Updated firefox & related packages fix multiple security vulnerabilities
Publication date: 09 Nov 2013Modification date: 09 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-1739 , CVE-2013-5590 , CVE-2013-5595 , CVE-2013-5597 , CVE-2013-5599 , CVE-2013-5600 , CVE-2013-5601 , CVE-2013-5602 , CVE-2013-5604
Description
Updated firefox packages fix security vulnerabilities:
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure
that data structures are initialized before read operations, which
allow remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors that trigger a decryption failure
(CVE-2013-1739).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to terminate
unexpectedly or, potentially, execute arbitrary code with the privileges of
the user running Firefox (CVE-2013-5590, CVE-2013-5597, CVE-2013-5599,
CVE-2013-5600, CVE-2013-5601, CVE-2013-5602).
It was found that the Firefox JavaScript engine incorrectly allocated
memory for certain functions. An attacker could combine this flaw with
other vulnerabilities to execute arbitrary code with the privileges of the
user running Firefox (CVE-2013-5595).
A flaw was found in the way Firefox handled certain Extensible Stylesheet
Language Transformations (XSLT) files. An attacker could combine this flaw
with other vulnerabilities to execute arbitrary code with the privileges of
the user running Firefox (CVE-2013-5604).
Additionally, the rootcerts, nspr, nss, and sqlite3 packages have been updated
to newer versions required by this update.
References
- http://www.mozilla.org/security/announce/2013/mfsa2013-93.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-95.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-96.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-98.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-100.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-101.html
- http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
- http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:257/
- https://rhn.redhat.com/errata/RHSA-2013-1476.html
- https://bugs.mageia.org/show_bug.cgi?id=11370
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604
SRPMS
2/core
- sqlite3-3.7.17-1.mga2
- rootcerts-20130411.00-1.mga2
- nspr-4.10.1-1.mga2
- nss-3.15.2-1.1.mga2
- firefox-24.1.0-1.mga2
- firefox-l10n-24.1.0-1.mga2
3/core
- sqlite3-3.7.17-1.mga3
- rootcerts-20130411.00-1.mga3
- nspr-4.10.1-1.mga3
- nss-3.15.2-1.1.mga3
- firefox-24.1.0-1.mga3
- firefox-l10n-24.1.0-1.mga3