Advisories ยป MGASA-2013-0248

Updated firefox and thunderbird packages fix security vulnerabilities

Publication date: 12 Aug 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-1701 , CVE-2013-1709 , CVE-2013-1710 , CVE-2013-1713 , CVE-2013-1714 , CVE-2013-1717

Description

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2013-1701).

Mozilla security researcher moz_bug_r_a4 reported that through an
interaction of frames and browser history it was possible to make
the browser believe attacker-supplied content came from the location
of a previous page in browser history. This allows for cross-site
scripting (XSS) attacks by loading scripts from a misrepresented
malicious site through relative locations and the potential access
of stored credentials of a spoofed site (CVE-2013-1709).

Mozilla security researcher moz_bug_r_a4 reported a mechanism to
execute arbitrary code or a cross-site scripting (XSS) attack when
Certificate Request Message Format (CRMF) request is generated in
certain circumstances (CVE-2013-1710).

Security researcher Cody Crews reported that some Javascript components
will perform checks against the wrong uniform resource identifier
(URI) before performing security sensitive actions. This will return
an incorrect location for the originator of the call. This could be
used to bypass same-origin policy, allowing for cross-site scripting
(XSS) or the installation of malicious add-ons from third-party pages
(CVE-2013-1713).

Mozilla community member Federico Lanusse reported a mechanism where
a web worker can violate same-origin policy and bypass cross-origin
checks through XMLHttpRequest. This could allow for cross-site
scripting (XSS) attacks by web workers (CVE-2013-1714).

Security researcher Georgi Guninski reported an issue with Java
applets where in some circumstances the applet could access files on
the local system when loaded using the a file:/// URI and violate file
origin policy due to interaction with the codebase parameter. This
affects applets running on the local file system. Mozilla developer
John Schoenick later discovered that fixes for this issue were
inadequate and allowed the invocation of Java applets to bypass
security checks in additional circumstances. This could lead to
untrusted Java applets having read-only access on the local files
system if used in conjunction with a method to download a file to a
known or guessable path (CVE-2013-1717).
                

References

SRPMS

3/core

2/core