Bug 7210 - Update candidate for Thunderbird 10.0.7
: Update candidate for Thunderbird 10.0.7
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
:
:
: MGA1TOO mga2-64-OK MGA2-32-OK MGA1-64...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-08-26 17:49 CEST by David Walser
Modified: 2012-08-30 11:24 CEST (History)
6 users (show)

See Also:
Source RPM: thunderbird-10.0.7-1.mga2.src.rpm, mozilla-thunderbird-10.0.7-1.mga1.src.rpm
CVE:


Attachments

Description David Walser 2012-08-26 17:49:48 CEST
Mozilla Thunderbird 10.0.7 has been released.
Comment 1 Florian Hubold 2012-08-26 18:05:18 CEST
Submitted for mga1 and mga2, together with -l10n packages.

There is now thunderbird-10.0.7-1.mga2 and thunderbird-l10n-10.0.7-1.mga in core/updates_testing to validate
-------------------------------------------------------


Suggested advisory:
-------------------
This update addresses the following issues:

- to be filled later when Mozilla actually puts up the security advisories for 10.0.7

Other fixes in this release:


-------------------------------------------------------
Steps to reproduce:

- install/update to update candidate
- make sure language packs are still in effect after the update
Comment 2 David Walser 2012-08-26 18:18:39 CEST
SRPMs:
mozilla-thunderbird-10.0.7-1.mga1.src.rpm
mozilla-thunderbird-l10n-10.0.7-1.mga1.src.rpm
thunderbird-10.0.7-1.mga2.src.rpm
thunderbird-l10n-10.0.7-1.mga2.src.rpm

Full RPMs list:
mozilla-thunderbird-10.0.7-1.mga1
mozilla-thunderbird-enigmail-10.0.7-1.mga1
nsinstall-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ar-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ca-10.0.7-1.mga1
mozilla-thunderbird-enigmail-cs-10.0.7-1.mga1
mozilla-thunderbird-enigmail-de-10.0.7-1.mga1
mozilla-thunderbird-enigmail-el-10.0.7-1.mga1
mozilla-thunderbird-enigmail-es-10.0.7-1.mga1
mozilla-thunderbird-enigmail-fi-10.0.7-1.mga1
mozilla-thunderbird-enigmail-fr-10.0.7-1.mga1
mozilla-thunderbird-enigmail-it-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ja-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ko-10.0.7-1.mga1
mozilla-thunderbird-enigmail-nb-10.0.7-1.mga1
mozilla-thunderbird-enigmail-nl-10.0.7-1.mga1
mozilla-thunderbird-enigmail-pl-10.0.7-1.mga1
mozilla-thunderbird-enigmail-pt-10.0.7-1.mga1
mozilla-thunderbird-enigmail-pt_BR-10.0.7-1.mga1
mozilla-thunderbird-enigmail-ru-10.0.7-1.mga1
mozilla-thunderbird-enigmail-sl-10.0.7-1.mga1
mozilla-thunderbird-enigmail-sv-10.0.7-1.mga1
mozilla-thunderbird-enigmail-tr-10.0.7-1.mga1
mozilla-thunderbird-enigmail-vi-10.0.7-1.mga1
mozilla-thunderbird-enigmail-zh_CN-10.0.7-1.mga1
mozilla-thunderbird-enigmail-zh_TW-10.0.7-1.mga1
mozilla-thunderbird-ar-10.0.7-1.mga1
mozilla-thunderbird-be-10.0.7-1.mga1
mozilla-thunderbird-bg-10.0.7-1.mga1
mozilla-thunderbird-bn_BD-10.0.7-1.mga1
mozilla-thunderbird-br-10.0.7-1.mga1
mozilla-thunderbird-ca-10.0.7-1.mga1
mozilla-thunderbird-cs-10.0.7-1.mga1
mozilla-thunderbird-da-10.0.7-1.mga1
mozilla-thunderbird-de-10.0.7-1.mga1
mozilla-thunderbird-el-10.0.7-1.mga1
mozilla-thunderbird-en_GB-10.0.7-1.mga1
mozilla-thunderbird-es_AR-10.0.7-1.mga1
mozilla-thunderbird-es_ES-10.0.7-1.mga1
mozilla-thunderbird-et-10.0.7-1.mga1
mozilla-thunderbird-eu-10.0.7-1.mga1
mozilla-thunderbird-fi-10.0.7-1.mga1
mozilla-thunderbird-fr-10.0.7-1.mga1
mozilla-thunderbird-fy-10.0.7-1.mga1
mozilla-thunderbird-ga-10.0.7-1.mga1
mozilla-thunderbird-gd-10.0.7-1.mga1
mozilla-thunderbird-gl-10.0.7-1.mga1
mozilla-thunderbird-he-10.0.7-1.mga1
mozilla-thunderbird-hu-10.0.7-1.mga1
mozilla-thunderbird-id-10.0.7-1.mga1
mozilla-thunderbird-is-10.0.7-1.mga1
mozilla-thunderbird-it-10.0.7-1.mga1
mozilla-thunderbird-ja-10.0.7-1.mga1
mozilla-thunderbird-ko-10.0.7-1.mga1
mozilla-thunderbird-lt-10.0.7-1.mga1
mozilla-thunderbird-nb_NO-10.0.7-1.mga1
mozilla-thunderbird-nl-10.0.7-1.mga1
mozilla-thunderbird-nn_NO-10.0.7-1.mga1
mozilla-thunderbird-pl-10.0.7-1.mga1
mozilla-thunderbird-pt_BR-10.0.7-1.mga1
mozilla-thunderbird-pt_PT-10.0.7-1.mga1
mozilla-thunderbird-ro-10.0.7-1.mga1
mozilla-thunderbird-ru-10.0.7-1.mga1
mozilla-thunderbird-si-10.0.7-1.mga1
mozilla-thunderbird-sk-10.0.7-1.mga1
mozilla-thunderbird-sl-10.0.7-1.mga1
mozilla-thunderbird-sq-10.0.7-1.mga1
mozilla-thunderbird-sv_SE-10.0.7-1.mga1
mozilla-thunderbird-ta_LK-10.0.7-1.mga1
mozilla-thunderbird-tr-10.0.7-1.mga1
mozilla-thunderbird-uk-10.0.7-1.mga1
mozilla-thunderbird-vi-10.0.7-1.mga1
mozilla-thunderbird-zh_CN-10.0.7-1.mga1
mozilla-thunderbird-zh_TW-10.0.7-1.mga1
thunderbird-10.0.7-1.mga2
thunderbird-enigmail-10.0.7-1.mga2
nsinstall-10.0.7-1.mga2
thunderbird-ar-10.0.7-1.mga2
thunderbird-ast-10.0.7-1.mga2
thunderbird-be-10.0.7-1.mga2
thunderbird-bg-10.0.7-1.mga2
thunderbird-bn_BD-10.0.7-1.mga2
thunderbird-br-10.0.7-1.mga2
thunderbird-ca-10.0.7-1.mga2
thunderbird-cs-10.0.7-1.mga2
thunderbird-da-10.0.7-1.mga2
thunderbird-de-10.0.7-1.mga2
thunderbird-el-10.0.7-1.mga2
thunderbird-en_GB-10.0.7-1.mga2
thunderbird-es_AR-10.0.7-1.mga2
thunderbird-es_ES-10.0.7-1.mga2
thunderbird-et-10.0.7-1.mga2
thunderbird-eu-10.0.7-1.mga2
thunderbird-fi-10.0.7-1.mga2
thunderbird-fr-10.0.7-1.mga2
thunderbird-fy-10.0.7-1.mga2
thunderbird-ga-10.0.7-1.mga2
thunderbird-gd-10.0.7-1.mga2
thunderbird-gl-10.0.7-1.mga2
thunderbird-he-10.0.7-1.mga2
thunderbird-hu-10.0.7-1.mga2
thunderbird-id-10.0.7-1.mga2
thunderbird-is-10.0.7-1.mga2
thunderbird-it-10.0.7-1.mga2
thunderbird-ja-10.0.7-1.mga2
thunderbird-ko-10.0.7-1.mga2
thunderbird-lt-10.0.7-1.mga2
thunderbird-nb_NO-10.0.7-1.mga2
thunderbird-nl-10.0.7-1.mga2
thunderbird-nn_NO-10.0.7-1.mga2
thunderbird-pl-10.0.7-1.mga2
thunderbird-pa_IN-10.0.7-1.mga2
thunderbird-pt_BR-10.0.7-1.mga2
thunderbird-pt_PT-10.0.7-1.mga2
thunderbird-ro-10.0.7-1.mga2
thunderbird-ru-10.0.7-1.mga2
thunderbird-si-10.0.7-1.mga2
thunderbird-sk-10.0.7-1.mga2
thunderbird-sl-10.0.7-1.mga2
thunderbird-sq-10.0.7-1.mga2
thunderbird-sv_SE-10.0.7-1.mga2
thunderbird-ta_LK-10.0.7-1.mga2
thunderbird-tr-10.0.7-1.mga2
thunderbird-uk-10.0.7-1.mga2
thunderbird-vi-10.0.7-1.mga2
thunderbird-zh_CN-10.0.7-1.mga2
thunderbird-zh_TW-10.0.7-1.mga2
Comment 3 David Walser 2012-08-26 19:50:11 CEST
Testing may begin.  The advisory will come later.
Comment 4 Eduard Beliaev 2012-08-26 22:23:54 CEST
Testing on Mageia 2 x86/i568 and x86_64.
Comment 5 Eduard Beliaev 2012-08-27 18:05:57 CEST
No problems with Mageia 2 x86_64 or Mageia 2 x86/i568. I had to install a plugin called quick locale switcher to change the language interface.
Comment 6 Stefano Negro 2012-08-27 23:14:35 CEST
testing on Mageia 2 x86_64 :
- lib64nss3-3.13.6-1.mga2.x86_64
- thunderbird-10.0.7-1.mga2.x86_64
- thunderbird-enigmail-10.0.7-1.mga2.x86_64
Comment 7 claire robinson 2012-08-28 11:37:06 CEST
Same testing as Stefano. 

