From Mageia wiki
Jump to: navigation, search

MGASA-2013-0064

Date: February 21st, 2013
Affected releases: 2
Media: Core


Description:
Updated thunderbird packages fix security vulnerabilities:

The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations
in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird
before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16
do not prevent modifications to a prototype, which allows remote attackers to
obtain sensitive information from chrome objects or possibly execute arbitrary
JavaScript code with chrome privileges via a crafted web site (CVE-2013-0773).

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird
before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16
do not prevent JavaScript workers from reading the browser-profile directory
name, which has unspecified impact and remote attack vectors (CVE-2013-0774).

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782,
CVE-2013-0783).

It was found that, after canceling a proxy server's authentication
prompt, the address bar continued to show the requested site's address. An
attacker could use this flaw to conduct phishing attacks by tricking a
user into believing they are viewing a trusted site (CVE-2013-0776).


Updated Packages:
i586:
nsinstall-17.0.3-1.mga2.i586.rpm
thunderbird-17.0.3-1.mga2.i586.rpm
thunderbird-enigmail-17.0.3-1.mga2.i586.rpm
thunderbird-debug-17.0.3-1.mga2.i586.rpm
thunderbird-ar-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ast-17.0.3-1.1.mga2.noarch.rpm
thunderbird-be-17.0.3-1.1.mga2.noarch.rpm
thunderbird-bg-17.0.3-1.1.mga2.noarch.rpm
thunderbird-bn_BD-17.0.3-1.1.mga2.noarch.rpm
thunderbird-br-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ca-17.0.3-1.1.mga2.noarch.rpm
thunderbird-cs-17.0.3-1.1.mga2.noarch.rpm
thunderbird-da-17.0.3-1.1.mga2.noarch.rpm
thunderbird-de-17.0.3-1.1.mga2.noarch.rpm
thunderbird-el-17.0.3-1.1.mga2.noarch.rpm
thunderbird-en_GB-17.0.3-1.1.mga2.noarch.rpm
thunderbird-es_AR-17.0.3-1.1.mga2.noarch.rpm
thunderbird-es_ES-17.0.3-1.1.mga2.noarch.rpm
thunderbird-et-17.0.3-1.1.mga2.noarch.rpm
thunderbird-eu-17.0.3-1.1.mga2.noarch.rpm
thunderbird-fi-17.0.3-1.1.mga2.noarch.rpm
thunderbird-fr-17.0.3-1.1.mga2.noarch.rpm
thunderbird-fy-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ga-17.0.3-1.1.mga2.noarch.rpm
thunderbird-gd-17.0.3-1.1.mga2.noarch.rpm
thunderbird-gl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-he-17.0.3-1.1.mga2.noarch.rpm
thunderbird-hu-17.0.3-1.1.mga2.noarch.rpm
thunderbird-id-17.0.3-1.1.mga2.noarch.rpm
thunderbird-is-17.0.3-1.1.mga2.noarch.rpm
thunderbird-it-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ja-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ko-17.0.3-1.1.mga2.noarch.rpm
thunderbird-lt-17.0.3-1.1.mga2.noarch.rpm
thunderbird-nb_NO-17.0.3-1.1.mga2.noarch.rpm
thunderbird-nl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-nn_NO-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pa_IN-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pt_BR-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pt_PT-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ro-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ru-17.0.3-1.1.mga2.noarch.rpm
thunderbird-si-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sk-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sq-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sv_SE-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ta_LK-17.0.3-1.1.mga2.noarch.rpm
thunderbird-tr-17.0.3-1.1.mga2.noarch.rpm
thunderbird-uk-17.0.3-1.1.mga2.noarch.rpm
thunderbird-vi-17.0.3-1.1.mga2.noarch.rpm
thunderbird-zh_CN-17.0.3-1.1.mga2.noarch.rpm
thunderbird-zh_TW-17.0.3-1.1.mga2.noarch.rpm

x86_64:
nsinstall-17.0.3-1.mga2.x86_64.rpm
thunderbird-17.0.3-1.mga2.x86_64.rpm
thunderbird-enigmail-17.0.3-1.mga2.x86_64.rpm
thunderbird-debug-17.0.3-1.mga2.x86_64.rpm
thunderbird-ar-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ast-17.0.3-1.1.mga2.noarch.rpm
thunderbird-be-17.0.3-1.1.mga2.noarch.rpm
thunderbird-bg-17.0.3-1.1.mga2.noarch.rpm
thunderbird-bn_BD-17.0.3-1.1.mga2.noarch.rpm
thunderbird-br-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ca-17.0.3-1.1.mga2.noarch.rpm
thunderbird-cs-17.0.3-1.1.mga2.noarch.rpm
thunderbird-da-17.0.3-1.1.mga2.noarch.rpm
thunderbird-de-17.0.3-1.1.mga2.noarch.rpm
thunderbird-el-17.0.3-1.1.mga2.noarch.rpm
thunderbird-en_GB-17.0.3-1.1.mga2.noarch.rpm
thunderbird-es_AR-17.0.3-1.1.mga2.noarch.rpm
thunderbird-es_ES-17.0.3-1.1.mga2.noarch.rpm
thunderbird-et-17.0.3-1.1.mga2.noarch.rpm
thunderbird-eu-17.0.3-1.1.mga2.noarch.rpm
thunderbird-fi-17.0.3-1.1.mga2.noarch.rpm
thunderbird-fr-17.0.3-1.1.mga2.noarch.rpm
thunderbird-fy-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ga-17.0.3-1.1.mga2.noarch.rpm
thunderbird-gd-17.0.3-1.1.mga2.noarch.rpm
thunderbird-gl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-he-17.0.3-1.1.mga2.noarch.rpm
thunderbird-hu-17.0.3-1.1.mga2.noarch.rpm
thunderbird-id-17.0.3-1.1.mga2.noarch.rpm
thunderbird-is-17.0.3-1.1.mga2.noarch.rpm
thunderbird-it-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ja-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ko-17.0.3-1.1.mga2.noarch.rpm
thunderbird-lt-17.0.3-1.1.mga2.noarch.rpm
thunderbird-nb_NO-17.0.3-1.1.mga2.noarch.rpm
thunderbird-nl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-nn_NO-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pa_IN-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pt_BR-17.0.3-1.1.mga2.noarch.rpm
thunderbird-pt_PT-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ro-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ru-17.0.3-1.1.mga2.noarch.rpm
thunderbird-si-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sk-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sl-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sq-17.0.3-1.1.mga2.noarch.rpm
thunderbird-sv_SE-17.0.3-1.1.mga2.noarch.rpm
thunderbird-ta_LK-17.0.3-1.1.mga2.noarch.rpm
thunderbird-tr-17.0.3-1.1.mga2.noarch.rpm
thunderbird-uk-17.0.3-1.1.mga2.noarch.rpm
thunderbird-vi-17.0.3-1.1.mga2.noarch.rpm
thunderbird-zh_CN-17.0.3-1.1.mga2.noarch.rpm
thunderbird-zh_TW-17.0.3-1.1.mga2.noarch.rpm

SRPMS:
thunderbird-17.0.3-1.mga2.src.rpm
thunderbird-l10n-17.0.3-1.1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783
http://www.mozilla.org/security/announce/2013/mfsa2013-21.html
http://www.mozilla.org/security/announce/2013/mfsa2013-24.html
http://www.mozilla.org/security/announce/2013/mfsa2013-25.html
http://www.mozilla.org/security/announce/2013/mfsa2013-26.html
http://www.mozilla.org/security/announce/2013/mfsa2013-27.html
http://www.mozilla.org/security/announce/2013/mfsa2013-28.html
https://rhn.redhat.com/errata/RHSA-2013-0272.html
https://bugs.mageia.org/show_bug.cgi?id=9142

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2013-0064&oldid=14606"