Bug 9343 - [Update Request]Update firefox and thunderbird package to fix CVE-2013-0787
: [Update Request]Update firefox and thunderbird package to fix CVE-2013-0787
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: Sec team
: http://www.mozilla.org/security/annou...
: has_procedure mga2-32-ok mga2-64-ok
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-03-12 06:41 CET by Funda Wang
Modified: 2013-03-16 02:36 CET (History)
4 users (show)

See Also:
Source RPM: firefox-17.0.4-1.mga2, firefox-l10n-17.0.4-1.mga2, thunderbird-17.0.4-1.mga2, thunderbird-l10n-17.0.4-1.mga2
CVE:


Attachments

Description Funda Wang 2013-03-12 06:41:26 CET
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.

The firefox, firefox-l10n, thunderbird, thunderbird-l10n packages have been updated to fix above CVE-2013-0787.

Reproducible: 

Steps to Reproduce:
Comment 1 Oden Eriksson 2013-03-12 07:54:43 CET
The upstream bug is public now and has a PoC:

https://bugzilla.mozilla.org/show_bug.cgi?id=848644

FF 17.0.4 is already in updates_testing for mga2
Comment 2 Manuel Hiebel 2013-03-12 13:08:08 CET
can we have list of rpm ? a reason for not have and update of nss ? (like always)
Comment 3 Oden Eriksson 2013-03-12 13:38:53 CET
This is the only change:

[oden@localhost BUILD]$ cat firefox-17.0.4esr.diff
--- firefox-17.0.3esr/editor/libeditor/base/nsEditor.cpp        2013-02-15 21:59:12.000000000 +0100
+++ firefox-17.0.4esr/editor/libeditor/base/nsEditor.cpp        2013-03-07 19:17:39.000000000 +0100
@@ -4027,9 +4027,9 @@ nsEditor::IsPreformatted(nsIDOMNode *aNo
     content = content->GetParent();
   }
   if (content && content->IsElement()) {
-    elementStyle = nsComputedDOMStyle::GetStyleContextForElement(content->AsElement(),
-                                                                 nullptr,
-                                                                 ps);
+    elementStyle = nsComputedDOMStyle::GetStyleContextForElementNoFlush(content->AsElement(),
+                                                                        nullptr,
+                                                                        ps);
   }

   if (!elementStyle)
Comment 4 claire robinson 2013-03-12 13:41:24 CET
Oden are you saying it's not necessary to update nss and nspr for this update?
Comment 5 Oden Eriksson 2013-03-12 13:44:17 CET
firefox-17.0.4-1.mga2.src.rpm
firefox-l10n-17.0.4-1.mga2.src.rpm
thunderbird-17.0.4-1.mga2.src.rpm
thunderbird-l10n-17.0.4-1.mga2.src.rpm


firefox-17.0.4-1.mga2.i586.rpm
firefox-17.0.4-1.mga2.x86_64.rpm
firefox-af-17.0.4-1.mga2.noarch.rpm
firefox-ar-17.0.4-1.mga2.noarch.rpm
firefox-ast-17.0.4-1.mga2.noarch.rpm
firefox-be-17.0.4-1.mga2.noarch.rpm
firefox-bg-17.0.4-1.mga2.noarch.rpm
firefox-bn_BD-17.0.4-1.mga2.noarch.rpm
firefox-bn_IN-17.0.4-1.mga2.noarch.rpm
firefox-br-17.0.4-1.mga2.noarch.rpm
firefox-bs-17.0.4-1.mga2.noarch.rpm
firefox-ca-17.0.4-1.mga2.noarch.rpm
firefox-cs-17.0.4-1.mga2.noarch.rpm
firefox-cy-17.0.4-1.mga2.noarch.rpm
firefox-da-17.0.4-1.mga2.noarch.rpm
firefox-de-17.0.4-1.mga2.noarch.rpm
firefox-devel-17.0.4-1.mga2.i586.rpm
firefox-devel-17.0.4-1.mga2.x86_64.rpm
firefox-el-17.0.4-1.mga2.noarch.rpm
firefox-en_GB-17.0.4-1.mga2.noarch.rpm
firefox-en_ZA-17.0.4-1.mga2.noarch.rpm
firefox-eo-17.0.4-1.mga2.noarch.rpm
firefox-es_AR-17.0.4-1.mga2.noarch.rpm
firefox-es_CL-17.0.4-1.mga2.noarch.rpm
firefox-es_ES-17.0.4-1.mga2.noarch.rpm
firefox-es_MX-17.0.4-1.mga2.noarch.rpm
firefox-et-17.0.4-1.mga2.noarch.rpm
firefox-eu-17.0.4-1.mga2.noarch.rpm
firefox-fa-17.0.4-1.mga2.noarch.rpm
firefox-fi-17.0.4-1.mga2.noarch.rpm
firefox-fr-17.0.4-1.mga2.noarch.rpm
firefox-fy-17.0.4-1.mga2.noarch.rpm
firefox-ga_IE-17.0.4-1.mga2.noarch.rpm
firefox-gd-17.0.4-1.mga2.noarch.rpm
firefox-gl-17.0.4-1.mga2.noarch.rpm
firefox-gu_IN-17.0.4-1.mga2.noarch.rpm
firefox-he-17.0.4-1.mga2.noarch.rpm
firefox-hi-17.0.4-1.mga2.noarch.rpm
firefox-hr-17.0.4-1.mga2.noarch.rpm
firefox-hu-17.0.4-1.mga2.noarch.rpm
firefox-hy-17.0.4-1.mga2.noarch.rpm
firefox-id-17.0.4-1.mga2.noarch.rpm
firefox-is-17.0.4-1.mga2.noarch.rpm
firefox-it-17.0.4-1.mga2.noarch.rpm
firefox-ja-17.0.4-1.mga2.noarch.rpm
firefox-kk-17.0.4-1.mga2.noarch.rpm
firefox-kn-17.0.4-1.mga2.noarch.rpm
firefox-ko-17.0.4-1.mga2.noarch.rpm
firefox-ku-17.0.4-1.mga2.noarch.rpm
firefox-lg-17.0.4-1.mga2.noarch.rpm
firefox-lt-17.0.4-1.mga2.noarch.rpm
firefox-lv-17.0.4-1.mga2.noarch.rpm
firefox-mai-17.0.4-1.mga2.noarch.rpm
firefox-mk-17.0.4-1.mga2.noarch.rpm
firefox-ml-17.0.4-1.mga2.noarch.rpm
firefox-mr-17.0.4-1.mga2.noarch.rpm
firefox-nb_NO-17.0.4-1.mga2.noarch.rpm
firefox-nl-17.0.4-1.mga2.noarch.rpm
firefox-nn_NO-17.0.4-1.mga2.noarch.rpm
firefox-nso-17.0.4-1.mga2.noarch.rpm
firefox-or-17.0.4-1.mga2.noarch.rpm
firefox-pa_IN-17.0.4-1.mga2.noarch.rpm
firefox-pl-17.0.4-1.mga2.noarch.rpm
firefox-pt_BR-17.0.4-1.mga2.noarch.rpm
firefox-pt_PT-17.0.4-1.mga2.noarch.rpm
firefox-ro-17.0.4-1.mga2.noarch.rpm
firefox-ru-17.0.4-1.mga2.noarch.rpm
firefox-si-17.0.4-1.mga2.noarch.rpm
firefox-sk-17.0.4-1.mga2.noarch.rpm
firefox-sl-17.0.4-1.mga2.noarch.rpm
firefox-sq-17.0.4-1.mga2.noarch.rpm
firefox-sr-17.0.4-1.mga2.noarch.rpm
firefox-sv_SE-17.0.4-1.mga2.noarch.rpm
firefox-ta-17.0.4-1.mga2.noarch.rpm
firefox-ta_LK-17.0.4-1.mga2.noarch.rpm
firefox-te-17.0.4-1.mga2.noarch.rpm
firefox-th-17.0.4-1.mga2.noarch.rpm
firefox-tr-17.0.4-1.mga2.noarch.rpm
firefox-uk-17.0.4-1.mga2.noarch.rpm
firefox-vi-17.0.4-1.mga2.noarch.rpm
firefox-zh_CN-17.0.4-1.mga2.noarch.rpm
firefox-zh_TW-17.0.4-1.mga2.noarch.rpm
firefox-zu-17.0.4-1.mga2.noarch.rpm
nsinstall-17.0.4-1.mga2.i586.rpm
nsinstall-17.0.4-1.mga2.x86_64.rpm
thunderbird-17.0.4-1.mga2.i586.rpm
thunderbird-17.0.4-1.mga2.x86_64.rpm
thunderbird-ar-17.0.4-1.mga2.noarch.rpm
thunderbird-ast-17.0.4-1.mga2.noarch.rpm
thunderbird-be-17.0.4-1.mga2.noarch.rpm
thunderbird-bg-17.0.4-1.mga2.noarch.rpm
thunderbird-bn_BD-17.0.4-1.mga2.noarch.rpm
thunderbird-br-17.0.4-1.mga2.noarch.rpm
thunderbird-ca-17.0.4-1.mga2.noarch.rpm
thunderbird-cs-17.0.4-1.mga2.noarch.rpm
thunderbird-da-17.0.4-1.mga2.noarch.rpm
thunderbird-de-17.0.4-1.mga2.noarch.rpm
thunderbird-el-17.0.4-1.mga2.noarch.rpm
thunderbird-en_GB-17.0.4-1.mga2.noarch.rpm
thunderbird-enigmail-17.0.4-1.mga2.i586.rpm
thunderbird-enigmail-17.0.4-1.mga2.x86_64.rpm
thunderbird-es_AR-17.0.4-1.mga2.noarch.rpm
thunderbird-es_ES-17.0.4-1.mga2.noarch.rpm
thunderbird-et-17.0.4-1.mga2.noarch.rpm
thunderbird-eu-17.0.4-1.mga2.noarch.rpm
thunderbird-fi-17.0.4-1.mga2.noarch.rpm
thunderbird-fr-17.0.4-1.mga2.noarch.rpm
thunderbird-fy-17.0.4-1.mga2.noarch.rpm
thunderbird-ga-17.0.4-1.mga2.noarch.rpm
thunderbird-gd-17.0.4-1.mga2.noarch.rpm
thunderbird-gl-17.0.4-1.mga2.noarch.rpm
thunderbird-he-17.0.4-1.mga2.noarch.rpm
thunderbird-hu-17.0.4-1.mga2.noarch.rpm
thunderbird-id-17.0.4-1.mga2.noarch.rpm
thunderbird-is-17.0.4-1.mga2.noarch.rpm
thunderbird-it-17.0.4-1.mga2.noarch.rpm
thunderbird-ja-17.0.4-1.mga2.noarch.rpm
thunderbird-ko-17.0.4-1.mga2.noarch.rpm
thunderbird-lt-17.0.4-1.mga2.noarch.rpm
thunderbird-nb_NO-17.0.4-1.mga2.noarch.rpm
thunderbird-nl-17.0.4-1.mga2.noarch.rpm
thunderbird-nn_NO-17.0.4-1.mga2.noarch.rpm
thunderbird-pa_IN-17.0.4-1.mga2.noarch.rpm
thunderbird-pl-17.0.4-1.mga2.noarch.rpm
thunderbird-pt_BR-17.0.4-1.mga2.noarch.rpm
thunderbird-pt_PT-17.0.4-1.mga2.noarch.rpm
thunderbird-ro-17.0.4-1.mga2.noarch.rpm
thunderbird-ru-17.0.4-1.mga2.noarch.rpm
thunderbird-si-17.0.4-1.mga2.noarch.rpm
thunderbird-sk-17.0.4-1.mga2.noarch.rpm
thunderbird-sl-17.0.4-1.mga2.noarch.rpm
thunderbird-sq-17.0.4-1.mga2.noarch.rpm
thunderbird-sv_SE-17.0.4-1.mga2.noarch.rpm
thunderbird-ta_LK-17.0.4-1.mga2.noarch.rpm
thunderbird-tr-17.0.4-1.mga2.noarch.rpm
thunderbird-uk-17.0.4-1.mga2.noarch.rpm
thunderbird-vi-17.0.4-1.mga2.noarch.rpm
thunderbird-zh_CN-17.0.4-1.mga2.noarch.rpm
thunderbird-zh_TW-17.0.4-1.mga2.noarch.rpm
Comment 6 Oden Eriksson 2013-03-12 13:45:17 CET
(In reply to claire robinson from comment #4)
> Oden are you saying it's not necessary to update nss and nspr for this
> update?

