Bug 9136

Summary: [Update Request]: firefox 17.0.3
Product: Mageia Reporter: Funda Wang <fundawang>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: Normal CC: luigiwalser, wrw105
Version: 2   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
Whiteboard: MGA2_64_OK
Source RPM: firefox-17.0.3-1, firefox-l10n-17.0.3-1 CVE:
Status comment:

Description Funda Wang 2013-02-20 23:41:19 CET 
Multiple security vulnerabilities were fixed in firefox 17.0.3:

MFSA-2013-28: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA-2013-27: Phishing on HTTPS connection through malicious proxy
MFSA-2013-26: Use-after-free in nsImageLoadingContent
MFSA-2013-25: Privacy leak in JavaScript Workers
MFSA-2013-24: Web content bypass of COW and SOW security wrappers
MFSA-2013-21: Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)

References:
http://www.mozilla.org/security/announce/2013/mfsa2013-21.html
http://www.mozilla.org/security/announce/2013/mfsa2013-24.html
http://www.mozilla.org/security/announce/2013/mfsa2013-25.html
http://www.mozilla.org/security/announce/2013/mfsa2013-26.html
http://www.mozilla.org/security/announce/2013/mfsa2013-27.html
http://www.mozilla.org/security/announce/2013/mfsa2013-28.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783
Comment 1 Bill Wilkinson 2013-02-21 01:16:56 CET 
Tested MGA2-64.

No PoCs found.

Tested javascript:
https://www.webkit.org/perf/sunspider-0.9.1/sunspider-0.9.1/driver.html

tested java plugin:
http://www.javatester.org/version.html

Tested flash with flash game (Lemmings)
http://www.oldgames.dk/freeflashgames/arcadegames/playlemmings.php
And several YouTube videos

Various browsing

CC: (none) => wrw105
Whiteboard: (none) => MGA2_64_OK

Manuel Hiebel 2013-02-21 01:25:12 CET

CC: (none) => luigiwalser

Comment 2 Manuel Hiebel 2013-02-21 01:25:55 CET 
maybe we should wait a bit 

https://bugs.mageia.org/show_bug.cgi?id=9141
Comment 3 David Walser 2013-02-21 01:36:59 CET 
Yes, this is not ready for QA.

*** This bug has been marked as a duplicate of bug 9141 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE