MGASA-2013-0086
Date: | March 9th, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox
before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird
ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a
denial of service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors. (CVE-2013-0783)
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0,
Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial
of service (memory corruption and application crash) or possibly execute arbitrary code via unknown
vectors. (CVE-2013-0784)
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3,
and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process
memory or cause a denial of service (out-of-bounds read and application crash) via a crafted
GIF image. (CVE-2013-0772)
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple
wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified
vectors. (CVE-2013-0765)
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0,
Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before
2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from
chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. (CVE-2013-0773)
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3,
and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has
unspecified impact and remote attack vectors. (CVE-2013-0774)
Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox
ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote
attackers to execute arbitrary code via crafted web script. (CVE-2013-0775)
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3,
and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides
a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. (CVE-2013-0776)
Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before
17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption)
via unspecified vectors. (CVE-2013-0777)
The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows
remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2013-0778)
The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows
remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2013-0779)
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x
before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to
execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets
(CSS) -moz-column-* properties. (CVE-2013-0780)
Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before
17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory
corruption) via unspecified vectors. (CVE-2013-0781)
Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x
before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to
execute arbitrary code via unspecified vectors. (CVE-2013-0782)
Updated Packages:
i586:
iceape-2.16-1.mga2.i586.rpm
x86_64:
iceape-2.16-1.mga2.i586.rpm
SRPMS:
iceape-2.16-1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0784
http://www.mozilla.org/security/announce/2013/mfsa2013-21.html
http://www.mozilla.org/security/announce/2013/mfsa2013-22.html
http://www.mozilla.org/security/announce/2013/mfsa2013-23.html
http://www.mozilla.org/security/announce/2013/mfsa2013-24.html
http://www.mozilla.org/security/announce/2013/mfsa2013-25.html
http://www.mozilla.org/security/announce/2013/mfsa2013-26.html
http://www.mozilla.org/security/announce/2013/mfsa2013-27.html
http://www.mozilla.org/security/announce/2013/mfsa2013-28.html
https://bugs.mageia.org/show_bug.cgi?id=9173