{ "schema_version": "1.7.0", "id": "MGASA-2014-0048", "published": "2014-02-10T20:18:15Z", "modified": "2014-02-10T20:17:49Z", "summary": "Updated seamonkey packages fix multiple vulnerabilities", "details": "Updated iceape packages fix security issues:\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox\nbefore 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey\nbefore 2.23 allow remote attackers to cause a denial of service (memory corruption \nand application crash) or possibly execute arbitrary code via unknown vectors. \n(CVE-2013-5609)\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox \nbefore 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial \nof service (memory corruption and application crash) or possibly execute arbitrary \ncode via unknown vectors. (CVE-2013-5610)\n\nCross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and \nSeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary \nweb script or HTML by leveraging a Same Origin Policy violation triggered by \nlack of a charset parameter in a Content-Type HTTP header. (CVE-2013-5612)\n\nMozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider \nthe sandbox attribute of an IFRAME element during processing of a contained \nOBJECT element, which allows remote attackers to bypass intended sandbox \nrestrictions via a crafted web site. (CVE-2013-5614)\n\nUse-after-free vulnerability in the nsEventListenerManager::HandleEventSubType \nfunction in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, \nThunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to \nexecute arbitrary code or cause a denial of service (heap memory corruption) \nvia vectors related to mListeners event listeners. (CVE-2013-5616)\n\nUse-after-free vulnerability in the nsNodeUtils::LastRelease function in the \ntable-editing user interface in the editor component in Mozilla Firefox before \n26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey \nbefore 2.23 allows remote attackers to execute arbitrary code by triggering \nimproper garbage collection. (CVE-2013-5618)\n\nMultiple integer overflows in the binary-search implementation in SpiderMonkey \nin Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote \nattackers to cause a denial of service (out-of-bounds array access) or possibly \nhave unspecified other impact via crafted JavaScript code. (CVE-2013-5619)\n\nThe nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, \nFirefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before \n2.23 allows remote attackers to execute arbitrary code via crafted use of \nJavaScript code for ordered list elements. (CVE-2013-6671)\n\nMozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted \nremote attackers to read clipboard data by leveraging certain middle-click \npaste operations. (CVE-2013-6672)\n\nMozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before \n24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust \nfrom an EV X.509 certificate, which makes it easier for man-in-the-middle \nattackers to spoof SSL servers in opportunistic circumstances via a valid \ncertificate that is unacceptable to the user. (CVE-2013-6673)\n\nUse-after-free vulnerability in the PresShell::DispatchSynthMouseMove function \nin Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird \nbefore 24.2, and SeaMonkey before 2.23 allows remote attackers to execute \narbitrary code or cause a denial of service (heap memory corruption) via vectors \ninvolving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration \nfunction. (CVE-2013-5613)\n\nThe JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x \nbefore 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly \nenforce certain typeset restrictions on the generation of GetElementIC typed \narray stubs, which has unspecified impact and remote attack vectors. \n(CVE-2013-5615)\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox \nbefore 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey \nbefore 2.24 allow remote attackers to cause a denial of service (memory corruption \nand application crash) or possibly execute arbitrary code via unknown vectors. \n(CVE-2014-1477)\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox \nbefore 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial \nof service (memory corruption and application crash) or possibly execute arbitrary \ncode via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and \nstack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors. \n(CVE-2014-1478)\n\nThe System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, \nFirefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before \n2.24 does not prevent certain cloning operations, which allows remote attackers \nto bypass intended restrictions on XUL content via vectors involving XBL content \nscopes. (CVE-2014-1479)\n\nThe file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey \nbefore 2.24 does not properly restrict the timing of button selections, which \nallows remote attackers to conduct clickjacking attacks, and trigger unintended \nlaunching of a downloaded file, via a crafted web site. (CVE-2014-1480)\n\nRasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, \nThunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to \ndiscarded data, which allows remote attackers to execute arbitrary code or \ncause a denial of service (incorrect write operations) via crafted image data, \nas demonstrated by Goo Create. (CVE-2014-1482)\n\nMozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers \nto bypass the Same Origin Policy and obtain sensitive information by using an \nIFRAME element in conjunction with certain timing measurements involving the \ndocument.caretPositionFromPoint and document.elementFromPoint functions. \n(CVE-2014-1483)\n\nThe Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 \nand SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src \ndirectives instead of script-src directives, which might allow remote attackers \nto execute arbitrary XSLT code by leveraging insufficient style-src restrictions. \n(CVE-2014-1485)\n\nUse-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox \nbefore 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey \nbefore 2.24 allows remote attackers to execute arbitrary code via vectors involving \nunspecified Content-Type values for image data. (CVE-2014-1486)\n\nThe Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x \nbefore 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote \nattackers to bypass the Same Origin Policy and obtain sensitive authentication \ninformation via vectors involving error messages.(CVE-2014-1487)\n\nThe Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey \nbefore 2.24 allows remote attackers to execute arbitrary code via vectors \ninvolving termination of a worker process that has performed a cross-thread \nobject-passing operation in conjunction with use of asm.js. (CVE-2014-1488)\n\nMozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before \n24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended \nrestrictions on window objects by leveraging inconsistency in native getter \nmethods across different JavaScript engines. (CVE-2014-1481)\n", "upstream": [ "CVE-2013-5609", "CVE-2013-5610", "CVE-2013-5612", "CVE-2013-5613", "CVE-2013-5614", "CVE-2013-5615", "CVE-2013-5616", "CVE-2013-5618", "CVE-2013-5619", "CVE-2013-6671", "CVE-2013-6672", "CVE-2013-6673", "CVE-2014-1477", "CVE-2014-1478", "CVE-2014-1479", "CVE-2014-1480", "CVE-2014-1481", "CVE-2014-1482", "CVE-2014-1483", "CVE-2014-1485", "CVE-2014-1486", "CVE-2014-1487", "CVE-2014-1488" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2014-0048.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-104.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-106.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-107.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-108.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-109.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-110.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-111.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-112.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-113.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-114.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-115.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-01.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-03.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-04.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-05.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-07.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-08.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-11.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-13.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=12650" } ], "affected": [ { "package": { "ecosystem": "Mageia:3", "name": "iceape", "purl": "pkg:rpm/mageia/iceape?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.24-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "iceape", "purl": "pkg:rpm/mageia/iceape?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.24-1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }