Advisories ยป MGASA-2014-0146

Updated iceape packages fix multiple vulnerabilities

Publication date: 31 Mar 2014
Modification date: 31 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1493 , CVE-2014-1494 , CVE-2014-1496 , CVE-2014-1497 , CVE-2014-1498 , CVE-2014-1499 , CVE-2014-1500 , CVE-2014-1502 , CVE-2014-1504 , CVE-2014-1505 , CVE-2014-1508 , CVE-2014-1509 , CVE-2014-1510 , CVE-2014-1511 , CVE-2014-1512 , CVE-2014-1513 , CVE-2014-1514

Description

Updated iceape packages fix security issues:

Multiple unspecified vulnerabilities in the browser engine in Mozilla 
Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4,
and SeaMonkey before 2.25 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute arbitrary 
code via unknown vectors. (CVE-2014-1493)

Multiple unspecified vulnerabilities in the browser engine in Mozilla 
Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause
a denial of service (memory corruption and application crash) or possibly
execute arbitrary code via unknown vectors. (CVE-2014-1494)

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird 
before 24.4, and SeaMonkey before 2.25 might allow local users to gain
privileges by modifying the extracted Mar contents during an update.
(CVE-2014-1496)

mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before
28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey
before 2.25 allows remote attackers to obtain sensitive information from
process heap memory, cause a denial of service (out-of-bounds read and
application crash), or possibly have unspecified other impact via a crafted
WAV file. (CVE-2014-1497)

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and
SeaMonkey before 2.25 does not properly validate a certain key type, which
allows remote attackers to cause a denial of service (application crash)
via vectors that trigger generation of a key that supports the Elliptic 
Curve ec-dual-use algorithm. (CVE-2014-1498)

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote 
attackers to spoof the domain name in the WebRTC (1) camera or (2) 
microphone permission prompt by triggering navigation at a certain time 
during generation of this prompt. (CVE-2014-1499)

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote 
attackers to cause a denial of service (resource consumption and 
application hang) via onbeforeunload events that trigger background 
JavaScript execution. (CVE-2014-1500)

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D 
functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow 
remote attackers to bypass the Same Origin Policy and render content in a 
different domain via unspecified vectors. (CVE-2014-1502)

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey 
before 2.25 does not consider the Content Security Policy of a data: URL, 
which makes it easier for remote attackers to conduct cross-site scripting 
(XSS) attacks via a crafted document that is accessed after a browser 
restart. (CVE-2014-1504)

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, 
Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 
2.25 allows remote attackers to obtain sensitive information from process 
memory, cause a denial of service (out-of-bounds read and application 
crash), or possibly bypass the Same Origin Policy via vectors involving 
MathML polygon rendering. (CVE-2014-1508)

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as 
used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, 
Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers 
to execute arbitrary code via a crafted extension that renders fonts in a 
PDF document. (CVE-2014-1509)

 SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x 
before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows 
remote attackers to obtain sensitive displacement-correlation information, 
and possibly bypass the Same Origin Policy and read text from a different 
domain, via a timing attack involving feDisplacementMap elements, a related 
issue to CVE-2013-1693. (CVE-2014-1505)

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x 
before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows 
remote attackers to execute arbitrary JavaScript code with chrome 
privileges by using an IDL fragment to trigger a window.open call. 
(CVE-2014-1510)

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird 
before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the 
popup blocker via unspecified vectors. (CVE-2014-1511)

Use-after-free vulnerability in the TypeObject class in the JavaScript 
engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, 
Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers 
to execute arbitrary code by triggering extensive memory consumption while 
garbage collection is occurring. (CVE-2014-1512)

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x 
before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not 
prevent a zero-length transition during use of an ArrayBuffer object, which 
allows remote attackers to execute arbitrary code or cause a denial of 
service (heap-based out-of-bounds write or read) via a crafted web site. 
(CVE-2014-1513)

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x 
before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not 
validate the length of the destination array before a copy operation, which 
allows remote attackers to execute arbitrary code or cause a denial of 
service (out-of-bounds write and application crash) by triggering incorrect 
use of the TypedArrayObject class. (CVE-2014-1514)

References

SRPMS

3/core

4/core