Summary: | <www-client/firefox{,-bin}-10.0.3 ,<mail-client/thunderbird{,-bin}-10.0.3 , <www-client/seamonkey{,-bin}-2.8: Multiple vulnerabilities (CVE-2012-{0451,0454,0455,0456,0457,0458,0459,0460,0461,0462,0463,0464}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bugs.gentoo.org, gentoo, tdalman |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/48402/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 413657 | ||
Bug Blocks: | 403183 |
Description
Agostino Sarubbo
2012-03-14 13:00:54 UTC
*** Bug 408371 has been marked as a duplicate of this bug. *** *** Bug 408359 has been marked as a duplicate of this bug. *** Firefox-10.0.3 and Thunderbird-10.0.3 are in the tree now, and are the stable candidates. Arches, please test and mark stable: =www-client/firefox-10.0.3 Target keywords : "alpha amd64 arm ia64 ppc x86" =www-client/firefox-bin-10.0.3 Target keywords : "amd64 x86" =mail-client/thunderbird-10.0.3 Target keywords : "alpha amd64 x86" =mail-client/thunderbird-bin-10.0.3 Target keywords : "amd64 x86" =www-client/seamonkey-2.8 Target keywords : "alpha amd64 arm ppc x86" =www-client/seamonkey-bin-2.8 Target keywords : "amd64 x86" Icecat will be masked asap. (In reply to comment #4) > =www-client/firefox-bin-10.0.3 > =mail-client/thunderbird-bin-10.0.3 > =www-client/seamonkey-bin-2.8 amd64 ok Pulled in also: =dev-libs/nss-3.13.3 =dev-libs/nspr-4.9 amd64 stable CVE-2012-0464 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464): Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. CVE-2012-0463 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463): The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android. CVE-2012-0462 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-0461 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-0460 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460): Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page. CVE-2012-0459 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459): The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe. CVE-2012-0458 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458): Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context. CVE-2012-0457 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457): Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation. CVE-2012-0456 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456): The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read. CVE-2012-0455 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455): Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue. CVE-2012-0454 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0454): Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library. CVE-2012-0451 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451): CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers. @mozilla: Will updated 3.6.28 ebuilds be provided for sparc? (In reply to comment #9) > @mozilla: > > Will updated 3.6.28 ebuilds be provided for sparc? I am not wanting to what I need is a bt of the failure on sparc so it can be resolved. Arches, could you look out for bug 409331 while testing and report there? This wasn't caught by the AMD64 team. (In reply to comment #11) > Arches, could you look out for bug 409331 while testing and report there? > This wasn't caught by the AMD64 team. Myckel, this is a duplicate of bug 388585 and this is not a regression. (In reply to comment #12) > (In reply to comment #11) > > Arches, could you look out for bug 409331 while testing and report there? > > This wasn't caught by the AMD64 team. > > Myckel, this is a duplicate of bug 388585 and this is not a regression. I think it is a regression, www-client/firefox-10.0.1-r1 builts and 10.0.3 does not. Alright bug 409331 is solved and (independently) bug 388585 is not a regression. x86 stable. Thanks. Once again, remaining arches will continue in bug 413657 This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle). |