Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 505072 - <mail-client/thunderbird{,-bin}-24.4 <www-client/firefox{,-bin}-24.4 <www-client/seamonkey{,-bin}-2.25 =www-client/firefox{,-bin}-2{5,6,7}*: multiple vulnerabilities
Summary: <mail-client/thunderbird{,-bin}-24.4 <www-client/firefox{,-bin}-24.4 <www-cli...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa glsa]
Keywords:
: 505078 (view as bug list)
Depends on: CVE-2015-0819
Blocks:
  Show dependency tree
 
Reported: 2014-03-19 08:40 UTC by Agostino Sarubbo
Modified: 2015-04-07 10:18 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-03-19 08:40:49 UTC
March 18, 2014

MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
MFSA 2014-24 Android Crash Reporter open to manipulation
MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
MFSA 2014-22 WebGL content injection from one domain to rendering in another
MFSA 2014-21 Local file access via Open Link in new tab
MFSA 2014-20 onbeforeunload and Javascript navigation DOS
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-03-19 10:23:55 UTC
*** Bug 505078 has been marked as a duplicate of this bug. ***
Comment 2 Ian Stakenvicius gentoo-dev 2014-03-19 13:38:08 UTC
CVE mapping is as follows:

All packages, including ESR (24.x):
CVE-2014-1514
CVE-2014-1513
CVE-2014-1512 (note, this may apply to spidermonkey too, will confirm later)
CVE-2014-1511
CVE-2014-1510
CVE-2014-1509
CVE-2014-1508
CVE-2014-1505
CVE-2014-1497
CVE-2014-1496
CVE-2014-1493



Affecting <www-client/seamonkey-2.25 and/or =www-client/firefox-2{5,6,7}*
(ie, NOT affecting ESR 24.x):

CVE-2014-1504
CVE-2014-1502
CVE-2014-1500
CVE-2014-1499
CVE-2014-1498
CVE-2014-1494


Not affecting our packages:
CVE-2014-1507 - FirefoxOS only
CVE-2014-1506 - Firefox for Android only
CVE-2014-1501 - Firefox for Android only
Comment 3 Lars Wendler (Polynomial-C) gentoo-dev 2014-03-20 14:58:43 UTC
+*thunderbird-24.4.0 (20 Mar 2014)
+
+  20 Mar 2014; Lars Wendler <polynomial-c@gentoo.org>
+  +thunderbird-24.4.0.ebuild:
+  Security bump (bug #505072).
+
Comment 4 Ian Stakenvicius gentoo-dev 2014-03-20 15:31:22 UTC
(In reply to Lars Wendler (Polynomial-C) from comment #3)
> +*thunderbird-24.4.0 (20 Mar 2014)
> +
> +  20 Mar 2014; Lars Wendler <polynomial-c@gentoo.org>
> +  +thunderbird-24.4.0.ebuild:
> +  Security bump (bug #505072).
> +

Also firefox-bin-24.4.0, firefox-bin-28.0, and thunderbird-bin-24.4.0 have been committed.
Comment 5 Lars Wendler (Polynomial-C) gentoo-dev 2014-03-20 15:54:41 UTC
+*firefox-24.4.0 (20 Mar 2014)
+
+  20 Mar 2014; Lars Wendler <polynomial-c@gentoo.org> +firefox-24.4.0.ebuild:
+  Security bump (bug #505072).
+
Comment 6 Lars Wendler (Polynomial-C) gentoo-dev 2014-03-20 16:35:35 UTC
+*seamonkey-2.25 (20 Mar 2014)
+
+  20 Mar 2014; Lars Wendler <polynomial-c@gentoo.org> +seamonkey-2.25.ebuild:
+  Security bump (bug #505072).
+
Comment 7 Lars Wendler (Polynomial-C) gentoo-dev 2014-03-20 16:54:05 UTC
+*seamonkey-bin-2.25 (20 Mar 2014)
+
+  20 Mar 2014; Lars Wendler <polynomial-c@gentoo.org>
+  +seamonkey-bin-2.25.ebuild:
+  Security bump (bug #505072).
+
Comment 8 Lars Wendler (Polynomial-C) gentoo-dev 2014-03-20 17:02:23 UTC
Arches please test and mark stable the following packages.

