{ "schema_version": "1.7.0", "id": "MGASA-2014-0146", "published": "2014-03-31T19:47:52Z", "modified": "2014-03-31T19:47:10Z", "summary": "Updated iceape packages fix multiple vulnerabilities", "details": "Updated iceape packages fix security issues:\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla \nFirefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4,\nand SeaMonkey before 2.25 allow remote attackers to cause a denial of service\n(memory corruption and application crash) or possibly execute arbitrary \ncode via unknown vectors. (CVE-2014-1493)\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla \nFirefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause\na denial of service (memory corruption and application crash) or possibly\nexecute arbitrary code via unknown vectors. (CVE-2014-1494)\n\nMozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird \nbefore 24.4, and SeaMonkey before 2.25 might allow local users to gain\nprivileges by modifying the extracted Mar contents during an update.\n(CVE-2014-1496)\n\nmozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before\n28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey\nbefore 2.25 allows remote attackers to obtain sensitive information from\nprocess heap memory, cause a denial of service (out-of-bounds read and\napplication crash), or possibly have unspecified other impact via a crafted\nWAV file. (CVE-2014-1497)\n\nThe crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and\nSeaMonkey before 2.25 does not properly validate a certain key type, which\nallows remote attackers to cause a denial of service (application crash)\nvia vectors that trigger generation of a key that supports the Elliptic \nCurve ec-dual-use algorithm. (CVE-2014-1498)\n\nMozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote \nattackers to spoof the domain name in the WebRTC (1) camera or (2) \nmicrophone permission prompt by triggering navigation at a certain time \nduring generation of this prompt. (CVE-2014-1499)\n\nMozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote \nattackers to cause a denial of service (resource consumption and \napplication hang) via onbeforeunload events that trigger background \nJavaScript execution. (CVE-2014-1500)\n\nThe (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D \nfunctions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow \nremote attackers to bypass the Same Origin Policy and render content in a \ndifferent domain via unspecified vectors. (CVE-2014-1502)\n\nThe session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey \nbefore 2.25 does not consider the Content Security Policy of a data: URL, \nwhich makes it easier for remote attackers to conduct cross-site scripting \n(XSS) attacks via a crafted document that is accessed after a browser \nrestart. (CVE-2014-1504)\n\nThe libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, \nFirefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before \n2.25 allows remote attackers to obtain sensitive information from process \nmemory, cause a denial of service (out-of-bounds read and application \ncrash), or possibly bypass the Same Origin Policy via vectors involving \nMathML polygon rendering. (CVE-2014-1508)\n\nBuffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as \nused in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, \nThunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers \nto execute arbitrary code via a crafted extension that renders fonts in a \nPDF document. (CVE-2014-1509)\n\n SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x \nbefore 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows \nremote attackers to obtain sensitive displacement-correlation information, \nand possibly bypass the Same Origin Policy and read text from a different \ndomain, via a timing attack involving feDisplacementMap elements, a related \nissue to CVE-2013-1693. (CVE-2014-1505)\n\nThe Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x \nbefore 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows \nremote attackers to execute arbitrary JavaScript code with chrome \nprivileges by using an IDL fragment to trigger a window.open call. \n(CVE-2014-1510)\n\nMozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird \nbefore 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the \npopup blocker via unspecified vectors. (CVE-2014-1511)\n\nUse-after-free vulnerability in the TypeObject class in the JavaScript \nengine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, \nThunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers \nto execute arbitrary code by triggering extensive memory consumption while \ngarbage collection is occurring. (CVE-2014-1512)\n\nTypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x \nbefore 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not \nprevent a zero-length transition during use of an ArrayBuffer object, which \nallows remote attackers to execute arbitrary code or cause a denial of \nservice (heap-based out-of-bounds write or read) via a crafted web site. \n(CVE-2014-1513)\n\nvmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x \nbefore 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not \nvalidate the length of the destination array before a copy operation, which \nallows remote attackers to execute arbitrary code or cause a denial of \nservice (out-of-bounds write and application crash) by triggering incorrect \nuse of the TypedArrayObject class. (CVE-2014-1514)\n", "upstream": [ "CVE-2014-1493", "CVE-2014-1494", "CVE-2014-1496", "CVE-2014-1497", "CVE-2014-1498", "CVE-2014-1499", "CVE-2014-1500", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1505", "CVE-2014-1508", "CVE-2014-1509", "CVE-2014-1510", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1513", "CVE-2014-1514" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2014-0146.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-15.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-16.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-17.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-18.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-19.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-20.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-22.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-23.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-26.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-27.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-28.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-29.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-30.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-31.html" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-32.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=13072" } ], "affected": [ { "package": { "ecosystem": "Mageia:3", "name": "iceape", "purl": "pkg:rpm/mageia/iceape?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.25-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "iceape", "purl": "pkg:rpm/mageia/iceape?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.25-1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }