Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. The firefox, firefox-l10n, thunderbird, thunderbird-l10n packages have been updated to fix above CVE-2013-0787. Reproducible: Steps to Reproduce:
The upstream bug is public now and has a PoC: https://bugzilla.mozilla.org/show_bug.cgi?id=848644 FF 17.0.4 is already in updates_testing for mga2
CC: (none) => oe
can we have list of rpm ? a reason for not have and update of nss ? (like always)
Whiteboard: (none) => feedback
This is the only change: [oden@localhost BUILD]$ cat firefox-17.0.4esr.diff --- firefox-17.0.3esr/editor/libeditor/base/nsEditor.cpp 2013-02-15 21:59:12.000000000 +0100 +++ firefox-17.0.4esr/editor/libeditor/base/nsEditor.cpp 2013-03-07 19:17:39.000000000 +0100 @@ -4027,9 +4027,9 @@ nsEditor::IsPreformatted(nsIDOMNode *aNo content = content->GetParent(); } if (content && content->IsElement()) { - elementStyle = nsComputedDOMStyle::GetStyleContextForElement(content->AsElement(), - nullptr, - ps); + elementStyle = nsComputedDOMStyle::GetStyleContextForElementNoFlush(content->AsElement(), + nullptr, + ps); } if (!elementStyle)
Oden are you saying it's not necessary to update nss and nspr for this update?
firefox-17.0.4-1.mga2.src.rpm firefox-l10n-17.0.4-1.mga2.src.rpm thunderbird-17.0.4-1.mga2.src.rpm thunderbird-l10n-17.0.4-1.mga2.src.rpm firefox-17.0.4-1.mga2.i586.rpm firefox-17.0.4-1.mga2.x86_64.rpm firefox-af-17.0.4-1.mga2.noarch.rpm firefox-ar-17.0.4-1.mga2.noarch.rpm firefox-ast-17.0.4-1.mga2.noarch.rpm firefox-be-17.0.4-1.mga2.noarch.rpm firefox-bg-17.0.4-1.mga2.noarch.rpm firefox-bn_BD-17.0.4-1.mga2.noarch.rpm firefox-bn_IN-17.0.4-1.mga2.noarch.rpm firefox-br-17.0.4-1.mga2.noarch.rpm firefox-bs-17.0.4-1.mga2.noarch.rpm firefox-ca-17.0.4-1.mga2.noarch.rpm firefox-cs-17.0.4-1.mga2.noarch.rpm firefox-cy-17.0.4-1.mga2.noarch.rpm firefox-da-17.0.4-1.mga2.noarch.rpm firefox-de-17.0.4-1.mga2.noarch.rpm firefox-devel-17.0.4-1.mga2.i586.rpm firefox-devel-17.0.4-1.mga2.x86_64.rpm firefox-el-17.0.4-1.mga2.noarch.rpm firefox-en_GB-17.0.4-1.mga2.noarch.rpm firefox-en_ZA-17.0.4-1.mga2.noarch.rpm firefox-eo-17.0.4-1.mga2.noarch.rpm firefox-es_AR-17.0.4-1.mga2.noarch.rpm firefox-es_CL-17.0.4-1.mga2.noarch.rpm firefox-es_ES-17.0.4-1.mga2.noarch.rpm firefox-es_MX-17.0.4-1.mga2.noarch.rpm firefox-et-17.0.4-1.mga2.noarch.rpm firefox-eu-17.0.4-1.mga2.noarch.rpm firefox-fa-17.0.4-1.mga2.noarch.rpm firefox-fi-17.0.4-1.mga2.noarch.rpm firefox-fr-17.0.4-1.mga2.noarch.rpm firefox-fy-17.0.4-1.mga2.noarch.rpm firefox-ga_IE-17.0.4-1.mga2.noarch.rpm firefox-gd-17.0.4-1.mga2.noarch.rpm firefox-gl-17.0.4-1.mga2.noarch.rpm firefox-gu_IN-17.0.4-1.mga2.noarch.rpm firefox-he-17.0.4-1.mga2.noarch.rpm firefox-hi-17.0.4-1.mga2.noarch.rpm firefox-hr-17.0.4-1.mga2.noarch.rpm firefox-hu-17.0.4-1.mga2.noarch.rpm firefox-hy-17.0.4-1.mga2.noarch.rpm firefox-id-17.0.4-1.mga2.noarch.rpm firefox-is-17.0.4-1.mga2.noarch.rpm firefox-it-17.0.4-1.mga2.noarch.rpm firefox-ja-17.0.4-1.mga2.noarch.rpm firefox-kk-17.0.4-1.mga2.noarch.rpm firefox-kn-17.0.4-1.mga2.noarch.rpm firefox-ko-17.0.4-1.mga2.noarch.rpm firefox-ku-17.0.4-1.mga2.noarch.rpm firefox-lg-17.0.4-1.mga2.noarch.rpm firefox-lt-17.0.4-1.mga2.noarch.rpm firefox-lv-17.0.4-1.mga2.noarch.rpm firefox-mai-17.0.4-1.mga2.noarch.rpm firefox-mk-17.0.4-1.mga2.noarch.rpm firefox-ml-17.0.4-1.mga2.noarch.rpm firefox-mr-17.0.4-1.mga2.noarch.rpm firefox-nb_NO-17.0.4-1.mga2.noarch.rpm firefox-nl-17.0.4-1.mga2.noarch.rpm firefox-nn_NO-17.0.4-1.mga2.noarch.rpm firefox-nso-17.0.4-1.mga2.noarch.rpm firefox-or-17.0.4-1.mga2.noarch.rpm firefox-pa_IN-17.0.4-1.mga2.noarch.rpm firefox-pl-17.0.4-1.mga2.noarch.rpm firefox-pt_BR-17.0.4-1.mga2.noarch.rpm firefox-pt_PT-17.0.4-1.mga2.noarch.rpm firefox-ro-17.0.4-1.mga2.noarch.rpm firefox-ru-17.0.4-1.mga2.noarch.rpm firefox-si-17.0.4-1.mga2.noarch.rpm firefox-sk-17.0.4-1.mga2.noarch.rpm firefox-sl-17.0.4-1.mga2.noarch.rpm firefox-sq-17.0.4-1.mga2.noarch.rpm firefox-sr-17.0.4-1.mga2.noarch.rpm firefox-sv_SE-17.0.4-1.mga2.noarch.rpm firefox-ta-17.0.4-1.mga2.noarch.rpm firefox-ta_LK-17.0.4-1.mga2.noarch.rpm firefox-te-17.0.4-1.mga2.noarch.rpm firefox-th-17.0.4-1.mga2.noarch.rpm firefox-tr-17.0.4-1.mga2.noarch.rpm firefox-uk-17.0.4-1.mga2.noarch.rpm firefox-vi-17.0.4-1.mga2.noarch.rpm firefox-zh_CN-17.0.4-1.mga2.noarch.rpm firefox-zh_TW-17.0.4-1.mga2.noarch.rpm firefox-zu-17.0.4-1.mga2.noarch.rpm nsinstall-17.0.4-1.mga2.i586.rpm nsinstall-17.0.4-1.mga2.x86_64.rpm thunderbird-17.0.4-1.mga2.i586.rpm thunderbird-17.0.4-1.mga2.x86_64.rpm thunderbird-ar-17.0.4-1.mga2.noarch.rpm thunderbird-ast-17.0.4-1.mga2.noarch.rpm thunderbird-be-17.0.4-1.mga2.noarch.rpm thunderbird-bg-17.0.4-1.mga2.noarch.rpm thunderbird-bn_BD-17.0.4-1.mga2.noarch.rpm thunderbird-br-17.0.4-1.mga2.noarch.rpm thunderbird-ca-17.0.4-1.mga2.noarch.rpm thunderbird-cs-17.0.4-1.mga2.noarch.rpm thunderbird-da-17.0.4-1.mga2.noarch.rpm thunderbird-de-17.0.4-1.mga2.noarch.rpm thunderbird-el-17.0.4-1.mga2.noarch.rpm thunderbird-en_GB-17.0.4-1.mga2.noarch.rpm thunderbird-enigmail-17.0.4-1.mga2.i586.rpm thunderbird-enigmail-17.0.4-1.mga2.x86_64.rpm thunderbird-es_AR-17.0.4-1.mga2.noarch.rpm thunderbird-es_ES-17.0.4-1.mga2.noarch.rpm thunderbird-et-17.0.4-1.mga2.noarch.rpm thunderbird-eu-17.0.4-1.mga2.noarch.rpm thunderbird-fi-17.0.4-1.mga2.noarch.rpm thunderbird-fr-17.0.4-1.mga2.noarch.rpm thunderbird-fy-17.0.4-1.mga2.noarch.rpm thunderbird-ga-17.0.4-1.mga2.noarch.rpm thunderbird-gd-17.0.4-1.mga2.noarch.rpm thunderbird-gl-17.0.4-1.mga2.noarch.rpm thunderbird-he-17.0.4-1.mga2.noarch.rpm thunderbird-hu-17.0.4-1.mga2.noarch.rpm thunderbird-id-17.0.4-1.mga2.noarch.rpm thunderbird-is-17.0.4-1.mga2.noarch.rpm thunderbird-it-17.0.4-1.mga2.noarch.rpm thunderbird-ja-17.0.4-1.mga2.noarch.rpm thunderbird-ko-17.0.4-1.mga2.noarch.rpm thunderbird-lt-17.0.4-1.mga2.noarch.rpm thunderbird-nb_NO-17.0.4-1.mga2.noarch.rpm thunderbird-nl-17.0.4-1.mga2.noarch.rpm thunderbird-nn_NO-17.0.4-1.mga2.noarch.rpm thunderbird-pa_IN-17.0.4-1.mga2.noarch.rpm thunderbird-pl-17.0.4-1.mga2.noarch.rpm thunderbird-pt_BR-17.0.4-1.mga2.noarch.rpm thunderbird-pt_PT-17.0.4-1.mga2.noarch.rpm thunderbird-ro-17.0.4-1.mga2.noarch.rpm thunderbird-ru-17.0.4-1.mga2.noarch.rpm thunderbird-si-17.0.4-1.mga2.noarch.rpm thunderbird-sk-17.0.4-1.mga2.noarch.rpm thunderbird-sl-17.0.4-1.mga2.noarch.rpm thunderbird-sq-17.0.4-1.mga2.noarch.rpm thunderbird-sv_SE-17.0.4-1.mga2.noarch.rpm thunderbird-ta_LK-17.0.4-1.mga2.noarch.rpm thunderbird-tr-17.0.4-1.mga2.noarch.rpm thunderbird-uk-17.0.4-1.mga2.noarch.rpm thunderbird-vi-17.0.4-1.mga2.noarch.rpm thunderbird-zh_CN-17.0.4-1.mga2.noarch.rpm thunderbird-zh_TW-17.0.4-1.mga2.noarch.rpm
(In reply to claire robinson from comment #4) > Oden are you saying it's not necessary to update nss and nspr for this > update? This does not affect NSPR/NSS.
Thanks
Whiteboard: feedback => (none)
PoC is still private but some help with testing here: https://bugzilla.mozilla.org/show_bug.cgi?id=848644#c46
There's a test case in https://bugzilla.mozilla.org/show_bug.cgi?id=848644#c68 and info to reproduce in https://bugzilla.mozilla.org/show_bug.cgi?id=848644#c58 but haven't been able to reproduce. Digging more....
CC: (none) => wrw105
No crash from that one (PoC that doesn't depend on browser UI) here either. I think the working one is the one which is still private. There is very little information elsewhere, which is to be expected. Just testing for regressions, also using the the live demo at etherpad.org and selecting text then ctrl-b to make it bold, check it doesn't open the bookmarks sidebar. Flash, java and spellcheck & general browsing etc ok in firefox Imap, pop3, nntp, spelling & enigmail etc ok thunderbird Testing complete mga2 32
Whiteboard: (none) => has_procedure mga2-32-ok
testing MGa2-64 bolding in etherpad online doesn't open bookmarks sidebar Java, javascript, general browsing, flash, OK in firefox IMAP, SMTP spelling OK in thunderbird validating Please see advisory in comment 0 and package list in comment 5. Can someone in the sysadmin group please move from core/updates_testing to core/updates? Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure mga2-32-ok => has_procedure mga2-32-ok mga2-64-ok
CC: (none) => sysadmin-bugs
Just to be clear, *before* each FF/TB update is built, we should check to see if updates for rootcerts, nspr, or nss are available. At least nspr and nss usually are. The reason they weren't in this case is that this is an out-of-band update (I think that's the right term), basically done apart from their regular schedule and not including any of the other fixes they have in the current ESR tree. It was just an emergency update to fix one vulnerability found at a hacking conference that got a lot of publicity.
update pushed : https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0093
Status: NEW => RESOLVEDCC: (none) => dmorganecResolution: (none) => FIXED