MGASA-2012-0279
| Date: | September 30th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated iceape packages fix security issues:
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox
before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0,
Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote
attackers to cause a denial of service (memory corruption and application
crash) or possibly execute arbitrary code via unknown vectors. (CVE-2012-1970)
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox
before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote
attackers to cause a denial of service (memory corruption and application
crash) or possibly execute arbitrary code via vectors related to garbage
collection after certain MethodJIT execution, and unknown other vectors.
(CVE-2012-1971)
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes
function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
before 2.12 allows remote attackers to execute arbitrary code or cause a denial
of service (heap memory corruption) via unspecified vectors. (CVE-2012-1972)
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function
in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
allows remote attackers to execute arbitrary code or cause a denial of service
(heap memory corruption) via unspecified vectors. (CVE-2012-1973)
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before
15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows
remote attackers to execute arbitrary code or cause a denial of service (heap
memory corruption) via unspecified vectors. (CVE-2012-1974)
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla
Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0,
Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
attackers to execute arbitrary code or cause a denial of service (heap memory
corruption) via unspecified vectors. (CVE-2012-1975)
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues
function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
before 2.12 allows remote attackers to execute arbitrary code or cause a denial
of service (heap memory corruption) via unspecified vectors. (CVE-2012-1976)
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run
function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
before 2.12 allows remote attackers to execute arbitrary code or cause a denial
of service (heap memory corruption) via unspecified vectors. (CVE-2012-3956)
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before
15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows
remote attackers to execute arbitrary code via unspecified vectors.
(CVE-2012-3957)
Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements
function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
before 2.12 allows remote attackers to execute arbitrary code or cause a denial
of service (heap memory corruption) via unspecified vectors. (CVE-2012-3958)
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function
in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
allows remote attackers to execute arbitrary code or cause a denial of service
(heap memory corruption) via unspecified vectors. (CVE-2012-3959)
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary
function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7,
Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey
before 2.12 allows remote attackers to execute arbitrary code or cause a denial
of service (heap memory corruption) via unspecified vectors. (CVE-2012-3960)
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox
before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0,
Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
attackers to execute arbitrary code or cause a denial of service (heap memory
corruption) via unspecified vectors. (CVE-2012-3961)
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before
15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not
properly iterate through the characters in a text run, which allows remote
attackers to execute arbitrary code via a crafted document. (CVE-2012-3962)
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before
15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows
remote attackers to execute arbitrary code via unspecified vectors.
(CVE-2012-3963)
Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla
Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0,
Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
attackers to execute arbitrary code or cause a denial of service (heap memory
corruption) via unspecified vectors. (CVE-2012-3964)
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12
do not prevent use of the Object.defineProperty method to shadow the location
object (aka window.location), which makes it easier for remote attackers to
conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
(CVE-2012-1956)
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before
15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow
remote attackers to execute arbitrary code or cause a denial of service (memory
corruption) via a negative height value in a BMP image within a .ICO file,
related to (1) improper handling of the transparency bitmask by the
nsICODecoder component and (2) improper processing of the alpha channel by the
nsBMPDecoder component. (CVE-2012-3966)
The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. (CVE-2012-3967)
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. (CVE-2012-3968)
Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. (CVE-2012-3969)
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. (CVE-2012-3970)
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. (CVE-2012-3971)
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. (CVE-2012-3972)
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code. (CVE-2012-3975)
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. (CVE-2012-3976)
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. (CVE-2012-3978)
SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session cookies, even over an encrypted SSL connection. (MFSA 2012-73)
Updated Packages:
Mageia 1:
iceape-2.12.1-1.mga1
Mageia 2: iceape-2.12.1-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://www.mozilla.org/security/announce/2012/mfsa2012-73.html
https://bugs.mageia.org/show_bug.cgi?id=7563
