From Mageia wiki
Jump to: navigation, search

MGASA-2013-0063

Date: February 21st, 2013
Affected releases: 2
Media: Core


Description:
Updated firefox packages fix security vulnerabilities:

The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations
in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird
before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16
do not prevent modifications to a prototype, which allows remote attackers to
obtain sensitive information from chrome objects or possibly execute arbitrary
JavaScript code with chrome privileges via a crafted web site (CVE-2013-0773).

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird
before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16
do not prevent JavaScript workers from reading the browser-profile directory
name, which has unspecified impact and remote attack vectors (CVE-2013-0774).

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782,
CVE-2013-0783).

It was found that, after canceling a proxy server's authentication
prompt, the address bar continued to show the requested site's address. An
attacker could use this flaw to conduct phishing attacks by tricking a
user into believing they are viewing a trusted site (CVE-2013-0776).

The TLS implementation in Mozilla Network Security Services (NSS) does not
properly consider timing side-channel attacks on a noncompliant MAC check
operation during the processing of malformed CBC padding, which allows remote
attackers to conduct distinguishing attacks and plaintext-recovery attacks
via statistical analysis of timing data for crafted packets (CVE-2013-1620).


Updated Packages:
i586:
firefox-17.0.3-1.mga2.i586.rpm
firefox-devel-17.0.3-1.mga2.i586.rpm
firefox-debug-17.0.3-1.mga2.i586.rpm
firefox-af-17.0.3-1.mga2.noarch.rpm
firefox-ar-17.0.3-1.mga2.noarch.rpm
firefox-ast-17.0.3-1.mga2.noarch.rpm
firefox-be-17.0.3-1.mga2.noarch.rpm
firefox-bg-17.0.3-1.mga2.noarch.rpm
firefox-bn_BD-17.0.3-1.mga2.noarch.rpm
firefox-bn_IN-17.0.3-1.mga2.noarch.rpm
firefox-br-17.0.3-1.mga2.noarch.rpm
firefox-bs-17.0.3-1.mga2.noarch.rpm
firefox-ca-17.0.3-1.mga2.noarch.rpm
firefox-cs-17.0.3-1.mga2.noarch.rpm
firefox-cy-17.0.3-1.mga2.noarch.rpm
firefox-da-17.0.3-1.mga2.noarch.rpm
firefox-de-17.0.3-1.mga2.noarch.rpm
firefox-el-17.0.3-1.mga2.noarch.rpm
firefox-en_GB-17.0.3-1.mga2.noarch.rpm
firefox-en_ZA-17.0.3-1.mga2.noarch.rpm
firefox-eo-17.0.3-1.mga2.noarch.rpm
firefox-es_AR-17.0.3-1.mga2.noarch.rpm
firefox-es_CL-17.0.3-1.mga2.noarch.rpm
firefox-es_ES-17.0.3-1.mga2.noarch.rpm
firefox-es_MX-17.0.3-1.mga2.noarch.rpm
firefox-et-17.0.3-1.mga2.noarch.rpm
firefox-eu-17.0.3-1.mga2.noarch.rpm
firefox-fa-17.0.3-1.mga2.noarch.rpm
firefox-fi-17.0.3-1.mga2.noarch.rpm
firefox-fr-17.0.3-1.mga2.noarch.rpm
firefox-fy-17.0.3-1.mga2.noarch.rpm
firefox-ga_IE-17.0.3-1.mga2.noarch.rpm
firefox-gd-17.0.3-1.mga2.noarch.rpm
firefox-gl-17.0.3-1.mga2.noarch.rpm
firefox-gu_IN-17.0.3-1.mga2.noarch.rpm
firefox-he-17.0.3-1.mga2.noarch.rpm
firefox-hi-17.0.3-1.mga2.noarch.rpm
firefox-hr-17.0.3-1.mga2.noarch.rpm
firefox-hu-17.0.3-1.mga2.noarch.rpm
firefox-hy-17.0.3-1.mga2.noarch.rpm
firefox-id-17.0.3-1.mga2.noarch.rpm
firefox-is-17.0.3-1.mga2.noarch.rpm
firefox-it-17.0.3-1.mga2.noarch.rpm
firefox-ja-17.0.3-1.mga2.noarch.rpm
firefox-kk-17.0.3-1.mga2.noarch.rpm
firefox-kn-17.0.3-1.mga2.noarch.rpm
firefox-ko-17.0.3-1.mga2.noarch.rpm
firefox-ku-17.0.3-1.mga2.noarch.rpm
firefox-lg-17.0.3-1.mga2.noarch.rpm
firefox-lt-17.0.3-1.mga2.noarch.rpm
firefox-lv-17.0.3-1.mga2.noarch.rpm
firefox-mai-17.0.3-1.mga2.noarch.rpm
firefox-mk-17.0.3-1.mga2.noarch.rpm
firefox-ml-17.0.3-1.mga2.noarch.rpm
firefox-mr-17.0.3-1.mga2.noarch.rpm
firefox-nb_NO-17.0.3-1.mga2.noarch.rpm
firefox-nl-17.0.3-1.mga2.noarch.rpm
firefox-nn_NO-17.0.3-1.mga2.noarch.rpm
firefox-nso-17.0.3-1.mga2.noarch.rpm
firefox-or-17.0.3-1.mga2.noarch.rpm
firefox-pa_IN-17.0.3-1.mga2.noarch.rpm
firefox-pl-17.0.3-1.mga2.noarch.rpm
firefox-pt_BR-17.0.3-1.mga2.noarch.rpm
firefox-pt_PT-17.0.3-1.mga2.noarch.rpm
firefox-ro-17.0.3-1.mga2.noarch.rpm
firefox-ru-17.0.3-1.mga2.noarch.rpm
firefox-si-17.0.3-1.mga2.noarch.rpm
firefox-sk-17.0.3-1.mga2.noarch.rpm
firefox-sl-17.0.3-1.mga2.noarch.rpm
firefox-sq-17.0.3-1.mga2.noarch.rpm
firefox-sr-17.0.3-1.mga2.noarch.rpm
firefox-sv_SE-17.0.3-1.mga2.noarch.rpm
firefox-ta-17.0.3-1.mga2.noarch.rpm
firefox-ta_LK-17.0.3-1.mga2.noarch.rpm
firefox-te-17.0.3-1.mga2.noarch.rpm
firefox-th-17.0.3-1.mga2.noarch.rpm
firefox-tr-17.0.3-1.mga2.noarch.rpm
firefox-uk-17.0.3-1.mga2.noarch.rpm
firefox-vi-17.0.3-1.mga2.noarch.rpm
firefox-zh_CN-17.0.3-1.mga2.noarch.rpm
firefox-zh_TW-17.0.3-1.mga2.noarch.rpm
firefox-zu-17.0.3-1.mga2.noarch.rpm
libnspr4-4.9.5-1.mga2.i586.rpm
libnspr-devel-4.9.5-1.mga2.i586.rpm
nspr-debug-4.9.5-1.mga2.i586.rpm
libnss3-3.14.3-1.mga2.i586.rpm
libnss-devel-3.14.3-1.mga2.i586.rpm
libnss-static-devel-3.14.3-1.mga2.i586.rpm
nss-3.14.3-1.mga2.i586.rpm
nss-doc-3.14.3-1.mga2.noarch.rpm
nss-debug-3.14.3-1.mga2.i586.rpm

x86_64:
firefox-17.0.3-1.mga2.x86_64.rpm
firefox-devel-17.0.3-1.mga2.x86_64.rpm
firefox-debug-17.0.3-1.mga2.x86_64.rpm
firefox-af-17.0.3-1.mga2.noarch.rpm
firefox-ar-17.0.3-1.mga2.noarch.rpm
firefox-ast-17.0.3-1.mga2.noarch.rpm
firefox-be-17.0.3-1.mga2.noarch.rpm
firefox-bg-17.0.3-1.mga2.noarch.rpm
firefox-bn_BD-17.0.3-1.mga2.noarch.rpm
firefox-bn_IN-17.0.3-1.mga2.noarch.rpm
firefox-br-17.0.3-1.mga2.noarch.rpm
firefox-bs-17.0.3-1.mga2.noarch.rpm
firefox-ca-17.0.3-1.mga2.noarch.rpm
firefox-cs-17.0.3-1.mga2.noarch.rpm
firefox-cy-17.0.3-1.mga2.noarch.rpm
firefox-da-17.0.3-1.mga2.noarch.rpm
firefox-de-17.0.3-1.mga2.noarch.rpm
firefox-el-17.0.3-1.mga2.noarch.rpm
firefox-en_GB-17.0.3-1.mga2.noarch.rpm
firefox-en_ZA-17.0.3-1.mga2.noarch.rpm
firefox-eo-17.0.3-1.mga2.noarch.rpm
firefox-es_AR-17.0.3-1.mga2.noarch.rpm
firefox-es_CL-17.0.3-1.mga2.noarch.rpm
firefox-es_ES-17.0.3-1.mga2.noarch.rpm
firefox-es_MX-17.0.3-1.mga2.noarch.rpm
firefox-et-17.0.3-1.mga2.noarch.rpm
firefox-eu-17.0.3-1.mga2.noarch.rpm
firefox-fa-17.0.3-1.mga2.noarch.rpm
firefox-fi-17.0.3-1.mga2.noarch.rpm
firefox-fr-17.0.3-1.mga2.noarch.rpm
firefox-fy-17.0.3-1.mga2.noarch.rpm
firefox-ga_IE-17.0.3-1.mga2.noarch.rpm
firefox-gd-17.0.3-1.mga2.noarch.rpm
firefox-gl-17.0.3-1.mga2.noarch.rpm
firefox-gu_IN-17.0.3-1.mga2.noarch.rpm
firefox-he-17.0.3-1.mga2.noarch.rpm
firefox-hi-17.0.3-1.mga2.noarch.rpm
firefox-hr-17.0.3-1.mga2.noarch.rpm
firefox-hu-17.0.3-1.mga2.noarch.rpm
firefox-hy-17.0.3-1.mga2.noarch.rpm
firefox-id-17.0.3-1.mga2.noarch.rpm
firefox-is-17.0.3-1.mga2.noarch.rpm
firefox-it-17.0.3-1.mga2.noarch.rpm
firefox-ja-17.0.3-1.mga2.noarch.rpm
firefox-kk-17.0.3-1.mga2.noarch.rpm
firefox-kn-17.0.3-1.mga2.noarch.rpm
firefox-ko-17.0.3-1.mga2.noarch.rpm
firefox-ku-17.0.3-1.mga2.noarch.rpm
firefox-lg-17.0.3-1.mga2.noarch.rpm
firefox-lt-17.0.3-1.mga2.noarch.rpm
firefox-lv-17.0.3-1.mga2.noarch.rpm
firefox-mai-17.0.3-1.mga2.noarch.rpm
firefox-mk-17.0.3-1.mga2.noarch.rpm
firefox-ml-17.0.3-1.mga2.noarch.rpm
firefox-mr-17.0.3-1.mga2.noarch.rpm
firefox-nb_NO-17.0.3-1.mga2.noarch.rpm
firefox-nl-17.0.3-1.mga2.noarch.rpm
firefox-nn_NO-17.0.3-1.mga2.noarch.rpm
firefox-nso-17.0.3-1.mga2.noarch.rpm
firefox-or-17.0.3-1.mga2.noarch.rpm
firefox-pa_IN-17.0.3-1.mga2.noarch.rpm
firefox-pl-17.0.3-1.mga2.noarch.rpm
firefox-pt_BR-17.0.3-1.mga2.noarch.rpm
firefox-pt_PT-17.0.3-1.mga2.noarch.rpm
firefox-ro-17.0.3-1.mga2.noarch.rpm
firefox-ru-17.0.3-1.mga2.noarch.rpm
firefox-si-17.0.3-1.mga2.noarch.rpm
firefox-sk-17.0.3-1.mga2.noarch.rpm
firefox-sl-17.0.3-1.mga2.noarch.rpm
firefox-sq-17.0.3-1.mga2.noarch.rpm
firefox-sr-17.0.3-1.mga2.noarch.rpm
firefox-sv_SE-17.0.3-1.mga2.noarch.rpm
firefox-ta-17.0.3-1.mga2.noarch.rpm
firefox-ta_LK-17.0.3-1.mga2.noarch.rpm
firefox-te-17.0.3-1.mga2.noarch.rpm
firefox-th-17.0.3-1.mga2.noarch.rpm
firefox-tr-17.0.3-1.mga2.noarch.rpm
firefox-uk-17.0.3-1.mga2.noarch.rpm
firefox-vi-17.0.3-1.mga2.noarch.rpm
firefox-zh_CN-17.0.3-1.mga2.noarch.rpm
firefox-zh_TW-17.0.3-1.mga2.noarch.rpm
firefox-zu-17.0.3-1.mga2.noarch.rpm
lib64nspr4-4.9.5-1.mga2.x86_64.rpm
lib64nspr-devel-4.9.5-1.mga2.x86_64.rpm
nspr-debug-4.9.5-1.mga2.x86_64.rpm
lib64nss3-3.14.3-1.mga2.x86_64.rpm
lib64nss-devel-3.14.3-1.mga2.x86_64.rpm
lib64nss-static-devel-3.14.3-1.mga2.x86_64.rpm
nss-3.14.3-1.mga2.x86_64.rpm
nss-doc-3.14.3-1.mga2.noarch.rpm
nss-debug-3.14.3-1.mga2.x86_64.rpm

SRPMS:
firefox-17.0.3-1.mga2.src.rpm
firefox-l10n-17.0.3-1.mga2.src.rpm
nspr-4.9.5-1.mga2.src.rpm
nss-3.14.3-1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1620
http://www.mozilla.org/security/announce/2013/mfsa2013-21.html
http://www.mozilla.org/security/announce/2013/mfsa2013-24.html
http://www.mozilla.org/security/announce/2013/mfsa2013-25.html
http://www.mozilla.org/security/announce/2013/mfsa2013-26.html
http://www.mozilla.org/security/announce/2013/mfsa2013-27.html
http://www.mozilla.org/security/announce/2013/mfsa2013-28.html
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
https://bugzilla.mozilla.org/show_bug.cgi?id=822365
https://rhn.redhat.com/errata/RHSA-2013-0271.html
https://bugs.mageia.org/show_bug.cgi?id=9141

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2013-0063&oldid=14605"