{ "schema_version": "1.7.0", "id": "MGASA-2013-0287", "published": "2013-09-19T09:49:58Z", "modified": "2013-09-19T09:49:39Z", "summary": "Updated firefox and thunderbird packages fix security vulnerabilities", "details": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox or Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of\nthe user running Firefox or Thunderbird (CVE-2013-1718, CVE-2013-1722,\nCVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735,\nCVE-2013-1736).\n\nA flaw was found in the way Firefox and Thunderbird handled certain DOM\nJavaScript objects. An attacker could use this flaw to make JavaScript\nclient or add-on code make incorrect, security sensitive decisions\n(CVE-2013-1737).\n", "upstream": [ "CVE-2013-1718", "CVE-2013-1722", "CVE-2013-1725", "CVE-2013-1730", "CVE-2013-1732", "CVE-2013-1735", "CVE-2013-1736", "CVE-2013-1737" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2013-0287.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=11250" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-76.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-79.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-82.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-83.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-88.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-89.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-90.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-91.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html" }, { "type": "WEB", "url": "https://rhn.redhat.com/errata/RHSA-2013-1268.html" }, { "type": "WEB", "url": "https://rhn.redhat.com/errata/RHSA-2013-1269.html" } ], "affected": [ { "package": { "ecosystem": "Mageia:2", "name": "firefox", "purl": "pkg:rpm/mageia/firefox?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.9-1.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:2", "name": "firefox-l10n", "purl": "pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.9-1.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:2", "name": "thunderbird", "purl": "pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.9-1.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:2", "name": "thunderbird-l10n", "purl": "pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.9-1.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "firefox", "purl": "pkg:rpm/mageia/firefox?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.9-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "firefox", "purl": "pkg:rpm/mageia/firefox?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.9-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "thunderbird", "purl": "pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.9-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "thunderbird-l10n", "purl": "pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "17.0.9-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }