lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1UFqiW-0004SO-WD@titan.mandriva.com>
Date: Wed, 13 Mar 2013 19:48:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2013:024 ] firefox

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:024
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : firefox
 Date    : January 13, 2013
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A security issue was identified and fixed in mozilla firefox:
 
 VUPEN Security, via TippingPoint&#039;s Zero Day Initiative, reported a
 use-after-free within the HTML editor when content script is run by
 the document.execCommand() function while internal editor operations
 are occurring. This could allow for arbitrary code execution
 (CVE-2013-0787).
 
 The mozilla firefox packages has been upgraded to the latest ESR
 version which is unaffected by this security flaw.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787
 http://www.mozilla.org/security/announce/2013/mfsa2013-29.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 2c37f101824b6a75260d6be2ba6526f4  mes5/i586/firefox-17.0.4-0.1mdvmes5.2.i586.rpm
 067ef1b5cb43e108598783bb2ca3e904  mes5/i586/firefox-af-17.0.4-0.1mdvmes5.2.i586.rpm
 a9b33290ee48559ab9bf552c11a77867  mes5/i586/firefox-ar-17.0.4-0.1mdvmes5.2.i586.rpm
 56eede1229650b50f838c4d62cf3088f  mes5/i586/firefox-be-17.0.4-0.1mdvmes5.2.i586.rpm
 2f1ed6761c118ca1d499c996c267fd5c  mes5/i586/firefox-bg-17.0.4-0.1mdvmes5.2.i586.rpm
 0af0df661fdf99dce981a34105bf3db2  mes5/i586/firefox-bn-17.0.4-0.1mdvmes5.2.i586.rpm
 4fbacdfae22286a4d1565f5e07a99e59  mes5/i586/firefox-ca-17.0.4-0.1mdvmes5.2.i586.rpm
 3ea6ca41d6d738d7b8fbb285e78d06f7  mes5/i586/firefox-cs-17.0.4-0.1mdvmes5.2.i586.rpm
 7735a4756a43b940cd288f486e7d2de9  mes5/i586/firefox-cy-17.0.4-0.1mdvmes5.2.i586.rpm
 9bec5943921b3bddcc4e3497d027fc2d  mes5/i586/firefox-da-17.0.4-0.1mdvmes5.2.i586.rpm
 0b9041b5eaf52e7e06dd3437626620a4  mes5/i586/firefox-de-17.0.4-0.1mdvmes5.2.i586.rpm
 5cc0c1b6523e17c8d79d678d7d7aad53  mes5/i586/firefox-devel-17.0.4-0.1mdvmes5.2.i586.rpm
 e9a01322cd40f797ba03b52d58671b86  mes5/i586/firefox-el-17.0.4-0.1mdvmes5.2.i586.rpm
 22cc5f00f67563a7734bdced5e1d7bfb  mes5/i586/firefox-en_GB-17.0.4-0.1mdvmes5.2.i586.rpm
 0aebbb068c1d4d85b1b2827d5b5b2431  mes5/i586/firefox-eo-17.0.4-0.1mdvmes5.2.i586.rpm
 a57a4e00740b7babfcb51b0328fc135f  mes5/i586/firefox-es_AR-17.0.4-0.1mdvmes5.2.i586.rpm
 9710fd28c150da0eb976fa8347b9cd86  mes5/i586/firefox-es_ES-17.0.4-0.1mdvmes5.2.i586.rpm
 e66547fd26bd582df43ff480895f6674  mes5/i586/firefox-et-17.0.4-0.1mdvmes5.2.i586.rpm
 90e1a82354eb2aee9eba6b0bdc4dda92  mes5/i586/firefox-eu-17.0.4-0.1mdvmes5.2.i586.rpm
 32e588d40734ae29f2fc84c37f4468ea  mes5/i586/firefox-fi-17.0.4-0.1mdvmes5.2.i586.rpm
 4140a4088ffb39522548b24f1294d752  mes5/i586/firefox-fr-17.0.4-0.1mdvmes5.2.i586.rpm
 1202edce26a621ee77e458766e2c9026  mes5/i586/firefox-fy-17.0.4-0.1mdvmes5.2.i586.rpm
 6099e1f5dd1b0529b205a89327169aed  mes5/i586/firefox-ga_IE-17.0.4-0.1mdvmes5.2.i586.rpm
 13818d623506c2f2c94752c54d4b379d  mes5/i586/firefox-gl-17.0.4-0.1mdvmes5.2.i586.rpm
 bf5e73d3f9b7aeb7d6b4d32751615211  mes5/i586/firefox-gu_IN-17.0.4-0.1mdvmes5.2.i586.rpm
 a324f1da21be53ce595dcbb446a3f95f  mes5/i586/firefox-he-17.0.4-0.1mdvmes5.2.i586.rpm
 efd3a7d1712e3c49a5105f8568bf3413  mes5/i586/firefox-hi-17.0.4-0.1mdvmes5.2.i586.rpm
 a47c70e2a0af9886942f7b8b36aae01d  mes5/i586/firefox-hu-17.0.4-0.1mdvmes5.2.i586.rpm
 dee1f90622dcc9e52ec07b92132a73bf  mes5/i586/firefox-id-17.0.4-0.1mdvmes5.2.i586.rpm
 5f63f198f5a332a65029ec6773339087  mes5/i586/firefox-is-17.0.4-0.1mdvmes5.2.i586.rpm
 be0fb5af91ead3cc9e659ca36d6907ce  mes5/i586/firefox-it-17.0.4-0.1mdvmes5.2.i586.rpm
 75466d58f640181559cf203f9766e223  mes5/i586/firefox-ja-17.0.4-0.1mdvmes5.2.i586.rpm
 f0be98911d65cf3d9f0ccba7eb39861a  mes5/i586/firefox-kn-17.0.4-0.1mdvmes5.2.i586.rpm
 20ec7397f0df85a5821df4c2ab698671  mes5/i586/firefox-ko-17.0.4-0.1mdvmes5.2.i586.rpm
 b9237e59391bc7f9f82bcb798b2e5822  mes5/i586/firefox-ku-17.0.4-0.1mdvmes5.2.i586.rpm
 991acfb783d2088c74f6cef901be39eb  mes5/i586/firefox-lt-17.0.4-0.1mdvmes5.2.i586.rpm
 de4073f73eee8d334746cc8bf897197a  mes5/i586/firefox-lv-17.0.4-0.1mdvmes5.2.i586.rpm
 da1fd3d4c29ac26717fae391779b931a  mes5/i586/firefox-mk-17.0.4-0.1mdvmes5.2.i586.rpm
 7e306e1eb4301b80f6d21b9a836f1f16  mes5/i586/firefox-mr-17.0.4-0.1mdvmes5.2.i586.rpm
 8b776ce85ce48c83210417dc0963615b  mes5/i586/firefox-nb_NO-17.0.4-0.1mdvmes5.2.i586.rpm
 68006e43d84cc0ed69b03f15bdfd21c0  mes5/i586/firefox-nl-17.0.4-0.1mdvmes5.2.i586.rpm
 0aaac65bb81de7df1915f719721b9bde  mes5/i586/firefox-nn_NO-17.0.4-0.1mdvmes5.2.i586.rpm
 a36ca1ab708abfbf97dfe15ffbcd70c4  mes5/i586/firefox-pa_IN-17.0.4-0.1mdvmes5.2.i586.rpm
 c3422982ad96d57efac1697e687586fc  mes5/i586/firefox-pl-17.0.4-0.1mdvmes5.2.i586.rpm
 f6293f8a9f8a918176d8077cc1677291  mes5/i586/firefox-pt_BR-17.0.4-0.1mdvmes5.2.i586.rpm
 5a83838e5d32c2d7496387192e34d47b  mes5/i586/firefox-pt_PT-17.0.4-0.1mdvmes5.2.i586.rpm
 c8a588d637addb4c9f7e76e17da6849c  mes5/i586/firefox-ro-17.0.4-0.1mdvmes5.2.i586.rpm
 e6f6a2e3cc18c2be27d481408694813b  mes5/i586/firefox-ru-17.0.4-0.1mdvmes5.2.i586.rpm
 6690c7411453a8740d4ab5f70f45fe45  mes5/i586/firefox-si-17.0.4-0.1mdvmes5.2.i586.rpm
 f7c7414a0b9204af35494d56220b50ff  mes5/i586/firefox-sk-17.0.4-0.1mdvmes5.2.i586.rpm
 3af49111160da69db59dd56931951d23  mes5/i586/firefox-sl-17.0.4-0.1mdvmes5.2.i586.rpm
 5df93e272288640e67153315b2ed8b04  mes5/i586/firefox-sq-17.0.4-0.1mdvmes5.2.i586.rpm
 752203497a6b445da76eb00d076fd9eb  mes5/i586/firefox-sr-17.0.4-0.1mdvmes5.2.i586.rpm
 cb08903c37a21719bdd2a778e333167a  mes5/i586/firefox-sv_SE-17.0.4-0.1mdvmes5.2.i586.rpm
 08c87cf3e01c7bffee681e1c759b79e2  mes5/i586/firefox-te-17.0.4-0.1mdvmes5.2.i586.rpm
 fa5e0205d25779a8651b41fd06aaf52e  mes5/i586/firefox-th-17.0.4-0.1mdvmes5.2.i586.rpm
 8f7cc4304a6a80498099ed237cc77f61  mes5/i586/firefox-tr-17.0.4-0.1mdvmes5.2.i586.rpm
 42764b52119941d02701b806f4946bff  mes5/i586/firefox-uk-17.0.4-0.1mdvmes5.2.i586.rpm
 be2bdd8e5ba6ecdf6d8ee668c658037a  mes5/i586/firefox-zh_CN-17.0.4-0.1mdvmes5.2.i586.rpm
 0f86e5ba2391474d3975539fdaf83453  mes5/i586/firefox-zh_TW-17.0.4-0.1mdvmes5.2.i586.rpm
 2ef5622f5ad07e0c66b67ca56c002859  mes5/i586/icedtea-web-1.3.1-0.2mdvmes5.2.i586.rpm
 4d938d0495e1eeeb35a559d87beb61cd  mes5/i586/icedtea-web-javadoc-1.3.1-0.2mdvmes5.2.i586.rpm
 7409dc71781ab8c50adae85919751476  mes5/i586/libxulrunner17.0.4-17.0.4-0.1mdvmes5.2.i586.rpm
 d4c6fdc68927660d069523a55b665742  mes5/i586/libxulrunner-devel-17.0.4-0.1mdvmes5.2.i586.rpm
 158e0b68ebd245540dd7f3927fc613dc  mes5/i586/xulrunner-17.0.4-0.1mdvmes5.2.i586.rpm 
 45f223e23dfe50fefb48503c607e2672  mes5/SRPMS/firefox-17.0.4-0.1mdvmes5.2.src.rpm
 14e3516e0830a7efd15a403fbd9da583  mes5/SRPMS/firefox-l10n-17.0.4-0.1mdvmes5.2.src.rpm
 f3f4b9f27b949720d17a67bd71bc3b8e  mes5/SRPMS/icedtea-web-1.3.1-0.2mdvmes5.2.src.rpm
 fbde715b98bec0176fb6ab3d86b56bea  mes5/SRPMS/xulrunner-17.0.4-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 f9eb8e530ae0e00f5918b0dc285bc2c6  mes5/x86_64/firefox-17.0.4-0.1mdvmes5.2.x86_64.rpm
 5ffc3fae8c54123e8f83290ce4609e1b  mes5/x86_64/firefox-af-17.0.4-0.1mdvmes5.2.x86_64.rpm
 c26ac25114b2b57edcc4d70cbd3baa54  mes5/x86_64/firefox-ar-17.0.4-0.1mdvmes5.2.x86_64.rpm
 6e14243609ef885ddd3efdf0e0ef8784  mes5/x86_64/firefox-be-17.0.4-0.1mdvmes5.2.x86_64.rpm
 fe371a2c363d494e281bc118b70196cd  mes5/x86_64/firefox-bg-17.0.4-0.1mdvmes5.2.x86_64.rpm
 511bd9c3adef9b29f877a52cbdbd535b  mes5/x86_64/firefox-bn-17.0.4-0.1mdvmes5.2.x86_64.rpm
 987444660229984e701ade32b902601c  mes5/x86_64/firefox-ca-17.0.4-0.1mdvmes5.2.x86_64.rpm
 dbd04ae2dd3b0e18327831a0d075e746  mes5/x86_64/firefox-cs-17.0.4-0.1mdvmes5.2.x86_64.rpm
 0322f0bf0d19cd0d52336d735ef9710d  mes5/x86_64/firefox-cy-17.0.4-0.1mdvmes5.2.x86_64.rpm
 7ea4edf11f3f79e8520660609e548ba6  mes5/x86_64/firefox-da-17.0.4-0.1mdvmes5.2.x86_64.rpm
 3fb2628652685f298619f8970a48d22c  mes5/x86_64/firefox-de-17.0.4-0.1mdvmes5.2.x86_64.rpm
 be987af478d561f8d42e3a84002f6f73  mes5/x86_64/firefox-devel-17.0.4-0.1mdvmes5.2.x86_64.rpm
 200f375a2f71efc352634cc94bd53904  mes5/x86_64/firefox-el-17.0.4-0.1mdvmes5.2.x86_64.rpm
 1f479fb94eed6f239f5f05df36e9466a  mes5/x86_64/firefox-en_GB-17.0.4-0.1mdvmes5.2.x86_64.rpm
 9c8a2101adc9213490d31c139a2b050a  mes5/x86_64/firefox-eo-17.0.4-0.1mdvmes5.2.x86_64.rpm
 e70711cc23fa3faeb5846c847792ab63  mes5/x86_64/firefox-es_AR-17.0.4-0.1mdvmes5.2.x86_64.rpm
 0d7bdd5085dc1a93eb24610de1932f37  mes5/x86_64/firefox-es_ES-17.0.4-0.1mdvmes5.2.x86_64.rpm
 aced4393712cb0e9c233f31d17981155  mes5/x86_64/firefox-et-17.0.4-0.1mdvmes5.2.x86_64.rpm
 0064c43f63a52eafe7f579064ff32689  mes5/x86_64/firefox-eu-17.0.4-0.1mdvmes5.2.x86_64.rpm
 5098b68b362f9c62bc773fa918649c39  mes5/x86_64/firefox-fi-17.0.4-0.1mdvmes5.2.x86_64.rpm
 b22f1bb943aa387ff17e916184244b96  mes5/x86_64/firefox-fr-17.0.4-0.1mdvmes5.2.x86_64.rpm
 2174fb96ebd97aee0fd93aa56f283d9e  mes5/x86_64/firefox-fy-17.0.4-0.1mdvmes5.2.x86_64.rpm
 94de3afc378ea394ad726b94260634c5  mes5/x86_64/firefox-ga_IE-17.0.4-0.1mdvmes5.2.x86_64.rpm
 76a87cfdaa3503514078ebfe47e21d5f  mes5/x86_64/firefox-gl-17.0.4-0.1mdvmes5.2.x86_64.rpm
 fa68885eb006b91f858a9bef60cb9f78  mes5/x86_64/firefox-gu_IN-17.0.4-0.1mdvmes5.2.x86_64.rpm
 28f53c40d3e0b489fb6b55f9098230bc  mes5/x86_64/firefox-he-17.0.4-0.1mdvmes5.2.x86_64.rpm
 981b5dea1a5b706fa3b19f2ba760a02b  mes5/x86_64/firefox-hi-17.0.4-0.1mdvmes5.2.x86_64.rpm
 dbb9aa6c9640b1815d2e9b3d9230fa8a  mes5/x86_64/firefox-hu-17.0.4-0.1mdvmes5.2.x86_64.rpm
 3e751b60e3c6a2c138b94f4439535b4f  mes5/x86_64/firefox-id-17.0.4-0.1mdvmes5.2.x86_64.rpm
 d49033a409b63b095e8464a60b931f5d  mes5/x86_64/firefox-is-17.0.4-0.1mdvmes5.2.x86_64.rpm
 e91405e2f3393ea39acfd5fb638a2e2b  mes5/x86_64/firefox-it-17.0.4-0.1mdvmes5.2.x86_64.rpm
 654ccba9b85cba4aaf029e16e3ac3486  mes5/x86_64/firefox-ja-17.0.4-0.1mdvmes5.2.x86_64.rpm
 b0d820b5beb54ff5c7769faa6a5ad6a0  mes5/x86_64/firefox-kn-17.0.4-0.1mdvmes5.2.x86_64.rpm
 f94e258ca92f8cc155ad7d92706ceff8  mes5/x86_64/firefox-ko-17.0.4-0.1mdvmes5.2.x86_64.rpm
 c3974b7a9cbd5be82c2ad369e8c10ac9  mes5/x86_64/firefox-ku-17.0.4-0.1mdvmes5.2.x86_64.rpm
 18f5b36547dafd44cf7ca984313a4d52  mes5/x86_64/firefox-lt-17.0.4-0.1mdvmes5.2.x86_64.rpm
 17d483f4808d0da0b1b5c54c0b60d063  mes5/x86_64/firefox-lv-17.0.4-0.1mdvmes5.2.x86_64.rpm
 0baf6ab04a5eeac0f99866487412d693  mes5/x86_64/firefox-mk-17.0.4-0.1mdvmes5.2.x86_64.rpm
 ed18bd9a7386f405c285d4f1e028aa36  mes5/x86_64/firefox-mr-17.0.4-0.1mdvmes5.2.x86_64.rpm
 af57326421b13abcf28728331325c33d  mes5/x86_64/firefox-nb_NO-17.0.4-0.1mdvmes5.2.x86_64.rpm
 f4047958cd8f2d94d5270d2e78eb4632  mes5/x86_64/firefox-nl-17.0.4-0.1mdvmes5.2.x86_64.rpm
 9072ddd33fb412fc063966ba467c7bdc  mes5/x86_64/firefox-nn_NO-17.0.4-0.1mdvmes5.2.x86_64.rpm
 f597ce09993873eb11f5ac6a02289334  mes5/x86_64/firefox-pa_IN-17.0.4-0.1mdvmes5.2.x86_64.rpm
 28b198ebac31fc7303d0fe7c04303f73  mes5/x86_64/firefox-pl-17.0.4-0.1mdvmes5.2.x86_64.rpm
 cfc75e822d0c5d2f064bef1da31a54f0  mes5/x86_64/firefox-pt_BR-17.0.4-0.1mdvmes5.2.x86_64.rpm
 9f48e0928f077b6148d850eeb2d47479  mes5/x86_64/firefox-pt_PT-17.0.4-0.1mdvmes5.2.x86_64.rpm
 628859469595c672098986b3b5659021  mes5/x86_64/firefox-ro-17.0.4-0.1mdvmes5.2.x86_64.rpm
 e6c9a18d2796ff8f47cf5be2f5613320  mes5/x86_64/firefox-ru-17.0.4-0.1mdvmes5.2.x86_64.rpm
 2288a3548bfae492dd53e3ca325269e8  mes5/x86_64/firefox-si-17.0.4-0.1mdvmes5.2.x86_64.rpm
 f3690e6b231f7fb87f0c152d9bf9b218  mes5/x86_64/firefox-sk-17.0.4-0.1mdvmes5.2.x86_64.rpm
 a5e29b275889c820dd84609c379afa78  mes5/x86_64/firefox-sl-17.0.4-0.1mdvmes5.2.x86_64.rpm
 4995351ae85124ac6e432a28358f0ab0  mes5/x86_64/firefox-sq-17.0.4-0.1mdvmes5.2.x86_64.rpm
 0a9b65cc23186af1a85820ad550d4551  mes5/x86_64/firefox-sr-17.0.4-0.1mdvmes5.2.x86_64.rpm
 8d3fea48b01bb1d01c2597be5973c845  mes5/x86_64/firefox-sv_SE-17.0.4-0.1mdvmes5.2.x86_64.rpm
 e7b9fffe4891be12a8c4646748fe7aa4  mes5/x86_64/firefox-te-17.0.4-0.1mdvmes5.2.x86_64.rpm
 a87bede237874ae2fbcf1d6afa93e543  mes5/x86_64/firefox-th-17.0.4-0.1mdvmes5.2.x86_64.rpm
 e97e338bd7e3c4398941a6bfb5f5ec0a  mes5/x86_64/firefox-tr-17.0.4-0.1mdvmes5.2.x86_64.rpm
 26de595f0a137ca6f306c79da2e855c3  mes5/x86_64/firefox-uk-17.0.4-0.1mdvmes5.2.x86_64.rpm
 f2bbad0e1cc842cb14b232c92fd31c8c  mes5/x86_64/firefox-zh_CN-17.0.4-0.1mdvmes5.2.x86_64.rpm
 a13541b8296d26f9457cbb6f351ff2a9  mes5/x86_64/firefox-zh_TW-17.0.4-0.1mdvmes5.2.x86_64.rpm
 b5992d2bd7fb6eb844da037e3bf43622  mes5/x86_64/icedtea-web-1.3.1-0.2mdvmes5.2.x86_64.rpm
 e6a20835cbaaf06464e5720de5f84a7f  mes5/x86_64/icedtea-web-javadoc-1.3.1-0.2mdvmes5.2.x86_64.rpm
 b261d9c69d8bd8dd33032a4e622c1554  mes5/x86_64/lib64xulrunner17.0.4-17.0.4-0.1mdvmes5.2.x86_64.rpm
 db2e7acd3ed1f365210187ff18e4a205  mes5/x86_64/lib64xulrunner-devel-17.0.4-0.1mdvmes5.2.x86_64.rpm
 bd65c7af7cc3ecc7ab4b903f489e8400  mes5/x86_64/xulrunner-17.0.4-0.1mdvmes5.2.x86_64.rpm 
 45f223e23dfe50fefb48503c607e2672  mes5/SRPMS/firefox-17.0.4-0.1mdvmes5.2.src.rpm
 14e3516e0830a7efd15a403fbd9da583  mes5/SRPMS/firefox-l10n-17.0.4-0.1mdvmes5.2.src.rpm
 f3f4b9f27b949720d17a67bd71bc3b8e  mes5/SRPMS/icedtea-web-1.3.1-0.2mdvmes5.2.src.rpm
 fbde715b98bec0176fb6ab3d86b56bea  mes5/SRPMS/xulrunner-17.0.4-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFRQJ36mqjQ0CJFipgRAhMjAJoDYUvsZa7KYGly/y7EQwmSRw66+wCgzCVj
kdWLRc3YzjV9WXqpoJIMYAE=
=vP1w
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