LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

thunderbird: multiple vulnerabilities

Package(s):thunderbird CVE #(s):CVE-2013-0801 CVE-2013-1670 CVE-2013-1672 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681
Created:May 17, 2013 Updated:June 28, 2013
Description:

From the Mozilla release notes:

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)

Mozilla community member Ms2ger discovered that some DOMSVGZoomEvent functions are used without being properly initialized, causing uninitialized memory to be used when they are called by web content. This could lead to a information leakage to sites depending on the contents of this uninitialized memory. (CVE-2013-1675)

Security researcher Nils reported a use-after-free when resizing video while playing. This could allow for arbitrary code execution. (CVE-2013-1674)

Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. This issue allows unprivileged users to local privilege escalation through the system privileges used by the service when interacting with local malicious software. This allows the user to bypass integrity checks leading to local privilege escalation. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content. (CVE-2013-1672)

Security researcher Cody Crews reported a method to call a content level constructor that allows for this constructor to have chrome privileged accesss. This affects chrome object wrappers (COW) and allows for write actions on objects when only read actions should be allowed. This can lead to cross-site scripting (XSS) attacks. (CVE-2013-1670)

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (CVE-2013-0801)

Alerts:
Fedora FEDORA-2013-8298 2013-05-17
Slackware SSA:2013-136-01 2013-05-16
openSUSE openSUSE-SU-2013:0825-1 2013-05-24
Fedora FEDORA-2013-8284 2013-06-02
openSUSE openSUSE-SU-2013:0896-1 2013-06-10
openSUSE openSUSE-SU-2013:0929-1 2013-06-10
openSUSE openSUSE-SU-2013:0946-1 2013-06-10
Fedora FEDORA-2013-11799 2013-06-28
Fedora FEDORA-2013-11776 2013-06-28
SUSE SUSE-SU-2013:1152-1 2013-07-05
Gentoo 201309-23 2013-09-27
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds