Advisories ยป MGASA-2014-0006

Updated firefox and thunderbird packages fix security vulnerabilities

Publication date: 06 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-5609 , CVE-2013-5616 , CVE-2013-5618 , CVE-2013-6671 , CVE-2013-5613


Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to
terminate unexpectedly or, potentially, execute arbitrary code with the
privileges of the user running Firefox or Thunderbird (CVE-2013-5609,
CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613).

It was found that a subordinate Certificate Authority (CA) mis-issued an
intermediate certificate, which could be used to conduct man-in-the-middle
attacks. This update renders that particular intermediate certificate as
untrusted (MFSA 2013-117).

The rootcerts and nss packages have been updated to fix the MFSA 2013-117
issue.  The thunderbird-lightning package has been updated to a version
that is compatible with the updated thunderbird.