Advisories » MGASA-2015-0126

Updated iceape packages fix security vulnerabilities

Publication date: 03 Apr 2015
Modification date: 03 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0817 , CVE-2015-0818 , CVE-2015-0820 , CVE-2015-0821 , CVE-2015-0822 , CVE-2015-0824 , CVE-2015-0825 , CVE-2015-0826 , CVE-2015-0827 , CVE-2015-0828 , CVE-2015-0829 , CVE-2015-0830 , CVE-2015-0831 , CVE-2015-0832 , CVE-2015-0835 , CVE-2015-0836

Description

Updated iceape packages fix security issues:

Multiple unspecified vulnerabilities in the browser engine in Mozilla 
Firefox before 36.0 allow remote attackers to cause a denial of service 
(memory corruption and application crash) or possibly execute arbitrary 
code via unknown vectors. (CVE-2015-0835)

Multiple unspecified vulnerabilities in the browser engine in Mozilla 
Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 
31.5 allow remote attackers to cause a denial of service (memory corruption 
and application crash) or possibly execute arbitrary code via unknown 
vectors. (CVE-2015-0836)

Mozilla Firefox before 36.0 does not properly recognize the equivalence of 
domain names with and without a trailing . (dot) character, which allows 
man-in-the-middle attackers to bypass the HPKP and HSTS protection 
mechanisms by constructing a URL with this character and leveraging access 
to an X.509 certificate for a domain with this character. (CVE-2015-0832)

The WebGL implementation in Mozilla Firefox before 36.0 does not properly 
allocate memory for copying an unspecified string to a shader's compilation 
log, which allows remote attackers to cause a denial of service 
(application crash) via crafted WebGL content. (CVE-2015-0830)

Use-after-free vulnerability in the 
mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla 
Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 
31.5 allows remote attackers to execute arbitrary code or cause a denial of 
service (heap memory corruption) via crafted content that is improperly 
handled during IndexedDB index creation. (CVE-2015-0831)

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows 
remote attackers to execute arbitrary code via a crafted MP4 video that is 
improperly handled during playback. (CVE-2015-0829)

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in 
Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, 
allows remote attackers to execute arbitrary code or cause a denial of 
service (heap memory corruption) via crafted JavaScript code that makes an 
XMLHttpRequest call with zero bytes of data. (CVE-2015-0828)

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in 
Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird 
before 31.5 allows remote attackers to obtain sensitive information from 
uninitialized process memory via a malformed SVG graphic. (CVE-2015-0827)

The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox 
before 36.0 allows remote attackers to execute arbitrary code or cause a 
denial of service (out-of-bounds read of heap memory) via a crafted 
Cascading Style Sheets (CSS) token sequence that triggers a restyle or 
reflow operation. (CVE-2015-0826)

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer 
function in Mozilla Firefox before 36.0 allows remote attackers to obtain 
sensitive information from process memory via a malformed MP3 file that 
improperly interacts with memory allocation during playback. 
(CVE-2015-0825)

The mozilla::layers::BufferTextureClient::AllocateForSurface function in 
Mozilla Firefox before 36.0 allows remote attackers to cause a denial of 
service (out-of-bounds write of zero values, and application crash) via 
vectors that trigger use of DrawTarget and the Cairo library for image 
drawing. (CVE-2015-0824)

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 
31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to 
read arbitrary files via crafted JavaScript code. (CVE-2015-0822)

Mozilla Firefox before 36.0 allows user-assisted remote attackers to read 
arbitrary files or execute arbitrary JavaScript code with chrome privileges 
via a crafted web site that is accessed with unspecified mouse and keyboard 
actions. (CVE-2015-0821)

Mozilla Firefox before 36.0 does not properly restrict transitions of 
JavaScript objects from a non-extensible state to an extensible state, 
which allows remote attackers to bypass a Caja Compiler sandbox protection 
mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted 
web site. (CVE-2015-0820)

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and 
SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin 
Policy and execute arbitrary JavaScript code with chrome privileges via 
vectors involving SVG hash navigation. (CVE-2015-0818)

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 
31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine 
the cases in which bounds checking may be safely skipped during JIT 
compilation and heap access, which allows remote attackers to read or write 
to unintended memory locations, and consequently execute arbitrary code, 
via crafted JavaScript. (CVE-2015-0817)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15476
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-13/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-14/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-20/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-21/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-22/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-25/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-27/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0820
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0821
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0824
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0825
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0826
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0828
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0829
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0830
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0832
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0835
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836

SRPMS

4/core

• iceape-2.33.1-1.mga4