Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 474758 (CVE-2013-1682) - <mail-client/thunderbird{,-bin}-17.0.7, <www-client/firefox{,-bin}-17.0.7: Multiple vulnerabilities (CVE-2013-{1682,1683,1684,1685,1686,1687,1688,1690,1692,1693,1694,1695,1696,1697,1698,1699})
Summary: <mail-client/thunderbird{,-bin}-17.0.7, <www-client/firefox{,-bin}-17.0.7: Mu...
Status: RESOLVED FIXED
Alias: CVE-2013-1682
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://www.mozilla.org/security/annou...
Whiteboard: A2 [glsa]
Keywords:
: 474834 (view as bug list)
Depends on: CVE-2013-0801
Blocks:
  Show dependency tree
 
Reported: 2013-06-25 17:41 UTC by Alex Xu (Hello71)
Modified: 2013-09-30 00:29 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Xu (Hello71) 2013-06-25 17:41:56 UTC
MFSA 2013-62 Inaccessible updater can lead to local privilege escalation
MFSA 2013-61 Homograph domain spoofing in .com, .net and .name
MFSA 2013-60 getUserMedia permission dialog incorrectly displays location
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-58 X-Frame-Options ignored when using server push with multi-part responses
MFSA 2013-57 Sandbox restrictions not applied to nested frame elements
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-52 Arbitrary code execution within Profiler
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Comment 1 Alex Xu (Hello71) 2013-06-25 17:47:41 UTC
Whoops, that's for 22.0. ESR MFSAs:

MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Comment 2 Agostino Sarubbo gentoo-dev 2013-06-26 07:32:36 UTC
*** Bug 474834 has been marked as a duplicate of this bug. ***
Comment 3 Ian Stakenvicius gentoo-dev 2013-06-26 20:52:23 UTC
Ebuilds are in the tree.  CCing arches -- please stabilize as below:

=www-client/firefox-17.0.7:
Target KEYWORDS="alpha amd64 arm ia64 ppc ppc64 x86"

=www-client/firefox-bin-17.0.7:
Target KEYWORDS="amd64 x86"

=mail-client/thunderbird-17.0.7:
Target KEYWORDS="alpha amd64 arm ppc ppc64 x86"

=mail-client/thunderbird-bin-17.0.7:
Target KEYWORDS="amd64 x86"

(note: alpha and ia64 stabilization is a continuation of bug 469868)
Comment 4 Agostino Sarubbo gentoo-dev 2013-06-27 18:24:39 UTC
alpha and ia64 are broken, we probably drop the keywords.
Comment 5 Agostino Sarubbo gentoo-dev 2013-06-27 20:47:09 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-06-27 20:49:23 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-06-29 10:14:29 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-06-29 10:28:02 UTC
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-06-29 15:30:02 UTC
arm stable
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2013-07-13 11:53:55 UTC
CVE-2013-1699 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1699):
  The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox
  before 22.0 does not properly handle the .com, .name, and .net top-level
  domains, which allows remote attackers to spoof the address bar via
  unspecified homograph characters.

CVE-2013-1698 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1698):
  The getUserMedia permission implementation in Mozilla Firefox before 22.0
  references the URL of a top-level document instead of the URL of a specific
  page, which makes it easier for remote attackers to trick users into
  permitting camera or microphone access via a crafted web site that uses
  IFRAME elements.

CVE-2013-1697 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1697):
  The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR
  17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x
  before 17.0.7 does not properly restrict use of DefaultValue for method
  calls, which allows remote attackers to execute arbitrary JavaScript code
  with chrome privileges via a crafted web site that triggers use of a
  user-defined (1) toString or (2) valueOf method.

CVE-2013-1696 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1696):
  Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options
  protection mechanism, which allows remote attackers to conduct clickjacking
  attacks via a crafted web site that uses the HTTP server push feature with
  multipart responses.

CVE-2013-1695 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1695):
  Mozilla Firefox before 22.0 does not properly implement certain DocShell
  inheritance behavior for the sandbox attribute of an IFRAME element, which
  allows remote attackers to bypass intended access restrictions via a FRAME
  element within an IFRAME element.

CVE-2013-1694 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1694):
  The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox
  ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x
  before 17.0.7 does not properly handle the lack of a wrapper, which allows
  remote attackers to cause a denial of service (application crash) or
  possibly execute arbitrary code by leveraging unintended clearing of the
  wrapper cache's preserved-wrapper flag.

CVE-2013-1693 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1693):
  The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR
  17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x
  before 17.0.7 allows remote attackers to read pixel values, and possibly
  bypass the Same Origin Policy and read text from a different domain, by
  observing timing differences in execution of filter code.

CVE-2013-1692 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1692):
  Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird
  before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the
  inclusion of body data in an XMLHttpRequest HEAD request, which makes it
  easier for remote attackers to conduct cross-site request forgery (CSRF)
  attacks via a crafted web site.

CVE-2013-1690 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1690):
  Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird
  before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle
  onreadystatechange events in conjunction with page reloading, which allows
  remote attackers to cause a denial of service (application crash) or
  possibly execute arbitrary code via a crafted web site that triggers an
  attempt to execute data at an unmapped memory location.

CVE-2013-1688 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1688):
  The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted
  data during UI rendering, which allows user-assisted remote attackers to
  execute arbitrary JavaScript code via a crafted web site.

CVE-2013-1687 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1687):
  The System Only Wrapper (SOW) and Chrome Object Wrapper (COW)
  implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before
  17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do
  not properly restrict XBL user-defined functions, which allows remote
  attackers to execute arbitrary JavaScript code with chrome privileges, or
  conduct cross-site scripting (XSS) attacks, via a crafted web site.

CVE-2013-1686 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1686):
  Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla
  Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before
  17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to
  execute arbitrary code or cause a denial of service (heap memory corruption)
  via unspecified vectors.

CVE-2013-1685 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1685):
  Use-after-free vulnerability in the nsIDocument::GetRootElement function in
  Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird
  before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote
  attackers to execute arbitrary code or cause a denial of service (heap
  memory corruption) via a crafted web site.

CVE-2013-1684 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1684):
  Use-after-free vulnerability in the
  mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in
  Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird
  before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote
  attackers to execute arbitrary code or cause a denial of service (heap
  memory corruption) via a crafted web site.

CVE-2013-1683 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1683):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 22.0 allow remote attackers to cause a denial of service
  (memory corruption and application crash) or possibly execute arbitrary code
  via unknown vectors.

CVE-2013-1682 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1682):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before
  17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to
  cause a denial of service (memory corruption and application crash) or
  possibly execute arbitrary code via unknown vectors.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2013-09-30 00:29:23 UTC
This issue was resolved and addressed in
 GLSA 201309-23 at http://security.gentoo.org/glsa/glsa-201309-23.xml
by GLSA coordinator Chris Reffett (creffett).