email, nntp, spellcheck, enigmail all OK.

I am not able to find much info about nsinstall or find any way to test it. 

Is it used in the build process?
Comment 8 David Walser 2012-08-28 20:39:42 CEST
Upstream advisories are available now, so we have references.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980
http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
http://www.mozilla.org/security/announce/2012/mfsa2012-58.html
http://www.mozilla.org/security/announce/2012/mfsa2012-61.html
http://www.mozilla.org/security/announce/2012/mfsa2012-62.html
http://www.mozilla.org/security/announce/2012/mfsa2012-63.html
http://www.mozilla.org/security/announce/2012/mfsa2012-65.html
http://www.mozilla.org/security/announce/2012/mfsa2012-67.html
http://www.mozilla.org/security/announce/2012/mfsa2012-70.html
http://www.mozilla.org/security/announce/2012/mfsa2012-72.html
Comment 9 Florian Hubold 2012-08-28 21:04:10 CEST
(In reply to comment #7)
> I am not able to find much info about nsinstall or find any way to test it. 
> 
> Is it used in the build process?

Could be, but i've no complete log of the build process. But no package actually requires it.

Apart from that now the complete advisory:

There is now thunderbird-10.0.7-1.mga2 and thunderbird-l10n-10.0.7-1.mga in
core/updates_testing to validate
-------------------------------------------------------


Suggested advisory:
-------------------
This update addresses the following issues:

http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
    
CVE-2012-1970
CVE-2012-1971


http://www.mozilla.org/security/announce/2012/mfsa2012-58.html
Use-after-free issues found using Address Sanitizer

CVE-2012-1972
CVE-2012-1973
CVE-2012-1974
CVE-2012-1975
CVE-2012-1976
CVE-2012-3956
CVE-2012-3957
CVE-2012-3958
CVE-2012-3959
CVE-2012-3960
CVE-2012-3961
CVE-2012-3962
CVE-2012-3963
CVE-2012-3964

http://www.mozilla.org/security/announce/2012/mfsa2012-59.html
Location object can be shadowed using Object.defineProperty
CVE-2012-1956

http://www.mozilla.org/security/announce/2012/mfsa2012-60.html
Escalation of privilege through about:newtab
CVE-2012-3965

http://www.mozilla.org/security/announce/2012/mfsa2012-61.html
Memory corruption with bitmap format images with negative height
CVE-2012-3966

http://www.mozilla.org/security/announce/2012/mfsa2012-62.html
WebGL use-after-free and memory corruption
CVE-2012-3968
CVE-2012-3967

http://www.mozilla.org/security/announce/2012/mfsa2012-63.html
SVG buffer overflow and use-after-free issues
CVE-2012-3969
CVE-2012-3970

http://www.mozilla.org/security/announce/2012/mfsa2012-64.html
Graphite 2 memory corruption
CVE-2012-3971

http://www.mozilla.org/security/announce/2012/mfsa2012-65.html
Out-of-bounds read in format-number in XSLT
CVE-2012-3972

http://www.mozilla.org/security/announce/2012/mfsa2012-66.html
HTTPMonitor extension allows for remote debugging without explicit activation
CVE-2012-3973

http://www.mozilla.org/security/announce/2012/mfsa2012-67.html
Installer will launch incorrect executable following new installation (only applicable to windows installer)
CVE-2012-3974

http://www.mozilla.org/security/announce/2012/mfsa2012-68.html
DOMParser loads linked resources in extensions when parsing text/html
CVE-2012-3975

http://www.mozilla.org/security/announce/2012/mfsa2012-69.html
Incorrect site SSL certificate data display
CVE-2012-3976

http://www.mozilla.org/security/announce/2012/mfsa2012-70.html
Location object security checks bypassed by chrome code
CVE-2012-3978

http://www.mozilla.org/security/announce/2012/mfsa2012-71.html
Insecure use of __android_log_print
CVE-2012-3979

http://www.mozilla.org/security/announce/2012/mfsa2012-72.html
Web console eval capable of executing chrome-privileged code
CVE-2012-3980


-------------------------------------------------------
Steps to reproduce:

- install/update to update candidate
- make sure language packs are still in effect after the update
Comment 10 Dave Hodgins 2012-08-29 03:30:52 CEST
Testing complete on both arches, both releases with enigmail, lightning,
email, and nntp.

Could someone from the sysadmin team push the srpms
thunderbird-10.0.7-1.mga2.src.rpm
thunderbird-l10n-10.0.7-1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates and the srpms
mozilla-thunderbird-10.0.7-1.mga1.src.rpm
mozilla-thunderbird-l10n-10.0.7-1.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core UPdates.

Advisory: This thunderbird update addresses the following issues:

http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)

CVE-2012-1970
CVE-2012-1971


http://www.mozilla.org/security/announce/2012/mfsa2012-58.html
Use-after-free issues found using Address Sanitizer

CVE-2012-1972
CVE-2012-1973
CVE-2012-1974
CVE-2012-1975
CVE-2012-1976
CVE-2012-3956
CVE-2012-3957
CVE-2012-3958
CVE-2012-3959
CVE-2012-3960
CVE-2012-3961
CVE-2012-3962
CVE-2012-3963
CVE-2012-3964

http://www.mozilla.org/security/announce/2012/mfsa2012-59.html
Location object can be shadowed using Object.defineProperty
CVE-2012-1956

http://www.mozilla.org/security/announce/2012/mfsa2012-60.html
Escalation of privilege through about:newtab
CVE-2012-3965

http://www.mozilla.org/security/announce/2012/mfsa2012-61.html
Memory corruption with bitmap format images with negative height
CVE-2012-3966

http://www.mozilla.org/security/announce/2012/mfsa2012-62.html
WebGL use-after-free and memory corruption
CVE-2012-3968
CVE-2012-3967

http://www.mozilla.org/security/announce/2012/mfsa2012-63.html
SVG buffer overflow and use-after-free issues
CVE-2012-3969
CVE-2012-3970

http://www.mozilla.org/security/announce/2012/mfsa2012-64.html
Graphite 2 memory corruption
CVE-2012-3971

http://www.mozilla.org/security/announce/2012/mfsa2012-65.html
Out-of-bounds read in format-number in XSLT
CVE-2012-3972

http://www.mozilla.org/security/announce/2012/mfsa2012-66.html
HTTPMonitor extension allows for remote debugging without explicit activation
CVE-2012-3973

http://www.mozilla.org/security/announce/2012/mfsa2012-67.html
Installer will launch incorrect executable following new installation (only
applicable to windows installer)
CVE-2012-3974

http://www.mozilla.org/security/announce/2012/mfsa2012-68.html
DOMParser loads linked resources in extensions when parsing text/html
CVE-2012-3975

http://www.mozilla.org/security/announce/2012/mfsa2012-69.html
Incorrect site SSL certificate data display
CVE-2012-3976

http://www.mozilla.org/security/announce/2012/mfsa2012-70.html
Location object security checks bypassed by chrome code
CVE-2012-3978

http://www.mozilla.org/security/announce/2012/mfsa2012-71.html
Insecure use of __android_log_print
CVE-2012-3979

http://www.mozilla.org/security/announce/2012/mfsa2012-72.html
Web console eval capable of executing chrome-privileged code
CVE-2012-3980

https://bugs.mageia.org/show_bug.cgi?id=7210
Comment 11 David Walser 2012-08-29 13:47:55 CEST
CVE descriptions are now available from RedHat.

Note that the CVE list has been fixed, as one of the Mozilla advisories I had listed previously only affects Windows.

Advisory:
========================

Updated mozilla-thunderbird packages fix security vulnerabilities:

Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird (CVE-2012-1970,
CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,
CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,
CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964).

Content containing a malicious Scalable Vector Graphics (SVG) image file
could cause Thunderbird to crash or, potentially, execute arbitrary code
with the privileges of the user running Thunderbird (CVE-2012-3969,
CVE-2012-3970).

Two flaws were found in the way Thunderbird rendered certain images using
WebGL. Malicious content could cause Thunderbird to crash or, under certain
conditions, possibly execute arbitrary code with the privileges of the user
running Thunderbird (CVE-2012-3967, CVE-2012-3968).

A flaw was found in the way Thunderbird decoded embedded bitmap images in
Icon Format (ICO) files. Content containing a malicious ICO file could
cause Thunderbird to crash or, under certain conditions, possibly execute
arbitrary code with the privileges of the user running Thunderbird
(CVE-2012-3966).

A flaw was found in the way the "eval" command was handled by the
Thunderbird Error Console. Running "eval" in the Error Console while
viewing malicious content could possibly cause Thunderbird to execute
arbitrary code with the privileges of the user running Thunderbird
(CVE-2012-3980).

An out-of-bounds memory read flaw was found in the way Thunderbird used the
format-number feature of XSLT (Extensible Stylesheet Language
Transformations). Malicious content could possibly cause an information
leak, or cause Thunderbird to crash (CVE-2012-3972).

A flaw was found in the location object implementation in Thunderbird.
Malicious content could use this flaw to possibly allow restricted content
to be loaded (CVE-2012-3978).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980
http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
http://www.mozilla.org/security/announce/2012/mfsa2012-58.html
http://www.mozilla.org/security/announce/2012/mfsa2012-61.html
http://www.mozilla.org/security/announce/2012/mfsa2012-62.html
http://www.mozilla.org/security/announce/2012/mfsa2012-63.html
http://www.mozilla.org/security/announce/2012/mfsa2012-65.html
http://www.mozilla.org/security/announce/2012/mfsa2012-70.html
http://www.mozilla.org/security/announce/2012/mfsa2012-72.html
https://rhn.redhat.com/errata/RHSA-2012-1211.html
Comment 12 Thomas Backlund 2012-08-30 11:24:59 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0246

Note You need to log in before you can comment on or make changes to this bug.