Wiki » Support/Advisories/MGASA-2012-0342

MGASA-2012-0342

Date:	November 23rd, 2012
Affected releases:	1, 2

Description:
Updated firefox packages fix security vulnerabilities:

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2012-5842).

Security researcher Atte Kettunen from OUSPG used the Address
Sanitizer tool to discover a buffer overflow while rendering GIF
format images. This issue is potentially exploitable and could lead
to arbitrary code execution (CVE-2012-4202).

Mozilla security researcher moz_bug_r_a4 reported that if code executed
by the evalInSandbox function sets location.href, it can get the wrong
subject principal for the URL check, ignoring the sandbox's Javascript
context and gaining the context of evalInSandbox object. This can
lead to malicious web content being able to perform a cross-site
scripting (XSS) attack or stealing a copy of a local file if the user
has installed an add-on vulnerable to this attack (CVE-2012-4201).

Mozilla developer Bobby Holley reported that security wrappers filter
at the time of property access, but once a function is returned, the
caller can use this function without further security checks. This
affects cross-origin wrappers, allowing for write actions on objects
when only read actions should be properly allowed. This can lead to
cross-site scripting (XSS) attacks (CVE-2012-5841).

Security researcher Masato Kinugawa found when HZ-GB-2312 charset
encoding is used for text, the ~ character will destroy another
character near the chunk delimiter. This can lead to a cross-site
scripting (XSS) attack in pages encoded in HZ-GB-2312 (CVE-2012-4207).

Security researcher Mariusz Mlynski reported that the location property
can be accessed by binary plugins through top.location with a frame
whose name attribute's value is set to top. This can allow for possible
cross-site scripting (XSS) attacks through plugins (CVE-2012-4209).

Security researcher Mariusz Mlynski reported that when a maliciously
crafted stylesheet is inspected in the Style Inspector, HTML and CSS
can run in a chrome privileged context without being properly sanitized
first. This can lead to arbitrary code execution (CVE-2012-4210).

Security researcher Abhishek Arya (Inferno) of the Google Chrome
Security Team discovered a series critically rated of use-after-free
and buffer overflow issues using the Address Sanitizer tool in
shipped software. These issues are potentially exploitable, allowing
for remote code execution. We would also like to thank Abhishek for
reporting five additional use-after-free, out of bounds read, and
buffer overflow flaws introduced during Firefox development that
were fixed before general release (CVE-2012-4214, CVE-2012-4215,
CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840).

Security researcher miaubiz used the Address Sanitizer tool to
discover a series critically rated of use-after-free, buffer overflow,
and memory corruption issues in shipped software. These issues are
potentially exploitable, allowing for remote code execution. We would
also like to thank miaubiz for reporting two additional use-after-free
and memory corruption issues introduced during Firefox development
that were fixed before general release (CVE-2012-5833, CVE-2012-5835).

Updated Packages:
Mageia 1:
firefox-10.0.11-1.mga1
firefox-devel-10.0.11-1.mga1
firefox-af-10.0.11-1.mga1
firefox-ar-10.0.11-1.mga1
firefox-ast-10.0.11-1.mga1
firefox-be-10.0.11-1.mga1
firefox-bg-10.0.11-1.mga1
firefox-bn_BD-10.0.11-1.mga1
firefox-bn_IN-10.0.11-1.mga1
firefox-br-10.0.11-1.mga1
firefox-bs-10.0.11-1.mga1
firefox-ca-10.0.11-1.mga1
firefox-cs-10.0.11-1.mga1
firefox-cy-10.0.11-1.mga1
firefox-da-10.0.11-1.mga1
firefox-de-10.0.11-1.mga1
firefox-el-10.0.11-1.mga1
firefox-en_GB-10.0.11-1.mga1
firefox-en_ZA-10.0.11-1.mga1
firefox-eo-10.0.11-1.mga1
firefox-es_AR-10.0.11-1.mga1
firefox-es_CL-10.0.11-1.mga1
firefox-es_ES-10.0.11-1.mga1
firefox-es_MX-10.0.11-1.mga1
firefox-et-10.0.11-1.mga1
firefox-eu-10.0.11-1.mga1
firefox-fa-10.0.11-1.mga1
firefox-fi-10.0.11-1.mga1
firefox-fr-10.0.11-1.mga1
firefox-fy-10.0.11-1.mga1
firefox-ga_IE-10.0.11-1.mga1
firefox-gd-10.0.11-1.mga1
firefox-gl-10.0.11-1.mga1
firefox-gu_IN-10.0.11-1.mga1
firefox-he-10.0.11-1.mga1
firefox-hi-10.0.11-1.mga1
firefox-hr-10.0.11-1.mga1
firefox-hu-10.0.11-1.mga1
firefox-hy-10.0.11-1.mga1
firefox-id-10.0.11-1.mga1
firefox-is-10.0.11-1.mga1
firefox-it-10.0.11-1.mga1
firefox-ja-10.0.11-1.mga1
firefox-kk-10.0.11-1.mga1
firefox-kn-10.0.11-1.mga1
firefox-ko-10.0.11-1.mga1
firefox-ku-10.0.11-1.mga1
firefox-lg-10.0.11-1.mga1
firefox-lt-10.0.11-1.mga1
firefox-lv-10.0.11-1.mga1
firefox-mai-10.0.11-1.mga1
firefox-mk-10.0.11-1.mga1
firefox-ml-10.0.11-1.mga1
firefox-mr-10.0.11-1.mga1
firefox-nb_NO-10.0.11-1.mga1
firefox-nl-10.0.11-1.mga1
firefox-nn_NO-10.0.11-1.mga1
firefox-nso-10.0.11-1.mga1
firefox-or-10.0.11-1.mga1
firefox-pa_IN-10.0.11-1.mga1
firefox-pl-10.0.11-1.mga1
firefox-pt_BR-10.0.11-1.mga1
firefox-pt_PT-10.0.11-1.mga1
firefox-ro-10.0.11-1.mga1
firefox-ru-10.0.11-1.mga1
firefox-si-10.0.11-1.mga1
firefox-sk-10.0.11-1.mga1
firefox-sl-10.0.11-1.mga1
firefox-sq-10.0.11-1.mga1
firefox-sr-10.0.11-1.mga1
firefox-sv_SE-10.0.11-1.mga1
firefox-ta-10.0.11-1.mga1
firefox-ta_LK-10.0.11-1.mga1
firefox-te-10.0.11-1.mga1
firefox-th-10.0.11-1.mga1
firefox-tr-10.0.11-1.mga1
firefox-uk-10.0.11-1.mga1
firefox-vi-10.0.11-1.mga1
firefox-zh_CN-10.0.11-1.mga1
firefox-zh_TW-10.0.11-1.mga1
firefox-zu-10.0.11-1.mga1

Mageia 2:
firefox-10.0.11-1.mga2
firefox-devel-10.0.11-1.mga2
firefox-af-10.0.11-1.mga2
firefox-ar-10.0.11-1.mga2
firefox-ast-10.0.11-1.mga2
firefox-be-10.0.11-1.mga2
firefox-bg-10.0.11-1.mga2
firefox-bn_BD-10.0.11-1.mga2
firefox-bn_IN-10.0.11-1.mga2
firefox-br-10.0.11-1.mga2
firefox-bs-10.0.11-1.mga2
firefox-ca-10.0.11-1.mga2
firefox-cs-10.0.11-1.mga2
firefox-cy-10.0.11-1.mga2
firefox-da-10.0.11-1.mga2
firefox-de-10.0.11-1.mga2
firefox-el-10.0.11-1.mga2
firefox-en_GB-10.0.11-1.mga2
firefox-en_ZA-10.0.11-1.mga2
firefox-eo-10.0.11-1.mga2
firefox-es_AR-10.0.11-1.mga2
firefox-es_CL-10.0.11-1.mga2
firefox-es_ES-10.0.11-1.mga2
firefox-es_MX-10.0.11-1.mga2
firefox-et-10.0.11-1.mga2
firefox-eu-10.0.11-1.mga2
firefox-fa-10.0.11-1.mga2
firefox-fi-10.0.11-1.mga2
firefox-fr-10.0.11-1.mga2
firefox-fy-10.0.11-1.mga2
firefox-ga_IE-10.0.11-1.mga2
firefox-gd-10.0.11-1.mga2
firefox-gl-10.0.11-1.mga2
firefox-gu_IN-10.0.11-1.mga2
firefox-he-10.0.11-1.mga2
firefox-hi-10.0.11-1.mga2
firefox-hr-10.0.11-1.mga2
firefox-hu-10.0.11-1.mga2
firefox-hy-10.0.11-1.mga2
firefox-id-10.0.11-1.mga2
firefox-is-10.0.11-1.mga2
firefox-it-10.0.11-1.mga2
firefox-ja-10.0.11-1.mga2
firefox-kk-10.0.11-1.mga2
firefox-kn-10.0.11-1.mga2
firefox-ko-10.0.11-1.mga2
firefox-ku-10.0.11-1.mga2
firefox-lg-10.0.11-1.mga2
firefox-lt-10.0.11-1.mga2
firefox-lv-10.0.11-1.mga2
firefox-mai-10.0.11-1.mga2
firefox-mk-10.0.11-1.mga2
firefox-ml-10.0.11-1.mga2
firefox-mr-10.0.11-1.mga2
firefox-nb_NO-10.0.11-1.mga2
firefox-nl-10.0.11-1.mga2
firefox-nn_NO-10.0.11-1.mga2
firefox-nso-10.0.11-1.mga2
firefox-or-10.0.11-1.mga2
firefox-pa_IN-10.0.11-1.mga2
firefox-pl-10.0.11-1.mga2
firefox-pt_BR-10.0.11-1.mga2
firefox-pt_PT-10.0.11-1.mga2
firefox-ro-10.0.11-1.mga2
firefox-ru-10.0.11-1.mga2
firefox-si-10.0.11-1.mga2
firefox-sk-10.0.11-1.mga2
firefox-sl-10.0.11-1.mga2
firefox-sq-10.0.11-1.mga2
firefox-sr-10.0.11-1.mga2
firefox-sv_SE-10.0.11-1.mga2
firefox-ta-10.0.11-1.mga2
firefox-ta_LK-10.0.11-1.mga2
firefox-te-10.0.11-1.mga2
firefox-th-10.0.11-1.mga2
firefox-tr-10.0.11-1.mga2
firefox-uk-10.0.11-1.mga2
firefox-vi-10.0.11-1.mga2
firefox-zh_CN-10.0.11-1.mga2
firefox-zh_TW-10.0.11-1.mga2
firefox-zu-10.0.11-1.mga2

Wiki » Support/Advisories/MGASA-2012-0342

MGASA-2012-0342

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools