LWN.net Logo

mozilla: multiple vulnerabilities

Package(s):firefox thunderbird seamonkey CVE #(s):CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800
Created:April 3, 2013 Updated:April 5, 2013
Description: From the Red Hat advisory:

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0788)

A flaw was found in the way Same Origin Wrappers were implemented in Firefox. A malicious site could use this flaw to bypass the same-origin policy and execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0795)

A flaw was found in the embedded WebGL library in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Note: This issue only affected systems using the Intel Mesa graphics drivers. (CVE-2013-0796)

An out-of-bounds write flaw was found in the embedded Cairo library in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0800)

A flaw was found in the way Firefox handled the JavaScript history functions. A malicious site could cause a web page to be displayed that has a baseURI pointing to a different site, allowing cross-site scripting (XSS) and phishing attacks. (CVE-2013-0793)

Alerts:
Red Hat RHSA-2013:0696-01 2013-04-02
Red Hat RHSA-2013:0697-01 2013-04-02
Oracle ELSA-2013-0697 2013-04-02
Scientific Linux SL-fire-20130402 2013-04-02
Scientific Linux SL-thun-20130402 2013-04-02
Slackware SSA:2013-093-01 2013-04-03
Slackware SSA:2013-093-02 2013-04-03
CentOS CESA-2013:0696 2013-04-03
CentOS CESA-2013:0696 2013-04-03
CentOS CESA-2013:0696 2013-04-03
CentOS CESA-2013:0696 2013-04-03
CentOS CESA-2013:0697 2013-04-03
CentOS CESA-2013:0697 2013-04-03
Oracle ELSA-2013-0696 2013-04-03
Oracle ELSA-2013-0696 2013-04-03
openSUSE openSUSE-SU-2013:0630-1 2013-04-05
Fedora FEDORA-2013-4832 2013-04-05
Mageia MGASA-2013-0109 2013-04-04
Fedora FEDORA-2013-4832 2013-04-05
Fedora FEDORA-2013-4832 2013-04-05
Mageia MGASA-2013-0108 2013-04-04
Ubuntu USN-1786-1 2013-04-04
Ubuntu USN-1786-2 2013-04-04

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds