LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2013-0108 (firefox)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0108: firefox-17.0.5-1.mga2 (2/core) 


Date:
    	      Thu, 4 Apr 2013 23:32:07 +0200


Message-ID:
    	      <20130404213207.GA29415@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2013-0108
Date: 	April 4th, 2013
Affected releases: 	2
Media: 	Core


Description:
Updated firefox packages fix security vulnerabilities:

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2013-0788).

A flaw was found in the way Same Origin Wrappers were implemented in
Firefox. A malicious site could use this flaw to bypass the same-origin
policy and execute arbitrary code with the privileges of the user
running Firefox (CVE-2013-0795).

A flaw was found in the embedded WebGL library in Firefox. A web page
containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
Note: This issue only affected systems using the Intel Mesa graphics
drivers (CVE-2013-0796).

An out-of-bounds write flaw was found in the embedded Cairo library in
Firefox. A web page containing malicious content could cause Firefox to
crash or, potentially, execute arbitrary code with the privileges of the
user running Firefox (CVE-2013-0800).

A flaw was found in the way Firefox handled the JavaScript history
functions. A malicious site could cause a web page to be displayed that
has a baseURI pointing to a different site, allowing cross-site scripting
(XSS) and phishing attacks (CVE-2013-0793).


Updated Packages:
i586:
firefox-17.0.5-1.mga2.i586.rpm
firefox-devel-17.0.5-1.mga2.i586.rpm
firefox-debug-17.0.5-1.mga2.i586.rpm
firefox-af-17.0.5-1.mga2.noarch.rpm
firefox-ar-17.0.5-1.mga2.noarch.rpm
firefox-ast-17.0.5-1.mga2.noarch.rpm
firefox-be-17.0.5-1.mga2.noarch.rpm
firefox-bg-17.0.5-1.mga2.noarch.rpm
firefox-bn_BD-17.0.5-1.mga2.noarch.rpm
firefox-bn_IN-17.0.5-1.mga2.noarch.rpm
firefox-br-17.0.5-1.mga2.noarch.rpm
firefox-bs-17.0.5-1.mga2.noarch.rpm
firefox-ca-17.0.5-1.mga2.noarch.rpm
firefox-cs-17.0.5-1.mga2.noarch.rpm
firefox-cy-17.0.5-1.mga2.noarch.rpm
firefox-da-17.0.5-1.mga2.noarch.rpm
firefox-de-17.0.5-1.mga2.noarch.rpm
firefox-el-17.0.5-1.mga2.noarch.rpm
firefox-en_GB-17.0.5-1.mga2.noarch.rpm
firefox-en_ZA-17.0.5-1.mga2.noarch.rpm
firefox-eo-17.0.5-1.mga2.noarch.rpm
firefox-es_AR-17.0.5-1.mga2.noarch.rpm
firefox-es_CL-17.0.5-1.mga2.noarch.rpm
firefox-es_ES-17.0.5-1.mga2.noarch.rpm
firefox-es_MX-17.0.5-1.mga2.noarch.rpm
firefox-et-17.0.5-1.mga2.noarch.rpm
firefox-eu-17.0.5-1.mga2.noarch.rpm
firefox-fa-17.0.5-1.mga2.noarch.rpm
firefox-fi-17.0.5-1.mga2.noarch.rpm
firefox-fr-17.0.5-1.mga2.noarch.rpm
firefox-fy-17.0.5-1.mga2.noarch.rpm
firefox-ga_IE-17.0.5-1.mga2.noarch.rpm
firefox-gd-17.0.5-1.mga2.noarch.rpm
firefox-gl-17.0.5-1.mga2.noarch.rpm
firefox-gu_IN-17.0.5-1.mga2.noarch.rpm
firefox-he-17.0.5-1.mga2.noarch.rpm
firefox-hi-17.0.5-1.mga2.noarch.rpm
firefox-hr-17.0.5-1.mga2.noarch.rpm
firefox-hu-17.0.5-1.mga2.noarch.rpm
firefox-hy-17.0.5-1.mga2.noarch.rpm
firefox-id-17.0.5-1.mga2.noarch.rpm
firefox-is-17.0.5-1.mga2.noarch.rpm
firefox-it-17.0.5-1.mga2.noarch.rpm
firefox-ja-17.0.5-1.mga2.noarch.rpm
firefox-kk-17.0.5-1.mga2.noarch.rpm
firefox-kn-17.0.5-1.mga2.noarch.rpm
firefox-ko-17.0.5-1.mga2.noarch.rpm
firefox-ku-17.0.5-1.mga2.noarch.rpm
firefox-lg-17.0.5-1.mga2.noarch.rpm
firefox-lt-17.0.5-1.mga2.noarch.rpm
firefox-lv-17.0.5-1.mga2.noarch.rpm
firefox-mai-17.0.5-1.mga2.noarch.rpm
firefox-mk-17.0.5-1.mga2.noarch.rpm
firefox-ml-17.0.5-1.mga2.noarch.rpm
firefox-mr-17.0.5-1.mga2.noarch.rpm
firefox-nb_NO-17.0.5-1.mga2.noarch.rpm
firefox-nl-17.0.5-1.mga2.noarch.rpm
firefox-nn_NO-17.0.5-1.mga2.noarch.rpm
firefox-nso-17.0.5-1.mga2.noarch.rpm
firefox-or-17.0.5-1.mga2.noarch.rpm
firefox-pa_IN-17.0.5-1.mga2.noarch.rpm
firefox-pl-17.0.5-1.mga2.noarch.rpm
firefox-pt_BR-17.0.5-1.mga2.noarch.rpm
firefox-pt_PT-17.0.5-1.mga2.noarch.rpm
firefox-ro-17.0.5-1.mga2.noarch.rpm
firefox-ru-17.0.5-1.mga2.noarch.rpm
firefox-si-17.0.5-1.mga2.noarch.rpm
firefox-sk-17.0.5-1.mga2.noarch.rpm
firefox-sl-17.0.5-1.mga2.noarch.rpm
firefox-sq-17.0.5-1.mga2.noarch.rpm
firefox-sr-17.0.5-1.mga2.noarch.rpm
firefox-sv_SE-17.0.5-1.mga2.noarch.rpm
firefox-ta-17.0.5-1.mga2.noarch.rpm
firefox-ta_LK-17.0.5-1.mga2.noarch.rpm
firefox-te-17.0.5-1.mga2.noarch.rpm
firefox-th-17.0.5-1.mga2.noarch.rpm
firefox-tr-17.0.5-1.mga2.noarch.rpm
firefox-uk-17.0.5-1.mga2.noarch.rpm
firefox-vi-17.0.5-1.mga2.noarch.rpm
firefox-zh_CN-17.0.5-1.mga2.noarch.rpm
firefox-zh_TW-17.0.5-1.mga2.noarch.rpm
firefox-zu-17.0.5-1.mga2.noarch.rpm
libnspr4-4.9.6-1.mga2.i586.rpm
libnspr-devel-4.9.6-1.mga2.i586.rpm
nspr-debug-4.9.6-1.mga2.i586.rpm

x86_64:
firefox-17.0.5-1.mga2.x86_64.rpm
firefox-devel-17.0.5-1.mga2.x86_64.rpm
firefox-debug-17.0.5-1.mga2.x86_64.rpm
firefox-af-17.0.5-1.mga2.noarch.rpm
firefox-ar-17.0.5-1.mga2.noarch.rpm
firefox-ast-17.0.5-1.mga2.noarch.rpm
firefox-be-17.0.5-1.mga2.noarch.rpm
firefox-bg-17.0.5-1.mga2.noarch.rpm
firefox-bn_BD-17.0.5-1.mga2.noarch.rpm
firefox-bn_IN-17.0.5-1.mga2.noarch.rpm
firefox-br-17.0.5-1.mga2.noarch.rpm
firefox-bs-17.0.5-1.mga2.noarch.rpm
firefox-ca-17.0.5-1.mga2.noarch.rpm
firefox-cs-17.0.5-1.mga2.noarch.rpm
firefox-cy-17.0.5-1.mga2.noarch.rpm
firefox-da-17.0.5-1.mga2.noarch.rpm
firefox-de-17.0.5-1.mga2.noarch.rpm
firefox-el-17.0.5-1.mga2.noarch.rpm
firefox-en_GB-17.0.5-1.mga2.noarch.rpm
firefox-en_ZA-17.0.5-1.mga2.noarch.rpm
firefox-eo-17.0.5-1.mga2.noarch.rpm
firefox-es_AR-17.0.5-1.mga2.noarch.rpm
firefox-es_CL-17.0.5-1.mga2.noarch.rpm
firefox-es_ES-17.0.5-1.mga2.noarch.rpm
firefox-es_MX-17.0.5-1.mga2.noarch.rpm
firefox-et-17.0.5-1.mga2.noarch.rpm
firefox-eu-17.0.5-1.mga2.noarch.rpm
firefox-fa-17.0.5-1.mga2.noarch.rpm
firefox-fi-17.0.5-1.mga2.noarch.rpm
firefox-fr-17.0.5-1.mga2.noarch.rpm
firefox-fy-17.0.5-1.mga2.noarch.rpm
firefox-ga_IE-17.0.5-1.mga2.noarch.rpm
firefox-gd-17.0.5-1.mga2.noarch.rpm
firefox-gl-17.0.5-1.mga2.noarch.rpm
firefox-gu_IN-17.0.5-1.mga2.noarch.rpm
firefox-he-17.0.5-1.mga2.noarch.rpm
firefox-hi-17.0.5-1.mga2.noarch.rpm
firefox-hr-17.0.5-1.mga2.noarch.rpm
firefox-hu-17.0.5-1.mga2.noarch.rpm
firefox-hy-17.0.5-1.mga2.noarch.rpm
firefox-id-17.0.5-1.mga2.noarch.rpm
firefox-is-17.0.5-1.mga2.noarch.rpm
firefox-it-17.0.5-1.mga2.noarch.rpm
firefox-ja-17.0.5-1.mga2.noarch.rpm
firefox-kk-17.0.5-1.mga2.noarch.rpm
firefox-kn-17.0.5-1.mga2.noarch.rpm
firefox-ko-17.0.5-1.mga2.noarch.rpm
firefox-ku-17.0.5-1.mga2.noarch.rpm
firefox-lg-17.0.5-1.mga2.noarch.rpm
firefox-lt-17.0.5-1.mga2.noarch.rpm
firefox-lv-17.0.5-1.mga2.noarch.rpm
firefox-mai-17.0.5-1.mga2.noarch.rpm
firefox-mk-17.0.5-1.mga2.noarch.rpm
firefox-ml-17.0.5-1.mga2.noarch.rpm
firefox-mr-17.0.5-1.mga2.noarch.rpm
firefox-nb_NO-17.0.5-1.mga2.noarch.rpm
firefox-nl-17.0.5-1.mga2.noarch.rpm
firefox-nn_NO-17.0.5-1.mga2.noarch.rpm
firefox-nso-17.0.5-1.mga2.noarch.rpm
firefox-or-17.0.5-1.mga2.noarch.rpm
firefox-pa_IN-17.0.5-1.mga2.noarch.rpm
firefox-pl-17.0.5-1.mga2.noarch.rpm
firefox-pt_BR-17.0.5-1.mga2.noarch.rpm
firefox-pt_PT-17.0.5-1.mga2.noarch.rpm
firefox-ro-17.0.5-1.mga2.noarch.rpm
firefox-ru-17.0.5-1.mga2.noarch.rpm
firefox-si-17.0.5-1.mga2.noarch.rpm
firefox-sk-17.0.5-1.mga2.noarch.rpm
firefox-sl-17.0.5-1.mga2.noarch.rpm
firefox-sq-17.0.5-1.mga2.noarch.rpm
firefox-sr-17.0.5-1.mga2.noarch.rpm
firefox-sv_SE-17.0.5-1.mga2.noarch.rpm
firefox-ta-17.0.5-1.mga2.noarch.rpm
firefox-ta_LK-17.0.5-1.mga2.noarch.rpm
firefox-te-17.0.5-1.mga2.noarch.rpm
firefox-th-17.0.5-1.mga2.noarch.rpm
firefox-tr-17.0.5-1.mga2.noarch.rpm
firefox-uk-17.0.5-1.mga2.noarch.rpm
firefox-vi-17.0.5-1.mga2.noarch.rpm
firefox-zh_CN-17.0.5-1.mga2.noarch.rpm
firefox-zh_TW-17.0.5-1.mga2.noarch.rpm
firefox-zu-17.0.5-1.mga2.noarch.rpm
lib64nspr4-4.9.6-1.mga2.x86_64.rpm
lib64nspr-devel-4.9.6-1.mga2.x86_64.rpm
nspr-debug-4.9.6-1.mga2.x86_64.rpm

SRPMS:
firefox-17.0.5-1.mga2.src.rpm
firefox-l10n-17.0.5-1.mga2.src.rpm
nspr-4.9.6-1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800

http://www.mozilla.org/security/announce/2013/mfsa2013-30...
http://www.mozilla.org/security/announce/2013/mfsa2013-31...
http://www.mozilla.org/security/announce/2013/mfsa2013-35...
http://www.mozilla.org/security/announce/2013/mfsa2013-36...
http://www.mozilla.org/security/announce/2013/mfsa2013-38...
http://www.mozilla.org/security/known-vulnerabilities/fir...
https://rhn.redhat.com/errata/RHSA-2013-0696.html

https://bugs.mageia.org/show_bug.cgi?id=9599

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds