CVE-2012-4216 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216): Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4215 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215): Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4214 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4214): Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840. CVE-2012-4213 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4213): Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4212 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212): Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-4210 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210): The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet. CVE-2012-4209 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209): Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin. CVE-2012-4208 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208): The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. CVE-2012-4207 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207): The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. CVE-2012-4206 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206): Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. CVE-2012-4205 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205): Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. CVE-2012-4204 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204): The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. CVE-2012-4203 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4203): The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark. CVE-2012-4202 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202): Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. CVE-2012-4201 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201): The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.
mail-client/thunderbird{,-bin}-10.0.11, www-client/firefox{,-bin}-10.0.11 and www-client/seamonkey{,-bin}-2.14 are now in the tree and should address these bugs.
*** Bug 444642 has been marked as a duplicate of this bug. ***
Should block #439960 (<mail-client/thunderbird{,-bin}-10.0.10 , <www-client/firefox{,-bin}-10.0.10 , <www-client/seamonkey{-bin}-2.13.2), someone with privileges please add.
Sorry for CC spam, URL should be https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html or similar.
(In reply to comment #1) > mail-client/thunderbird{,-bin}-10.0.11, www-client/firefox{,-bin}-10.0.11 > and www-client/seamonkey{,-bin}-2.14 are now in the tree and should address > these bugs. Thanks, Lars. Arches, please test and mark stable: =www-client/firefox-10.0.11 Target keywords: "alpha amd64 arm ia64 ppc ppc64 x86" =www-client/firefox-bin-10.0.11 Target keywords: "amd64 x86" =mail-client/thunderbird-10.0.11 Target keywords: "amd64 ppc ppc64 x86" =mail-client/thunderbird-bin-10.0.11 Target keywords: "amd64 x86" =www-client/seamonkey-2.14-r1 Target keywords: "amd64 x86" =www-client/seamonkey-bin-2.14 Target keywords: "amd64 x86" =dev-libs/nspr-4.9.2 Target keywords: "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" (alpha, amd64, arm, hppa, ia64, ppc, sparc and x86 are already stable) =dev-libs/nss-3.14 Target keywords: "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" (alpha, amd64, arm, hppa, ia64 and x86 are already stable - See bug 439586)
amd64 stable
ppc stable
x86 done.
ppc64 stable
ia64 stable
sparc stable
alpha stable
Moving to [glsa] as all supported arches are finished. arm should continue to stabilize.
This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle).
Re-opening for ARM to continue.
(In reply to comment #15) > Re-opening for ARM to continue. arm will continue in bug 450940
The end.