User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2013-0120 (iceape)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2013-0120: iceape-2.17-1.mga2 (2/core)
Date:  Thu, 18 Apr 2013 00:28:08 +0200
Message-ID:  <20130417222808.GA30155@valstar.mageia.org>
Archive-link:  Article, Thread

MGASA-2013-0120 Date: April 18th, 2013 Affected releases: 2 Media: Core Description: Updated iceape packages fix security issues: Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. (CVE-2013-0787) Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2013-0788) Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors. (CVE-2013-0789) The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. (CVE-2013-0796) The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does no prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. (CVE-2013-0795) Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. (CVE-2013-0794) Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. (CVE-2013-0793) Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image. (CVE-2013-0792) Updated Packages: i586: iceape-2.17-1.mga2.i586.rpm x86_64: iceape-2.17-1.mga2.x86_64.rpm SRPMS: iceape-2.17-1.mga2.src.rpm References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796 http://www.mozilla.org/security/announce/2013/mfsa2013-29... http://www.mozilla.org/security/announce/2013/mfsa2013-30... http://www.mozilla.org/security/announce/2013/mfsa2013-35... http://www.mozilla.org/security/announce/2013/mfsa2013-36... http://www.mozilla.org/security/announce/2013/mfsa2013-37... http://www.mozilla.org/security/announce/2013/mfsa2013-38... http://www.mozilla.org/security/announce/2013/mfsa2013-39... https://bugs.mageia.org/show_bug.cgi?id=9693 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds