Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 469868 (CVE-2013-0801) - <www-client/firefox{,-bin}-17.0.6 - <mail-client/thunderbird{,-bin}-17.0.6: Multiple vulnerabilities (CVE-2013-{0801,1669,1670,1671,1674,1675,1676,1677,1678,1679,1680,1681})
Summary: <www-client/firefox{,-bin}-17.0.6 - <mail-client/thunderbird{,-bin}-17.0.6: M...
Status: RESOLVED FIXED
Alias: CVE-2013-0801
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks: 464226 CVE-2013-1682
  Show dependency tree
 
Reported: 2013-05-14 19:35 UTC by Agostino Sarubbo
Modified: 2013-09-30 00:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-05-14 19:35:42 UTC
From http://www.mozilla.org/security/announce/ :

MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-43 File input control has access to full path
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Comment 1 Ian Stakenvicius gentoo-dev 2013-05-16 15:34:41 UTC
Note MFSA 2013-{43,45} are specific to >www-client/firefox-17.x and are fixed in >=www-client/firefox-21 .

ESR version bumps are in the tree.  CCing arches, please stabilize as below:

=www-client/firefox-17.0.6:
Target KEYWORDS="alpha amd64 arm ia64 ppc ppc64 x86"

=www-client/firefox-bin-17.0.6:
Target KEYWORDS="amd64 x86"

=mail-client/thunderbird-17.0.6:
Target KEYWORDS="alpha amd64 arm ppc ppc64 x86"

=mail-client/thunderbird-bin-17.0.6:
Target KEYWORDS="amd64 x86"

(note: alpha and ia64 stabilization is a continuation of bug 464226)
Comment 2 Agostino Sarubbo gentoo-dev 2013-05-17 10:05:39 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2013-05-17 10:06:35 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-05-20 12:51:09 UTC
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-05-20 17:22:30 UTC
arm stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-05-25 20:48:02 UTC
ppc64 stable
Comment 7 Ian Stakenvicius gentoo-dev 2013-06-26 20:52:35 UTC
alpha and ia64 stabilization will continue in bug 474758
Comment 8 Chris Reffett gentoo-dev Security 2013-07-12 19:09:29 UTC
MFSA 2013-42 and -45 (and their respective CVEs) do not affect us.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2013-07-13 11:52:12 UTC
CVE-2013-1681 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1681):
  Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker
  function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6,
  Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows
  remote attackers to execute arbitrary code or cause a denial of service
  (heap memory corruption) via unspecified vectors.

CVE-2013-1680 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1680):
  Use-after-free vulnerability in the nsFrameList::FirstChild function in
  Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird
  before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote
  attackers to execute arbitrary code or cause a denial of service (heap
  memory corruption) via unspecified vectors.

CVE-2013-1679 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1679):
  Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify
  function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6,
  Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows
  remote attackers to execute arbitrary code or cause a denial of service
  (heap memory corruption) via unspecified vectors.

CVE-2013-1678 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1678):
  The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0,
  Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird
  ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or
  cause a denial of service (invalid write operation) via unspecified vectors.

CVE-2013-1677 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1677):
  The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before
  21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and
  Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute
  arbitrary code or cause a denial of service (out-of-bounds read) via
  unspecified vectors.

CVE-2013-1676 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1676):
  The SelectionIterator::GetNextSegment function in Mozilla Firefox before
  21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and
  Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute
  arbitrary code or cause a denial of service (out-of-bounds read) via
  unspecified vectors.

CVE-2013-1675 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1675):
  Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird
  before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly
  initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and
  nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to
  obtain sensitive information from process memory via a crafted web site.

CVE-2013-1674 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1674):
  Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR
  17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x
  before 17.0.6 allows remote attackers to execute arbitrary code via vectors
  involving an onresize event during the playing of a video.

CVE-2013-1671 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1671):
  Mozilla Firefox before 21.0 does not properly implement the INPUT element,
  which allows remote attackers to obtain the full pathname via a crafted web
  site.

CVE-2013-1670 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1670):
  The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before
  21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and
  Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome
  privileges during calls to content level constructors, which allows remote
  attackers to bypass certain read-only restrictions and conduct cross-site
  scripting (XSS) attacks via a crafted web site.

CVE-2013-1669 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1669):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 21.0 allow remote attackers to cause a denial of service
  (memory corruption and application crash) or possibly execute arbitrary code
  via unknown vectors.

CVE-2013-0801 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0801):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before
  17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to
  cause a denial of service (memory corruption and application crash) or
  possibly execute arbitrary code via unknown vectors.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2013-09-30 00:29:18 UTC
This issue was resolved and addressed in
 GLSA 201309-23 at http://security.gentoo.org/glsa/glsa-201309-23.xml
by GLSA coordinator Chris Reffett (creffett).