Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 450940 (CVE-2012-5829)

Summary: <mail-client/thunderbird{,-bin}-17.0.2,<www-client/firefox{,-bin}-17.0.2,<www-client/seamonkey{,-bin}-2.15.1: multiple vulnerabilities (CVE-2012-5829,CVE-2013-{0743,0744,0745,0746,0747,0748,0749,0750,0751,0752,0753,0754,0755,0756,0757,0758,0759,...,0771})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: alex_y_xu, mozilla
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 454308, 458390    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2013-01-08 19:44:27 UTC 
http://www.mozilla.org/security/announce/

MFSA 2013-20 Mis-issued TURKTRUST certificates
MFSA 2013-19 Use-after-free in Javascript Proxy objects
MFSA 2013-18 Use-after-free in Vibrate
MFSA 2013-17 Use-after-free in ListenerManager
MFSA 2013-16 Use-after-free in serializeToStream
MFSA 2013-15 Privilege escalation through plugin objects
MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
MFSA 2013-12 Buffer overflow in Javascript string concatenation
MFSA 2013-11 Address space layout leaked in XBL objects
MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
MFSA 2013-09 Compartment mismatch with quickstubs returned values
MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
MFSA 2013-07 Crash due to handling of SSL on threads
MFSA 2013-06 Touch events are shared across iframes
MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
MFSA 2013-04 URL spoofing in addressbar during page loads
MFSA 2013-03 Buffer Overflow in Canvas
MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2013-01-09 20:11:37 UTC 
*** Bug 450968 has been marked as a duplicate of this bug. ***
Comment 2 Jory A. Pratt gentoo-dev 2013-01-11 19:45:43 UTC 
We are using firefox,thunderbird-17.0.2 for stable along with seamonkey-2.15 please do not forget the dep of nss-3.14.1 and nspr-4.9.4. Please feel free to bring in the teams when ready.
Comment 3 Sean Amoss (RETIRED) gentoo-dev Security 2013-01-15 22:22:18 UTC 
MFSA 2013-01	CVE-2013-{0749,0769,0770}
MFSA 2013-02	CVE-2012-5829,CVE-2013-{0760,0761,0762,0763,0766,0767,0771})
MFSA 2013-03	CVE-2013-0768
MFSA 2013-04	CVE-2013-0759
MFSA 2013-05	CVE-2013-0744
MFSA 2013-06	CVE-2013-0751
MFSA 2013-07	CVE-2013-0764
MFSA 2013-08	CVE-2013-0745
MFSA 2013-09	CVE-2013-0746
MFSA 2013-10	CVE-2013-0747
MFSA 2013-11	CVE-2013-0748
MFSA 2013-12	CVE-2013-0750
MFSA 2013-13	CVE-2013-0752
MFSA 2013-14	CVE-2013-0757
MFSA 2013-15	CVE-2013-0758
MFSA 2013-16	CVE-2013-0753
MFSA 2013-17	CVE-2013-0754
MFSA 2013-18	CVE-2013-0755
MFSA 2013-19	CVE-2013-0756
MFSA 2013-20	CVE-2013-0743
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-01-15 22:22:34 UTC 
CVE-2013-0771 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0771):
  Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries
  function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1,
  Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey
  before 2.15 allows remote attackers to execute arbitrary code via a crafted
  document.

CVE-2013-0770 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0770):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15
  allow remote attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2013-0769 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0769):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1,
  Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x
  before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a
  denial of service (memory corruption and application crash) or possibly
  execute arbitrary code via unknown vectors.

CVE-2013-0768 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0768):
  Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox
  before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2,
  Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote
  attackers to execute arbitrary code via an HTML document that specifies
  invalid width and height values.

CVE-2013-0767 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0767):
  The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before
  18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird
  before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1,
  and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code
  or cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2013-0766 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0766):
  Use-after-free vulnerability in the ~nsHTMLEditRules implementation in
  Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before
  17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and
  17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to
  execute arbitrary code or cause a denial of service (heap memory corruption)
  via unspecified vectors.

CVE-2013-0764 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0764):
  The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before
  18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird
  ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread
  safety for SSL sessions, which allows remote attackers to execute arbitrary
  code via crafted data, as demonstrated by e-mail message data.

CVE-2013-0763 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0763):
  Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR
  17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before
  17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute
  arbitrary code or cause a denial of service (heap memory corruption) via
  vectors related to Mesa drivers and a resized WebGL canvas.

CVE-2013-0762 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0762):
  Use-after-free vulnerability in the imgRequest::OnStopFrame function in
  Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before
  17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and
  17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to
  execute arbitrary code or cause a denial of service (heap memory corruption)
  via unspecified vectors.

CVE-2013-0761 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0761):
  Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack
  implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before
  17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and
  SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or
  cause a denial of service (heap memory corruption) via unspecified vectors.

CVE-2013-0760 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0760):
  Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in
  Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before
  2.15 allows remote attackers to execute arbitrary code via a crafted
  document.

CVE-2013-0759 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0759):
  Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before
  17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and
  17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to
  spoof the address bar via vectors involving authentication information in
  the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP
  status code.

CVE-2013-0758 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0758):
  Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before
  17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and
  17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to
  execute arbitrary JavaScript code with chrome privileges by leveraging
  improper interaction between plugin objects and SVG elements.

CVE-2013-0757 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0757):
  The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before
  18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird
  ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent
  modifications to the prototype of an object, which allows remote attackers
  to execute arbitrary JavaScript code with chrome privileges by referencing
  Object.prototype.__proto__ in a crafted HTML document.

CVE-2013-0756 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0756):
  Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox
  before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2,
  Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote
  attackers to execute arbitrary code via a crafted web page referencing
  JavaScript Proxy objects that are not properly handled during garbage
  collection.

CVE-2013-0755 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0755):
  Use-after-free vulnerability in the mozVibrate implementation in the Vibrate
  library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2,
  Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey
  before 2.15 allows remote attackers to execute arbitrary code via vectors
  related to the domDoc pointer.

CVE-2013-0754 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0754):
  Use-after-free vulnerability in the ListenerManager implementation in
  Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before
  17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and
  17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to
  execute arbitrary code via vectors involving the triggering of garbage
  collection after memory allocation for listener objects.

CVE-2013-0753 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0753):
  Use-after-free vulnerability in the serializeToStream implementation in the
  XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x
  before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2,
  Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey
  before 2.15 allows remote attackers to execute arbitrary code via crafted
  web content.

CVE-2013-0752 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0752):
  Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird
  before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15
  allow remote attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via a crafted XBL file with multiple bindings
  that have SVG content.

CVE-2013-0751 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0751):
  Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not
  restrict a touch event to a single IFRAME element, which allows remote
  attackers to obtain sensitive information or possibly conduct cross-site
  scripting (XSS) attacks via a crafted HTML document.

CVE-2013-0750 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0750):
  Integer overflow in the JavaScript implementation in Mozilla Firefox before
  18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird
  before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2,
  and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code
  via a crafted string concatenation, leading to improper memory allocation
  and a heap-based buffer overflow.

CVE-2013-0749 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0749):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before
  17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow
  remote attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2013-0748 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0748):
  The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0,
  Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before
  17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and
  SeaMonkey before 2.15 makes it easier for remote attackers to bypass the
  ASLR protection mechanism by calling the toString function of an XBL object.

CVE-2013-0747 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0747):
  The gPluginHandler.handleEvent function in the plugin handler in Mozilla
  Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before
  17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does
  not properly enforce the Same Origin Policy, which allows remote attackers
  to conduct clickjacking attacks via crafted JavaScript code that listens for
  a mutation event.

CVE-2013-0746 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0746):
  Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before
  17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and
  17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement
  quickstubs that use the jsval data type for their return values, which
  allows remote attackers to execute arbitrary code or cause a denial of
  service (compartment mismatch and application crash) via crafted JavaScript
  code that is not properly handled during garbage collection.

CVE-2013-0745 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0745):
  The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR
  17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before
  17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage
  collection, which allows remote attackers to execute arbitrary code via a
  crafted HTML document referencing JavaScript objects.

CVE-2013-0744 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0744):
  Use-after-free vulnerability in the
  TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla
  Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2,
  Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x
  before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute
  arbitrary code or cause a denial of service (heap memory corruption) via an
  HTML document with a table containing many columns and column groups.
Comment 5 Sean Amoss (RETIRED) gentoo-dev Security 2013-01-15 22:24:56 UTC 
Arches, please test and mark stable:

=www-client/firefox-17.0.2
Target KEYWORDS: "alpha amd64 ia64 ppc ppc64 x86"

=www-client/firefox-bin-17.0.2
Target KEYWORDS: "amd64 x86"

=mail-client/thunderbird-17.0.2
Target KEYWORDS: "amd64 ppc ppc64 x86"

=mail-client/thunderbird-bin-17.0.2
Target KEYWORDS: "amd64 x86"

=www-client/seamonkey-2.15
Target KEYWORDS: "amd64 x86"

=www-client/seamonkey-bin-2.15
Target KEYWORDS: "amd64 x86"

=dev-libs/nss-3.14.1
Target KEYWORDS: "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=dev-libs/nspr-4.9.4
Target KEYWORDS: "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2013-01-16 16:35:14 UTC 
Stable for HPPA.
Comment 7 Agostino Sarubbo gentoo-dev 2013-01-20 18:28:36 UTC 
amd64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-01-20 18:33:49 UTC 
x86 stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-01-21 13:48:15 UTC 
ppc64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-01-21 14:12:20 UTC 
ppc stable
Comment 11 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2013-01-21 15:25:19 UTC 
+*seamonkey-2.15.1 (21 Jan 2013)
+
+  21 Jan 2013; Lars Wendler <polynomial-c@gentoo.org>
+  -seamonkey-2.15-r1.ebuild, +seamonkey-2.15.1.ebuild:
+  Version bump. Comitted straight to stable as it replaces seamonkey-2.15-r1
+  which got removed.
+

Please stabilize www-client/seamonkey-2.15.1 instead of 2.15-r1.
Target keywords should be (the previous ones were wrong):
amd64 ppc ppc64 x86
Comment 12 Agostino Sarubbo gentoo-dev 2013-01-21 16:27:56 UTC 
sparc stable
Comment 13 Sean Amoss (RETIRED) gentoo-dev Security 2013-01-21 22:22:58 UTC 
(In reply to comment #11)
> +*seamonkey-2.15.1 (21 Jan 2013)
> +
> +  21 Jan 2013; Lars Wendler <polynomial-c@gentoo.org>
> +  -seamonkey-2.15-r1.ebuild, +seamonkey-2.15.1.ebuild:
> +  Version bump. Comitted straight to stable as it replaces seamonkey-2.15-r1
> +  which got removed.
> +
> 
> Please stabilize www-client/seamonkey-2.15.1 instead of 2.15-r1.
> Target keywords should be (the previous ones were wrong):
> amd64 ppc ppc64 x86

Thanks, Lars. Re-adding ppc and ppc64.
Comment 14 Agostino Sarubbo gentoo-dev 2013-01-28 23:30:08 UTC 
as per https://bugs.gentoo.org/show_bug.cgi?id=454308#c3, removing ppc/ppc64
Comment 15 Agostino Sarubbo gentoo-dev 2013-02-04 12:53:18 UTC 
arm stable
Comment 16 Sean Amoss (RETIRED) gentoo-dev Security 2013-02-23 16:16:17 UTC 
alpha and ia64 will continue in bug 458390
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2013-09-30 00:29:02 UTC 
This issue was resolved and addressed in
 GLSA 201309-23 at http://security.gentoo.org/glsa/glsa-201309-23.xml
by GLSA coordinator Chris Reffett (creffett).