From http://www.mozilla.org/security/announce/ : MFSA 2013-48 Memory corruption found using Address Sanitizer MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent MFSA 2013-46 Use-after-free with video and onresize event MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA 2013-43 File input control has access to full path MFSA 2013-42 Privileged access for content level constructor MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Note MFSA 2013-{43,45} are specific to >www-client/firefox-17.x and are fixed in >=www-client/firefox-21 . ESR version bumps are in the tree. CCing arches, please stabilize as below: =www-client/firefox-17.0.6: Target KEYWORDS="alpha amd64 arm ia64 ppc ppc64 x86" =www-client/firefox-bin-17.0.6: Target KEYWORDS="amd64 x86" =mail-client/thunderbird-17.0.6: Target KEYWORDS="alpha amd64 arm ppc ppc64 x86" =mail-client/thunderbird-bin-17.0.6: Target KEYWORDS="amd64 x86" (note: alpha and ia64 stabilization is a continuation of bug 464226)
amd64 stable
x86 stable
ppc stable
arm stable
ppc64 stable
alpha and ia64 stabilization will continue in bug 474758
MFSA 2013-42 and -45 (and their respective CVEs) do not affect us.
CVE-2013-1681 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1681): Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2013-1680 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1680): Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2013-1679 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1679): Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2013-1678 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1678): The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors. CVE-2013-1677 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1677): The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-1676 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1676): The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-1675 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1675): Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. CVE-2013-1674 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1674): Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video. CVE-2013-1671 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1671): Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site. CVE-2013-1670 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1670): The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. CVE-2013-1669 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1669): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2013-0801 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0801): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
This issue was resolved and addressed in GLSA 201309-23 at http://security.gentoo.org/glsa/glsa-201309-23.xml by GLSA coordinator Chris Reffett (creffett).
