CVE-2012-3963 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963): Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2012-3962 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962): Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document. CVE-2012-3961 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961): Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-3960 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960): Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-3959 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959): Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-3958 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958): Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-3957 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957): Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2012-3956 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956): Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-1976 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976): Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-1975 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975): Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-1974 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974): Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-1973 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973): Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-1972 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972): Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2012-1971 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors. CVE-2012-1970 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2012-1956 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956): Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
*** Bug 433525 has been marked as a duplicate of this bug. ***
Feel free to bring in teams, everything is in the tree, we are looking to stabilize seamonkey{-bin}-2.12, firefox/thunderbird{-bin}-10.0.7, you will also need to stabilize nss-3.13.6 along with nspr-4.9.2.
CVE-2012-3980 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980): The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. CVE-2012-3978 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978): The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. CVE-2012-3976 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976): Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. CVE-2012-3975 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975): The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code. CVE-2012-3973 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973): The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. CVE-2012-3972 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972): The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. CVE-2012-3971 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971): Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. CVE-2012-3970 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970): Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. CVE-2012-3969 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969): Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. CVE-2012-3968 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968): Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. CVE-2012-3967 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967): The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. CVE-2012-3966 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966): Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component. CVE-2012-3965 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965): Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window. CVE-2012-3964 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964): Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
(In reply to comment #2) > Feel free to bring in teams, everything is in the tree, we are looking to > stabilize seamonkey{-bin}-2.12, firefox/thunderbird{-bin}-10.0.7, you will > also need to stabilize nss-3.13.6 along with nspr-4.9.2. Great, thank you. Arches, please test and mark stable: =www-client/firefox-10.0.7 Target keywords : "alpha amd64 arm ia64 ppc ppc64 x86" =www-client/firefox-bin-10.0.7 Target keywords : "amd64 x86" =dev-libs/nspr-4.9.2 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =dev-libs/nss-3.13.6 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =mail-client/thunderbird-10.0.7 Target keywords : "amd64 ppc ppc64 x86" =mail-client/thunderbird-bin-10.0.7 Target keywords : "amd64 x86" =www-client/seamonkey-2.12 Target keywords : "amd64 arm ppc ppc64 x86" =www-client/seamonkey-bin-2.12 Target keywords : "amd64 x86"
Stable for HPPA.
amd64 stable
I've bumped www-client/seamonkey-2.12 to 2.12.1 as it has a privacy relevant fix which slipped into the ff-15.0/sm-2.12 release as regression. I bumped the version straight to stable for amd64 (the only arch that already stabled 2.12) and removed the 2.12 version.
x86 done, but I've seen a little minor regression in seamonkey! It fails with USE="custom-cflags -gstreamer".
Remaining arches will continue in bug 437780.
This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle).