{ "schema_version": "1.7.0", "id": "MGASA-2013-0248", "published": "2013-08-12T13:54:58Z", "modified": "2013-08-12T13:54:18Z", "summary": "Updated firefox and thunderbird packages fix security vulnerabilities", "details": "Mozilla developers identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under\ncertain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code (CVE-2013-1701).\n\nMozilla security researcher moz_bug_r_a4 reported that through an\ninteraction of frames and browser history it was possible to make\nthe browser believe attacker-supplied content came from the location\nof a previous page in browser history. This allows for cross-site\nscripting (XSS) attacks by loading scripts from a misrepresented\nmalicious site through relative locations and the potential access\nof stored credentials of a spoofed site (CVE-2013-1709).\n\nMozilla security researcher moz_bug_r_a4 reported a mechanism to\nexecute arbitrary code or a cross-site scripting (XSS) attack when\nCertificate Request Message Format (CRMF) request is generated in\ncertain circumstances (CVE-2013-1710).\n\nSecurity researcher Cody Crews reported that some Javascript components\nwill perform checks against the wrong uniform resource identifier\n(URI) before performing security sensitive actions. This will return\nan incorrect location for the originator of the call. This could be\nused to bypass same-origin policy, allowing for cross-site scripting\n(XSS) or the installation of malicious add-ons from third-party pages\n(CVE-2013-1713).\n\nMozilla community member Federico Lanusse reported a mechanism where\na web worker can violate same-origin policy and bypass cross-origin\nchecks through XMLHttpRequest. This could allow for cross-site\nscripting (XSS) attacks by web workers (CVE-2013-1714).\n\nSecurity researcher Georgi Guninski reported an issue with Java\napplets where in some circumstances the applet could access files on\nthe local system when loaded using the a file:/// URI and violate file\norigin policy due to interaction with the codebase parameter. This\naffects applets running on the local file system. Mozilla developer\nJohn Schoenick later discovered that fixes for this issue were\ninadequate and allowed the invocation of Java applets to bypass\nsecurity checks in additional circumstances. This could lead to\nuntrusted Java applets having read-only access on the local files\nsystem if used in conjunction with a method to download a file to a\nknown or guessable path (CVE-2013-1717).\n", "upstream": [ "CVE-2013-1701", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1717" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2013-0248.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=10946" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-63.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-68.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-69.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-72.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-73.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-75.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html" }, { "type": "ADVISORY", "url": "http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:210/" } ], "affected": [ { "package": { "ecosystem": "Mageia:2", "name": "firefox", "purl": "pkg:rpm/mageia/firefox?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.8-1.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:2", "name": "firefox-l10n", "purl": "pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.8-1.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:2", "name": "thunderbird", "purl": "pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.8-1.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:2", "name": "thunderbird-l10n", "purl": "pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.8-1.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "firefox", "purl": "pkg:rpm/mageia/firefox?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.8-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "firefox-l10n", "purl": "pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.8-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "thunderbird", "purl": "pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.8-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "thunderbird-l10n", "purl": "pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.8-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }