Summary: | <mail-client/thunderbird{,-bin}-17.0.2,<www-client/firefox{,-bin}-17.0.2,<www-client/seamonkey{,-bin}-2.15.1: multiple vulnerabilities (CVE-2012-5829,CVE-2013-{0743,0744,0745,0746,0747,0748,0749,0750,0751,0752,0753,0754,0755,0756,0757,0758,0759,...,0771}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | alex_y_xu, mozilla |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 454308, 458390 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-01-08 19:44:27 UTC
*** Bug 450968 has been marked as a duplicate of this bug. *** We are using firefox,thunderbird-17.0.2 for stable along with seamonkey-2.15 please do not forget the dep of nss-3.14.1 and nspr-4.9.4. Please feel free to bring in the teams when ready. MFSA 2013-01 CVE-2013-{0749,0769,0770} MFSA 2013-02 CVE-2012-5829,CVE-2013-{0760,0761,0762,0763,0766,0767,0771}) MFSA 2013-03 CVE-2013-0768 MFSA 2013-04 CVE-2013-0759 MFSA 2013-05 CVE-2013-0744 MFSA 2013-06 CVE-2013-0751 MFSA 2013-07 CVE-2013-0764 MFSA 2013-08 CVE-2013-0745 MFSA 2013-09 CVE-2013-0746 MFSA 2013-10 CVE-2013-0747 MFSA 2013-11 CVE-2013-0748 MFSA 2013-12 CVE-2013-0750 MFSA 2013-13 CVE-2013-0752 MFSA 2013-14 CVE-2013-0757 MFSA 2013-15 CVE-2013-0758 MFSA 2013-16 CVE-2013-0753 MFSA 2013-17 CVE-2013-0754 MFSA 2013-18 CVE-2013-0755 MFSA 2013-19 CVE-2013-0756 MFSA 2013-20 CVE-2013-0743 CVE-2013-0771 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0771): Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. CVE-2013-0770 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0770): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-0769 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0769): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-0768 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0768): Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values. CVE-2013-0767 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0767): The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-0766 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0766): Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2013-0764 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0764): The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data. CVE-2013-0763 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0763): Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. CVE-2013-0762 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0762): Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2013-0761 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0761): Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2013-0760 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0760): Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. CVE-2013-0759 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0759): Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. CVE-2013-0758 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0758): Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. CVE-2013-0757 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0757): The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document. CVE-2013-0756 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0756): Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection. CVE-2013-0755 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0755): Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer. CVE-2013-0754 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0754): Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects. CVE-2013-0753 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0753): Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content. CVE-2013-0752 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0752): Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content. CVE-2013-0751 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0751): Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. CVE-2013-0750 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0750): Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow. CVE-2013-0749 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0749): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-0748 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0748): The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object. CVE-2013-0747 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0747): The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event. CVE-2013-0746 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0746): Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection. CVE-2013-0745 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0745): The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects. CVE-2013-0744 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0744): Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups. Arches, please test and mark stable: =www-client/firefox-17.0.2 Target KEYWORDS: "alpha amd64 ia64 ppc ppc64 x86" =www-client/firefox-bin-17.0.2 Target KEYWORDS: "amd64 x86" =mail-client/thunderbird-17.0.2 Target KEYWORDS: "amd64 ppc ppc64 x86" =mail-client/thunderbird-bin-17.0.2 Target KEYWORDS: "amd64 x86" =www-client/seamonkey-2.15 Target KEYWORDS: "amd64 x86" =www-client/seamonkey-bin-2.15 Target KEYWORDS: "amd64 x86" =dev-libs/nss-3.14.1 Target KEYWORDS: "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =dev-libs/nspr-4.9.4 Target KEYWORDS: "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Stable for HPPA. amd64 stable x86 stable ppc64 stable ppc stable +*seamonkey-2.15.1 (21 Jan 2013) + + 21 Jan 2013; Lars Wendler <polynomial-c@gentoo.org> + -seamonkey-2.15-r1.ebuild, +seamonkey-2.15.1.ebuild: + Version bump. Comitted straight to stable as it replaces seamonkey-2.15-r1 + which got removed. + Please stabilize www-client/seamonkey-2.15.1 instead of 2.15-r1. Target keywords should be (the previous ones were wrong): amd64 ppc ppc64 x86 sparc stable (In reply to comment #11) > +*seamonkey-2.15.1 (21 Jan 2013) > + > + 21 Jan 2013; Lars Wendler <polynomial-c@gentoo.org> > + -seamonkey-2.15-r1.ebuild, +seamonkey-2.15.1.ebuild: > + Version bump. Comitted straight to stable as it replaces seamonkey-2.15-r1 > + which got removed. > + > > Please stabilize www-client/seamonkey-2.15.1 instead of 2.15-r1. > Target keywords should be (the previous ones were wrong): > amd64 ppc ppc64 x86 Thanks, Lars. Re-adding ppc and ppc64. as per https://bugs.gentoo.org/show_bug.cgi?id=454308#c3, removing ppc/ppc64 arm stable alpha and ia64 will continue in bug 458390 This issue was resolved and addressed in GLSA 201309-23 at http://security.gentoo.org/glsa/glsa-201309-23.xml by GLSA coordinator Chris Reffett (creffett). |