Mageia alert MGASA-2012-0135 (firefox)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2012-0135: firefox-10.0.5-1.mga2 (2/core) 
Date:
    	     
 
Thu, 28 Jun 2012 22:25:24 +0200
Message-ID:
    	     
 
<20120628202524.GA5132@valstar.mageia.org>

MGASA-2012-0135
Date: 	June 28th, 2012
Affected releases: 	2


Description:
Updated firefox packages fix security vulnerabilities:

Heap-based buffer overflow in the utf16_to_isolatin1 function in
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and
SeaMonkey before 2.10 allows remote attackers to execute arbitrary
code via vectors that trigger a character-set conversion failure
(CVE-2012-1947).

Use-after-free vulnerability in the nsFrameList::FirstChild function
in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and
SeaMonkey before 2.10 allows remote attackers to execute arbitrary code
or cause a denial of service (heap memory corruption and application
crash) by changing the size of a container of absolutely positioned
elements in a column (CVE-2012-1940).

Heap-based buffer overflow in the
nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla
Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird
5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey
before 2.10 allows remote attackers to execute arbitrary code by
resizing a window displaying absolutely positioned and relatively
positioned elements in nested columns (CVE-2012-1941).

Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore
function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before
10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before
10.0.5, and SeaMonkey before 2.10 might allow remote attackers to
execute arbitrary code via document changes involving replacement or
insertion of a node (CVE-2012-1946).

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5,
and SeaMonkey before 2.10 allow local users to obtain sensitive
information via an HTML document that loads a shortcut (aka .lnk)
file for display within an IFRAME element, as demonstrated by a
network share implemented by (1) Microsoft Windows or (2) Samba
(CVE-2012-1945).

The Content Security Policy (CSP) implementation in Mozilla Firefox
4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0
through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey
before 2.10 does not block inline event handlers, which makes it
easier for remote attackers to conduct cross-site scripting (XSS)
attacks via a crafted HTML document (CVE-2012-1944).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before
2.10 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary
code via vectors related to (1) methodjit/ImmutableSync.cpp, (2)
the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp,
and unknown other components (CVE-2012-1938).

jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird
ESR 10.x before 10.0.5 does not properly determine data types,
which allows remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via crafted JavaScript code (CVE-2012-1939).

Multiple unspecified vulnerabilities in the browser engine in
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5,
and SeaMonkey before 2.10 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors (CVE-2012-1937).

Ken Russell of Google reported a bug in NVIDIA graphics
drivers that they needed to work around in the Chromium WebGL
implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5
(CVE-2011-3101).

Additionally, the nspr and nss libraries have been upgraded to the
latest versions which resolve various upstream bugs.


Updated Packages:
firefox-10.0.5-1.mga2
firefox-devel-10.0.5-1.mga2
firefox-af-10.0.5-1.1.mga2
firefox-ar-10.0.5-1.1.mga2
firefox-ast-10.0.5-1.1.mga2
firefox-be-10.0.5-1.1.mga2
firefox-bg-10.0.5-1.1.mga2
firefox-bn_BD-10.0.5-1.1.mga2
firefox-bn_IN-10.0.5-1.1.mga2
firefox-br-10.0.5-1.1.mga2
firefox-bs-10.0.5-1.1.mga2
firefox-ca-10.0.5-1.1.mga2
firefox-cs-10.0.5-1.1.mga2
firefox-cy-10.0.5-1.1.mga2
firefox-da-10.0.5-1.1.mga2
firefox-de-10.0.5-1.1.mga2
firefox-el-10.0.5-1.1.mga2
firefox-en_GB-10.0.5-1.1.mga2
firefox-en_ZA-10.0.5-1.1.mga2
firefox-eo-10.0.5-1.1.mga2
firefox-es_AR-10.0.5-1.1.mga2
firefox-es_CL-10.0.5-1.1.mga2
firefox-es_ES-10.0.5-1.1.mga2
firefox-es_MX-10.0.5-1.1.mga2
firefox-et-10.0.5-1.1.mga2
firefox-eu-10.0.5-1.1.mga2
firefox-fa-10.0.5-1.1.mga2
firefox-fi-10.0.5-1.1.mga2
firefox-fr-10.0.5-1.1.mga2
firefox-fy-10.0.5-1.1.mga2
firefox-ga_IE-10.0.5-1.1.mga2
firefox-gd-10.0.5-1.1.mga2
firefox-gl-10.0.5-1.1.mga2
firefox-gu_IN-10.0.5-1.1.mga2
firefox-he-10.0.5-1.1.mga2
firefox-hi-10.0.5-1.1.mga2
firefox-hr-10.0.5-1.1.mga2
firefox-hu-10.0.5-1.1.mga2
firefox-hy-10.0.5-1.1.mga2
firefox-id-10.0.5-1.1.mga2
firefox-is-10.0.5-1.1.mga2
firefox-it-10.0.5-1.1.mga2
firefox-ja-10.0.5-1.1.mga2
firefox-kk-10.0.5-1.1.mga2
firefox-kn-10.0.5-1.1.mga2
firefox-ko-10.0.5-1.1.mga2
firefox-ku-10.0.5-1.1.mga2
firefox-lg-10.0.5-1.1.mga2
firefox-lt-10.0.5-1.1.mga2
firefox-lv-10.0.5-1.1.mga2
firefox-mai-10.0.5-1.1.mga2
firefox-mk-10.0.5-1.1.mga2
firefox-ml-10.0.5-1.1.mga2
firefox-mr-10.0.5-1.1.mga2
firefox-nb_NO-10.0.5-1.1.mga2
firefox-nl-10.0.5-1.1.mga2
firefox-nn_NO-10.0.5-1.1.mga2
firefox-nso-10.0.5-1.1.mga2
firefox-or-10.0.5-1.1.mga2
firefox-pa_IN-10.0.5-1.1.mga2
firefox-pl-10.0.5-1.1.mga2
firefox-pt_BR-10.0.5-1.1.mga2
firefox-pt_PT-10.0.5-1.1.mga2
firefox-ro-10.0.5-1.1.mga2
firefox-ru-10.0.5-1.1.mga2
firefox-si-10.0.5-1.1.mga2
firefox-sk-10.0.5-1.1.mga2
firefox-sl-10.0.5-1.1.mga2
firefox-sq-10.0.5-1.1.mga2
firefox-sr-10.0.5-1.1.mga2
firefox-sv_SE-10.0.5-1.1.mga2
firefox-ta-10.0.5-1.1.mga2
firefox-ta_LK-10.0.5-1.1.mga2
firefox-te-10.0.5-1.1.mga2
firefox-th-10.0.5-1.1.mga2
firefox-tr-10.0.5-1.1.mga2
firefox-uk-10.0.5-1.1.mga2
firefox-vi-10.0.5-1.1.mga2
firefox-zh_CN-10.0.5-1.1.mga2
firefox-zh_TW-10.0.5-1.1.mga2
firefox-zu-10.0.5-1.1.mga2
lib(64)nspr4-4.9.1-1.mga2
lib(64)nspr-devel-4.9.1-1.mga2
nss-3.13.5-1.mga2
nss-doc-3.13.5-1.mga2
lib(64)nss3-3.13.5-1.mga2
lib(64)nss-devel-3.13.5-1.mga2
lib(64)nss-static-devel-3.13.5-1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3101

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1944

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947

http://www.mozilla.org/security/announce/2012/mfsa2012-34...
http://www.mozilla.org/security/announce/2012/mfsa2012-36...
http://www.mozilla.org/security/announce/2012/mfsa2012-37...
http://www.mozilla.org/security/announce/2012/mfsa2012-38...
http://www.mozilla.org/security/announce/2012/mfsa2012-40...
http://www.mandriva.com/en/support/security/advisories/?d...
https://bugs.mageia.org/show_bug.cgi?id=6548

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...