Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 427224 (CVE-2012-1948) - <mail-client/thunderbird{,-bin}-10.0.6,<www-client/firefox{,-bin}-10.0.6,<www-client/seamonkey{,-bin}-2.11 multiple vulnerabilities (CVE-2012-{1948,1949,1950,1951,1952,1953,1954,1955,1957,1958,1959,1960,1961,1962,1963,1964,1965,1966,1967})
Summary: <mail-client/thunderbird{,-bin}-10.0.6,<www-client/firefox{,-bin}-10.0.6,<www...
Status: RESOLVED FIXED
Alias: CVE-2012-1948
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://www.mozilla.org/security/annou...
Whiteboard: A2 [glsa]
Keywords:
Depends on: 432680 CVE-2012-1956
Blocks: CVE-2011-3062 CVE-2011-3101
  Show dependency tree
 
Reported: 2012-07-19 13:48 UTC by Jory A. Pratt
Modified: 2013-01-08 01:05 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jory A. Pratt gentoo-dev 2012-07-19 13:48:57 UTC
MFSA 2012-56 Code execution through javascript: URLs
MFSA 2012-55 feed: URLs with an innerURI inherit security context of page
MFSA 2012-54 Clickjacking of certificate warning page
MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage
MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption
MFSA 2012-51 X-Frame-Options header ignored when duplicated
MFSA 2012-50 Out of bounds read in QCMS
MFSA 2012-49 Same-compartment Security Wrappers can be bypassed
MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden
MFSA 2012-47 Improper filtering of javascript in HTML feed-view
MFSA 2012-46 XSS through data: URLs
MFSA 2012-45 Spoofing issue with location
MFSA 2012-44 Gecko memory corruption
MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop
MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)
Comment 1 Jory A. Pratt gentoo-dev 2012-07-19 13:50:05 UTC
All ebuilds are in the tree and ready to go please feel free to bring in archs when ready.
Comment 2 Sean Amoss gentoo-dev Security 2012-07-19 15:25:03 UTC
MFSA to CVE Lineup:

MFSA 2012-42	CVE-2012-1948
MFSA 2012-42	CVE-2012-1949
MFSA 2012-43	CVE-2012-1950
MFSA 2012-44	CVE-2012-{1951,1952,1953,1954}
MFSA 2012-46	CVE-2012-1966
MFSA 2012-47	CVE-2012-1957
MFSA 2012-48	CVE-2012-1958
MFSA 2012-49	CVE-2012-1959
MFSA 2012-50	CVE-2012-1960
MFSA 2012-51	CVE-2012-1961
MFSA 2012-52	CVE-2012-1962
MFSA 2012-53	CVE-2012-1963
MFSA 2012-54	CVE-2012-1964
MFSA 2012-55	CVE-2012-1965
MFSA 2012-56	CVE-2012-1967
Comment 3 Sean Amoss gentoo-dev Security 2012-07-19 15:25:46 UTC
(In reply to comment #1)
> All ebuilds are in the tree and ready to go please feel free to bring in
> archs when ready.

Thanks, but I don't see =mail-client/thunderbird-10.0.6 in tree yet?
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-07-19 15:26:39 UTC
CVE-2012-1967 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967):
  Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6,
  Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and
  SeaMonkey before 2.11 do not properly implement the JavaScript sandbox
  utility, which allows remote attackers to execute arbitrary JavaScript code
  with improper privileges via a javascript: URL.

CVE-2012-1966 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966):
  Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not
  have the same context-menu restrictions for data: URLs as for javascript:
  URLs, which allows remote attackers to conduct cross-site scripting (XSS)
  attacks via a crafted URL.

CVE-2012-1965 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965):
  Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not
  properly establish the security context of a feed: URL, which allows remote
  attackers to bypass unspecified cross-site scripting (XSS) protection
  mechanisms via a feed:javascript: URL.

CVE-2012-1964 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964):
  The certificate-warning functionality in
  browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox
  4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through
  12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not
  properly handle attempted clickjacking of the about:certerror page, which
  allows man-in-the-middle attackers to trick users into adding an unintended
  exception via an IFRAME element.

CVE-2012-1963 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963):
  The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x
  through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0,
  Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not
  properly restrict the strings placed into the blocked-uri parameter of a
  violation report, which allows remote web servers to capture OpenID
  credentials and OAuth 2.0 access tokens by triggering a violation.

CVE-2012-1962 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962):
  Use-after-free vulnerability in the JSDependentString::undepend function in
  Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6,
  Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and
  SeaMonkey before 2.11 allows remote attackers to cause a denial of service
  (memory corruption) or possibly execute arbitrary code via vectors involving
  strings with multiple dependencies.

CVE-2012-1961 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961):
  Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6,
  Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and
  SeaMonkey before 2.11 do not properly handle duplicate values in
  X-Frame-Options headers, which makes it easier for remote attackers to
  conduct clickjacking attacks via a FRAME element referencing a web site that
  produces these duplicate values.

CVE-2012-1960 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960):
  The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation
  in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and
  SeaMonkey before 2.11 might allow remote attackers to obtain sensitive
  information from process memory via a crafted color profile that triggers an
  out-of-bounds read operation.

CVE-2012-1959 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959):
  Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6,
  Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and
  SeaMonkey before 2.11 do not consider the presence of same-compartment
  security wrappers (SCSW) during the cross-compartment wrapping of objects,
  which allows remote attackers to bypass intended XBL access restrictions via
  crafted content.

CVE-2012-1958 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958):
  Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in
  Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6,
  Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and
  SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code
  via vectors related to focused content.

CVE-2012-1957 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957):
  An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0,
  Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird
  ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle
  EMBED elements within description elements in RSS feeds, which allows remote
  attackers to conduct cross-site scripting (XSS) attacks via a feed.

CVE-2012-1955 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955):
  Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6,
  Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and
  SeaMonkey before 2.11 allow remote attackers to spoof the address bar via
  vectors involving history.forward and history.back calls.

CVE-2012-1954 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954):
  Use-after-free vulnerability in the nsDocument::AdoptNode function in
  Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6,
  Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and
  SeaMonkey before 2.11 allows remote attackers to cause a denial of service
  (heap memory corruption) or possibly execute arbitrary code via vectors
  involving multiple adoptions and empty documents.

CVE-2012-1953 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953):
  The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x
  through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0,
  Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote
  attackers to cause a denial of service (buffer over-read, incorrect pointer
  dereference, and heap-based buffer overflow) or possibly execute arbitrary
  code via a crafted web site.

CVE-2012-1952 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952):
  The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0,
  Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird
  ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform
  a cast of a frame variable during processing of mixed row-group and
  column-group frames, which might allow remote attackers to execute arbitrary
  code via a crafted web site.

CVE-2012-1951 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951):
  Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased
  function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before
  10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6,
  and SeaMonkey before 2.11 allows remote attackers to cause a denial of
  service (heap memory corruption) or possibly execute arbitrary code by
  interacting with objects used for SMIL Timing.

CVE-2012-1950 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950):
  The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and
  Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address
  bar by canceling a page load.

CVE-2012-1949 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before
  2.11 allow remote attackers to cause a denial of service (memory corruption
  and application crash) or possibly execute arbitrary code via unknown
  vectors.

CVE-2012-1948 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0
  through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11
  allow remote attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via unknown vectors.
Comment 5 Jory A. Pratt gentoo-dev 2012-07-19 19:37:42 UTC
(In reply to comment #3)
> (In reply to comment #1)
> > All ebuilds are in the tree and ready to go please feel free to bring in
> > archs when ready.
> 
> Thanks, but I don't see =mail-client/thunderbird-10.0.6 in tree yet?

Err seems I forgot to commit it, will do in a few hours when I return home from work.
Comment 6 Jory A. Pratt gentoo-dev 2012-07-19 22:34:34 UTC
Fire away, tb-10.0.6 is now committed to the tree.
Comment 7 Sean Amoss gentoo-dev Security 2012-07-20 15:05:29 UTC
(In reply to comment #6)
> Fire away, tb-10.0.6 is now committed to the tree.

Thanks, Jory!

Arches, please test and mark stable:

=www-client/firefox-10.0.6
Target keywords : "alpha amd64 arm ia64 ppc ppc64 x86"

=www-client/firefox-bin-10.0.6
Target keywords : "amd64 x86"

=dev-libs/nspr-4.9.1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=dev-libs/nss-3.13.5
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=mail-client/thunderbird-10.0.6
Target keywords : "alpha amd64 ppc ppc64 x86"

=mail-client/thunderbird-bin-10.0.6
Target keywords : "amd64 x86"

=www-client/seamonkey-2.11
Target keywords : "alpha amd64 arm ppc ppc64 x86"

=www-client/seamonkey-bin-2.11
Target keywords : "amd64 x86"
Comment 8 Jeroen Roovers gentoo-dev 2012-07-23 15:47:17 UTC
Stable for HPPA.
Comment 9 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-07-24 18:11:14 UTC
x86 stable
Comment 10 Tomáš "tpruzina" Pružina (amd64 [ex]AT) 2012-07-28 12:56:15 UTC
amd64: ok (for bellow stated packages)

=www-client/firefox-bin-10.0.6
=mail-client/thunderbird-bin-10.0.6

=www-client/firefox-bin-10.0.6
=mail-client/thunderbird-10.0.6

=dev-libs/nspr-4.9.1 [builds fine, stable here already]
=dev-libs/nss-3.13.5 [builds fine, stable here already]

I haven't tested seamonkey, USE="custom-cflags, custom-optimization, debug, linguas, crypt" or ran testphases.
Packages emerged fine and _ran_ here, haven't done further build/run testing.
Comment 11 Agostino Sarubbo gentoo-dev 2012-07-28 17:03:35 UTC
amd64 stable
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2012-07-29 17:49:34 UTC
alpha/ia64/sparc stable
Comment 13 Michael Weber (RETIRED) gentoo-dev 2012-09-03 06:29:42 UTC
ppc stable
Comment 14 Sean Amoss gentoo-dev Security 2012-09-03 23:09:20 UTC
arm / ppc64 will continue in bug #433383.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:05:38 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).