{ "schema_version": "1.6.2", "id": "MGASA-2017-0059", "published": "2017-02-20T13:24:57Z", "modified": "2017-02-20T13:10:16Z", "summary": "Updated iceape packages fix security vulnerability", "details": "Updated Iceape packages derived from Seamonkey include security fixes from\nMozilla Firefox:\n\nHeap-based buffer overflow in the\nnsCaseTransformTextRunFactory::TransformString function in Seamonkey\nbefore 2.46 allows remote attackers to cause a denial of service (boolean\nout-of-bounds write) or possibly have unspecified other impact via Unicode\ncharacters that are mishandled during text conversion. (CVE-2016-5270)\n\nThe PropertyProvider::GetSpacingInternal function in Seamonkey before 2.46\nallows remote attackers to cause a denial of service (out-of-bounds read\nand application crash) via text runs in conjunction with a\n\"display: contents\" Cascading Style Sheets (CSS) property. (CVE-2016-5271)\n\nThe nsImageGeometryMixin class in Seamonkey before 2.46 does not properly\nperform a cast of an unspecified variable during handling of INPUT\nelements, which allows remote attackers to execute arbitrary code via a\ncrafted web site. (CVE-2016-5272)\n\nUse-after-free vulnerability in the\nmozilla::a11y::DocAccessible::ProcessInvalidationList function in\nSeamonkey before 2.46 allows remote attackers to execute arbitrary code\nor cause a denial of service (heap memory corruption) via an aria-owns\nattribute. (CVE-2016-5276)\n\nUse-after-free vulnerability in the nsFrameManager::CaptureFrameState\nfunction in Seamonkey before 2.46 allows remote attackers to execute\narbitrary code by leveraging improper interaction between restyling and\nthe Web Animations model implementation. (CVE-2016-5274)\n\nUse-after-free vulnerability in the nsRefreshDriver::Tick function in\nSeamonkey before 2.46 allows remote attackers to execute arbitrary code or\ncause a denial of service (heap memory corruption) by leveraging improper\ninteraction between timeline destruction and the Web Animations model\nimplementation. (CVE-2016-5277)\n\nHeap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in\nSeamonkey before 2.46 allows remote attackers to execute arbitrary code\nvia a crafted image data that is mishandled during the encoding of an\nimage frame to an image. (CVE-2016-5278)\n\nUse-after-free vulnerability in the\nmozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in\nSeamonkey before 2.46 allows remote attackers to execute arbitrary code\nvia bidirectional text. (CVE-2016-5280)\n\nUse-after-free vulnerability in the DOMSVGLength class in Seamonkey before\n2.46 allows remote attackers to execute arbitrary code by leveraging\nimproper interaction between JavaScript code and an SVG document.\n(CVE-2016-5281)\n\nSeamonkey before 2.46 relies on unintended expiration dates for Preloaded\nPublic Key Pinning, which allows man-in-the-middle attackers to spoof\nadd-on updates by leveraging possession of an X.509 server certificate for\naddons.mozilla.org signed by an arbitrary built-in Certification\nAuthority. (CVE-2016-5284)\n\nMultiple unspecified vulnerabilities in the browser engine in Seamonkey\nbefore 2.46 allow remote attackers to cause a denial of service (memory\ncorruption and application crash) or possibly execute arbitrary code via\nunknown vectors. (CVE-2016-5257)\n", "related": [ "CVE-2016-2827", "CVE-2016-5257", "CVE-2016-5270", "CVE-2016-5271", "CVE-2016-5272", "CVE-2016-5274", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2017-0059.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=20025" }, { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/" } ], "affected": [ { "package": { "ecosystem": "Mageia:5", "name": "iceape", "purl": "pkg:rpm/mageia/iceape?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.46-1.mga5" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }