Several security vulnerabilities were found in firefox and thunderbird and packages shipped in Mageia 2 updates: MFSA 2013-40(CVE-2013-0791): Out-of-bounds array read in CERT_DecodeCertPackage MFSA 2013-39(CVE-2013-0792): Memory corruption while rendering grayscale PNG images MFSA 2013-38(CVE-2013-0793): Cross-site scripting (XSS) using timed history navigations MFSA 2013-37(CVE-2013-0794): Bypass of tab-modal dialog origin disclosure MFSA 2013-36(CVE-2013-0795): Bypass of SOW protections allows cloning of protected nodes MFSA 2013-35(CVE-2013-0796): WebGL crash with Mesa graphics driver on Linux MFSA 2013-34(CVE-2013-0797): Privilege escalation through Mozilla Updater MFSA 2013-32(CVE-2013-0799): Privilege escalation through Mozilla Maintenance Service MFSA 2013-31(CVE-2013-0800): Out-of-bounds write in Cairo library MFSA 2013-30(CVE-2013-0788, CVE-2013-0789, CVE-2013-0790): Miscellaneous memory safety hazards The firefox and thunderbird packages have been updated to latest esr version to fix above security vulnerabilities. Reproducible: Steps to Reproduce:
No exploits on SecurityFocus, beyond except CVE-2013-0798 which lists "readily available tools". Testing for general usage for MGA2-64.
CC: (none) => wrw105
Funda: Are there NSS and NSPR updates with this? I'm not seeing them in updates-testing.
Whiteboard: (none) => feedback
There certainly should be nspr at least, as I just updated that in Cauldron. There wasn't a new nss when I checked this weekend, but I'll check today.
Thanks, David! I'll give it a couple of hours for things to filter through, then. Could you follow up here if you find the nss update so I know when to start testing? Thanks!
There is no new nss. nspr-4.9.6-1.mga2 is uploaded for Mageia 2 updates_testing.
CC: (none) => luigiwalserWhiteboard: feedback => (none)
Testing general usage 32-bit. Carolyn
CC: (none) => isolde
Hopefully MFSA 2013-40 was actually fixed in a previous update of NSS, since there's no new version available now. Here's the advisories. Advisory (Firefox): ======================== Updated firefox packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2013-0788). A flaw was found in the way Same Origin Wrappers were implemented in Firefox. A malicious site could use this flaw to bypass the same-origin policy and execute arbitrary code with the privileges of the user running Firefox (CVE-2013-0795). A flaw was found in the embedded WebGL library in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Note: This issue only affected systems using the Intel Mesa graphics drivers (CVE-2013-0796). An out-of-bounds write flaw was found in the embedded Cairo library in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2013-0800). A flaw was found in the way Firefox handled the JavaScript history functions. A malicious site could cause a web page to be displayed that has a baseURI pointing to a different site, allowing cross-site scripting (XSS) and phishing attacks (CVE-2013-0793). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800 http://www.mozilla.org/security/announce/2013/mfsa2013-30.html http://www.mozilla.org/security/announce/2013/mfsa2013-31.html http://www.mozilla.org/security/announce/2013/mfsa2013-35.html http://www.mozilla.org/security/announce/2013/mfsa2013-36.html http://www.mozilla.org/security/announce/2013/mfsa2013-38.html http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://rhn.redhat.com/errata/RHSA-2013-0696.html ======================== Source RPMs: nspr-4.9.6-1.mga2.src.rpm firefox-17.0.5-1.mga2.src.rpm firefox-l10n-17.0.5-1.mga2.src.rpm ======================== Advisory (Thunderbird): ======================== Updated thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2013-0788). A flaw was found in the way Same Origin Wrappers were implemented in Thunderbird. Malicious content could use this flaw to bypass the same-origin policy and execute arbitrary code with the privileges of the user running Thunderbird (CVE-2013-0795). A flaw was found in the embedded WebGL library in Thunderbird. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: This issue only affected systems using the Intel Mesa graphics drivers (CVE-2013-0796). An out-of-bounds write flaw was found in the embedded Cairo library in Thunderbird. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2013-0800). A flaw was found in the way Thunderbird handled the JavaScript history functions. Malicious content could cause a page to be displayed that has a baseURI pointing to a different site, allowing cross-site scripting (XSS) and phishing attacks (CVE-2013-0793). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800 http://www.mozilla.org/security/announce/2013/mfsa2013-30.html http://www.mozilla.org/security/announce/2013/mfsa2013-31.html http://www.mozilla.org/security/announce/2013/mfsa2013-35.html http://www.mozilla.org/security/announce/2013/mfsa2013-36.html http://www.mozilla.org/security/announce/2013/mfsa2013-38.html http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html https://rhn.redhat.com/errata/RHSA-2013-0697.html ======================== Source RPMs: thunderbird-17.0.5-1.mga2.src.rpm thunderbird-l10n-17.0.5-1.1.mga2.src.rpm
URL: http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html, http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html => http://lwn.net/Vulnerabilities/545695/Severity: normal => critical
General testing on 32-bit and no regressions found. Firefox - changing configuration settings, general browsing, use of existing add-ons and installation of new ones. Thunderbird - sending and receiving mail, marking as junk, setting up another mail account, adding to address book, setting up and using IRC account. Carolyn
testing complete mga2-64 Firefox tested general browsing, sunspider, java, flash (youtube). Thunderbird tested send/receive SMTP/IMAP, delete message Validating Will sysadmin please push from core/updates_testing to core/updates? Advisory and package list in comment 7
Keywords: (none) => validated_updateWhiteboard: (none) => mga2-64-ok mga2-32-okCC: (none) => sysadmin-bugs
Firefox pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0108 Thunderbird pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0109
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
FYI: CVE-2013-0791 was fixed in nss-3.14.3 You forgot to mention CVE-2013-0792 here.
CC: (none) => oe
(In reply to Oden Eriksson from comment #11) > FYI: CVE-2013-0791 was fixed in nss-3.14.3 Thought so. Thanks. > You forgot to mention CVE-2013-0792 here. Nope, that does not affect the ESR branch.