Bug#703071: CVE-2011-1187, CVE-2012-0475, CVE-2013-{0773, 0775, 0776, 0780, 0782, 0783}

Arne Wichmann aw at anhrefn.saar.de
Thu Mar 14 22:05:28 UTC 2013


Package: iceweasel
Severity: grave
Tags: security

Hi,
the following vulnerabilities were published for iceweasel.

(I am aware that these are fixed in experimental, but they should also be
fixed in testing and stable. If I can be of assistance please indicate so.)

CVE-2011-1187[0]:
| Google Chrome before 10.0.648.127 allows remote attackers to bypass
| the Same Origin Policy via unspecified vectors, related to an "error
| message leak."

CVE-2012-0475[1]:
| Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and
| SeaMonkey before 2.9 do not properly construct the Origin and
| Sec-WebSocket-Origin HTTP headers, which might allow remote attackers
| to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or
| (2) WebSocket operation involving a nonstandard port number and an
| IPv6 address that contains certain zero fields.

CVE-2013-0773[2]:
| The Chrome Object Wrapper (COW) and System Only Wrapper (SOW)
| implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x
| before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before
| 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a
| prototype, which allows remote attackers to obtain sensitive
| information from chrome objects or possibly execute arbitrary
| JavaScript code with chrome privileges via a crafted web site.

CVE-2013-0775[3]:
| Use-after-free vulnerability in the
| nsImageLoadingContent::OnStopContainer function in Mozilla Firefox
| before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before
| 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16
| allows remote attackers to execute arbitrary code via crafted web
| script.

CVE-2013-0780[4]:
| Use-after-free vulnerability in the
| nsOverflowContinuationTracker::Finish function in Mozilla Firefox
| before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before
| 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16
| allows remote attackers to execute arbitrary code or cause a denial of
| service (heap memory corruption) via a crafted document that uses
| Cascading Style Sheets (CSS) -moz-column-* properties.

CVE-2013-0782[5]:
| Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion
| function in Mozilla Firefox before 19.0, Firefox ESR 17.x before
| 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3,
| and SeaMonkey before 2.16 allows remote attackers to execute arbitrary
| code via unspecified vectors.

CVE-2013-0783[6]:
| Multiple unspecified vulnerabilities in the browser engine in Mozilla
| Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird
| before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey
| before 2.16 allow remote attackers to cause a denial of service
| (memory corruption and application crash) or possibly execute
| arbitrary code via unknown vectors.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187
    http://security-tracker.debian.org/tracker/CVE-2011-1187
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0475
    http://security-tracker.debian.org/tracker/CVE-2012-0475
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773
    http://security-tracker.debian.org/tracker/CVE-2013-0773
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775
    http://security-tracker.debian.org/tracker/CVE-2013-0775
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780
    http://security-tracker.debian.org/tracker/CVE-2013-0780
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782
    http://security-tracker.debian.org/tracker/CVE-2013-0782
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783
    http://security-tracker.debian.org/tracker/CVE-2013-0783
Please adjust the affected versions in the BTS as needed.

cu

AW
-- 
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (aw at linux.de)



More information about the pkg-mozilla-maintainers mailing list