From Mageia wiki
Jump to: navigation, search

MGASA-2012-0279

Date: September 30th, 2012
Affected releases: 1, 2


Description:
Updated iceape packages fix security issues:

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before
15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown vectors.
(CVE-2012-1970)

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12
allow remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code via vectors
related to garbage collection after certain MethodJIT execution, and
unknown other vectors. (CVE-2012-1971)

Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes
function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
before 2.12 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-1972)

Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject
function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
before 2.12 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-1973)

Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function
in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
allows remote attackers to execute arbitrary code or cause a denial of
service (heap memory corruption) via unspecified vectors. (CVE-2012-1974)

Use-after-free vulnerability in the PresShell::CompleteMove function in
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
allows remote attackers to execute arbitrary code or cause a denial of
service (heap memory corruption) via unspecified vectors. (CVE-2012-1975)

Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues
function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
before 2.12 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-1976)

Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run
function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
before 2.12 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-3956)

Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
allows remote attackers to execute arbitrary code via unspecified vectors.
(CVE-2012-3957)

Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements
function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
before 2.12 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-3958)

Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode
function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
before 2.12 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-3959)

Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary
function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
before 2.12 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-3960)

Use-after-free vulnerability in the RangeData implementation in Mozilla
Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before
15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows
remote attackers to execute arbitrary code or cause a denial of service
(heap memory corruption) via unspecified vectors. (CVE-2012-3961)

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
do not properly iterate through the characters in a text run, which allows
remote attackers to execute arbitrary code via a crafted document.
(CVE-2012-3962)

Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function
in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
allows remote attackers to execute arbitrary code via unspecified vectors.
(CVE-2012-3963)

Use-after-free vulnerability in the gfxTextRun::GetUserData function in
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
allows remote attackers to execute arbitrary code or cause a denial of
service (heap memory corruption) via unspecified vectors. (CVE-2012-3964)

Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before
2.12 do not prevent use of the Object.defineProperty method to shadow the
location object (aka window.location), which makes it easier for remote
attackers to conduct cross-site scripting (XSS) attacks via vectors
involving a plugin. (CVE-2012-1956)

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
allow remote attackers to execute arbitrary code or cause a denial of
service (memory corruption) via a negative height value in a BMP image
within a .ICO file, related to (1) improper handling of the transparency
bitmask by the nsICODecoder component and (2) improper processing of the
alpha channel by the nsBMPDecoder component. (CVE-2012-3966)

The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x
before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7,
and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms
are used, does not properly interact with Mesa drivers, which allows remote
attackers to execute arbitrary code or cause a denial of service (stack
memory corruption) via a crafted web site. (CVE-2012-3967)

Use-after-free vulnerability in the WebGL implementation in Mozilla
Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before
15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows
remote attackers to execute arbitrary code via vectors related to deletion
of a fragment shader by its accessor. (CVE-2012-3968)

Integer overflow in the nsSVGFEMorphologyElement::Filter function in
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
allows remote attackers to execute arbitrary code via a crafted SVG filter
that triggers an incorrect sum calculation, leading to a heap-based buffer
overflow. (CVE-2012-3969)

Use-after-free vulnerability in the nsTArray_base::Length function in
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
allows remote attackers to execute arbitrary code or cause a denial of
service (heap memory corruption) via vectors involving movement of a
requiredFeatures attribute from one SVG document to another.
(CVE-2012-3970)

Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla
Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12,
allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption) via vectors related to the (1)
Silf::readClassMap and (2) Pass::readPass functions. (CVE-2012-3971)

The format-number functionality in the XSLT implementation in Mozilla
Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before
15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows
remote attackers to obtain sensitive information via unspecified vectors
that trigger a heap-based buffer over-read. (CVE-2012-3972)

The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before
15.0, and SeaMonkey before 2.12 loads subresources during parsing of
text/html data within an extension, which allows remote attackers to
obtain sensitive information by providing crafted data to privileged
extension code. (CVE-2012-3975)

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey
before 2.12 do not properly handle onLocationChange events during
navigation between different https sites, which allows remote attackers
to spoof the X.509 certificate information in the address bar via a
crafted web page. (CVE-2012-3976)

The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox
ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x
before 10.0.7, and SeaMonkey before 2.12 does not properly follow the
security model of the location object, which allows remote attackers to
bypass intended content-loading restrictions or possibly have unspecified
other impact via vectors involving chrome code. (CVE-2012-3978)

SPDY's request header compression leads to information leakage, which can
allow the extraction of private data such as session cookies, even over
an encrypted SSL connection. (MFSA 2012-73)


Updated Packages:
Mageia 1:
iceape-2.12.1-1.mga1

Mageia 2:
iceape-2.12.1-1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://www.mozilla.org/security/announce/2012/mfsa2012-73.html
https://bugs.mageia.org/show_bug.cgi?id=7563