This does not affect NSPR/NSS.
Comment 7 claire robinson 2013-03-12 13:45:59 CET
Thanks
Comment 8 claire robinson 2013-03-12 13:58:32 CET
PoC is still private but some help with testing here:
https://bugzilla.mozilla.org/show_bug.cgi?id=848644#c46
Comment 9 Bill Wilkinson 2013-03-12 14:13:10 CET
There's a test case in
https://bugzilla.mozilla.org/show_bug.cgi?id=848644#c68 and info to reproduce in 
https://bugzilla.mozilla.org/show_bug.cgi?id=848644#c58 but haven't been able to reproduce.  Digging more....
Comment 10 claire robinson 2013-03-12 15:12:08 CET
No crash from that one (PoC that doesn't depend on browser UI) here either.

I think the working one is the one which is still private. There is very little information elsewhere, which is to be expected.

Just testing for regressions, also using the the live demo at etherpad.org and selecting text then ctrl-b to make it bold, check it doesn't open the bookmarks sidebar.


Flash, java and spellcheck & general browsing etc ok in firefox
Imap, pop3, nntp, spelling & enigmail etc ok thunderbird

Testing complete mga2 32
Comment 11 Bill Wilkinson 2013-03-12 15:59:44 CET
testing MGa2-64

bolding in etherpad online doesn't open bookmarks sidebar

Java, javascript, general browsing, flash, OK in firefox

IMAP, SMTP spelling OK in thunderbird

validating

Please see advisory in comment 0 and package list in comment 5.

Can someone in the sysadmin group please move from core/updates_testing to core/updates?

Thanks
Comment 12 David Walser 2013-03-12 18:13:36 CET
Just to be clear, *before* each FF/TB update is built, we should check to see if updates for rootcerts, nspr, or nss are available.  At least nspr and nss usually are.  The reason they weren't in this case is that this is an out-of-band update (I think that's the right term), basically done apart from their regular schedule and not including any of the other fixes they have in the current ESR tree.  It was just an emergency update to fix one vulnerability found at a hacking conference that got a lot of publicity.
Comment 13 D Morgan 2013-03-16 02:36:30 CET
update pushed : 

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0093

Note You need to log in before you can comment on or make changes to this bug.