1 |
claire |
85 |
type: security |
2 |
|
|
subject: Updated Firefox and Thunderbird packages fix multiple vulnerabilities |
3 |
|
|
CVE: |
4 |
|
|
- CVE-2013-1682 |
5 |
|
|
- CVE-2013-1684 |
6 |
|
|
- CVE-2013-1685 |
7 |
|
|
- CVE-2013-1686 |
8 |
|
|
- CVE-2013-1687 |
9 |
|
|
- CVE-2013-1690 |
10 |
|
|
- CVE-2013-1692 |
11 |
|
|
- CVE-2013-1693 |
12 |
|
|
- CVE-2013-1694 |
13 |
|
|
- CVE-2013-1697 |
14 |
|
|
src: |
15 |
|
|
2: |
16 |
|
|
core: |
17 |
|
|
- firefox-17.0.7-1.mga2 |
18 |
|
|
- firefox-l10n-17.0.7-1.mga2 |
19 |
|
|
- thunderbird-17.0.7-1.mga2 |
20 |
|
|
- thunderbird-l10n-17.0.7-1.mga2 |
21 |
|
|
3: |
22 |
|
|
core: |
23 |
|
|
- firefox-17.0.7-1.mga3 |
24 |
|
|
- firefox-l10n-17.0.7-1.mga3 |
25 |
|
|
- thunderbird-17.0.7-1.mga3 |
26 |
|
|
- thunderbird-l10n-17.0.7-1.mga3 |
27 |
|
|
description: | |
28 |
|
|
Updated firefox packages fix security vulnerabilities.. |
29 |
|
|
|
30 |
|
|
Several flaws were found in the processing of malformed web content. A web |
31 |
|
|
page containing malicious content could cause Firefox to crash or, |
32 |
|
|
potentially, execute arbitrary code with the privileges of the user running |
33 |
|
|
Firefox (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, |
34 |
|
|
CVE-2013-1687, CVE-2013-1690). |
35 |
|
|
|
36 |
|
|
It was found that Firefox allowed data to be sent in the body of |
37 |
|
|
XMLHttpRequest (XHR) HEAD requests. In some cases this could allow |
38 |
|
|
attackers to conduct Cross-Site Request Forgery (CSRF) attacks |
39 |
|
|
(CVE-2013-1692). |
40 |
|
|
|
41 |
|
|
Timing differences in the way Firefox processed SVG image files could |
42 |
|
|
allow an attacker to read data across domains, potentially leading to |
43 |
|
|
information disclosure (CVE-2013-1693). |
44 |
|
|
|
45 |
|
|
Two flaws were found in the way Firefox implemented some of its internal |
46 |
|
|
structures (called wrappers). An attacker could use these flaws to bypass |
47 |
|
|
some restrictions placed on them. This could lead to unexpected behavior or |
48 |
|
|
a potentially exploitable crash (CVE-2013-1694, CVE-2013-1697). |
49 |
|
|
|
50 |
|
|
|
51 |
|
|
Updated thunderbird packages fix security vulnerabilities.. |
52 |
|
|
|
53 |
|
|
Several flaws were found in the processing of malformed content. Malicious |
54 |
|
|
content could cause Thunderbird to crash or, potentially, execute arbitrary |
55 |
|
|
code with the privileges of the user running Thunderbird (CVE-2013-1682, |
56 |
|
|
CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690). |
57 |
|
|
|
58 |
|
|
It was found that Thunderbird allowed data to be sent in the body of |
59 |
|
|
XMLHttpRequest (XHR) HEAD requests. In some cases this could allow |
60 |
|
|
attackers to conduct Cross-Site Request Forgery (CSRF) attacks |
61 |
|
|
(CVE-2013-1692). |
62 |
|
|
|
63 |
|
|
Timing differences in the way Thunderbird processed SVG image files could |
64 |
|
|
allow an attacker to read data across domains, potentially leading to |
65 |
|
|
information disclosure (CVE-2013-1693). |
66 |
|
|
|
67 |
|
|
Two flaws were found in the way Thunderbird implemented some of its |
68 |
|
|
internal structures (called wrappers). An attacker could use these flaws to |
69 |
|
|
bypass some restrictions placed on them. This could lead to unexpected |
70 |
|
|
behavior or a potentially exploitable crash (CVE-2013-1694, CVE-2013-1697). |
71 |
|
|
references: |
72 |
|
|
- http://www.mozilla.org/security/announce/2013/mfsa2013-49.html |
73 |
|
|
- http://www.mozilla.org/security/announce/2013/mfsa2013-50.html |
74 |
|
|
- http://www.mozilla.org/security/announce/2013/mfsa2013-51.html |
75 |
|
|
- http://www.mozilla.org/security/announce/2013/mfsa2013-53.html |
76 |
|
|
- http://www.mozilla.org/security/announce/2013/mfsa2013-54.html |
77 |
|
|
- http://www.mozilla.org/security/announce/2013/mfsa2013-55.html |
78 |
|
|
- http://www.mozilla.org/security/announce/2013/mfsa2013-56.html |
79 |
|
|
- http://www.mozilla.org/security/announce/2013/mfsa2013-59.html |
80 |
|
|
- http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html |
81 |
|
|
- https://rhn.redhat.com/errata/RHSA-2013-0981.html |
82 |
|
|
- http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html |
83 |
|
|
- https://rhn.redhat.com/errata/RHSA-2013-0982.html |
84 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=10621 |