LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

mozilla: multiple vulnerabilities

Package(s):firefox, thunderbird CVE #(s):CVE-2012-0468 CVE-2012-0469 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0478
Created:April 25, 2012 Updated:June 13, 2012
Description: From the CVE entries:

The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. (CVE-2012-0468)

Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. (CVE-2012-0469)

The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. (CVE-2012-0472)

The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. (CVE-2012-0473)

Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." (CVE-2012-0474)

The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. (CVE-2012-0478)

Alerts:
Red Hat RHSA-2012:0515-01 2012-04-24
Red Hat RHSA-2012:0516-01 2012-04-24
CentOS CESA-2012:0515 2012-04-25
CentOS CESA-2012:0515 2012-04-25
CentOS CESA-2012:0516 2012-04-24
CentOS CESA-2012:0516 2012-04-25
Scientific Linux SL-thun-20120425 2012-04-25
Scientific Linux SL-fire-20120425 2012-04-25
Oracle ELSA-2012-0515 2012-04-25
Oracle ELSA-2012-0515 2012-04-25
Oracle ELSA-2012-0516 2012-04-25
Fedora FEDORA-2012-6622 2012-04-27
Fedora FEDORA-2012-6622 2012-04-27
Mandriva MDVSA-2012:066 2012-04-27
openSUSE openSUSE-SU-2012:0567-1 2012-04-27
Ubuntu USN-1430-1 2012-04-27
Ubuntu USN-1430-2 2012-04-27
SUSE SUSE-SU-2012:0580-1 2012-05-02
Ubuntu USN-1430-3 2012-05-04
SUSE SUSE-SU-2012:0688-1 2012-06-02
Ubuntu USN-1430-4 2012-06-12
Gentoo 201301-01 2013-01-07
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds