[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1TN1qr-0006JQ-6A@titan.mandriva.com>
Date: Sat, 13 Oct 2012 15:34:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:167 ] firefox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:167
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : October 13, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A security issue were identified and fixed in mozilla firefox:
Mozilla security researcher moz_bug_r_a4 reported a regression where
security wrappers are unwrapped without doing a security check in
defaultValue(). This can allow for improper access access to the
Location object. In versions 15 and earlier of affected products, there
was also the potential for arbitrary code execution (CVE-2012-4193).
The mozilla firefox packages has been upgraded to the latest version
which is unaffected by this security flaw.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193
http://www.mozilla.org/security/announce/2012/mfsa2012-89.html
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
4e1c4d0f60b32682bcafdb6da6b64ca7 mes5/i586/firefox-10.0.9-0.1mdvmes5.2.i586.rpm
729367508c48f7acc987ad652b3471e7 mes5/i586/firefox-af-10.0.9-0.1mdvmes5.2.i586.rpm
a3833cb7db24d7e27ff4a0d0b1b9f2c2 mes5/i586/firefox-ar-10.0.9-0.1mdvmes5.2.i586.rpm
e7504d24aecad3f634257ff9b48d0cc0 mes5/i586/firefox-be-10.0.9-0.1mdvmes5.2.i586.rpm
4a2864ae80c6e88d591b0cabd5c3e3bd mes5/i586/firefox-bg-10.0.9-0.1mdvmes5.2.i586.rpm
2f3afc7b2c4dd8fcafcdf0b849be98bb mes5/i586/firefox-bn-10.0.9-0.1mdvmes5.2.i586.rpm
cd13bfcc60be60f80ff73e1bd99d056e mes5/i586/firefox-ca-10.0.9-0.1mdvmes5.2.i586.rpm
bc9397038329ed4770f533bdae406147 mes5/i586/firefox-cs-10.0.9-0.1mdvmes5.2.i586.rpm
47421c1264082624f5a14acf7ee9a7c2 mes5/i586/firefox-cy-10.0.9-0.1mdvmes5.2.i586.rpm
16c54f8554833454c3a16f07020fcde5 mes5/i586/firefox-da-10.0.9-0.1mdvmes5.2.i586.rpm
b51568edcfac2577089a35aa7d0c2338 mes5/i586/firefox-de-10.0.9-0.1mdvmes5.2.i586.rpm
bd1d30f9166511847529cd56bb2b9b65 mes5/i586/firefox-devel-10.0.9-0.1mdvmes5.2.i586.rpm
dc75676469c784d69c30ba83ace8db6c mes5/i586/firefox-el-10.0.9-0.1mdvmes5.2.i586.rpm
01986ce8a0bcc34cb6819b2e1b1f5f22 mes5/i586/firefox-en_GB-10.0.9-0.1mdvmes5.2.i586.rpm
727d1e9a229b8a3394eec8412551a5dd mes5/i586/firefox-eo-10.0.9-0.1mdvmes5.2.i586.rpm
dbbffe60ea42e3b33073afe5ee6b7233 mes5/i586/firefox-es_AR-10.0.9-0.1mdvmes5.2.i586.rpm
3ff2ec0dcf075bfbc4e243baed0c00b6 mes5/i586/firefox-es_ES-10.0.9-0.1mdvmes5.2.i586.rpm
52dd95b37994cd23ebc4ed2fc069f636 mes5/i586/firefox-et-10.0.9-0.1mdvmes5.2.i586.rpm
33a0b6ac0f1f6e841d949f0c0fe763fa mes5/i586/firefox-eu-10.0.9-0.1mdvmes5.2.i586.rpm
aa6d5d74479204979130dd034dce8f9b mes5/i586/firefox-fi-10.0.9-0.1mdvmes5.2.i586.rpm
86e95a5131622e74cda4dc3db12b79d9 mes5/i586/firefox-fr-10.0.9-0.1mdvmes5.2.i586.rpm
540a436960f2d5a44a8b241a2a0af42c mes5/i586/firefox-fy-10.0.9-0.1mdvmes5.2.i586.rpm
1b219907430ce3150aa07d58642ef1a4 mes5/i586/firefox-ga_IE-10.0.9-0.1mdvmes5.2.i586.rpm
f683d4773d9099227eb5db90f2e40d87 mes5/i586/firefox-gl-10.0.9-0.1mdvmes5.2.i586.rpm
bebbdd63f6b29cc46cda965a21217d88 mes5/i586/firefox-gu_IN-10.0.9-0.1mdvmes5.2.i586.rpm
37988d3be788e64df48d235c897f66c9 mes5/i586/firefox-he-10.0.9-0.1mdvmes5.2.i586.rpm
63048528c18d2246d7d30a9a833bc668 mes5/i586/firefox-hi-10.0.9-0.1mdvmes5.2.i586.rpm
4052506b063fd74b769fd02ac52e47b6 mes5/i586/firefox-hu-10.0.9-0.1mdvmes5.2.i586.rpm
9f805cd2edc9c6c53165f2cc59285d28 mes5/i586/firefox-id-10.0.9-0.1mdvmes5.2.i586.rpm
eef72d3e8a3398bd13a4a6aadb783890 mes5/i586/firefox-is-10.0.9-0.1mdvmes5.2.i586.rpm
efe9b667963578fcf832e74c9a5f7e70 mes5/i586/firefox-it-10.0.9-0.1mdvmes5.2.i586.rpm
45cb8566d2299ea13c1fdbe272ed75c0 mes5/i586/firefox-ja-10.0.9-0.1mdvmes5.2.i586.rpm
979152af2dbeda92fadbeb582180d2b1 mes5/i586/firefox-ka-10.0.9-0.1mdvmes5.2.i586.rpm
fc16d7edd44e02a8ebdab5367e5d1ab4 mes5/i586/firefox-kn-10.0.9-0.1mdvmes5.2.i586.rpm
4c122adc1021246cc810f2b75e16033d mes5/i586/firefox-ko-10.0.9-0.1mdvmes5.2.i586.rpm
d87cbdd8e48bc1ca08ffa7909b43e086 mes5/i586/firefox-ku-10.0.9-0.1mdvmes5.2.i586.rpm
2925901fb1de9c0a3e15a78d4dbae729 mes5/i586/firefox-lt-10.0.9-0.1mdvmes5.2.i586.rpm
e9488c5cc750d05c5ab81b3f7ca8103c mes5/i586/firefox-lv-10.0.9-0.1mdvmes5.2.i586.rpm
58f2c3f5314e56fa86d90b5aa3c5cc94 mes5/i586/firefox-mk-10.0.9-0.1mdvmes5.2.i586.rpm
6cf44883ff71d4053f7b5abbedf8fb3a mes5/i586/firefox-mr-10.0.9-0.1mdvmes5.2.i586.rpm
8a6d0d6bbbf4fe1e0855b22c79e10783 mes5/i586/firefox-nb_NO-10.0.9-0.1mdvmes5.2.i586.rpm
fc5574e709b94c042af61165551eae34 mes5/i586/firefox-nl-10.0.9-0.1mdvmes5.2.i586.rpm
48b85b2896980f42ad6d9499dab4394d mes5/i586/firefox-nn_NO-10.0.9-0.1mdvmes5.2.i586.rpm
3ce45dae2124135076c9e5fb835de6c2 mes5/i586/firefox-oc-10.0.9-0.1mdvmes5.2.i586.rpm
65a25c61ba6b3b58ac9f09f4645a77f6 mes5/i586/firefox-pa_IN-10.0.9-0.1mdvmes5.2.i586.rpm
4bec8d3e97f0bfcad64cb27014e5874a mes5/i586/firefox-pl-10.0.9-0.1mdvmes5.2.i586.rpm
3a0b7c493ba2d7b79432b589fde61672 mes5/i586/firefox-pt_BR-10.0.9-0.1mdvmes5.2.i586.rpm
5f1083b7d6805b99cd5323d039e2d990 mes5/i586/firefox-pt_PT-10.0.9-0.1mdvmes5.2.i586.rpm
146afdf9d2f8b2d41c2e883448ca8070 mes5/i586/firefox-ro-10.0.9-0.1mdvmes5.2.i586.rpm
f7d5433bcd2c67aa15fd50043ab3db99 mes5/i586/firefox-ru-10.0.9-0.1mdvmes5.2.i586.rpm
7ef1e5313be599c08308fbb89766542f mes5/i586/firefox-si-10.0.9-0.1mdvmes5.2.i586.rpm
81b91a2156107f280d7600b39c624bb6 mes5/i586/firefox-sk-10.0.9-0.1mdvmes5.2.i586.rpm
d22adedf5eca12bad8dd034d1b00cc77 mes5/i586/firefox-sl-10.0.9-0.1mdvmes5.2.i586.rpm
63035d81f3076d5de2311b2c05bad0eb mes5/i586/firefox-sq-10.0.9-0.1mdvmes5.2.i586.rpm
46fa7e8221a0b45b2a5352b552cad178 mes5/i586/firefox-sr-10.0.9-0.1mdvmes5.2.i586.rpm
5d1c49d4d77b686ec04e163c3f5b2956 mes5/i586/firefox-sv_SE-10.0.9-0.1mdvmes5.2.i586.rpm
f7ae522706d34639fb20fa49cc596128 mes5/i586/firefox-te-10.0.9-0.1mdvmes5.2.i586.rpm
b05e175745466ebc66f95e4416c144c0 mes5/i586/firefox-th-10.0.9-0.1mdvmes5.2.i586.rpm
0d85ccb667c12c266307fc3417bda127 mes5/i586/firefox-tr-10.0.9-0.1mdvmes5.2.i586.rpm
f91be63f1768bf0c266c34b5659c8913 mes5/i586/firefox-uk-10.0.9-0.1mdvmes5.2.i586.rpm
efcb70401d9b9a4dfe380928f35982dd mes5/i586/firefox-zh_CN-10.0.9-0.1mdvmes5.2.i586.rpm
cf6d2e224a8907f6e2e69623cb41704e mes5/i586/firefox-zh_TW-10.0.9-0.1mdvmes5.2.i586.rpm
3eae5986feec2134f983429bec500986 mes5/i586/icedtea-web-1.1.6-0.3mdvmes5.2.i586.rpm
731b35b14dd82425f06c24a8a555f52d mes5/i586/icedtea-web-javadoc-1.1.6-0.3mdvmes5.2.i586.rpm
600c6da4f551eda6190345212a3f7c24 mes5/i586/libxulrunner10.0.9-10.0.9-0.1mdvmes5.2.i586.rpm
64d4ac9d7cbc3e83aa6ee74e41599eeb mes5/i586/libxulrunner-devel-10.0.9-0.1mdvmes5.2.i586.rpm
ad455be089bece0df64edfc588e5849d mes5/i586/xulrunner-10.0.9-0.1mdvmes5.2.i586.rpm
55c4c11cf4ef42642b2213e1e18b4a76 mes5/SRPMS/firefox-10.0.9-0.1mdvmes5.2.src.rpm
08aa2f0328f4848d2d0051978c382f60 mes5/SRPMS/firefox-l10n-10.0.9-0.1mdvmes5.2.src.rpm
0bd7f0cae31b9534e175b31e7f490313 mes5/SRPMS/icedtea-web-1.1.6-0.3mdvmes5.2.src.rpm
66f1b35971e907b652cd5e37f85914d3 mes5/SRPMS/xulrunner-10.0.9-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
656bea455518fee716e5cb3ff6d316b9 mes5/x86_64/firefox-10.0.9-0.1mdvmes5.2.x86_64.rpm
b6e4541da0f5d85d7f47ac0e2f942846 mes5/x86_64/firefox-af-10.0.9-0.1mdvmes5.2.x86_64.rpm
dc1bea46a4830b44b85e0d7e3bccce85 mes5/x86_64/firefox-ar-10.0.9-0.1mdvmes5.2.x86_64.rpm
90fb5710a5b0a1261186cdb7ce007ea8 mes5/x86_64/firefox-be-10.0.9-0.1mdvmes5.2.x86_64.rpm
e0a68146026a8a373ee34cef4e1eedef mes5/x86_64/firefox-bg-10.0.9-0.1mdvmes5.2.x86_64.rpm
22d0be2c0a84fb60221bc2cc6ae885db mes5/x86_64/firefox-bn-10.0.9-0.1mdvmes5.2.x86_64.rpm
1714144fbb8b42eae1697bc100853838 mes5/x86_64/firefox-ca-10.0.9-0.1mdvmes5.2.x86_64.rpm
5597e7e6d2e70c8b1dccfa032ebae41d mes5/x86_64/firefox-cs-10.0.9-0.1mdvmes5.2.x86_64.rpm
e10ebc24ee049483ae696ab0874cb82a mes5/x86_64/firefox-cy-10.0.9-0.1mdvmes5.2.x86_64.rpm
3f7a0675d89aeed3abbd72f25ff21840 mes5/x86_64/firefox-da-10.0.9-0.1mdvmes5.2.x86_64.rpm
556a9348fb78abcaac67543a8b382c8c mes5/x86_64/firefox-de-10.0.9-0.1mdvmes5.2.x86_64.rpm
cd7317bae503e7947776f0b9ac81f6cf mes5/x86_64/firefox-devel-10.0.9-0.1mdvmes5.2.x86_64.rpm
b2cab795d9ab37a933759e0b0fca808c mes5/x86_64/firefox-el-10.0.9-0.1mdvmes5.2.x86_64.rpm
684891ca3b2bd6607334570fcc1eda78 mes5/x86_64/firefox-en_GB-10.0.9-0.1mdvmes5.2.x86_64.rpm
9a5f5157dcff0930b9299f12f0c7a556 mes5/x86_64/firefox-eo-10.0.9-0.1mdvmes5.2.x86_64.rpm
64d3b665a61fb70ea4f6759dd5e01ecd mes5/x86_64/firefox-es_AR-10.0.9-0.1mdvmes5.2.x86_64.rpm
967938b58f8a5c6e2112ec8c2979717c mes5/x86_64/firefox-es_ES-10.0.9-0.1mdvmes5.2.x86_64.rpm
2dae98ef775c4b9de4ff0eb7f4a87cfb mes5/x86_64/firefox-et-10.0.9-0.1mdvmes5.2.x86_64.rpm
ce947c05c1232ab1e6bb1c751eb2ced6 mes5/x86_64/firefox-eu-10.0.9-0.1mdvmes5.2.x86_64.rpm
fd31d50a1305c3e98e3521ed1fba1eee mes5/x86_64/firefox-fi-10.0.9-0.1mdvmes5.2.x86_64.rpm
cfeb56ed8b29b7a0876147f2fcc939b0 mes5/x86_64/firefox-fr-10.0.9-0.1mdvmes5.2.x86_64.rpm
6c3cf1dbad9135c7d1db6701390c7244 mes5/x86_64/firefox-fy-10.0.9-0.1mdvmes5.2.x86_64.rpm
a7771b7a556e8a548ef864bd7fa8618f mes5/x86_64/firefox-ga_IE-10.0.9-0.1mdvmes5.2.x86_64.rpm
c51cd3eb59af6d5aad91b23231d33b75 mes5/x86_64/firefox-gl-10.0.9-0.1mdvmes5.2.x86_64.rpm
5e8e44508dc6c8807766fdc19d22e052 mes5/x86_64/firefox-gu_IN-10.0.9-0.1mdvmes5.2.x86_64.rpm
cd33959229138ef18289cbfc4a2e6bbe mes5/x86_64/firefox-he-10.0.9-0.1mdvmes5.2.x86_64.rpm
2541f12beb6e9874333731ba044ce39d mes5/x86_64/firefox-hi-10.0.9-0.1mdvmes5.2.x86_64.rpm
9112c7da8cc4b14f8ab37d7ec221a042 mes5/x86_64/firefox-hu-10.0.9-0.1mdvmes5.2.x86_64.rpm
2313d2ecc675f19544dd1a3dae114655 mes5/x86_64/firefox-id-10.0.9-0.1mdvmes5.2.x86_64.rpm
8fa01702ef29edecd5585241ab74405e mes5/x86_64/firefox-is-10.0.9-0.1mdvmes5.2.x86_64.rpm
16d4cc897c42c5d3b1c50639ab276405 mes5/x86_64/firefox-it-10.0.9-0.1mdvmes5.2.x86_64.rpm
194652121ab4169db99d084912046c03 mes5/x86_64/firefox-ja-10.0.9-0.1mdvmes5.2.x86_64.rpm
346908a43af654cf85a68d84733e24d1 mes5/x86_64/firefox-ka-10.0.9-0.1mdvmes5.2.x86_64.rpm
5a93484b11602de5d8d803f48db31f97 mes5/x86_64/firefox-kn-10.0.9-0.1mdvmes5.2.x86_64.rpm
e7ef10c30316761f7ebcff4ca575425a mes5/x86_64/firefox-ko-10.0.9-0.1mdvmes5.2.x86_64.rpm
c0d400333591fe4d8ad5f758f9cfda58 mes5/x86_64/firefox-ku-10.0.9-0.1mdvmes5.2.x86_64.rpm
89cfea991f06060b38d94c9c930d8a16 mes5/x86_64/firefox-lt-10.0.9-0.1mdvmes5.2.x86_64.rpm
ad7e451c4d8089e6faa28798735e50b8 mes5/x86_64/firefox-lv-10.0.9-0.1mdvmes5.2.x86_64.rpm
d76d196dd0214076816d9b6191154183 mes5/x86_64/firefox-mk-10.0.9-0.1mdvmes5.2.x86_64.rpm
a08e2975bc7a37ab12e9072f08860f45 mes5/x86_64/firefox-mr-10.0.9-0.1mdvmes5.2.x86_64.rpm
01a9a85b9c42688db1726d2bdd934d73 mes5/x86_64/firefox-nb_NO-10.0.9-0.1mdvmes5.2.x86_64.rpm
b57f1e3f6da8c1b54c50b764a6ba06d9 mes5/x86_64/firefox-nl-10.0.9-0.1mdvmes5.2.x86_64.rpm
1dfd1a48a7cb7b65688a0c381ff20b2e mes5/x86_64/firefox-nn_NO-10.0.9-0.1mdvmes5.2.x86_64.rpm
7337651b1db72b4dd04b628fc3f7d6cc mes5/x86_64/firefox-oc-10.0.9-0.1mdvmes5.2.x86_64.rpm
73677cb948fb2a279525e66189f467bf mes5/x86_64/firefox-pa_IN-10.0.9-0.1mdvmes5.2.x86_64.rpm
9c5375ef55e11840b075b2dcae2a2ca0 mes5/x86_64/firefox-pl-10.0.9-0.1mdvmes5.2.x86_64.rpm
29245dbc0f7dfce475a69a01eb7ed42a mes5/x86_64/firefox-pt_BR-10.0.9-0.1mdvmes5.2.x86_64.rpm
2e3bc5d8281580044acc730ee8eee5c2 mes5/x86_64/firefox-pt_PT-10.0.9-0.1mdvmes5.2.x86_64.rpm
56680795913d5784ee3a585b7582ed90 mes5/x86_64/firefox-ro-10.0.9-0.1mdvmes5.2.x86_64.rpm
f401478e4442a73c09e63007fb1639c4 mes5/x86_64/firefox-ru-10.0.9-0.1mdvmes5.2.x86_64.rpm
080049ce38b6873c8ad09cbc02f5d62e mes5/x86_64/firefox-si-10.0.9-0.1mdvmes5.2.x86_64.rpm
7b7efc1a9c7f8ca62cd36672c3f43c2a mes5/x86_64/firefox-sk-10.0.9-0.1mdvmes5.2.x86_64.rpm
7def4557b5334e804fbbe3efe0b68908 mes5/x86_64/firefox-sl-10.0.9-0.1mdvmes5.2.x86_64.rpm
29b60b5cd9cecdcf07721bef4f6a40fd mes5/x86_64/firefox-sq-10.0.9-0.1mdvmes5.2.x86_64.rpm
aaa2f249b4b88b0c46c3103bcefbb9b4 mes5/x86_64/firefox-sr-10.0.9-0.1mdvmes5.2.x86_64.rpm
5056298e8ab017c6166b4f178194c916 mes5/x86_64/firefox-sv_SE-10.0.9-0.1mdvmes5.2.x86_64.rpm
30153d56b7e7f519a57b554bca213f61 mes5/x86_64/firefox-te-10.0.9-0.1mdvmes5.2.x86_64.rpm
5881f5416b262b8e452a76e3d666b183 mes5/x86_64/firefox-th-10.0.9-0.1mdvmes5.2.x86_64.rpm
5d2f9c58c4078380947e50a15902e6dd mes5/x86_64/firefox-tr-10.0.9-0.1mdvmes5.2.x86_64.rpm
f82b20d7588e20fbdea5a6289e4f7014 mes5/x86_64/firefox-uk-10.0.9-0.1mdvmes5.2.x86_64.rpm
7f10f2a4dd66dae611fa1513326191dc mes5/x86_64/firefox-zh_CN-10.0.9-0.1mdvmes5.2.x86_64.rpm
79d8ded0a60ed189ddff5e2a1833591b mes5/x86_64/firefox-zh_TW-10.0.9-0.1mdvmes5.2.x86_64.rpm
490d0b1f197f53b904abc310060468a4 mes5/x86_64/icedtea-web-1.1.6-0.3mdvmes5.2.x86_64.rpm
f3764a64b9a1f644e5a1fd7fe20a279b mes5/x86_64/icedtea-web-javadoc-1.1.6-0.3mdvmes5.2.x86_64.rpm
aab8fe25e15e077db1e95aa413e8aed2 mes5/x86_64/lib64xulrunner10.0.9-10.0.9-0.1mdvmes5.2.x86_64.rpm
39a064c205d6e7b989a4e4030dc2ac96 mes5/x86_64/lib64xulrunner-devel-10.0.9-0.1mdvmes5.2.x86_64.rpm
0a3c60ee3b08dcf90bd41891f118eb13 mes5/x86_64/xulrunner-10.0.9-0.1mdvmes5.2.x86_64.rpm
55c4c11cf4ef42642b2213e1e18b4a76 mes5/SRPMS/firefox-10.0.9-0.1mdvmes5.2.src.rpm
08aa2f0328f4848d2d0051978c382f60 mes5/SRPMS/firefox-l10n-10.0.9-0.1mdvmes5.2.src.rpm
0bd7f0cae31b9534e175b31e7f490313 mes5/SRPMS/icedtea-web-1.1.6-0.3mdvmes5.2.src.rpm
66f1b35971e907b652cd5e37f85914d3 mes5/SRPMS/xulrunner-10.0.9-0.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD4DBQFQeUHNmqjQ0CJFipgRAkg7AKD1CLGvxmvz6km/O33qwhkQueCEFgCXbmW4
bQUBlhMpvpdmcWwNO9qrEA==
=EljJ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists