Release Notes for Firefox: https://www.mozilla.org/en-US/firefox/30.0/releasenotes/ Reproducible: Always
MFSA 2014-55 Out of bounds write in NSPR MFSA 2014-54 Buffer overflow in Gamepad API MFSA 2014-53 Buffer overflow in Web Audio Speex resampler MFSA 2014-52 Use-after-free with SMIL Animation Controller MFSA 2014-51 Use-after-free in Event Listener Manager MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
@mozilla team: when is time to stabilize please describe the versions and the targets with order. Thanks.
(In reply to Agostino Sarubbo from comment #2) > @mozilla team: > > when is time to stabilize please describe the versions and the targets with > order. > > Thanks. {thunderbird,firefox}{,-bin}-24.6.0 are in the tree and ready for stabilization, nspr-4.10.6 is not a trivial bump and will have to wait for tomorrow. Firefox-30 will also need to wait but it doesn't get stabilized. No word on seamonkey yet, upstream has not made a 2.27 release and I didn't check the MFSA's to see if seamonkey is affected yet, either. If nobody is in a huge rush, i will file the official stablereq's tomorrow once nspr is done.
*** Bug 513112 has been marked as a duplicate of this bug. ***
OK, all stabilizable targets are in the tree. Arch Teams, please test and please stabilize as follows: =dev-libs/nspr-4.10.6 Target stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 =mail-client/thunderbird-24.6.0 Target stable KEYWORDS : amd64 arm ppc ppc64 x86 =www-client/firefox-24.6.0 Target stable KEYWORDS : amd64 arm hppa ppc ppc64 x86 (note: firefox-30 is still coming)
(In reply to Ian Stakenvicius from comment #5) > OK, all stabilizable targets are in the tree. > > Arch Teams, please test and please stabilize as follows: ..forgot the -bin packages... =www-client/firefox-bin-24.6.0 Target stable KEYWORDS : amd64 x86 =mail-client/thunderbird-bin-24.6.0 Target stable KEYWORDS : amd64 x86
amd64 stable
www-client/firefox-30.0 needs newer sqlite package: configure:22859: checking for sqlite3 >= 3.8.3.1 configure: error: Library requirements (sqlite3 >= 3.8.3.1) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them. While in ebuild the requirement is only: system-sqlite? ( >=dev-db/sqlite-3.8.1.3:3[secure-delete,debug=] )
(In reply to Tomasz Golinski from comment #8) > www-client/firefox-30.0 needs newer sqlite package: > > > configure:22859: checking for sqlite3 >= 3.8.3.1 > system-sqlite? ( >=dev-db/sqlite-3.8.1.3:3[secure-delete,debug=] ) Apologies for my dyslexia, i thought the dep was already correct. Fixed in-place in the tree, for expediency; I will go through every dep again over the next 24/48h to confirm they are correct too.
Stable for HPPA.
x86 stable
arm stable for =dev-libs/nspr-4.10.6.
Added seamonkey to the bug since it too is vulnerable. Arches, please test and stabilize: =www-client/seamonkey{,-bin}-2.26.1 Target stable KEYWORDS : amd64 x86
alpha stable
ppc stable
ppc64 stable
ia64 stable
sparc stable
CVE-2014-1542 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1542): Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. CVE-2014-1541 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1541): Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. CVE-2014-1540 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1540): Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. CVE-2014-1539 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1539): Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. CVE-2014-1538 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1538): Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2014-1537 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1537): Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2014-1536 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1536): The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2014-1534 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1534): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2014-1533 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1533): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Merging multiple bugs for www-client/firefox{,-bin}, mail-client/thunderbird{,-bin}, www-client/seamonkey{,-bin) under the latest bug 531408 which is undergoing stabilization with each bug either needing cleanup or some stabilization.
CVE-2014-1545 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1545): Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. CVE-2014-1543 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1543): Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.
Setting blocker to Bug 541506, stabilization of version: 31.5.0 Arm stabilization was not completed as part of this build.
Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201504-01 at https://security.gentoo.org/glsa/201504-01 by GLSA coordinator Kristian Fiskerstrand (K_F).
