Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 493850 (CVE-2013-5609) - <mail-client/thunderbird{,-bin}-24.2, <www-client/firefox{,-bin}-24.2, <www-client/seamonkey{,-bin}-2.23: Multiple vulnerabilities (CVE-2013-{5609,5610,5612,5613,5614,5615,5616,5618,5619,6671,6672,6673})
Summary: <mail-client/thunderbird{,-bin}-24.2, <www-client/firefox{,-bin}-24.2, <www-c...
Status: RESOLVED FIXED
Alias: CVE-2013-5609
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/security/anno...
Whiteboard: A2 [glsa]
Keywords:
: 493722 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-12-10 17:28 UTC by Alex Xu (Hello71)
Modified: 2015-04-07 10:18 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Xu (Hello71) 2013-12-10 17:28:13 UTC
Fixed in Firefox ESR 24.2
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)

Fixed in Thunderbird 24.2
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)

Fixed in SeaMonkey 2.23
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
Comment 1 Jory A. Pratt gentoo-dev 2013-12-10 19:19:54 UTC
*** Bug 493722 has been marked as a duplicate of this bug. ***
Comment 2 Jory A. Pratt gentoo-dev 2013-12-12 14:54:43 UTC
Firefox/Thunderbird-24.2.0 nss-3.15.3.1 added to tree, these have been added with stable amd64 keywords already.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-12-12 16:23:08 UTC
CVE-2013-6673 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6673):
  Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird
  before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of
  trust from an EV X.509 certificate, which makes it easier for
  man-in-the-middle attackers to spoof SSL servers in opportunistic
  circumstances via a valid certificate that is unacceptable to the user.

CVE-2013-6672 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6672):
  Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow
  user-assisted remote attackers to read clipboard data by leveraging certain
  middle-click paste operations.

CVE-2013-6671 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6671):
  The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0,
  Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before
  2.23 allows remote attackers to execute arbitrary code via crafted use of
  JavaScript code for ordered list elements.

CVE-2013-5619 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5619):
  Multiple integer overflows in the binary-search implementation in
  SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might
  allow remote attackers to cause a denial of service (out-of-bounds array
  access) or possibly have unspecified other impact via crafted JavaScript
  code.

CVE-2013-5618 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5618):
  Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the
  table-editing user interface in the editor component in Mozilla Firefox
  before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and
  SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by
  triggering improper garbage collection.

CVE-2013-5616 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5616):
  Use-after-free vulnerability in the
  nsEventListenerManager::HandleEventSubType function in Mozilla Firefox
  before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and
  SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or
  cause a denial of service (heap memory corruption) via vectors related to
  mListeners event listeners.

CVE-2013-5615 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5615):
  The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR
  24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does
  not properly enforce certain typeset restrictions on the generation of
  GetElementIC typed array stubs, which has unspecified impact and remote
  attack vectors.

CVE-2013-5614 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5614):
  Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly
  consider the sandbox attribute of an IFRAME element during processing of a
  contained OBJECT element, which allows remote attackers to bypass intended
  sandbox restrictions via a crafted web site.

CVE-2013-5613 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5613):
  Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove
  function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2,
  Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers
  to execute arbitrary code or cause a denial of service (heap memory
  corruption) via vectors involving synthetic mouse movement, related to the
  RestyleManager::GetHoverGeneration function.

CVE-2013-5612 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5612):
  Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and
  SeaMonkey before 2.23 makes it easier for remote attackers to inject
  arbitrary web script or HTML by leveraging a Same Origin Policy violation
  triggered by lack of a charset parameter in a Content-Type HTTP header.

CVE-2013-5610 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5610):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to
  cause a denial of service (memory corruption and application crash) or
  possibly execute arbitrary code via unknown vectors.

CVE-2013-5609 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5609):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2,
  and SeaMonkey before 2.23 allow remote attackers to cause a denial of
  service (memory corruption and application crash) or possibly execute
  arbitrary code via unknown vectors.
Comment 4 Chris Reffett gentoo-dev Security 2013-12-12 16:43:46 UTC
CVE-2013-5611 omitted, it applied only to Firefox 26 (as opposed to the several CVEs that applied to 26.0 and to SeaMonkey 2.23)


Arches, please test and mark stable:
=mail-client/thunderbird-24.2.0
=www-client/firefox-24.2.0
Target arches: amd64 arm hppa ppc ppc64 x86


=www-client/firefox-bin-24.2.0
=mail-client/thunderbird-bin-24.2.0
=www-client/seamonkey-2.23
=www-client/seamonkey-bin-2.23
Target arches: amd64 x86

Continuing from bug 491234, please also stable:
=dev-libs/nss-3.15.3
Target arches: ia64 sparc
Comment 5 Agostino Sarubbo gentoo-dev 2013-12-12 18:48:42 UTC
emerge: there are no ebuilds to satisfy "=www-client/firefox-bin-24.2.0".
Comment 6 Chris Reffett gentoo-dev Security 2013-12-12 18:50:59 UTC
Hmm, jumped the gun there. Waiting on binpkgs, please finish up:
=dev-libs/nss-3.15.3
Target arches: ia64 sparc

(yes, I made a mess of the stablereqs, my fault.)
Comment 7 Jory A. Pratt gentoo-dev 2013-12-12 23:19:06 UTC
(In reply to Chris Reffett from comment #6)
> Hmm, jumped the gun there. Waiting on binpkgs, please finish up:
> =dev-libs/nss-3.15.3
> Target arches: ia64 sparc
> 
> (yes, I made a mess of the stablereqs, my fault.)

And this is still a mess, you need 3.15.3.1 for security that is what will fix MSFA 2013-117
Comment 8 Agostino Sarubbo gentoo-dev 2013-12-15 19:27:44 UTC
sparc stable
Comment 9 Agostino Sarubbo gentoo-dev 2014-01-26 11:50:49 UTC
ia64 done
Comment 10 pavel sanda 2014-01-31 07:19:28 UTC
Is there reason why not stabilize for x86?
Comment 11 Alex Xu (Hello71) 2014-04-19 02:10:09 UTC
cleaned up as part of bug 500320; sec, please decide whether to glsa this or coalesce into that one.
Comment 12 Yury German Gentoo Infrastructure gentoo-dev Security 2014-06-19 01:35:15 UTC
Arches and Mainter(s), Thank you for your work.

Added to an existing GLSA request.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2015-04-07 10:17:17 UTC
This issue was resolved and addressed in
 GLSA 201504-01 at https://security.gentoo.org/glsa/201504-01
by GLSA coordinator Kristian Fiskerstrand (K_F).
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2015-04-07 10:18:00 UTC
This issue was resolved and addressed in
 GLSA 201504-01 at https://security.gentoo.org/glsa/201504-01
by GLSA coordinator Kristian Fiskerstrand (K_F).