Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 444318 - <mail-client/thunderbird{,-bin}-10.0.11, <www-client/firefox{,-bin}-10.0.11, <www-client/seamonkey-2.14-r1, <www-client/seamonkey-bin-2.14: Multiple vulnerabilities (CVE-2012-{4201,4202,4203,4204,4205,4206,4207,4208,4209,4210,4212,4213,4214,4215,...})
Summary: <mail-client/thunderbird{,-bin}-10.0.11, <www-client/firefox{,-bin}-10.0.11, ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa]
Keywords:
: CVE-2012-4201 (view as bug list)
Depends on:
Blocks: CVE-2012-4194
  Show dependency tree
 
Reported: 2012-11-22 15:03 UTC by GLSAMaker/CVETool Bot
Modified: 2013-10-06 15:29 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2012-11-22 15:03:33 UTC
CVE-2012-4216 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216):
  Use-after-free vulnerability in the gfxFont::GetFontEntry function in
  Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird
  before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14
  allows remote attackers to execute arbitrary code or cause a denial of
  service (heap memory corruption) via unspecified vectors.

CVE-2012-4215 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215):
  Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent
  function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11,
  Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey
  before 2.14 allows remote attackers to execute arbitrary code or cause a
  denial of service (heap memory corruption) via unspecified vectors.

CVE-2012-4214 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4214):
  Use-after-free vulnerability in the nsTextEditorState::PrepareEditor
  function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11,
  Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey
  before 2.14 allows remote attackers to execute arbitrary code or cause a
  denial of service (heap memory corruption) via unspecified vectors, a
  different vulnerability than CVE-2012-5840.

CVE-2012-4213 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4213):
  Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in
  Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before
  2.14 allows remote attackers to execute arbitrary code or cause a denial of
  service (heap memory corruption) via unspecified vectors.

CVE-2012-4212 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212):
  Use-after-free vulnerability in the XPCWrappedNative::Mark function in
  Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before
  2.14 allows remote attackers to execute arbitrary code or cause a denial of
  service (heap memory corruption) via unspecified vectors.

CVE-2012-4210 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210):
  The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x
  before 10.0.11 does not properly restrict the context of HTML markup and
  Cascading Style Sheets (CSS) token sequences, which allows user-assisted
  remote attackers to execute arbitrary JavaScript code with chrome privileges
  via a crafted stylesheet.

CVE-2012-4209 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209):
  Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird
  before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14
  do not prevent use of a "top" frame name-attribute value to access the
  location property, which makes it easier for remote attackers to conduct
  cross-site scripting (XSS) attacks via vectors involving a binary plugin.

CVE-2012-4208 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208):
  The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird
  before 17.0, and SeaMonkey before 2.14 does not consider the compartment
  during property filtering, which allows remote attackers to bypass intended
  chrome-only restrictions on reading DOM object properties via a crafted web
  site.

CVE-2012-4207 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207):
  The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0,
  Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR
  10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~
  (tilde) character in proximity to a chunk delimiter, which allows remote
  attackers to conduct cross-site scripting (XSS) attacks via a crafted
  document.

CVE-2012-4206 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206):
  Untrusted search path vulnerability in the installer in Mozilla Firefox
  before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local
  users to gain privileges via a Trojan horse DLL in the default downloads
  directory.

CVE-2012-4205 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205):
  Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before
  2.14 assign the system principal, rather than the sandbox principal, to
  XMLHttpRequest objects created in sandboxes, which allows remote attackers
  to conduct cross-site request forgery (CSRF) attacks or obtain sensitive
  information by leveraging a sandboxed add-on.

CVE-2012-4204 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204):
  The str_unescape function in the JavaScript engine in Mozilla Firefox before
  17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote
  attackers to execute arbitrary code or cause a denial of service (memory
  corruption and application crash) via unspecified vectors.

CVE-2012-4203 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4203):
  The New Tab page in Mozilla Firefox before 17.0 uses a privileged context
  for execution of JavaScript code by bookmarklets, which allows user-assisted
  remote attackers to run arbitrary programs by leveraging a javascript: URL
  in a bookmark.

CVE-2012-4202 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202):
  Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function
  in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird
  before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14
  allows remote attackers to execute arbitrary code via a crafted GIF image.

CVE-2012-4201 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201):
  The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR
  10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before
  10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the
  handling of JavaScript code that sets the location.href property, which
  allows remote attackers to conduct cross-site scripting (XSS) attacks or
  read arbitrary files by leveraging a sandboxed add-on.
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2012-11-24 20:22:21 UTC
mail-client/thunderbird{,-bin}-10.0.11, www-client/firefox{,-bin}-10.0.11 and www-client/seamonkey{,-bin}-2.14 are now in the tree and should address these bugs.
Comment 2 Alex Xu (Hello71) 2012-11-25 03:45:16 UTC
*** Bug 444642 has been marked as a duplicate of this bug. ***
Comment 3 Alex Xu (Hello71) 2012-11-25 03:48:01 UTC
Should block #439960 (<mail-client/thunderbird{,-bin}-10.0.10 , <www-client/firefox{,-bin}-10.0.10 , <www-client/seamonkey{-bin}-2.13.2), someone with privileges please add.
Comment 4 Alex Xu (Hello71) 2012-11-25 03:50:34 UTC
Sorry for CC spam, URL should be https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html or similar.
Comment 5 Sean Amoss (RETIRED) gentoo-dev Security 2012-11-26 02:03:06 UTC
(In reply to comment #1)
> mail-client/thunderbird{,-bin}-10.0.11, www-client/firefox{,-bin}-10.0.11
> and www-client/seamonkey{,-bin}-2.14 are now in the tree and should address
> these bugs.

Thanks, Lars.

Arches, please test and mark stable:

=www-client/firefox-10.0.11
Target keywords: "alpha amd64 arm ia64 ppc ppc64 x86"

=www-client/firefox-bin-10.0.11
Target keywords: "amd64 x86"

=mail-client/thunderbird-10.0.11
Target keywords: "amd64 ppc ppc64 x86"

=mail-client/thunderbird-bin-10.0.11
Target keywords: "amd64 x86"

=www-client/seamonkey-2.14-r1
Target keywords: "amd64 x86"

=www-client/seamonkey-bin-2.14
Target keywords: "amd64 x86"

=dev-libs/nspr-4.9.2
Target keywords: "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
(alpha, amd64, arm, hppa, ia64, ppc, sparc and x86 are already stable)

=dev-libs/nss-3.14
Target keywords: "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
(alpha, amd64, arm, hppa, ia64 and x86 are already stable - See bug 439586)
Comment 6 Agostino Sarubbo gentoo-dev 2012-11-27 12:28:24 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2012-11-30 16:58:14 UTC
ppc stable
Comment 8 Andreas Schürch gentoo-dev 2012-12-03 08:22:59 UTC
x86 done.
Comment 9 Agostino Sarubbo gentoo-dev 2012-12-05 20:55:42 UTC
ppc64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2012-12-26 09:11:15 UTC
ia64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2012-12-28 15:08:55 UTC
sparc stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-01-07 20:00:42 UTC
alpha stable
Comment 13 Sean Amoss (RETIRED) gentoo-dev Security 2013-01-07 23:24:42 UTC
Moving to [glsa] as all supported arches are finished. 

arm should continue to stabilize.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:05:53 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).
Comment 15 Sean Amoss (RETIRED) gentoo-dev Security 2013-01-08 01:06:22 UTC
Re-opening for ARM to continue.
Comment 16 Agostino Sarubbo gentoo-dev 2013-01-20 13:12:05 UTC
(In reply to comment #15)
> Re-opening for ARM to continue.

arm will continue in bug 450940
Comment 17 Sean Amoss (RETIRED) gentoo-dev Security 2013-01-21 22:41:03 UTC
The end.