'll take a look at the 32-bits when I get home from work tomorrow, some time after the meeting.

Whiteboard: MGA3TOO mga4-64-ok => MGA3TOO mga4-64-ok mga3-64-ok

Comment 3 Guillaume 2014-05-02 12:58:27 CEST 
I did the same tests as you did, Bill on mga4-32. Perfectly working for me.

CC: (none) => filorin.mageia
Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok => MGA3TOO mga4-64-ok mga3-64-ok mga4-32-ok

Comment 4 Bill Wilkinson 2014-05-02 13:29:18 CEST 
Thanks for the hand, Guillame!

Tested mga3-32 as above, all OK.

We just need the advisory uploaded to svn for validation.

Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok mga4-32-ok => MGA3TOO mga4-64-ok mga3-64-ok mga4-32-ok mga3-32-ok

Comment 5 claire robinson 2014-05-02 14:53:55 CEST 
Validating. Advisory uploaded.

Could sysadmin please push to 3 & 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok mga4-32-ok mga3-32-ok => MGA3TOO has_procedure advisory mga4-64-ok mga3-64-ok mga4-32-ok mga3-32-ok
CC: (none) => sysadmin-bugs

Comment 6 Thomas Backlund 2014-05-02 20:10:19 CEST 
Update pushed:
http://advisories.mageia.org/MGASA-2014-0201.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED