MGASA-2013-0008
| Date: | January 14th, 2013 |
| Affected releases: | 2 |
Description:
Updated iceape packages fix security issues:
Nemory safety problems and crashes that affect Firefox ESR 10, Firefox ESR
17, and Firefox 17. (CVE-2013-0769, MFSA 2013-01)
Nemory safety problems and crashes that affect Firefox ESR 17 and Firefox
17. (CVE-2013-0749, MFSA 2013-01)
Nmemory safety problems and crashes that affect Firefox 17.
(CVE-2013-0770, MFSA 2013-01)
Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar.
(CVE-2013-0760, MFSA 2013-02)
Heap-use-after-free in imgRequest::OnStopFrame.
(CVE-2013-0762, MFSA 2013-02)
Heap-use-after-free in ~nsHTMLEditRules. (CVE-2013-0766, MFSA 2013-02)
Out of bounds read in nsSVGPathElement::GetPathLengthScale.
(CVE-2013-0767, MFSA 2013-02)
Heap-use-after-free in mozilla::TrackUnionStream::EndTrack.
(CVE-2013-0761, MFSA 2013-02)
Heap-use-after-free in Mesa, triggerable by resizing a WebGL canvas.
(CVE-2013-0763, MFSA 2013-02)
Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries.
(CVE-2013-0771, MFSA 2013-02)
Heap-based buffer overflow in the nsWindow::OnExposeEvent function in
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird
before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before
2.14 allows remote attackers to execute arbitrary code via unspecified
vectors. (CVE-2012-5829)
Stack buffer overflow with canvas. (CVE-2013-0768, MFSA 2013-03)
URL spoofing with credentials info of URL & 204.
(CVE-2013-0759, MFSA 2013-04)
Heap-use-after-free in
TableBackgroundPainter::TableBackgroundData::Destroy.
(CVE-2013-0744, MFSA 2013-05)
Touch events are shared across iframes (CVE-2013-0751, MFSA 2013-06)
Crash [@ nsSOCKSSocketInfo::ConnectToProxy(PRFileDesc*) ] clicking
"Download the rest of the message" (CVE-2013-0764, MFSA 2013-07)
The AutoWrapperChanger class fails to keep some javascript objects alive
during garbage collection. This can lead to an exploitable crash allowing
for arbitrary code execution. (CVE-2013-0745, MFSA 2013-08)
In com cases, jsval-returning quickstubs fail to wrap their return values,
causing a compartment mismatch. This mismatch can cause garbage collection
to occur incorrectly and lead to a potentially exploitable crash.
(CVE-2013-0746, MFSA 2013-09)
Events in the plugin handler can be manipulated by web content to bypass
same-origin policy (SOP) restrictions. This can allow for clickjacking on
malicious web pages. (CVE-2013-0747, MFSA 2013-10)
Using the toString function of XBL objects can lead to inappropriate
information leakage by revealing the address space layout instead of just
the ID of the object. This layout information could potentially be used to
bypass ASLR and other security protections. (CVE-2013-0748, MFSA 2013-11)
An integer overflow is possible when calculating the length for a
Javascript string concatenation, which is then used for memory allocation.
This results in a buffer overflow, leading to a potentially exploitable
memory corruption. (CVE-2013-0750, MFSA 2013-12)
When using an XBL file containing multiple XML bindings with SVG content,
a memory corruption can occur. In concern with remote XUL, this can lead
to an exploitable crash. (CVE-2013-0752, MFSA 2013-13)
It is possible to change the prototype of an object and bypass Chrome
Object Wrappers (COW) to gain access to chrome privileged functions.
This could allow for arbitrary code execution.
(CVE-2013-0757, MFSA 2013-14)
It is possible to open a chrome privileged web page through plugin
objects through interaction with SVG elements. This could allow for
arbitrary code execution. (CVE-2013-0758, MFSA 2013-15)
By the exposing of serializeToStream to web content, a use-after-free may
occur in XMLSerializer. This can lead to arbitrary code execution when
exploited. (CVE-2013-0753, MFSA 2013-16)
A use-after-free was reported within the ListenerManager when garbage
collection is forced after data in listener objects have been allocated
in some circumstances. This can lead to arbitrary code execution.
(CVE-2013-0754, MFSA 2013-17)
Using the domDoc pointer within Vibrate library, memory may be used after
being freed. This can lead to arbitrary code execution when exploited.
(CVE-2013-0755, MFSA 2013-18)
A garbage collection flaw in Javascript Proxy objects can lead to a
use-after-free leading to arbitrary code execution.
(CVE-2013-0756, MFSA 2013-19)
TURKTRUST, a certificate authority in Mozilla\u2019s root program, has
mis-issued two intermediate certificates to customers. The issue was not
specific to Firefox but there was evidence that one of the certificates
was used for man-in-the-middle (MITM) traffic management of domain names
that the customer did not legitimately own or control. This issue was
resolved by revoking the trust for these specific mis-issued certificates.
(CVE-2013-0743, MFSA 2013-20)
This update also fixes HTML5 opus audio playback.
Updated Packages:
iceape-2.15-1.mga2
lib(64)opus0-1.0.2-1.mga2
lib(64)opus-devel-1.0.2-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771
http://www.mozilla.org/security/announce/2013/mfsa2013-01.html
http://www.mozilla.org/security/announce/2013/mfsa2013-02.html
http://www.mozilla.org/security/announce/2013/mfsa2013-03.html
http://www.mozilla.org/security/announce/2013/mfsa2013-04.html
http://www.mozilla.org/security/announce/2013/mfsa2013-05.html
http://www.mozilla.org/security/announce/2013/mfsa2013-06.html
http://www.mozilla.org/security/announce/2013/mfsa2013-07.html
http://www.mozilla.org/security/announce/2013/mfsa2013-08.html
http://www.mozilla.org/security/announce/2013/mfsa2013-09.html
http://www.mozilla.org/security/announce/2013/mfsa2013-10.html
http://www.mozilla.org/security/announce/2013/mfsa2013-11.html
http://www.mozilla.org/security/announce/2013/mfsa2013-12.html
http://www.mozilla.org/security/announce/2013/mfsa2013-13.html
http://www.mozilla.org/security/announce/2013/mfsa2013-14.html
http://www.mozilla.org/security/announce/2013/mfsa2013-15.html
http://www.mozilla.org/security/announce/2013/mfsa2013-16.html
http://www.mozilla.org/security/announce/2013/mfsa2013-17.html
http://www.mozilla.org/security/announce/2013/mfsa2013-18.html
http://www.mozilla.org/security/announce/2013/mfsa2013-19.html
http://www.mozilla.org/security/announce/2013/mfsa2013-20.html
https://bugs.mageia.org/show_bug.cgi?id=8673
