Updated firefox and thunderbird packages fix security vulnerabilities
Publication date: 06 Jan 2014Modification date: 06 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-5609 , CVE-2013-5616 , CVE-2013-5618 , CVE-2013-6671 , CVE-2013-5613
Description
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to
terminate unexpectedly or, potentially, execute arbitrary code with the
privileges of the user running Firefox or Thunderbird (CVE-2013-5609,
CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613).
It was found that a subordinate Certificate Authority (CA) mis-issued an
intermediate certificate, which could be used to conduct man-in-the-middle
attacks. This update renders that particular intermediate certificate as
untrusted (MFSA 2013-117).
The rootcerts and nss packages have been updated to fix the MFSA 2013-117
issue. The thunderbird-lightning package has been updated to a version
that is compatible with the updated thunderbird.
References
- https://bugs.mageia.org/show_bug.cgi?id=11945
- http://www.mozilla.org/security/announce/2013/mfsa2013-104.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-108.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-109.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-111.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-114.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-117.html
- http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
- http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
- https://rhn.redhat.com/errata/RHSA-2013-1812.html
- https://rhn.redhat.com/errata/RHSA-2013-1823.html
- https://rhn.redhat.com/errata/RHSA-2013-1861.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613
SRPMS
3/core
- rootcerts-20131204.00-1.mga3
- nss-3.15.3.1-1.mga3
- firefox-24.2.0-1.mga3
- firefox-l10n-24.2.0-1.mga3
- thunderbird-24.2.0-1.mga3
- thunderbird-l10n-24.2.0-1.mga3
- thunderbird-lightning-2.6.4-1.mga3