=dev-libs/nss-3.16 with target KEYWORDS:
alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris

=dev-libs/nspr-4.10.4 with target KEYWORDS:
alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris

=mail-client/thunderbird-24.4.0 with target KEYWORDS:
~alpha amd64 arm ppc ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux

=mail-client/thunderbird-bin-24.4.0 with target KEYWORDS:
amd64 x86

=www-client/firefox-24.4.0 with target KEYWORDS:
~alpha amd64 arm hppa ~ia64 ppc ppc64 x86 ~amd64-linux ~x86-linux

=www-client/firefox-bin-24.4.0 with target KEYWORDS:
amd64 x86

=www-client/seamonkey-2.25 with target KEYWORDS:
amd64 ~arm ~ppc ~ppc64 x86

=www-client/seamonkey-bin-2.25 with target KEYWORDS:
amd64 x86
Comment 9 Jeroen Roovers gentoo-dev 2014-03-22 14:40:50 UTC
Stable for HPPA.
Comment 10 Agostino Sarubbo gentoo-dev 2014-03-22 20:16:26 UTC
amd64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2014-03-22 20:17:43 UTC
x86 stable
Comment 12 Markus Meier gentoo-dev 2014-03-22 21:44:46 UTC
arm stable for dev-libs/nss-3.16 and dev-libs/nspr-4.10.4
Comment 13 Agostino Sarubbo gentoo-dev 2014-03-23 14:57:52 UTC
ppc stable
Comment 14 Agostino Sarubbo gentoo-dev 2014-03-24 14:27:50 UTC
alpha stable
Comment 15 Agostino Sarubbo gentoo-dev 2014-03-24 14:34:32 UTC
ppc64 stable
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2014-04-10 21:10:11 UTC
CVE-2014-1514 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1514):
  vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x
  before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not
  validate the length of the destination array before a copy operation, which
  allows remote attackers to execute arbitrary code or cause a denial of
  service (out-of-bounds write and application crash) by triggering incorrect
  use of the TypedArrayObject class.

CVE-2014-1513 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1513):
  TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before
  24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a
  zero-length transition during use of an ArrayBuffer object, which allows
  remote attackers to execute arbitrary code or cause a denial of service
  (heap-based out-of-bounds write or read) via a crafted web site.

CVE-2014-1512 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1512):
  Use-after-free vulnerability in the TypeObject class in the JavaScript
  engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4,
  Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers
  to execute arbitrary code by triggering extensive memory consumption while
  garbage collection is occurring, as demonstrated by improper handling of
  BumpChunk objects.

CVE-2014-1511 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1511):
  Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird
  before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the
  popup blocker via unspecified vectors.

CVE-2014-1510 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1510):
  The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x
  before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows
  remote attackers to execute arbitrary JavaScript code with chrome privileges
  by using an IDL fragment to trigger a window.open call.

CVE-2014-1509 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1509):
  Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as
  used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4,
  Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers
  to execute arbitrary code via a crafted extension that renders fonts in a
  PDF document.

CVE-2014-1508 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1508):
  The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0,
  Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before
  2.25 allows remote attackers to obtain sensitive information from process
  memory, cause a denial of service (out-of-bounds read and application
  crash), or possibly bypass the Same Origin Policy via vectors involving
  MathML polygon rendering.

CVE-2014-1505 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1505):
  The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR
  24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows
  remote attackers to obtain sensitive displacement-correlation information,
  and possibly bypass the Same Origin Policy and read text from a different
  domain, via a timing attack involving feDisplacementMap elements, a related
  issue to CVE-2013-1693.

CVE-2014-1504 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1504):
  The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey
  before 2.25 does not consider the Content Security Policy of a data: URL,
  which makes it easier for remote attackers to conduct cross-site scripting
  (XSS) attacks via a crafted document that is accessed after a browser
  restart.

CVE-2014-1502 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1502):
  The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D
  functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow
  remote attackers to bypass the Same Origin Policy and render content in a
  different domain via unspecified vectors.

CVE-2014-1500 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1500):
  Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers
  to cause a denial of service (resource consumption and application hang) via
  onbeforeunload events that trigger background JavaScript execution.

CVE-2014-1499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1499):
  Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers
  to spoof the domain name in the WebRTC (1) camera or (2) microphone
  permission prompt by triggering navigation at a certain time during
  generation of this prompt.

CVE-2014-1498 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1498):
  The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and
  SeaMonkey before 2.25 does not properly validate a certain key type, which
  allows remote attackers to cause a denial of service (application crash) via
  vectors that trigger generation of a key that supports the Elliptic Curve
  ec-dual-use algorithm.

CVE-2014-1497 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1497):
  The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before
  28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey
  before 2.25 allows remote attackers to obtain sensitive information from
  process heap memory, cause a denial of service (out-of-bounds read and
  application crash), or possibly have unspecified other impact via a crafted
  WAV file.

CVE-2014-1496 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1496):
  Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird
  before 24.4, and SeaMonkey before 2.25 might allow local users to gain
  privileges by modifying the extracted Mar contents during an update.

CVE-2014-1494 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1494):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to
  cause a denial of service (memory corruption and application crash) or
  possibly execute arbitrary code via unknown vectors.

CVE-2014-1493 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1493):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4,
  and SeaMonkey before 2.25 allow remote attackers to cause a denial of
  service (memory corruption and application crash) or possibly execute
  arbitrary code via unknown vectors.
Comment 17 Agostino Sarubbo gentoo-dev 2014-07-05 12:48:55 UTC
ia64 stable
Comment 18 Agostino Sarubbo gentoo-dev 2014-07-05 12:58:00 UTC
sparc stable
Comment 19 Yury German Gentoo Infrastructure gentoo-dev Security 2014-09-10 03:54:09 UTC
arm stable for dev-libs/nss-3.16 and dev-libs/nspr-4.10.4 (Comment 12)

arm arch ... still pending:
=mail-client/thunderbird-24.4.0
=www-client/firefox-24.4.0
Comment 20 Ian Stakenvicius gentoo-dev 2014-09-10 13:57:44 UTC
(In reply to Yury German from comment #19)
> arm stable for dev-libs/nss-3.16 and dev-libs/nspr-4.10.4 (Comment 12)
> 
> arm arch ... still pending:
> =mail-client/thunderbird-24.4.0
> =www-client/firefox-24.4.0

arm AT, please stabilize {firefox,thunderbird}-24.8.0 instead as per 522020 , which supercedes this bug.  I can request arm CC on that bug specifically if you would like.
Comment 21 Yury German Gentoo Infrastructure gentoo-dev Security 2014-12-28 23:09:34 UTC
Merging multiple bugs for www-client/firefox{,-bin}, mail-client/thunderbird{,-bin}, www-client/seamonkey{,-bin) under the latest bug 531408 which is undergoing stabilization with each bug either needing cleanup or some stabilization.
Comment 22 Yury German Gentoo Infrastructure gentoo-dev Security 2015-03-04 01:12:58 UTC
Setting blocker to Bug 541506, stabilization of version: 31.5.0

Arm stabilization was not completed as part of this build.
Comment 23 GLSAMaker/CVETool Bot gentoo-dev 2015-04-07 10:18:14 UTC
This issue was resolved and addressed in
 GLSA 201504-01 at https://security.gentoo.org/glsa/201504-01
by GLSA coordinator Kristian Fiskerstrand (K_F).