LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2013-0064 (thunderbird)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0064: thunderbird-17.0.3-1.mga2,
 thunderbird-l10n-17.0.3-1.1.mga2 (2/core) 


Date:
    	      Thu, 21 Feb 2013 22:25:46 +0100


Message-ID:
    	      <20130221212546.GA13162@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2013-0064
Date: 	February 21st, 2013
Affected releases: 	2
Media: 	Core


Description:
Updated thunderbird packages fix security vulnerabilities:

The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations
in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird
before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16
do not prevent modifications to a prototype, which allows remote attackers to
obtain sensitive information from chrome objects or possibly execute arbitrary
JavaScript code with chrome privileges via a crafted web site (CVE-2013-0773).

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird
before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before
2.16 do not prevent JavaScript workers from reading the browser-profile
directory name, which has unspecified impact and remote attack vectors
(CVE-2013-0774).

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782,
CVE-2013-0783).

It was found that, after canceling a proxy server's authentication
prompt, the address bar continued to show the requested site's address.
An attacker could use this flaw to conduct phishing attacks by tricking
a user into believing they are viewing a trusted site (CVE-2013-0776).


Updated Packages:
i586:
nsinstall-17.0.3-1.mga2.i586.rpm
thunderbird-17.0.3-1.mga2.i586.rpm
thunderbird-enigmail-17.0.3-1.mga2.i586.rpm
thunderbird-debug-17.0.3-1.mga2.i586.rpm
thunderbird-ar-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ast-17.0.3-1.1.mga2.noarch.rpm
thunderbird-be-17.0.3-1.1.mga2.noarch.rpm
thunderbird-bg-17.0.3-1.1.mga2.noarch.rpm
thunderbird-bn_BD-17.0.3-1.1.mga2.noarch.rpm
thunderbird-br-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ca-17.0.3-1.1.mga2.noarch.rpm
thunderbird-cs-17.0.3-1.1.mga2.noarch.rpm
thunderbird-da-17.0.3-1.1.mga2.noarch.rpm
thunderbird-de-17.0.3-1.1.mga2.noarch.rpm
thunderbird-el-17.0.3-1.1.mga2.noarch.rpm
thunderbird-en_GB-17.0.3-1.1.mga2.noarch.rpm
thunderbird-es_AR-17.0.3-1.1.mga2.noarch.rpm
thunderbird-es_ES-17.0.3-1.1.mga2.noarch.rpm
thunderbird-et-17.0.3-1.1.mga2.noarch.rpm
thunderbird-eu-17.0.3-1.1.mga2.noarch.rpm
thunderbird-fi-17.0.3-1.1.mga2.noarch.rpm
thunderbird-fr-17.0.3-1.1.mga2.noarch.rpm
thunderbird-fy-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ga-17.0.3-1.1.mga2.noarch.rpm
thunderbird-gd-17.0.3-1.1.mga2.noarch.rpm
thunderbird-gl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-he-17.0.3-1.1.mga2.noarch.rpm
thunderbird-hu-17.0.3-1.1.mga2.noarch.rpm
thunderbird-id-17.0.3-1.1.mga2.noarch.rpm
thunderbird-is-17.0.3-1.1.mga2.noarch.rpm
thunderbird-it-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ja-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ko-17.0.3-1.1.mga2.noarch.rpm
thunderbird-lt-17.0.3-1.1.mga2.noarch.rpm
thunderbird-nb_NO-17.0.3-1.1.mga2.noarch.rpm
thunderbird-nl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-nn_NO-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pa_IN-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pt_BR-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pt_PT-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ro-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ru-17.0.3-1.1.mga2.noarch.rpm
thunderbird-si-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sk-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sq-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sv_SE-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ta_LK-17.0.3-1.1.mga2.noarch.rpm
thunderbird-tr-17.0.3-1.1.mga2.noarch.rpm
thunderbird-uk-17.0.3-1.1.mga2.noarch.rpm
thunderbird-vi-17.0.3-1.1.mga2.noarch.rpm
thunderbird-zh_CN-17.0.3-1.1.mga2.noarch.rpm
thunderbird-zh_TW-17.0.3-1.1.mga2.noarch.rpm

x86_64:
nsinstall-17.0.3-1.mga2.x86_64.rpm
thunderbird-17.0.3-1.mga2.x86_64.rpm
thunderbird-enigmail-17.0.3-1.mga2.x86_64.rpm
thunderbird-debug-17.0.3-1.mga2.x86_64.rpm
thunderbird-ar-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ast-17.0.3-1.1.mga2.noarch.rpm
thunderbird-be-17.0.3-1.1.mga2.noarch.rpm
thunderbird-bg-17.0.3-1.1.mga2.noarch.rpm
thunderbird-bn_BD-17.0.3-1.1.mga2.noarch.rpm
thunderbird-br-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ca-17.0.3-1.1.mga2.noarch.rpm
thunderbird-cs-17.0.3-1.1.mga2.noarch.rpm
thunderbird-da-17.0.3-1.1.mga2.noarch.rpm
thunderbird-de-17.0.3-1.1.mga2.noarch.rpm
thunderbird-el-17.0.3-1.1.mga2.noarch.rpm
thunderbird-en_GB-17.0.3-1.1.mga2.noarch.rpm
thunderbird-es_AR-17.0.3-1.1.mga2.noarch.rpm
thunderbird-es_ES-17.0.3-1.1.mga2.noarch.rpm
thunderbird-et-17.0.3-1.1.mga2.noarch.rpm
thunderbird-eu-17.0.3-1.1.mga2.noarch.rpm
thunderbird-fi-17.0.3-1.1.mga2.noarch.rpm
thunderbird-fr-17.0.3-1.1.mga2.noarch.rpm
thunderbird-fy-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ga-17.0.3-1.1.mga2.noarch.rpm
thunderbird-gd-17.0.3-1.1.mga2.noarch.rpm
thunderbird-gl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-he-17.0.3-1.1.mga2.noarch.rpm
thunderbird-hu-17.0.3-1.1.mga2.noarch.rpm
thunderbird-id-17.0.3-1.1.mga2.noarch.rpm
thunderbird-is-17.0.3-1.1.mga2.noarch.rpm
thunderbird-it-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ja-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ko-17.0.3-1.1.mga2.noarch.rpm
thunderbird-lt-17.0.3-1.1.mga2.noarch.rpm
thunderbird-nb_NO-17.0.3-1.1.mga2.noarch.rpm
thunderbird-nl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-nn_NO-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pa_IN-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pt_BR-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pt_PT-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ro-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ru-17.0.3-1.1.mga2.noarch.rpm
thunderbird-si-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sk-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sq-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sv_SE-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ta_LK-17.0.3-1.1.mga2.noarch.rpm
thunderbird-tr-17.0.3-1.1.mga2.noarch.rpm
thunderbird-uk-17.0.3-1.1.mga2.noarch.rpm
thunderbird-vi-17.0.3-1.1.mga2.noarch.rpm
thunderbird-zh_CN-17.0.3-1.1.mga2.noarch.rpm
thunderbird-zh_TW-17.0.3-1.1.mga2.noarch.rpm

SRPMS:
thunderbird-17.0.3-1.mga2.src.rpm
thunderbird-l10n-17.0.3-1.1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783
http://www.mozilla.org/security/announce/2013/mfsa2013-21...
http://www.mozilla.org/security/announce/2013/mfsa2013-24...
http://www.mozilla.org/security/announce/2013/mfsa2013-25...
http://www.mozilla.org/security/announce/2013/mfsa2013-26...
http://www.mozilla.org/security/announce/2013/mfsa2013-27...
http://www.mozilla.org/security/announce/2013/mfsa2013-28...
https://rhn.redhat.com/errata/RHSA-2013-0272.html
https://bugs.mageia.org/show_bug.cgi?id=9142
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds