Wiki » Support/Advisories/MGASA-2013-0108

MGASA-2013-0108

Date:	April 4th, 2013
Affected releases:	2
Media:	Core

Description:
Updated firefox packages fix security vulnerabilities:

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox (CVE-2013-0788).

A flaw was found in the way Same Origin Wrappers were implemented in
Firefox. A malicious site could use this flaw to bypass the same-origin
policy and execute arbitrary code with the privileges of the user running
Firefox (CVE-2013-0795).

A flaw was found in the embedded WebGL library in Firefox. A web page
containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
Note: This issue only affected systems using the Intel Mesa graphics
drivers (CVE-2013-0796).

An out-of-bounds write flaw was found in the embedded Cairo library in
Firefox. A web page containing malicious content could cause Firefox to
crash or, potentially, execute arbitrary code with the privileges of the
user running Firefox (CVE-2013-0800).

A flaw was found in the way Firefox handled the JavaScript history
functions. A malicious site could cause a web page to be displayed that has
a baseURI pointing to a different site, allowing cross-site scripting (XSS)
and phishing attacks (CVE-2013-0793).

Updated Packages:
i586:
firefox-17.0.5-1.mga2.i586.rpm
firefox-devel-17.0.5-1.mga2.i586.rpm
firefox-debug-17.0.5-1.mga2.i586.rpm
firefox-af-17.0.5-1.mga2.noarch.rpm
firefox-ar-17.0.5-1.mga2.noarch.rpm
firefox-ast-17.0.5-1.mga2.noarch.rpm
firefox-be-17.0.5-1.mga2.noarch.rpm
firefox-bg-17.0.5-1.mga2.noarch.rpm
firefox-bn_BD-17.0.5-1.mga2.noarch.rpm
firefox-bn_IN-17.0.5-1.mga2.noarch.rpm
firefox-br-17.0.5-1.mga2.noarch.rpm
firefox-bs-17.0.5-1.mga2.noarch.rpm
firefox-ca-17.0.5-1.mga2.noarch.rpm
firefox-cs-17.0.5-1.mga2.noarch.rpm
firefox-cy-17.0.5-1.mga2.noarch.rpm
firefox-da-17.0.5-1.mga2.noarch.rpm
firefox-de-17.0.5-1.mga2.noarch.rpm
firefox-el-17.0.5-1.mga2.noarch.rpm
firefox-en_GB-17.0.5-1.mga2.noarch.rpm
firefox-en_ZA-17.0.5-1.mga2.noarch.rpm
firefox-eo-17.0.5-1.mga2.noarch.rpm
firefox-es_AR-17.0.5-1.mga2.noarch.rpm
firefox-es_CL-17.0.5-1.mga2.noarch.rpm
firefox-es_ES-17.0.5-1.mga2.noarch.rpm
firefox-es_MX-17.0.5-1.mga2.noarch.rpm
firefox-et-17.0.5-1.mga2.noarch.rpm
firefox-eu-17.0.5-1.mga2.noarch.rpm
firefox-fa-17.0.5-1.mga2.noarch.rpm
firefox-fi-17.0.5-1.mga2.noarch.rpm
firefox-fr-17.0.5-1.mga2.noarch.rpm
firefox-fy-17.0.5-1.mga2.noarch.rpm
firefox-ga_IE-17.0.5-1.mga2.noarch.rpm
firefox-gd-17.0.5-1.mga2.noarch.rpm
firefox-gl-17.0.5-1.mga2.noarch.rpm
firefox-gu_IN-17.0.5-1.mga2.noarch.rpm
firefox-he-17.0.5-1.mga2.noarch.rpm
firefox-hi-17.0.5-1.mga2.noarch.rpm
firefox-hr-17.0.5-1.mga2.noarch.rpm
firefox-hu-17.0.5-1.mga2.noarch.rpm
firefox-hy-17.0.5-1.mga2.noarch.rpm
firefox-id-17.0.5-1.mga2.noarch.rpm
firefox-is-17.0.5-1.mga2.noarch.rpm
firefox-it-17.0.5-1.mga2.noarch.rpm
firefox-ja-17.0.5-1.mga2.noarch.rpm
firefox-kk-17.0.5-1.mga2.noarch.rpm
firefox-kn-17.0.5-1.mga2.noarch.rpm
firefox-ko-17.0.5-1.mga2.noarch.rpm
firefox-ku-17.0.5-1.mga2.noarch.rpm
firefox-lg-17.0.5-1.mga2.noarch.rpm
firefox-lt-17.0.5-1.mga2.noarch.rpm
firefox-lv-17.0.5-1.mga2.noarch.rpm
firefox-mai-17.0.5-1.mga2.noarch.rpm
firefox-mk-17.0.5-1.mga2.noarch.rpm
firefox-ml-17.0.5-1.mga2.noarch.rpm
firefox-mr-17.0.5-1.mga2.noarch.rpm
firefox-nb_NO-17.0.5-1.mga2.noarch.rpm
firefox-nl-17.0.5-1.mga2.noarch.rpm
firefox-nn_NO-17.0.5-1.mga2.noarch.rpm
firefox-nso-17.0.5-1.mga2.noarch.rpm
firefox-or-17.0.5-1.mga2.noarch.rpm
firefox-pa_IN-17.0.5-1.mga2.noarch.rpm
firefox-pl-17.0.5-1.mga2.noarch.rpm
firefox-pt_BR-17.0.5-1.mga2.noarch.rpm
firefox-pt_PT-17.0.5-1.mga2.noarch.rpm
firefox-ro-17.0.5-1.mga2.noarch.rpm
firefox-ru-17.0.5-1.mga2.noarch.rpm
firefox-si-17.0.5-1.mga2.noarch.rpm
firefox-sk-17.0.5-1.mga2.noarch.rpm
firefox-sl-17.0.5-1.mga2.noarch.rpm
firefox-sq-17.0.5-1.mga2.noarch.rpm
firefox-sr-17.0.5-1.mga2.noarch.rpm
firefox-sv_SE-17.0.5-1.mga2.noarch.rpm
firefox-ta-17.0.5-1.mga2.noarch.rpm
firefox-ta_LK-17.0.5-1.mga2.noarch.rpm
firefox-te-17.0.5-1.mga2.noarch.rpm
firefox-th-17.0.5-1.mga2.noarch.rpm
firefox-tr-17.0.5-1.mga2.noarch.rpm
firefox-uk-17.0.5-1.mga2.noarch.rpm
firefox-vi-17.0.5-1.mga2.noarch.rpm
firefox-zh_CN-17.0.5-1.mga2.noarch.rpm
firefox-zh_TW-17.0.5-1.mga2.noarch.rpm
firefox-zu-17.0.5-1.mga2.noarch.rpm
libnspr4-4.9.6-1.mga2.i586.rpm
libnspr-devel-4.9.6-1.mga2.i586.rpm
nspr-debug-4.9.6-1.mga2.i586.rpm

x86_64:
firefox-17.0.5-1.mga2.x86_64.rpm
firefox-devel-17.0.5-1.mga2.x86_64.rpm
firefox-debug-17.0.5-1.mga2.x86_64.rpm
firefox-af-17.0.5-1.mga2.noarch.rpm
firefox-ar-17.0.5-1.mga2.noarch.rpm
firefox-ast-17.0.5-1.mga2.noarch.rpm
firefox-be-17.0.5-1.mga2.noarch.rpm
firefox-bg-17.0.5-1.mga2.noarch.rpm
firefox-bn_BD-17.0.5-1.mga2.noarch.rpm
firefox-bn_IN-17.0.5-1.mga2.noarch.rpm
firefox-br-17.0.5-1.mga2.noarch.rpm
firefox-bs-17.0.5-1.mga2.noarch.rpm
firefox-ca-17.0.5-1.mga2.noarch.rpm
firefox-cs-17.0.5-1.mga2.noarch.rpm
firefox-cy-17.0.5-1.mga2.noarch.rpm
firefox-da-17.0.5-1.mga2.noarch.rpm
firefox-de-17.0.5-1.mga2.noarch.rpm
firefox-el-17.0.5-1.mga2.noarch.rpm
firefox-en_GB-17.0.5-1.mga2.noarch.rpm
firefox-en_ZA-17.0.5-1.mga2.noarch.rpm
firefox-eo-17.0.5-1.mga2.noarch.rpm
firefox-es_AR-17.0.5-1.mga2.noarch.rpm
firefox-es_CL-17.0.5-1.mga2.noarch.rpm
firefox-es_ES-17.0.5-1.mga2.noarch.rpm
firefox-es_MX-17.0.5-1.mga2.noarch.rpm
firefox-et-17.0.5-1.mga2.noarch.rpm
firefox-eu-17.0.5-1.mga2.noarch.rpm
firefox-fa-17.0.5-1.mga2.noarch.rpm
firefox-fi-17.0.5-1.mga2.noarch.rpm
firefox-fr-17.0.5-1.mga2.noarch.rpm
firefox-fy-17.0.5-1.mga2.noarch.rpm
firefox-ga_IE-17.0.5-1.mga2.noarch.rpm
firefox-gd-17.0.5-1.mga2.noarch.rpm
firefox-gl-17.0.5-1.mga2.noarch.rpm
firefox-gu_IN-17.0.5-1.mga2.noarch.rpm
firefox-he-17.0.5-1.mga2.noarch.rpm
firefox-hi-17.0.5-1.mga2.noarch.rpm
firefox-hr-17.0.5-1.mga2.noarch.rpm
firefox-hu-17.0.5-1.mga2.noarch.rpm
firefox-hy-17.0.5-1.mga2.noarch.rpm
firefox-id-17.0.5-1.mga2.noarch.rpm
firefox-is-17.0.5-1.mga2.noarch.rpm
firefox-it-17.0.5-1.mga2.noarch.rpm
firefox-ja-17.0.5-1.mga2.noarch.rpm
firefox-kk-17.0.5-1.mga2.noarch.rpm
firefox-kn-17.0.5-1.mga2.noarch.rpm
firefox-ko-17.0.5-1.mga2.noarch.rpm
firefox-ku-17.0.5-1.mga2.noarch.rpm
firefox-lg-17.0.5-1.mga2.noarch.rpm
firefox-lt-17.0.5-1.mga2.noarch.rpm
firefox-lv-17.0.5-1.mga2.noarch.rpm
firefox-mai-17.0.5-1.mga2.noarch.rpm
firefox-mk-17.0.5-1.mga2.noarch.rpm
firefox-ml-17.0.5-1.mga2.noarch.rpm
firefox-mr-17.0.5-1.mga2.noarch.rpm
firefox-nb_NO-17.0.5-1.mga2.noarch.rpm
firefox-nl-17.0.5-1.mga2.noarch.rpm
firefox-nn_NO-17.0.5-1.mga2.noarch.rpm
firefox-nso-17.0.5-1.mga2.noarch.rpm
firefox-or-17.0.5-1.mga2.noarch.rpm
firefox-pa_IN-17.0.5-1.mga2.noarch.rpm
firefox-pl-17.0.5-1.mga2.noarch.rpm
firefox-pt_BR-17.0.5-1.mga2.noarch.rpm
firefox-pt_PT-17.0.5-1.mga2.noarch.rpm
firefox-ro-17.0.5-1.mga2.noarch.rpm
firefox-ru-17.0.5-1.mga2.noarch.rpm
firefox-si-17.0.5-1.mga2.noarch.rpm
firefox-sk-17.0.5-1.mga2.noarch.rpm
firefox-sl-17.0.5-1.mga2.noarch.rpm
firefox-sq-17.0.5-1.mga2.noarch.rpm
firefox-sr-17.0.5-1.mga2.noarch.rpm
firefox-sv_SE-17.0.5-1.mga2.noarch.rpm
firefox-ta-17.0.5-1.mga2.noarch.rpm
firefox-ta_LK-17.0.5-1.mga2.noarch.rpm
firefox-te-17.0.5-1.mga2.noarch.rpm
firefox-th-17.0.5-1.mga2.noarch.rpm
firefox-tr-17.0.5-1.mga2.noarch.rpm
firefox-uk-17.0.5-1.mga2.noarch.rpm
firefox-vi-17.0.5-1.mga2.noarch.rpm
firefox-zh_CN-17.0.5-1.mga2.noarch.rpm
firefox-zh_TW-17.0.5-1.mga2.noarch.rpm
firefox-zu-17.0.5-1.mga2.noarch.rpm
lib64nspr4-4.9.6-1.mga2.x86_64.rpm
lib64nspr-devel-4.9.6-1.mga2.x86_64.rpm
nspr-debug-4.9.6-1.mga2.x86_64.rpm

SRPMS:
firefox-17.0.5-1.mga2.src.rpm
firefox-l10n-17.0.5-1.mga2.src.rpm
nspr-4.9.6-1.mga2.src.rpm

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800
http://www.mozilla.org/security/announce/2013/mfsa2013-30.html
http://www.mozilla.org/security/announce/2013/mfsa2013-31.html
http://www.mozilla.org/security/announce/2013/mfsa2013-35.html
http://www.mozilla.org/security/announce/2013/mfsa2013-36.html
http://www.mozilla.org/security/announce/2013/mfsa2013-38.html
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
https://rhn.redhat.com/errata/RHSA-2013-0696.html
https://bugs.mageia.org/show_bug.cgi?id=9599

Wiki » Support/Advisories/MGASA-2013-0108

MGASA-2013-0108

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools