Bug 17119 - Iceape multiple security fixes in Seamonkey 2.39
Summary: Iceape multiple security fixes in Seamonkey 2.39
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: has_procedure advisory mga5-64-ok
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-11-10 13:45 CET by Bill Wilkinson
Modified: 2015-11-16 22:37 CET (History)
3 users (show)

See Also:
Source RPM: iceape-2.39-1.mga5
CVE:
Status comment:


Attachments

Description Bill Wilkinson 2015-11-10 13:45:11 CET
Multiple security updates in Seamonkey 2.39.

Reproducible: 

Steps to Reproduce:
Christiaan Welvaart 2015-11-12 23:26:14 CET

Status: NEW => ASSIGNED
CC: (none) => cjw
Assignee: bugsquad => cjw

Comment 1 Christiaan Welvaart 2015-11-15 21:58:43 CET
Packages are ready for testing.

MGA5
SRPMS:
iceape-2.39-1.mga5.src.rpm
RPMS:
iceape-2.39-1.mga5.i586.rpm
iceape-2.39-1.mga5.x86_64.rpm



Proposed advisory:



Updated iceape packages fix security issues:

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2015-4513)

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2015-4514)

Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message. (CVE-2015-4515)

The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL. (CVE-2015-4518)

The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension. (CVE-2015-7187)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string. (CVE-2015-7188)

Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code. (CVE-2015-7189)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. (CVE-2015-7193)

Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive. (CVE-2015-7194)

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect. (CVE-2015-7195)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. (CVE-2015-7196)

Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data. (CVE-2015-7198)

The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document. (CVE-2015-7199)

The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. (CVE-2015-7200)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code. (CVE-2015-7197)



References:
http://www.seamonkey-project.org/releases/seamonkey2.39/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200
https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-117/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-118/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-121/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-122/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-123/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-127/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-128/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-129/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-130/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-132/

Assignee: cjw => qa-bugs

Comment 2 Bill Wilkinson 2015-11-16 03:35:36 CET
Tested mga5-64.

Browser: acid3, javatester, jetstream, general browsing

Mail: send/receive/move/delete IMAP/SMTP ok

Chat: logged into freenode, joined mageia-qa

All OK.

CC: (none) => wrw105
Whiteboard: (none) => has_procedure mga5-64-ok

Comment 3 claire robinson 2015-11-16 09:50:14 CET
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

claire robinson 2015-11-16 17:40:56 CET

Component: RPM Packages => Security

Comment 4 claire robinson 2015-11-16 17:44:23 CET
Advisory uploaded.

Whiteboard: has_procedure mga5-64-ok => has_procedure advisory mga5-64-ok

claire robinson 2015-11-16 17:45:42 CET

QA Contact: (none) => security
Severity: normal => critical

claire robinson 2015-11-16 17:46:23 CET

Source RPM: (none) => iceape-2.39-1.mga5

Comment 5 Mageia Robot 2015-11-16 22:37:43 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0447.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.