Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 413657 (CVE-2011-3062) - <www-client/firefox{,-bin}-10.0.4, <mail-client/thunderbird{,-bin}-10.0.4, <www-client/seamonkey{,-bin}-2.9 : Multiple vulnerabilities (CVE-2011-{1187,3062},CVE-2012-{0467,0468,0469,0470,0471,0473,0474,0475,0477,0478,0479})
Summary: <www-client/firefox{,-bin}-10.0.4, <mail-client/thunderbird{,-bin}-10.0.4, <w...
Status: RESOLVED FIXED
Alias: CVE-2011-3062
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/48972/
Whiteboard: B2 [glsa]
Keywords:
Depends on: CVE-2012-1948
Blocks: CVE-2012-0451
  Show dependency tree
 
Reported: 2012-04-26 18:47 UTC by Agostino Sarubbo
Modified: 2013-01-08 01:05 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-04-26 18:47:14 UTC
From secunia security advisory at $URL:

Description
Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose certain system and sensitive information, bypass certain security restrictions, and compromise a user's system.

For more information:
https://secunia.com/SA48932/

NOTE: CVE-2012-0468, CVE-2012-0475, and CVE-2011-1187 do not affect Firefox and Thunderbird.


Solution
Update to Firefox version 10.0.4, Thunderbird version 10.0.4, or SeaMonkey version 2.9.
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2012-04-26 21:54:41 UTC
firefox-10.0.4, thunderbird-10.0.4 and seamonkey{,-bin}-2.9 are now in the tree.
Comment 2 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-04-27 03:01:06 UTC
(In reply to comment #1)
> firefox-10.0.4, thunderbird-10.0.4 and seamonkey{,-bin}-2.9 are now in the
> tree.

firefox-bin-10.0.4 and thunderbird-bin-10.0.4 are now in the tree as well
Comment 3 Agostino Sarubbo gentoo-dev 2012-04-27 07:07:59 UTC
Arches, please test and mark stable:

=www-client/firefox-10.0.4
Target keywords : "alpha amd64 arm ia64 ppc x86"

=www-client/firefox-bin-10.0.4
Target keywords : "amd64 x86"

=mail-client/thunderbird-10.0.4
Target keywords : "alpha amd64 x86"

=mail-client/thunderbird-bin-10.0.4
Target keywords : "amd64 x86"

=www-client/seamonkey-2.9
Target keywords : "alpha amd64 arm ppc x86"

=www-client/seamonkey-bin-2.9
Target keywords : "amd64 x86"
Comment 4 Sean Amoss (RETIRED) gentoo-dev Security 2012-04-27 11:33:02 UTC
Arches, this bug is rated at B2 which has a target delay of only 10 days. Please try to stabilize within that time.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2012-04-28 00:22:12 UTC
CVE-2012-0479 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479):
  Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4,
  Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and
  SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an
  https URL for invalid (1) RSS or (2) Atom XML content.

CVE-2012-0478 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478):
  The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x
  through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0,
  Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not
  properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers
  to execute arbitrary code via a crafted web page.

CVE-2012-0477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477):
  Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x
  through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0,
  Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote
  attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or
  (2) ISO-2022-CN character set.

CVE-2012-0475 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475):
  Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and
  SeaMonkey before 2.9 do not properly construct the Origin and
  Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to
  bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2)
  WebSocket operation involving a nonstandard port number and an IPv6 address
  that contains certain zero fields.

CVE-2012-0474 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474):
  Cross-site scripting (XSS) vulnerability in the docshell implementation in
  Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4,
  Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and
  SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script
  or HTML via vectors related to short-circuited page loads, aka "Universal
  XSS (UXSS)."

CVE-2012-0473 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473):
  The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x
  through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0,
  Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the
  FindMaxElementInSubArray function with incorrect template arguments, which
  allows remote attackers to obtain sensitive information from video memory
  via a crafted WebGL.drawElements call.

CVE-2012-0471 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471):
  Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through
  11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0,
  Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote
  attackers to inject arbitrary web script or HTML via a multibyte character
  set.

CVE-2012-0470 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470):
  Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel
  function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before
  10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4,
  and SeaMonkey before 2.9 allows remote attackers to cause a denial of
  service (invalid gfxImageSurface free operation) or possibly execute
  arbitrary code by leveraging the use of "different number systems."

CVE-2012-0469 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469):
  Use-after-free vulnerability in the
  mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in
  Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4,
  Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and
  SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via
  vectors related to crafted IndexedDB data.

CVE-2012-0468 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468):
  The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0
  through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a
  denial of service (assertion failure and memory corruption) or possibly
  execute arbitrary code via vectors related to jsval.h and the
  js::array_shift function.

CVE-2012-0467 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0
  through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9
  allow remote attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via unknown vectors.
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2012-04-28 12:05:03 UTC
x86: 
i'm not see problems with all *-bin packeges: all pass
Also pass for =www-client/firefox-10.0.4 && =mail-client/thunderbird-10.0.4

QA for thunderbird:



 * QA Notice: command not found:
 * 
 * 	/var/tmp/portage/mail-client/thunderbird-10.0.4/work/comm-esr10/db/makefiles.sh: line 38: $'\r': command not found
Comment 7 Maurizio Camisaschi (amd64 AT) 2012-04-29 10:48:05 UTC
apart known bugs (Bug 394715 Bug 391889 Bug 398389), there aren't regressions, for amd64 is ok
Comment 8 Agostino Sarubbo gentoo-dev 2012-04-30 12:29:48 UTC
amd64 stable
Comment 9 Andreas Schürch gentoo-dev 2012-05-02 06:12:47 UTC
x86 stable, thanks Mikle.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:05:30 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).