Advisories ยป MGASA-2014-0419

Updated iceape package fixes security vulnerabilities

Publication date: 23 Oct 2014
Modification date: 23 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1533 , CVE-2014-1534 , CVE-2014-1536 , CVE-2014-1537 , CVE-2014-1538 , CVE-2014-1540 , CVE-2014-1541 , CVE-2014-1542 , CVE-2014-1547 , CVE-2014-1548 , CVE-2014-1549 , CVE-2014-1550 , CVE-2014-1552 , CVE-2014-1553 , CVE-2014-1554 , CVE-2014-1555 , CVE-2014-1556 , CVE-2014-1557 , CVE-2014-1558 , CVE-2014-1559 , CVE-2014-1560 , CVE-2014-1561 , CVE-2014-1562 , CVE-2014-1563 , CVE-2014-1564 , CVE-2014-1565 , CVE-2014-1567 , CVE-2014-1574 , CVE-2014-1575 , CVE-2014-1576 , CVE-2014-1577 , CVE-2014-1578 , CVE-2014-1580 , CVE-2014-1581 , CVE-2014-1582 , CVE-2014-1583 , CVE-2014-1584 , CVE-2014-1585 , CVE-2014-1586

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla 
Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird 
before 24.6 allow remote attackers to cause a denial of service 
(memory corruption and application crash) or possibly execute 
arbitrary code via unknown vectors. (CVE-2014-1533)

Multiple unspecified vulnerabilities in the browser engine in Mozilla 
Firefox before 30.0 allow remote attackers to cause a denial of 
service (memory corruption and application crash) or possibly execute 
arbitrary code via unknown vectors. (CVE-2014-1534)

The PropertyProvider::FindJustificationRange function in Mozilla 
Firefox before 30.0 allows remote attackers to execute arbitrary code 
or cause a denial of service (out-of-bounds read) via unspecified 
vectors. (CVE-2014-1536)

Use-after-free vulnerability in the 
mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox 
before 30.0 allows remote attackers to execute arbitrary code or cause 
a denial of service (heap memory corruption) via unspecified vectors. 
(CVE-2014-1537)

Use-after-free vulnerability in the nsTextEditRules::CreateMozBR 
function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, 
and Thunderbird before 24.6 allows remote attackers to execute 
arbitrary code or cause a denial of service (heap memory corruption) 
via unspecified vectors. (CVE-2014-1538)

Use-after-free vulnerability in the 
nsEventListenerManager::CompileEventHandlerInternal function in the 
Event Listener Manager in Mozilla Firefox before 30.0 allows remote 
attackers to execute arbitrary code or cause a denial of service (heap 
memory corruption) via crafted web content. (CVE-2014-1540)

Use-after-free vulnerability in the RefreshDriverTimer::Tick*Driver 
function in the SMIL Animation Controller in Mozilla Firefox before 
30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows 
remote attackers to execute arbitrary code or cause a denial of 
service (heap memory corruption) via crafted web content. 
(CVE-2014-1541)

Buffer overflow in the Speex resampler in the Web Audio subsystem in 
Mozilla Firefox before 30.0 allows remote attackers to execute 
arbitrary code via vectors related to a crafted AudioBuffer channel 
count and sample rate. (CVE-2014-1542)

Multiple unspecified vulnerabilities in the browser engine in Mozilla 
Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird 
before 24.7 allow remote attackers to cause a denial of service 
(memory corruption and application crash) or possibly execute 
arbitrary code via unknown vectors. (CVE-2014-1547)

Multiple unspecified vulnerabilities in the browser engine in Mozilla 
Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers 
to cause a denial of service (memory corruption and application crash) 
or possibly execute arbitrary code via unknown vectors. 
(CVE-2014-1548)

The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer 
function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 
does not properly allocate Web Audio buffer memory, which allows 
remote attackers to execute arbitrary code or cause a denial of 
service (buffer overflow and application crash) via crafted audio 
content that is improperly handled during playback buffering. 
(CVE-2014-1549)

Use-after-free vulnerability in the MediaInputPort class in Mozilla 
Firefox before 31.0 and Thunderbird before 31.0 allows remote 
attackers to execute arbitrary code or cause a denial of service (heap 
memory corruption) by leveraging incorrect Web Audio control-message 
ordering. (CVE-2014-1550)

Mozilla Firefox before 31.0 does not properly restrict use of 
drag-and-drop events to spoof customization events, which allows 
remote attackers to alter the placement of UI icons via crafted 
JavaScript code that is encountered during (1) page, (2) panel, or (3) 
toolbar customization. (CVE-2014-1561)

Use-after-free vulnerability in the nsDocLoader::OnProgress function 
in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and 
Thunderbird before 24.7 allows remote attackers to execute arbitrary 
code via vectors that trigger a FireOnStateChange event. 
(CVE-2014-1555)

Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and 
Thunderbird before 24.7 allow remote attackers to execute arbitrary 
code via crafted WebGL content constructed with the Cesium JavaScript 
library. (CVE-2014-1556)

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox 
before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 
24.7, does not properly handle the discarding of image data during 
function execution, which allows remote attackers to execute arbitrary 
code by triggering prolonged image scaling, as demonstrated by scaling 
of a high-quality image. (CVE-2014-1557)

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote 
attackers to cause a denial of service (X.509 certificate parsing 
outage) via a crafted certificate that does not use UTF-8 character 
encoding in a required context, a different vulnerability than 
CVE-2014-1559. (CVE-2014-1558)

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote 
attackers to cause a denial of service (X.509 certificate parsing 
outage) via a crafted certificate that does not use UTF-8 character 
encoding in a required context, a different vulnerability than 
CVE-2014-1558. (CVE-2014-1559)

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote 
attackers to cause a denial of service (X.509 certificate parsing 
outage) via a crafted certificate that does not use ASCII character 
encoding in a required context. (CVE-2014-1560)

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not 
properly implement the sandbox attribute of the IFRAME element, which 
allows remote attackers to bypass intended restrictions on same-origin 
content via a crafted web site in conjunction with a redirect. 
(CVE-2014-1552)

Multiple unspecified vulnerabilities in the browser engine in Mozilla 
Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 
31.x before 31.1 allow remote attackers to cause a denial of service 
(memory corruption and application crash) or possibly execute 
arbitrary code via unknown vectors. (CVE-2014-1553)

Multiple unspecified vulnerabilities in the browser engine in Mozilla 
Firefox before 32.0 allow remote attackers to cause a denial of 
service (memory corruption and application crash) or possibly execute 
arbitrary code via unknown vectors. (CVE-2014-1554)

Unspecified vulnerability in the browser engine in Mozilla Firefox 
before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and 
Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote 
attackers to cause a denial of service (memory corruption and 
application crash) or possibly execute arbitrary code via unknown 
vectors. (CVE-2014-1562)

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff 
function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, 
and Thunderbird 31.x before 31.1 allows remote attackers to execute 
arbitrary code or cause a denial of service (heap memory corruption) 
via an SVG animation with DOM interaction that triggers incorrect 
cycle collection. (CVE-2014-1563)

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and 
Thunderbird 31.x before 31.1 do not properly initialize memory for GIF 
rendering, which allows remote attackers to obtain sensitive 
information from process memory via crafted web script that interacts 
with a CANVAS element associated with a malformed GIF image. 
(CVE-2014-1564)

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla 
Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 
31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows 
remote attackers to execute arbitrary code via text that is improperly 
handled during the interaction between directionality resolution and 
layout. (CVE-2014-1567)

Multiple unspecified vulnerabilities in the browser engine in Mozilla 
Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 
31.x before 31.2 allow remote attackers to cause a denial of service 
(memory corruption and application crash) or possibly execute 
arbitrary code via unknown vectors. (CVE-2014-1574)

Multiple unspecified vulnerabilities in the browser engine in Mozilla 
Firefox before 33.0 allow remote attackers to cause a denial of 
service (memory corruption and application crash) or possibly execute 
arbitrary code via vectors related to improper interaction between 
threading and garbage collection in the GCRuntime::triggerGC function 
in js/src/jsgc.cpp, and unknown other vectors. ()

Heap-based buffer overflow in the nsTransformedTextRun function in 
Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and 
Thunderbird 31.x before 31.2 allows remote attackers to execute 
arbitrary code via Cascading Style Sheets (CSS) token sequences that 
trigger changes to capitalization style. (CVE-2014-1576)

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the 
Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x 
before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers 
to obtain sensitive information from process memory or cause a denial 
of service (out-of-bounds read, memory corruption, and application 
crash) via an invalid custom waveform that triggers a calculation of a 
negative frequency value. (CVE-2014-1577)

The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x 
before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers 
to cause a denial of service (out-of-bounds write and application 
crash) or possibly execute arbitrary code via WebM frames with invalid 
tile sizes that are improperly handled in buffering operations during 
video playback. (CVE-2014-1578)

Mozilla Firefox before 33.0 does not properly initialize memory for 
GIF images, which allows remote attackers to obtain sensitive 
information from process memory via a crafted web page that triggers a 
sequence of rendering operations for truncated GIF data within a 
CANVAS element. (CVE-2014-1580)

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla 
Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 
31.x before 31.2 allows remote attackers to execute arbitrary code via 
text that is improperly handled during the interaction between 
directionality resolution and layout. (CVE-2014-1581)

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 
33.0 does not properly consider the connection-coalescing behavior of 
SPDY and HTTP/2 in the case of a shared IP address, which allows 
man-in-the-middle attackers to bypass an intended pinning 
configuration and spoof a web site by providing a valid certificate 
from an arbitrary recognized Certification Authority. (CVE-2014-1582)

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 
33.0 skips pinning checks upon an unspecified issuer-verification 
error, which makes it easier for remote attackers to bypass an 
intended pinning configuration and spoof a web site via a crafted 
certificate that leads to presentation of the Untrusted Connection 
dialog to the user. (CVE-2014-1584)

The WebRTC video-sharing feature in dom/media/MediaManager.cpp in 
Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and 
Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing 
actions for videos in IFRAME elements, which allows remote attackers 
to obtain sensitive information from the local camera by maintaining a 
session after the user tries to discontinue streaming. (CVE-2014-1585)

content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, 
Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does 
not consider whether WebRTC video sharing is occurring, which allows 
remote attackers to obtain sensitive information from the local camera 
in certain IFRAME situations by maintaining a session after the user 
temporarily navigates away. (CVE-2014-1586)

The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x 
before 31.2 does not properly restrict toJSON calls, which allows 
remote attackers to bypass the Same Origin Policy via crafted API 
calls that access sensitive information within the JSON data of an 
alarm. (CVE-2014-1583)
                

References

SRPMS

4/core

3/core