| |||||||||||||||||||
Mageia alert MGASA-2013-0063 (firefox)
MGASA-2013-0063 Date: February 21st, 2013 Affected releases: 2 Media: Core Description: Updated firefox packages fix security vulnerabilities: The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site (CVE-2013-0773). Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors (CVE-2013-0774). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783). It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing a trusted site (CVE-2013-0776). The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets (CVE-2013-1620). Updated Packages: i586: firefox-17.0.3-1.mga2.i586.rpm firefox-devel-17.0.3-1.mga2.i586.rpm firefox-debug-17.0.3-1.mga2.i586.rpm firefox-af-17.0.3-1.mga2.noarch.rpm firefox-ar-17.0.3-1.mga2.noarch.rpm firefox-ast-17.0.3-1.mga2.noarch.rpm firefox-be-17.0.3-1.mga2.noarch.rpm firefox-bg-17.0.3-1.mga2.noarch.rpm firefox-bn_BD-17.0.3-1.mga2.noarch.rpm firefox-bn_IN-17.0.3-1.mga2.noarch.rpm firefox-br-17.0.3-1.mga2.noarch.rpm firefox-bs-17.0.3-1.mga2.noarch.rpm firefox-ca-17.0.3-1.mga2.noarch.rpm firefox-cs-17.0.3-1.mga2.noarch.rpm firefox-cy-17.0.3-1.mga2.noarch.rpm firefox-da-17.0.3-1.mga2.noarch.rpm firefox-de-17.0.3-1.mga2.noarch.rpm firefox-el-17.0.3-1.mga2.noarch.rpm firefox-en_GB-17.0.3-1.mga2.noarch.rpm firefox-en_ZA-17.0.3-1.mga2.noarch.rpm firefox-eo-17.0.3-1.mga2.noarch.rpm firefox-es_AR-17.0.3-1.mga2.noarch.rpm firefox-es_CL-17.0.3-1.mga2.noarch.rpm firefox-es_ES-17.0.3-1.mga2.noarch.rpm firefox-es_MX-17.0.3-1.mga2.noarch.rpm firefox-et-17.0.3-1.mga2.noarch.rpm firefox-eu-17.0.3-1.mga2.noarch.rpm firefox-fa-17.0.3-1.mga2.noarch.rpm firefox-fi-17.0.3-1.mga2.noarch.rpm firefox-fr-17.0.3-1.mga2.noarch.rpm firefox-fy-17.0.3-1.mga2.noarch.rpm firefox-ga_IE-17.0.3-1.mga2.noarch.rpm firefox-gd-17.0.3-1.mga2.noarch.rpm firefox-gl-17.0.3-1.mga2.noarch.rpm firefox-gu_IN-17.0.3-1.mga2.noarch.rpm firefox-he-17.0.3-1.mga2.noarch.rpm firefox-hi-17.0.3-1.mga2.noarch.rpm firefox-hr-17.0.3-1.mga2.noarch.rpm firefox-hu-17.0.3-1.mga2.noarch.rpm firefox-hy-17.0.3-1.mga2.noarch.rpm firefox-id-17.0.3-1.mga2.noarch.rpm firefox-is-17.0.3-1.mga2.noarch.rpm firefox-it-17.0.3-1.mga2.noarch.rpm firefox-ja-17.0.3-1.mga2.noarch.rpm firefox-kk-17.0.3-1.mga2.noarch.rpm firefox-kn-17.0.3-1.mga2.noarch.rpm firefox-ko-17.0.3-1.mga2.noarch.rpm firefox-ku-17.0.3-1.mga2.noarch.rpm firefox-lg-17.0.3-1.mga2.noarch.rpm firefox-lt-17.0.3-1.mga2.noarch.rpm firefox-lv-17.0.3-1.mga2.noarch.rpm firefox-mai-17.0.3-1.mga2.noarch.rpm firefox-mk-17.0.3-1.mga2.noarch.rpm firefox-ml-17.0.3-1.mga2.noarch.rpm firefox-mr-17.0.3-1.mga2.noarch.rpm firefox-nb_NO-17.0.3-1.mga2.noarch.rpm firefox-nl-17.0.3-1.mga2.noarch.rpm firefox-nn_NO-17.0.3-1.mga2.noarch.rpm firefox-nso-17.0.3-1.mga2.noarch.rpm firefox-or-17.0.3-1.mga2.noarch.rpm firefox-pa_IN-17.0.3-1.mga2.noarch.rpm firefox-pl-17.0.3-1.mga2.noarch.rpm firefox-pt_BR-17.0.3-1.mga2.noarch.rpm firefox-pt_PT-17.0.3-1.mga2.noarch.rpm firefox-ro-17.0.3-1.mga2.noarch.rpm firefox-ru-17.0.3-1.mga2.noarch.rpm firefox-si-17.0.3-1.mga2.noarch.rpm firefox-sk-17.0.3-1.mga2.noarch.rpm firefox-sl-17.0.3-1.mga2.noarch.rpm firefox-sq-17.0.3-1.mga2.noarch.rpm firefox-sr-17.0.3-1.mga2.noarch.rpm firefox-sv_SE-17.0.3-1.mga2.noarch.rpm firefox-ta-17.0.3-1.mga2.noarch.rpm firefox-ta_LK-17.0.3-1.mga2.noarch.rpm firefox-te-17.0.3-1.mga2.noarch.rpm firefox-th-17.0.3-1.mga2.noarch.rpm firefox-tr-17.0.3-1.mga2.noarch.rpm firefox-uk-17.0.3-1.mga2.noarch.rpm firefox-vi-17.0.3-1.mga2.noarch.rpm firefox-zh_CN-17.0.3-1.mga2.noarch.rpm firefox-zh_TW-17.0.3-1.mga2.noarch.rpm firefox-zu-17.0.3-1.mga2.noarch.rpm libnspr4-4.9.5-1.mga2.i586.rpm libnspr-devel-4.9.5-1.mga2.i586.rpm nspr-debug-4.9.5-1.mga2.i586.rpm libnss3-3.14.3-1.mga2.i586.rpm libnss-devel-3.14.3-1.mga2.i586.rpm libnss-static-devel-3.14.3-1.mga2.i586.rpm nss-3.14.3-1.mga2.i586.rpm nss-doc-3.14.3-1.mga2.noarch.rpm nss-debug-3.14.3-1.mga2.i586.rpm x86_64: firefox-17.0.3-1.mga2.x86_64.rpm firefox-devel-17.0.3-1.mga2.x86_64.rpm firefox-debug-17.0.3-1.mga2.x86_64.rpm firefox-af-17.0.3-1.mga2.noarch.rpm firefox-ar-17.0.3-1.mga2.noarch.rpm firefox-ast-17.0.3-1.mga2.noarch.rpm firefox-be-17.0.3-1.mga2.noarch.rpm firefox-bg-17.0.3-1.mga2.noarch.rpm firefox-bn_BD-17.0.3-1.mga2.noarch.rpm firefox-bn_IN-17.0.3-1.mga2.noarch.rpm firefox-br-17.0.3-1.mga2.noarch.rpm firefox-bs-17.0.3-1.mga2.noarch.rpm firefox-ca-17.0.3-1.mga2.noarch.rpm firefox-cs-17.0.3-1.mga2.noarch.rpm firefox-cy-17.0.3-1.mga2.noarch.rpm firefox-da-17.0.3-1.mga2.noarch.rpm firefox-de-17.0.3-1.mga2.noarch.rpm firefox-el-17.0.3-1.mga2.noarch.rpm firefox-en_GB-17.0.3-1.mga2.noarch.rpm firefox-en_ZA-17.0.3-1.mga2.noarch.rpm firefox-eo-17.0.3-1.mga2.noarch.rpm firefox-es_AR-17.0.3-1.mga2.noarch.rpm firefox-es_CL-17.0.3-1.mga2.noarch.rpm firefox-es_ES-17.0.3-1.mga2.noarch.rpm firefox-es_MX-17.0.3-1.mga2.noarch.rpm firefox-et-17.0.3-1.mga2.noarch.rpm firefox-eu-17.0.3-1.mga2.noarch.rpm firefox-fa-17.0.3-1.mga2.noarch.rpm firefox-fi-17.0.3-1.mga2.noarch.rpm firefox-fr-17.0.3-1.mga2.noarch.rpm firefox-fy-17.0.3-1.mga2.noarch.rpm firefox-ga_IE-17.0.3-1.mga2.noarch.rpm firefox-gd-17.0.3-1.mga2.noarch.rpm firefox-gl-17.0.3-1.mga2.noarch.rpm firefox-gu_IN-17.0.3-1.mga2.noarch.rpm firefox-he-17.0.3-1.mga2.noarch.rpm firefox-hi-17.0.3-1.mga2.noarch.rpm firefox-hr-17.0.3-1.mga2.noarch.rpm firefox-hu-17.0.3-1.mga2.noarch.rpm firefox-hy-17.0.3-1.mga2.noarch.rpm firefox-id-17.0.3-1.mga2.noarch.rpm firefox-is-17.0.3-1.mga2.noarch.rpm firefox-it-17.0.3-1.mga2.noarch.rpm firefox-ja-17.0.3-1.mga2.noarch.rpm firefox-kk-17.0.3-1.mga2.noarch.rpm firefox-kn-17.0.3-1.mga2.noarch.rpm firefox-ko-17.0.3-1.mga2.noarch.rpm firefox-ku-17.0.3-1.mga2.noarch.rpm firefox-lg-17.0.3-1.mga2.noarch.rpm firefox-lt-17.0.3-1.mga2.noarch.rpm firefox-lv-17.0.3-1.mga2.noarch.rpm firefox-mai-17.0.3-1.mga2.noarch.rpm firefox-mk-17.0.3-1.mga2.noarch.rpm firefox-ml-17.0.3-1.mga2.noarch.rpm firefox-mr-17.0.3-1.mga2.noarch.rpm firefox-nb_NO-17.0.3-1.mga2.noarch.rpm firefox-nl-17.0.3-1.mga2.noarch.rpm firefox-nn_NO-17.0.3-1.mga2.noarch.rpm firefox-nso-17.0.3-1.mga2.noarch.rpm firefox-or-17.0.3-1.mga2.noarch.rpm firefox-pa_IN-17.0.3-1.mga2.noarch.rpm firefox-pl-17.0.3-1.mga2.noarch.rpm firefox-pt_BR-17.0.3-1.mga2.noarch.rpm firefox-pt_PT-17.0.3-1.mga2.noarch.rpm firefox-ro-17.0.3-1.mga2.noarch.rpm firefox-ru-17.0.3-1.mga2.noarch.rpm firefox-si-17.0.3-1.mga2.noarch.rpm firefox-sk-17.0.3-1.mga2.noarch.rpm firefox-sl-17.0.3-1.mga2.noarch.rpm firefox-sq-17.0.3-1.mga2.noarch.rpm firefox-sr-17.0.3-1.mga2.noarch.rpm firefox-sv_SE-17.0.3-1.mga2.noarch.rpm firefox-ta-17.0.3-1.mga2.noarch.rpm firefox-ta_LK-17.0.3-1.mga2.noarch.rpm firefox-te-17.0.3-1.mga2.noarch.rpm firefox-th-17.0.3-1.mga2.noarch.rpm firefox-tr-17.0.3-1.mga2.noarch.rpm firefox-uk-17.0.3-1.mga2.noarch.rpm firefox-vi-17.0.3-1.mga2.noarch.rpm firefox-zh_CN-17.0.3-1.mga2.noarch.rpm firefox-zh_TW-17.0.3-1.mga2.noarch.rpm firefox-zu-17.0.3-1.mga2.noarch.rpm lib64nspr4-4.9.5-1.mga2.x86_64.rpm lib64nspr-devel-4.9.5-1.mga2.x86_64.rpm nspr-debug-4.9.5-1.mga2.x86_64.rpm lib64nss3-3.14.3-1.mga2.x86_64.rpm lib64nss-devel-3.14.3-1.mga2.x86_64.rpm lib64nss-static-devel-3.14.3-1.mga2.x86_64.rpm nss-3.14.3-1.mga2.x86_64.rpm nss-doc-3.14.3-1.mga2.noarch.rpm nss-debug-3.14.3-1.mga2.x86_64.rpm SRPMS: firefox-17.0.3-1.mga2.src.rpm firefox-l10n-17.0.3-1.mga2.src.rpm nspr-4.9.5-1.mga2.src.rpm nss-3.14.3-1.mga2.src.rpm References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1620 http://www.mozilla.org/security/announce/2013/mfsa2013-21... http://www.mozilla.org/security/announce/2013/mfsa2013-24... http://www.mozilla.org/security/announce/2013/mfsa2013-25... http://www.mozilla.org/security/announce/2013/mfsa2013-26... http://www.mozilla.org/security/announce/2013/mfsa2013-27... http://www.mozilla.org/security/announce/2013/mfsa2013-28... http://www.mozilla.org/security/known-vulnerabilities/fir... https://bugzilla.mozilla.org/show_bug.cgi?id=822365 https://rhn.redhat.com/errata/RHSA-2013-0271.html https://bugs.mageia.org/show_bug.cgi?id=9141 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-... (Log in to post comments)
|
|||||||||||||||||||