Bug 8180 - firefox needs to be updated to 10.0.11 for security issues
: firefox needs to be updated to 10.0.11 for security issues
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
:
:
: MGA1TOO MGA1-64-OK MGA1-32-OK MGA2-32...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-11-22 06:12 CET by David Walser
Modified: 2012-11-23 23:02 CET (History)
5 users (show)

See Also:
Source RPM: firefox-10.0.10-1.mga2.src.rpm
CVE:


Attachments

Description David Walser 2012-11-22 06:12:41 CET
Mandriva has issued an advisory on November 21:
http://www.mandriva.com/en/support/security/advisories/?dis=mes5&name=MDVSA-2012:173

Updated packages uploaded for Mageia 1 and Mageia 2.

Source RPMs:
firefox-10.0.11-1.mga1.src.rpm
firefox-10.0.11-1.mga2.src.rpm
firefox-l10n-10.0.11-1.mga1.src.rpm
firefox-l10n-10.0.11-1.mga2.src.rpm

Advisory:
========================

Updated firefox packages fix security vulnerabilities:

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2012-5842).

Security researcher Atte Kettunen from OUSPG used the Address
Sanitizer tool to discover a buffer overflow while rendering GIF
format images. This issue is potentially exploitable and could lead
to arbitrary code execution (CVE-2012-4202).

Mozilla security researcher moz_bug_r_a4 reported that if code executed
by the evalInSandbox function sets location.href, it can get the wrong
subject principal for the URL check, ignoring the sandbox's Javascript
context and gaining the context of evalInSandbox object. This can
lead to malicious web content being able to perform a cross-site
scripting (XSS) attack or stealing a copy of a local file if the user
has installed an add-on vulnerable to this attack (CVE-2012-4201).

Mozilla developer Bobby Holley reported that security wrappers filter
at the time of property access, but once a function is returned, the
caller can use this function without further security checks. This
affects cross-origin wrappers, allowing for write actions on objects
when only read actions should be properly allowed. This can lead to
cross-site scripting (XSS) attacks (CVE-2012-5841).

Security researcher Masato Kinugawa found when HZ-GB-2312 charset
encoding is used for text, the ~ character will destroy another
character near the chunk delimiter. This can lead to a cross-site
scripting (XSS) attack in pages encoded in HZ-GB-2312 (CVE-2012-4207).

Security researcher Mariusz Mlynski reported that the location property
can be accessed by binary plugins through top.location with a frame
whose name attribute's value is set to top. This can allow for possible
cross-site scripting (XSS) attacks through plugins (CVE-2012-4209).

Security researcher Mariusz Mlynski reported that when a maliciously
crafted stylesheet is inspected in the Style Inspector, HTML and CSS
can run in a chrome privileged context without being properly sanitized
first. This can lead to arbitrary code execution (CVE-2012-4210).

Security researcher Abhishek Arya (Inferno) of the Google Chrome
Security Team discovered a series critically rated of use-after-free
and buffer overflow issues using the Address Sanitizer tool in
shipped software. These issues are potentially exploitable, allowing
for remote code execution. We would also like to thank Abhishek for
reporting five additional use-after-free, out of bounds read, and
buffer overflow flaws introduced during Firefox development that
were fixed before general release (CVE-2012-4214, CVE-2012-4215,
CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840).

Security researcher miaubiz used the Address Sanitizer tool to
discover a series critically rated of use-after-free, buffer overflow,
and memory corruption issues in shipped software. These issues are
potentially exploitable, allowing for remote code execution. We would
also like to thank miaubiz for reporting two additional use-after-free
and memory corruption issues introduced during Firefox development
that were fixed before general release (CVE-2012-5833, CVE-2012-5835).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842
http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
http://www.mozilla.org/security/announce/2012/mfsa2012-93.html
http://www.mozilla.org/security/announce/2012/mfsa2012-100.html
http://www.mozilla.org/security/announce/2012/mfsa2012-101.html
http://www.mozilla.org/security/announce/2012/mfsa2012-103.html
http://www.mozilla.org/security/announce/2012/mfsa2012-104.html
http://www.mozilla.org/security/announce/2012/mfsa2012-105.html
http://www.mozilla.org/security/announce/2012/mfsa2012-106.html
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
http://www.mandriva.com/en/support/security/advisories/?dis=mes5&name=MDVSA-2012:173
Comment 1 claire robinson 2012-11-22 13:48:01 CET
Testing complete mga2 32

Spellcheck, java, flash, https
Comment 2 claire robinson 2012-11-22 22:29:08 CET
Testing complete mga2 64
Comment 3 Dave Hodgins 2012-11-22 22:43:43 CET
Testing complete Mageia 1 and 2, i586 and x86-64.

Could someone from the sysadmin team push the srpms
firefox-10.0.11-1.mga2.src.rpm
firefox-l10n-10.0.11-1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates and the srpms
firefox-10.0.11-1.mga1.src.rpm
firefox-l10n-10.0.11-1.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core Updates.

Advisory: Updated firefox packages fix security vulnerabilities:

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2012-5842).

Security researcher Atte Kettunen from OUSPG used the Address
Sanitizer tool to discover a buffer overflow while rendering GIF
format images. This issue is potentially exploitable and could lead
to arbitrary code execution (CVE-2012-4202).

Mozilla security researcher moz_bug_r_a4 reported that if code executed
by the evalInSandbox function sets location.href, it can get the wrong
subject principal for the URL check, ignoring the sandbox's Javascript
context and gaining the context of evalInSandbox object. This can
lead to malicious web content being able to perform a cross-site
scripting (XSS) attack or stealing a copy of a local file if the user
has installed an add-on vulnerable to this attack (CVE-2012-4201).

Mozilla developer Bobby Holley reported that security wrappers filter
at the time of property access, but once a function is returned, the
caller can use this function without further security checks. This
affects cross-origin wrappers, allowing for write actions on objects
when only read actions should be properly allowed. This can lead to
cross-site scripting (XSS) attacks (CVE-2012-5841).

Security researcher Masato Kinugawa found when HZ-GB-2312 charset
encoding is used for text, the ~ character will destroy another
character near the chunk delimiter. This can lead to a cross-site
scripting (XSS) attack in pages encoded in HZ-GB-2312 (CVE-2012-4207).

Security researcher Mariusz Mlynski reported that the location property
can be accessed by binary plugins through top.location with a frame
whose name attribute's value is set to top. This can allow for possible
cross-site scripting (XSS) attacks through plugins (CVE-2012-4209).

Security researcher Mariusz Mlynski reported that when a maliciously
crafted stylesheet is inspected in the Style Inspector, HTML and CSS
can run in a chrome privileged context without being properly sanitized
first. This can lead to arbitrary code execution (CVE-2012-4210).

Security researcher Abhishek Arya (Inferno) of the Google Chrome
Security Team discovered a series critically rated of use-after-free
and buffer overflow issues using the Address Sanitizer tool in
shipped software. These issues are potentially exploitable, allowing
for remote code execution. We would also like to thank Abhishek for
reporting five additional use-after-free, out of bounds read, and
buffer overflow flaws introduced during Firefox development that
were fixed before general release (CVE-2012-4214, CVE-2012-4215,
CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840).

Security researcher miaubiz used the Address Sanitizer tool to
discover a series critically rated of use-after-free, buffer overflow,
and memory corruption issues in shipped software. These issues are
potentially exploitable, allowing for remote code execution. We would
also like to thank miaubiz for reporting two additional use-after-free
and memory corruption issues introduced during Firefox development
that were fixed before general release (CVE-2012-5833, CVE-2012-5835).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842
http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
http://www.mozilla.org/security/announce/2012/mfsa2012-93.html
http://www.mozilla.org/security/announce/2012/mfsa2012-100.html
http://www.mozilla.org/security/announce/2012/mfsa2012-101.html
http://www.mozilla.org/security/announce/2012/mfsa2012-103.html
http://www.mozilla.org/security/announce/2012/mfsa2012-104.html
http://www.mozilla.org/security/announce/2012/mfsa2012-105.html
http://www.mozilla.org/security/announce/2012/mfsa2012-106.html
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
http://www.mandriva.com/en/support/security/advisories/?dis=mes5&name=MDVSA-2012:173

https://bugs.mageia.org/show_bug.cgi?id=8180
Comment 4 Sander Lepik 2012-11-23 20:58:14 CET
mga2 needs another round of tests as dmorgan rebuilt the package :(
Comment 5 Manuel Hiebel 2012-11-23 21:09:12 CET
well it's exatly the same package (without the rebuild)
Comment 6 David Walser 2012-11-23 21:31:57 CET
No it's OK, the package that was previously validated was restored to updates_testing.
Comment 7 Manuel Hiebel 2012-11-23 21:52:39 CET
21:47 < tmb> dmorgan did not restore 10.0 series, he did a rebuild wich now 
             picked up the new sqlite wich is only in updates_testing :/
21:47 < leuhmanu> :(
21:47 < tmb> and I have already pushed firefox before noticing :/
Comment 8 David Walser 2012-11-23 21:57:20 CET
If it's already been pushed, what can be done now?
Comment 9 Manuel Hiebel 2012-11-23 22:06:54 CET
adding dmorgan so he know what's going 

(if he still read his email)
Comment 10 D Morgan 2012-11-23 22:30:12 CET
ok fixing
Comment 11 David Walser 2012-11-23 22:31:28 CET
Already fixed by tmb.  He deleted sqlite from updates_testing and resubmitted again revision 320512 to the build system.
Comment 12 D Morgan 2012-11-23 22:32:58 CET
thomas so you pushed the new sqlite too ?
Comment 13 D Morgan 2012-11-23 22:33:10 CET
ok
Comment 14 Thomas Backlund 2012-11-23 23:02:25 CET
Revalidating... 
new packages match on binary level and requires on those that was validated initially....


Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0342

Note You need to log in before you can comment on or make changes to this bug.