From Mageia wiki
Jump to: navigation, search

MGASA-2012-0136

Date: June 29th, 2012
Affected releases: 1


Description:
Updated firefox packages fix security vulnerabilities:

Heap-based buffer overflow in the utf16_to_isolatin1 function in
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and
SeaMonkey before 2.10 allows remote attackers to execute arbitrary
code via vectors that trigger a character-set conversion failure
(CVE-2012-1947).

Use-after-free vulnerability in the nsFrameList::FirstChild function
in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and
SeaMonkey before 2.10 allows remote attackers to execute arbitrary code
or cause a denial of service (heap memory corruption and application
crash) by changing the size of a container of absolutely positioned
elements in a column (CVE-2012-1940).

Heap-based buffer overflow in the
nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla
Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird
5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey
before 2.10 allows remote attackers to execute arbitrary code by
resizing a window displaying absolutely positioned and relatively
positioned elements in nested columns (CVE-2012-1941).

Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore
function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before
10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before
10.0.5, and SeaMonkey before 2.10 might allow remote attackers to
execute arbitrary code via document changes involving replacement or
insertion of a node (CVE-2012-1946).

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5,
and SeaMonkey before 2.10 allow local users to obtain sensitive
information via an HTML document that loads a shortcut (aka .lnk)
file for display within an IFRAME element, as demonstrated by a
network share implemented by (1) Microsoft Windows or (2) Samba
(CVE-2012-1945).

The Content Security Policy (CSP) implementation in Mozilla Firefox
4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0
through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey
before 2.10 does not block inline event handlers, which makes it
easier for remote attackers to conduct cross-site scripting (XSS)
attacks via a crafted HTML document (CVE-2012-1944).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before
2.10 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary
code via vectors related to (1) methodjit/ImmutableSync.cpp, (2)
the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp,
and unknown other components (CVE-2012-1938).

jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird
ESR 10.x before 10.0.5 does not properly determine data types,
which allows remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via crafted JavaScript code (CVE-2012-1939).

Multiple unspecified vulnerabilities in the browser engine in
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5,
and SeaMonkey before 2.10 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors (CVE-2012-1937).

Ken Russell of Google reported a bug in NVIDIA graphics
drivers that they needed to work around in the Chromium WebGL
implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5
(CVE-2011-3101).

Additionally, the nspr and nss libraries have been upgraded to the
latest versions which resolve various upstream bugs.


Updated Packages:
firefox-10.0.5-1.mga1
firefox-devel-10.0.5-1.mga1
firefox-af-10.0.5-1.mga1
firefox-ar-10.0.5-1.mga1
firefox-ast-10.0.5-1.mga1
firefox-be-10.0.5-1.mga1
firefox-bg-10.0.5-1.mga1
firefox-bn_BD-10.0.5-1.mga1
firefox-bn_IN-10.0.5-1.mga1
firefox-br-10.0.5-1.mga1
firefox-bs-10.0.5-1.mga1
firefox-ca-10.0.5-1.mga1
firefox-cs-10.0.5-1.mga1
firefox-cy-10.0.5-1.mga1
firefox-da-10.0.5-1.mga1
firefox-de-10.0.5-1.mga1
firefox-el-10.0.5-1.mga1
firefox-en_GB-10.0.5-1.mga1
firefox-en_ZA-10.0.5-1.mga1
firefox-eo-10.0.5-1.mga1
firefox-es_AR-10.0.5-1.mga1
firefox-es_CL-10.0.5-1.mga1
firefox-es_ES-10.0.5-1.mga1
firefox-es_MX-10.0.5-1.mga1
firefox-et-10.0.5-1.mga1
firefox-eu-10.0.5-1.mga1
firefox-fa-10.0.5-1.mga1
firefox-fi-10.0.5-1.mga1
firefox-fr-10.0.5-1.mga1
firefox-fy-10.0.5-1.mga1
firefox-ga_IE-10.0.5-1.mga1
firefox-gd-10.0.5-1.mga1
firefox-gl-10.0.5-1.mga1
firefox-gu_IN-10.0.5-1.mga1
firefox-he-10.0.5-1.mga1
firefox-hi-10.0.5-1.mga1
firefox-hr-10.0.5-1.mga1
firefox-hu-10.0.5-1.mga1
firefox-hy-10.0.5-1.mga1
firefox-id-10.0.5-1.mga1
firefox-is-10.0.5-1.mga1
firefox-it-10.0.5-1.mga1
firefox-ja-10.0.5-1.mga1
firefox-kk-10.0.5-1.mga1
firefox-kn-10.0.5-1.mga1
firefox-ko-10.0.5-1.mga1
firefox-ku-10.0.5-1.mga1
firefox-lg-10.0.5-1.mga1
firefox-lt-10.0.5-1.mga1
firefox-lv-10.0.5-1.mga1
firefox-mai-10.0.5-1.mga1
firefox-mk-10.0.5-1.mga1
firefox-ml-10.0.5-1.mga1
firefox-mr-10.0.5-1.mga1
firefox-nb_NO-10.0.5-1.mga1
firefox-nl-10.0.5-1.mga1
firefox-nn_NO-10.0.5-1.mga1
firefox-nso-10.0.5-1.mga1
firefox-or-10.0.5-1.mga1
firefox-pa_IN-10.0.5-1.mga1
firefox-pl-10.0.5-1.mga1
firefox-pt_BR-10.0.5-1.mga1
firefox-pt_PT-10.0.5-1.mga1
firefox-ro-10.0.5-1.mga1
firefox-ru-10.0.5-1.mga1
firefox-si-10.0.5-1.mga1
firefox-sk-10.0.5-1.mga1
firefox-sl-10.0.5-1.mga1
firefox-sq-10.0.5-1.mga1
firefox-sr-10.0.5-1.mga1
firefox-sv_SE-10.0.5-1.mga1
firefox-ta-10.0.5-1.mga1
firefox-ta_LK-10.0.5-1.mga1
firefox-te-10.0.5-1.mga1
firefox-th-10.0.5-1.mga1
firefox-tr-10.0.5-1.mga1
firefox-uk-10.0.5-1.mga1
firefox-vi-10.0.5-1.mga1
firefox-zh_CN-10.0.5-1.mga1
firefox-zh_TW-10.0.5-1.mga1
firefox-zu-10.0.5-1.mga1
lib(64)nspr4-4.9.1-1.mga1
lib(64)nspr-devel-4.9.1-1.mga1
nss-3.13.5-1.mga1
nss-doc-3.13.5-1.mga1
lib(64)nss3-3.13.5-1.mga1
lib(64)nss-devel-3.13.5-1.mga1
lib(64)nss-static-devel-3.13.5-1.mga1


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947
http://www.mozilla.org/security/announce/2012/mfsa2012-34.html
http://www.mozilla.org/security/announce/2012/mfsa2012-36.html
http://www.mozilla.org/security/announce/2012/mfsa2012-37.html
http://www.mozilla.org/security/announce/2012/mfsa2012-38.html
http://www.mozilla.org/security/announce/2012/mfsa2012-40.html
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:088-1
https://bugs.mageia.org/show_bug.cgi?id=6389