Wiki » Support/Advisories/MGASA-2013-0086

MGASA-2013-0086

Date:	March 9th, 2013
Affected releases:	2
Media:	Core

Description:
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox
before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird
ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a
denial of service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors. (CVE-2013-0783)

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0,
Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial
of service (memory corruption and application crash) or possibly execute arbitrary code via unknown
vectors. (CVE-2013-0784)

The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3,
and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process
memory or cause a denial of service (out-of-bounds read and application crash) via a crafted
GIF image. (CVE-2013-0772)

Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple
wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified
vectors. (CVE-2013-0765)

The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0,
Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before

2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from

chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. (CVE-2013-0773)

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3,
and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has
unspecified impact and remote attack vectors. (CVE-2013-0774)

Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox
ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote
attackers to execute arbitrary code via crafted web script. (CVE-2013-0775)

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3,

and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides

a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. (CVE-2013-0776)

Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before
17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption)

via unspecified vectors. (CVE-2013-0777)

The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows
remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2013-0778)

The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows
remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2013-0779)

Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x
before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to
execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets
(CSS) -moz-column-* properties. (CVE-2013-0780)

Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before
17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory
corruption) via unspecified vectors. (CVE-2013-0781)

Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x
before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to
execute arbitrary code via unspecified vectors. (CVE-2013-0782)

Updated Packages:
i586:
iceape-2.16-1.mga2.i586.rpm

x86_64:
iceape-2.16-1.mga2.i586.rpm

SRPMS:
iceape-2.16-1.mga2.src.rpm

Wiki » Support/Advisories/MGASA-2013-0086

MGASA-2013-0086

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools