Advisories ยป MGASA-2014-0259

Updated iceape packages fix multiple vulnerabilities

Publication date: 11 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1518 , CVE-2014-1519 , CVE-2014-1522 , CVE-2014-1523 , CVE-2014-1524 , CVE-2014-1525 , CVE-2014-1526 , CVE-2014-1529 , CVE-2014-1530 , CVE-2014-1531 , CVE-2014-1532

Description

Updated iceape packages fix security issues:

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before
24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial
of service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors. (CVE-2014-1518)

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to
cause a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors. (CVE-2014-1519)

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web
Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26
allows remote attackers to execute arbitrary code or cause a denial of
service (out-of-bounds read, memory corruption, and application crash)
via crafted content. (CVE-2014-1522)

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox
before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and
SeaMonkey before 2.26 allows remote attackers to cause a denial of service
(out-of-bounds read and application crash) via a crafted JPEG image.
(CVE-2014-1523)

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox
before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and
SeaMonkey before 2.26 does not properly check whether objects are XBL
objects, which allows remote attackers to execute arbitrary code or cause
a denial of service (buffer overflow) via crafted JavaScript code that
accesses a non-XBL object as if it were an XBL object. (CVE-2014-1524)

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before
29.0 and SeaMonkey before 2.26 does not properly perform garbage
collection for Text Track Manager variables, which allows remote
attackers to execute arbitrary code or cause a denial of service
(use-after-free and heap memory corruption) via a crafted VIDEO element
in an HTML document. (CVE-2014-1525)

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x
before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows
remote attackers to bypass intended source-component restrictions and
execute arbitrary JavaScript code in a privileged context via a crafted
web page for which Notification.permission is granted. (CVE-2014-1529)

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR
24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26
allows remote attackers to trigger the loading of a URL with a spoofed
baseURI property, and conduct cross-site scripting (XSS) attacks, via a
crafted web site that performs history navigation. (CVE-2014-1530)

Use-after-free vulnerability in the nsGenericHTMLElement::
GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox
ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26
allows remote attackers to execute arbitrary code or cause a denial of
service (heap memory corruption) via vectors involving an imgLoader object
that is not properly handled during an image-resize operation.
(CVE-2014-1531)

Use-after-free vulnerability in the nsHostResolver::
ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before
29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey
before 2.26 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via vectors related to host
resolution. (CVE-2014-1532)

The XrayWrapper implementation in Mozilla Firefox before 29.0 and
SeaMonkey before 2.26 allows user-assisted remote attackers to bypass
intended access restrictions via a crafted web site that is visited in the
debugger, leading to unwrapping operations and calls to DOM methods on
the unwrapped objects. (CVE-2014-1526)
                

References

SRPMS

4/core

3/core