Updated iceape package fixes security vulnerabilities
Publication date: 09 Dec 2014Modification date: 09 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-1587 , CVE-2014-1588 , CVE-2014-1589 , CVE-2014-1590 , CVE-2014-1591 , CVE-2014-1592 , CVE-2014-1593 , CVE-2014-1594 , CVE-2014-8631 , CVE-2014-8632
Description
When the oxygen-gtk was active and iceape tried to draw a menu (for example after a mouse down event on the menu bar), a segmentation fault was triggered causing iceape to crash. The oxygen-gtk theme engine contains a solution for this problem, this is now enabled for iceape. (MGA #12978) Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (CVE-2014-1587, CVE-2014-1588) A method was found to trigger chrome level XML Binding Language (XBL) bindings through web content. This was possible because some chrome accessible CSS stylesheets had their primary namespace improperly declared. When this occurred, it was possible to use these stylesheets to manipulate XBL bindings, allowing web content to bypass security restrictions. This issue was limited to a specific set of stylesheets. (CVE-2014-1589) In Iceape (seamonkey) before version 2.31, passing a JavaScript object to XMLHttpRequest that mimics an input stream will result in a crash. This crash is not exploitable and can only be used for denial of service attacks. (CVE-2014-1590) Content Security Policy (CSP) violation reports triggered by a redirect did not remove path information as required by the CSP specification in Iceape (seamonkey) 2.30. This potentially reveals information about the redirect that would not otherwise be known to the original site. This could be used by a malicious site to obtain sensitive information such as usernames or single-sign-on tokens encoded within the target URLs. (CVE-2014-1591) In Iceape (seamonkey) before version 2.31, a use-after-free could be created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash. (CVE-2014-1592) A buffer overflow during the parsing of media content was found using the Address Sanitizer tool. This leads to a potentially exploitable crash. (CVE-2014-1593) A bad casting from the BasicThebesLayer to BasicContainerLayer resulted in undefined behavior. This behavior is potentially exploitable with some compilers but no clear mechanism to trigger it through web content was identified. (CVE-2014-1594) When chrome objects are protected by Chrome Object Wrappers (COW) and are passed as native interfaces, if this is done with some methods, normally protected objects may be accessible to native methods exposed to web content. (CVE-2014-8631) When XrayWrappers filter object properties and validation of the object initially occurs, one set of object properties will appear to be available. Later, when the XrayWrappers are removed, a more expansive set of properties is available. These are then stored without further validation, making these properties available and bypassing security protections that would normally protect them from access. (CVE-2014-8632)
References
- https://bugs.mageia.org/show_bug.cgi?id=14733
- https://www.mozilla.org/en-US/security/advisories/mfsa2014-83/
- https://www.mozilla.org/en-US/security/advisories/mfsa2014-84/
- https://www.mozilla.org/en-US/security/advisories/mfsa2014-85/
- https://www.mozilla.org/en-US/security/advisories/mfsa2014-86/
- https://www.mozilla.org/en-US/security/advisories/mfsa2014-87/
- https://www.mozilla.org/en-US/security/advisories/mfsa2014-88/
- https://www.mozilla.org/en-US/security/advisories/mfsa2014-89/
- https://www.mozilla.org/en-US/security/advisories/mfsa2014-91/
- https://bugs.mageia.org/show_bug.cgi?id=12978
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1589
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1591
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8631
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8632
SRPMS
4/core
- iceape-2.31-3.mga4