Wiki » Support/Advisories/MGASA-2012-0176

MGASA-2012-0176

Date:	July 21st, 2012
Affected releases:	1

Description:
Updated iceape packages fix security vulnerabilities:

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before
3.1.11, allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors (CVE-2011-2374).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors (CVE-2011-2376).

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x
before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to
cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors, a different
vulnerability than CVE-2011-2365 (CVE-2011-2364).

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x
before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to
cause a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors, a different
vulnerability than CVE-2011-2364 (CVE-2011-2365).

Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x
through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14,
when JavaScript is disabled, allows remote attackers to execute
arbitrary code via a crafted XUL document (CVE-2011-2373).

Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before
3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a
denial of service (memory corruption and application crash) or possibly
execute arbitrary code via a multipart/x-mixed-replace image
(CVE-2011-2377).

Integer overflow in the Array.reduceRight method in Mozilla Firefox
before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and
SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary
code via vectors involving a long JavaScript Array object
(CVE-2011-2371).

Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem
function in the implementation of SVG element lists in Mozilla Firefox
before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14
allows remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via vectors involving a user-supplied
callback (CVE-2011-0083).

Use-after-free vulnerability in the nsSVGPointList::AppendElement
function in the implementation of SVG element lists in Mozilla Firefox
before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14
allows remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via vectors involving a user-supplied
callback (CVE-2011-2363).

Use-after-free vulnerability in the nsXULCommandDispatcher function in
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey
through 2.0.14 allows remote attackers to execute arbitrary code via a
crafted XUL document that dequeues the current command updater
(CVE-2011-0085).

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey
through 2.0.14 do not distinguish between cookies for two domain names
that differ only in a trailing dot, which allows remote web servers to
bypass the Same Origin Policy via Set-Cookie headers (CVE-2011-2362).

The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before
2.3, Thunderbird before 6, and possibly other products does not properly
implement JavaScript, which allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unspecified vectors (CVE-2011-2991).

The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5,
SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other
products allows remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unspecified vectors (CVE-2011-2992).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3,
and possibly other products allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors (CVE-2011-2985).

The implementation of digital signatures for JAR files in Mozilla Firefox
4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does
not prevent calls from unsigned JavaScript code to signed code, which
allows remote attackers to bypass the Same Origin Policy and gain
privileges via a crafted web site, a different vulnerability than
CVE-2008-2801 (CVE-2011-2993).

The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox
before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and
other versions before 6; SeaMonkey 2.x before 2.3; and possibly other
products does not properly handle SVG text, which allows remote
attackers to execute arbitrary code via unspecified vectors that lead
to a "dangling pointer" (CVE-2011-0084).

The implementation of Content Security Policy (CSP) violation reports
in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly
other products does not remove proxy-authorization credentials from the
listed request headers, which allows attackers to obtain sensitive
information by reading a report, related to incorrect host resolution
that occurs with certain redirects (CVE-2011-2990).

Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0,
and SeaMonkey before 2.3 do not properly handle "location" as the name
of a frame, which allows remote attackers to bypass the Same Origin
Policy via a crafted web site, a different vulnerability than
CVE-2010-0170 (CVE-2011-2999).

Google Chrome user alibo encountered an active "man in the middle" (MITM)
attack on secure SSL connections to Google servers. The fraudulent
certificate was mis-issued by DigiNotar, a Dutch Certificate Authority.
DigiNotar has reported evidence that other fraudulent certificates were
issued and in active use but the full extent of the compromise is not
known. For the protection of our users Mozilla has removed the
DigiNotar root certificate. Sites using certificates issued by DigiNotar
will need to seek another certificate vendor (MFSA 2011-34).

As more information has come to light about the attack on the DigiNotar
Certificate Authority we have improved the protections added in MFSA
2011-34. The main change is to add explicit distrust to the DigiNotar
root certificate and several intermediates. Removing the root as in our
previous fix meant the certificates could be considered valid if
cross-signed by another Certificate Authority. Importantly this list of
distrusted certificates includes the "PKIOverheid" (PKIGovernment)
intermediates under DigiNotar's control that did not chain to
DigiNotar's root and were not previously blocked (MFSA 2011-35).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and
SeaMonkey before 2.4 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute arbitrary
code via unknown vectors (CVE-2011-2995).

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0,
and SeaMonkey before 2.4 do not properly handle HTTP responses that
contain multiple Location, Content-Length, or Content-Disposition
headers, which makes it easier for remote attackers to conduct HTTP
response splitting attacks via crafted header values (CVE-2011-3000).

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0,
and SeaMonkey before 2.4 do not prevent the starting of a download in
response to the holding of the Enter key, which allows user-assisted
remote attackers to bypass intended access restrictions via a crafted
web site (CVE-2011-2372).

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before
3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly
enforce the IPv6 literal address syntax, which allows remote attackers
to obtain sensitive information by making XMLHttpRequest calls through
a proxy and reading the error messages (CVE-2011-3670).

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24
and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0
allows remote attackers to inject arbitrary web script or HTML via
crafted text with Shift JIS encoding (CVE-2011-3648).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial
of service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors (CVE-2011-3651).

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before
3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that
contain many functions, which allows user-assisted remote attackers to
cause a denial of service (memory corruption and application crash) or
possibly have unspecified other impact via a crafted file that is
accessed by debugging APIs, as demonstrated by Firebug (CVE-2011-3650).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18
and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2012-0442).

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before
3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly
initialize nsChildView data structures, which allows remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via a crafted Ogg Vorbis file
(CVE-2012-0444).

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before
3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote
attackers to cause a denial of service (memory corruption and application
crash) or possibly execute arbitrary code via a malformed XSLT stylesheet
that is embedded in a document (CVE-2012-0449).

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56,
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors that trigger an integer
truncation (CVE-2011-3026).

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x
before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0,
Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not
properly restrict drag-and-drop operations on javascript: URLs, which
allows user-assisted remote attackers to conduct cross-site scripting
(XSS) attacks via a crafted web page, related to a "DragAndDropJacking"
issue (CVE-2012-0455).

The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x
through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20
and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey
before 2.8 might allow remote attackers to obtain sensitive information
from process memory via vectors that trigger an out-of-bounds read
(CVE-2012-0456).

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x
before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0,
Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not
properly restrict setting the home page through the dragging of a URL
to the home button, which allows user-assisted remote attackers to
execute arbitrary JavaScript code with chrome privileges via a
javascript: URL that is later interpreted in the about:sessionrestore
context (CVE-2012-0458).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before
10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird
ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2012-0461).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird
5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey
before 2.9 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code via
unknown vectors (CVE-2012-0467).

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through
11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0,
Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows
remote attackers to inject arbitrary web script or HTML via a multibyte
character set (CVE-2012-0471).

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox
4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through
11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow
remote attackers to inject arbitrary web script or HTML via the (1)
ISO-2022-KR or (2) ISO-2022-CN character set (CVE-2012-0477).

Chrome before 10.0.648.127 allows remote attackers to bypass the Same
Origin Policy via unspecified vectors, related to an "error message leak"
(CVE-2011-1187).

jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird
ESR 10.x before 10.0.5 does not properly determine data types, which
allows remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code via crafted
JavaScript code (CVE-2012-1939).

To prevent this update from being delayed further, all subpackages for
the separate components are now included in the main iceape package.

Updated Packages:
iceape-2.11-1.mga1

Wiki » Support/Advisories/MGASA-2012-0176

MGASA-2012-0176

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools