Summary: | <www-client/firefox{,-bin}-{24.6.0,30}, <mail-client/thunderbird{,-bin}-24.6.0, <dev-libs/nspr-4.10.6, <www-client/seamonkey{,-bin}-2.26.1: multiple vulnerabilities (CVE-2014-{1533,1534,1536,1537,1538,1539,1540,1541,1542,1543,1545}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Frank Krömmelbein <kroemmelbein> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ab4bd, arm, cyberbat83, jackdachef, mozilla, mrueg, mstomich, theodor |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.mozilla.org/security/known-vulnerabilities/firefox.html | ||
Whiteboard: | A2 [glsa glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 541316 | ||
Bug Blocks: |
Description
Frank Krömmelbein
2014-06-10 16:40:55 UTC
MFSA 2014-55 Out of bounds write in NSPR MFSA 2014-54 Buffer overflow in Gamepad API MFSA 2014-53 Buffer overflow in Web Audio Speex resampler MFSA 2014-52 Use-after-free with SMIL Animation Controller MFSA 2014-51 Use-after-free in Event Listener Manager MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6) @mozilla team: when is time to stabilize please describe the versions and the targets with order. Thanks. (In reply to Agostino Sarubbo from comment #2) > @mozilla team: > > when is time to stabilize please describe the versions and the targets with > order. > > Thanks. {thunderbird,firefox}{,-bin}-24.6.0 are in the tree and ready for stabilization, nspr-4.10.6 is not a trivial bump and will have to wait for tomorrow. Firefox-30 will also need to wait but it doesn't get stabilized. No word on seamonkey yet, upstream has not made a 2.27 release and I didn't check the MFSA's to see if seamonkey is affected yet, either. If nobody is in a huge rush, i will file the official stablereq's tomorrow once nspr is done. *** Bug 513112 has been marked as a duplicate of this bug. *** OK, all stabilizable targets are in the tree. Arch Teams, please test and please stabilize as follows: =dev-libs/nspr-4.10.6 Target stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 =mail-client/thunderbird-24.6.0 Target stable KEYWORDS : amd64 arm ppc ppc64 x86 =www-client/firefox-24.6.0 Target stable KEYWORDS : amd64 arm hppa ppc ppc64 x86 (note: firefox-30 is still coming) (In reply to Ian Stakenvicius from comment #5) > OK, all stabilizable targets are in the tree. > > Arch Teams, please test and please stabilize as follows: ..forgot the -bin packages... =www-client/firefox-bin-24.6.0 Target stable KEYWORDS : amd64 x86 =mail-client/thunderbird-bin-24.6.0 Target stable KEYWORDS : amd64 x86 amd64 stable www-client/firefox-30.0 needs newer sqlite package: configure:22859: checking for sqlite3 >= 3.8.3.1 configure: error: Library requirements (sqlite3 >= 3.8.3.1) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them. While in ebuild the requirement is only: system-sqlite? ( >=dev-db/sqlite-3.8.1.3:3[secure-delete,debug=] ) (In reply to Tomasz Golinski from comment #8) > www-client/firefox-30.0 needs newer sqlite package: > > > configure:22859: checking for sqlite3 >= 3.8.3.1 > system-sqlite? ( >=dev-db/sqlite-3.8.1.3:3[secure-delete,debug=] ) Apologies for my dyslexia, i thought the dep was already correct. Fixed in-place in the tree, for expediency; I will go through every dep again over the next 24/48h to confirm they are correct too. Stable for HPPA. x86 stable arm stable for =dev-libs/nspr-4.10.6. Added seamonkey to the bug since it too is vulnerable. Arches, please test and stabilize: =www-client/seamonkey{,-bin}-2.26.1 Target stable KEYWORDS : amd64 x86 amd64 stable x86 stable alpha stable ppc stable ppc64 stable ia64 stable sparc stable CVE-2014-1542 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1542): Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. CVE-2014-1541 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1541): Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. CVE-2014-1540 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1540): Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. CVE-2014-1539 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1539): Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. CVE-2014-1538 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1538): Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2014-1537 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1537): Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2014-1536 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1536): The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2014-1534 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1534): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-1533 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1533): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Merging multiple bugs for www-client/firefox{,-bin}, mail-client/thunderbird{,-bin}, www-client/seamonkey{,-bin) under the latest bug 531408 which is undergoing stabilization with each bug either needing cleanup or some stabilization. CVE-2014-1545 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1545): Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. CVE-2014-1543 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1543): Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device. Setting blocker to Bug 541506, stabilization of version: 31.5.0 Arm stabilization was not completed as part of this build. Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201504-01 at https://security.gentoo.org/glsa/201504-01 by GLSA coordinator Kristian Fiskerstrand (K_F). |