Summary: | <www-client/firefox{,-bin}-10.0.4, <mail-client/thunderbird{,-bin}-10.0.4, <www-client/seamonkey{,-bin}-2.9 : Multiple vulnerabilities (CVE-2011-{1187,3062},CVE-2012-{0467,0468,0469,0470,0471,0473,0474,0475,0477,0478,0479}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | andre.reinke, mozilla |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/48972/ | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=413655 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 427224 | ||
Bug Blocks: | 408161 |
Description
Agostino Sarubbo
2012-04-26 18:47:14 UTC
firefox-10.0.4, thunderbird-10.0.4 and seamonkey{,-bin}-2.9 are now in the tree. (In reply to comment #1) > firefox-10.0.4, thunderbird-10.0.4 and seamonkey{,-bin}-2.9 are now in the > tree. firefox-bin-10.0.4 and thunderbird-bin-10.0.4 are now in the tree as well Arches, please test and mark stable: =www-client/firefox-10.0.4 Target keywords : "alpha amd64 arm ia64 ppc x86" =www-client/firefox-bin-10.0.4 Target keywords : "amd64 x86" =mail-client/thunderbird-10.0.4 Target keywords : "alpha amd64 x86" =mail-client/thunderbird-bin-10.0.4 Target keywords : "amd64 x86" =www-client/seamonkey-2.9 Target keywords : "alpha amd64 arm ppc x86" =www-client/seamonkey-bin-2.9 Target keywords : "amd64 x86" Arches, this bug is rated at B2 which has a target delay of only 10 days. Please try to stabilize within that time. CVE-2012-0479 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479): Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. CVE-2012-0478 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478): The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. CVE-2012-0477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477): Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set. CVE-2012-0475 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475): Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. CVE-2012-0474 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474): Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." CVE-2012-0473 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473): The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. CVE-2012-0471 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471): Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set. CVE-2012-0470 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470): Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems." CVE-2012-0469 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469): Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. CVE-2012-0468 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468): The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. CVE-2012-0467 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. x86: i'm not see problems with all *-bin packeges: all pass Also pass for =www-client/firefox-10.0.4 && =mail-client/thunderbird-10.0.4 QA for thunderbird: * QA Notice: command not found: * * /var/tmp/portage/mail-client/thunderbird-10.0.4/work/comm-esr10/db/makefiles.sh: line 38: $'\r': command not found apart known bugs (Bug 394715 Bug 391889 Bug 398389), there aren't regressions, for amd64 is ok amd64 stable x86 stable, thanks Mikle. This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle). |