Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 458390 (CVE-2013-0783) - <mail-client/thunderbird{,-bin}-17.0.3,<www-client/firefox{,-bin}-17.0.3,<www-client/seamonkey{,-bin}-2.16: multiple vulnerabilities (CVE-2013-{0765,0772,0773,0774,0775,0776,0777,0778,0779,0780,0781,0782,0783,0784})
Summary: <mail-client/thunderbird{,-bin}-17.0.3,<www-client/firefox{,-bin}-17.0.3,<www...
Status: RESOLVED FIXED
Alias: CVE-2013-0783
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/security/anno...
Whiteboard: A2 [glsa]
Keywords:
: 458378 (view as bug list)
Depends on: 459022 CVE-2013-0787
Blocks: CVE-2012-5829
  Show dependency tree
 
Reported: 2013-02-20 01:22 UTC by Alex Xu (Hello71)
Modified: 2013-10-06 15:27 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Xu (Hello71) 2013-02-20 01:22:30 UTC

    
Comment 1 Alex Xu (Hello71) 2013-02-20 01:23:17 UTC
https://www.mozilla.org/security/announce/

MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
MFSA 2013-22 Out-of-bounds read in image rendering
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
Comment 2 Jeff (JD) Horelick (RETIRED) gentoo-dev 2013-02-20 02:27:32 UTC
All relevant *-bin versions are in the tree now. Enjoy. Source versions will likely follow shortly.
Comment 3 Mario Kicherer 2013-02-20 12:29:18 UTC
Someone with the appropriate rights might want to link bug #458378 to this one. I tested the source version with the 17.0.2 ebuild and it works so far on AMD64.
Comment 4 Jeroen Roovers gentoo-dev 2013-02-20 14:32:59 UTC
*** Bug 458378 has been marked as a duplicate of this bug. ***
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-02-20 23:10:14 UTC
CVE-2013-0784 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0784):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16
  allow remote attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2013-0783 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0783):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before
  17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow
  remote attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2013-0782 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0782):
  Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion
  function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3,
  Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey
  before 2.16 allows remote attackers to execute arbitrary code via
  unspecified vectors.

CVE-2013-0781 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0781):
  Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in
  Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before
  2.16 allows remote attackers to execute arbitrary code or cause a denial of
  service (heap memory corruption) via unspecified vectors.

CVE-2013-0780 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0780):
  Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish
  function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3,
  Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey
  before 2.16 allows remote attackers to execute arbitrary code or cause a
  denial of service (heap memory corruption) via a crafted document that uses
  Cascading Style Sheets (CSS) -moz-column-* properties.

CVE-2013-0779 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0779):
  The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0,
  Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers
  to execute arbitrary code or cause a denial of service (out-of-bounds read)
  via unspecified vectors.

CVE-2013-0778 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0778):
  The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0,
  Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers
  to execute arbitrary code or cause a denial of service (out-of-bounds read)
  via unspecified vectors.

CVE-2013-0777 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0777):
  Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function
  in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey
  before 2.16 allows remote attackers to execute arbitrary code or cause a
  denial of service (heap memory corruption) via unspecified vectors.

CVE-2013-0776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0776):
  Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird
  before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16
  allow man-in-the-middle attackers to spoof the address bar by operating a
  proxy server that provides a 407 HTTP status code accompanied by web script,
  as demonstrated by a phishing attack on an HTTPS site.

CVE-2013-0775 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0775):
  Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer
  function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3,
  Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey
  before 2.16 allows remote attackers to execute arbitrary code via crafted
  web script.

CVE-2013-0774 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0774):
  Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird
  before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16
  do not prevent JavaScript workers from reading the browser-profile directory
  name, which has unspecified impact and remote attack vectors.

CVE-2013-0773 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0773):
  The Chrome Object Wrapper (COW) and System Only Wrapper (SOW)
  implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before
  17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and
  SeaMonkey before 2.16 do not prevent modifications to a prototype, which
  allows remote attackers to obtain sensitive information from chrome objects
  or possibly execute arbitrary JavaScript code with chrome privileges via a
  crafted web site.

CVE-2013-0772 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0772):
  The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0,
  Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers
  to obtain sensitive information from process memory or cause a denial of
  service (out-of-bounds read and application crash) via a crafted GIF image.

CVE-2013-0765 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0765):
  Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before
  2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote
  attackers to bypass intended access restrictions via unspecified vectors.
Comment 6 Lars Wendler (Polynomial-C) gentoo-dev 2013-02-22 13:26:43 UTC
+*seamonkey-2.16 (21 Feb 2013)
+
+  21 Feb 2013; Lars Wendler <polynomial-c@gentoo.org> +seamonkey-2.16.ebuild:
+  Security bump (bug #458390).
+
Comment 7 Lars Wendler (Polynomial-C) gentoo-dev 2013-02-22 14:59:05 UTC
+*firefox-19.0 (22 Feb 2013)
+*firefox-17.0.3 (22 Feb 2013)
+
+  22 Feb 2013; Lars Wendler <polynomial-c@gentoo.org> -firefox-10.0.6.ebuild,
+  -firefox-10.0.7.ebuild, -firefox-10.0.9.ebuild, -firefox-10.0.10.ebuild,
+  +firefox-17.0.3.ebuild, +firefox-19.0.ebuild:
+  Security bump (bug #458390). Removed old.
+

+*thunderbird-17.0.3 (22 Feb 2013)
+
+  22 Feb 2013; Lars Wendler <polynomial-c@gentoo.org>
+  -thunderbird-10.0.6.ebuild, -thunderbird-10.0.7.ebuild,
+  -thunderbird-10.0.10.ebuild, +thunderbird-17.0.3.ebuild:
+  Security bump (bug #458390). Removed old.
+
Comment 8 Alex Xu (Hello71) 2013-02-22 18:34:07 UTC
Bring in the archs when ready?
Comment 9 Lars Wendler (Polynomial-C) gentoo-dev 2013-02-23 15:11:59 UTC
Arches please test and mark stable the following packages.

mail-client/thunderbird-17.0.3
Target KEYWORDS are:
~alpha amd64 arm ppc ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux

mail-client/thunderbird-bin-17.0.3
Target KEYWORDS are:
amd64 x86

www-client/firefox-17.0.3
Target KEYWORDS are:
alpha amd64 arm ia64 ppc ppc64 x86 ~amd64-linux ~x86-linux

www-client/firefox-bin-17.0.3
Target KEYWORDS are:
amd64 x86

www-client/seamonkey-2.16
Target KEYWORDS are:
amd64 ~arm ~ppc ~ppc64 x86

www-client/seamonkey-bin-2.16
Target KEYWORDS are:
amd64 x86
Comment 10 Agostino Sarubbo gentoo-dev 2013-02-23 21:10:57 UTC
ppc stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-02-23 22:02:13 UTC
ppc64 stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-02-24 11:28:19 UTC
amd64 stable
Comment 13 Agostino Sarubbo gentoo-dev 2013-02-24 11:32:51 UTC
x86 stable
Comment 14 Agostino Sarubbo gentoo-dev 2013-02-24 16:15:42 UTC
amd64/x86 not done at all. I accidentally marked stable seamonkey which fails to compile.
Comment 15 Agostino Sarubbo gentoo-dev 2013-02-24 19:59:08 UTC
arm stable
Comment 16 Agostino Sarubbo gentoo-dev 2013-02-25 10:14:21 UTC
amd64 stable
Comment 17 Agostino Sarubbo gentoo-dev 2013-02-25 10:14:42 UTC
x86 stable
Comment 18 Sean Amoss gentoo-dev Security 2013-03-11 23:31:29 UTC
alpha and ia64 will continue in bug 458390.
Comment 19 GLSAMaker/CVETool Bot gentoo-dev 2013-09-30 00:29:05 UTC
This issue was resolved and addressed in
 GLSA 201309-23 at http://security.gentoo.org/glsa/glsa-201309-23.xml
by GLSA coordinator Chris Reffett (creffett).