[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1UFqiX-0004SV-AU@titan.mandriva.com>
Date: Wed, 13 Mar 2013 19:48:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:024 ] firefox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:024
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : firefox
Date : January 13, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A security issue was identified and fixed in mozilla firefox:
VUPEN Security, via TippingPoint's Zero Day Initiative, reported a
use-after-free within the HTML editor when content script is run by
the document.execCommand() function while internal editor operations
are occurring. This could allow for arbitrary code execution
(CVE-2013-0787).
The mozilla firefox packages has been upgraded to the latest ESR
version which is unaffected by this security flaw.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787
http://www.mozilla.org/security/announce/2013/mfsa2013-29.html
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
2c37f101824b6a75260d6be2ba6526f4 mes5/i586/firefox-17.0.4-0.1mdvmes5.2.i586.rpm
067ef1b5cb43e108598783bb2ca3e904 mes5/i586/firefox-af-17.0.4-0.1mdvmes5.2.i586.rpm
a9b33290ee48559ab9bf552c11a77867 mes5/i586/firefox-ar-17.0.4-0.1mdvmes5.2.i586.rpm
56eede1229650b50f838c4d62cf3088f mes5/i586/firefox-be-17.0.4-0.1mdvmes5.2.i586.rpm
2f1ed6761c118ca1d499c996c267fd5c mes5/i586/firefox-bg-17.0.4-0.1mdvmes5.2.i586.rpm
0af0df661fdf99dce981a34105bf3db2 mes5/i586/firefox-bn-17.0.4-0.1mdvmes5.2.i586.rpm
4fbacdfae22286a4d1565f5e07a99e59 mes5/i586/firefox-ca-17.0.4-0.1mdvmes5.2.i586.rpm
3ea6ca41d6d738d7b8fbb285e78d06f7 mes5/i586/firefox-cs-17.0.4-0.1mdvmes5.2.i586.rpm
7735a4756a43b940cd288f486e7d2de9 mes5/i586/firefox-cy-17.0.4-0.1mdvmes5.2.i586.rpm
9bec5943921b3bddcc4e3497d027fc2d mes5/i586/firefox-da-17.0.4-0.1mdvmes5.2.i586.rpm
0b9041b5eaf52e7e06dd3437626620a4 mes5/i586/firefox-de-17.0.4-0.1mdvmes5.2.i586.rpm
5cc0c1b6523e17c8d79d678d7d7aad53 mes5/i586/firefox-devel-17.0.4-0.1mdvmes5.2.i586.rpm
e9a01322cd40f797ba03b52d58671b86 mes5/i586/firefox-el-17.0.4-0.1mdvmes5.2.i586.rpm
22cc5f00f67563a7734bdced5e1d7bfb mes5/i586/firefox-en_GB-17.0.4-0.1mdvmes5.2.i586.rpm
0aebbb068c1d4d85b1b2827d5b5b2431 mes5/i586/firefox-eo-17.0.4-0.1mdvmes5.2.i586.rpm
a57a4e00740b7babfcb51b0328fc135f mes5/i586/firefox-es_AR-17.0.4-0.1mdvmes5.2.i586.rpm
9710fd28c150da0eb976fa8347b9cd86 mes5/i586/firefox-es_ES-17.0.4-0.1mdvmes5.2.i586.rpm
e66547fd26bd582df43ff480895f6674 mes5/i586/firefox-et-17.0.4-0.1mdvmes5.2.i586.rpm
90e1a82354eb2aee9eba6b0bdc4dda92 mes5/i586/firefox-eu-17.0.4-0.1mdvmes5.2.i586.rpm
32e588d40734ae29f2fc84c37f4468ea mes5/i586/firefox-fi-17.0.4-0.1mdvmes5.2.i586.rpm
4140a4088ffb39522548b24f1294d752 mes5/i586/firefox-fr-17.0.4-0.1mdvmes5.2.i586.rpm
1202edce26a621ee77e458766e2c9026 mes5/i586/firefox-fy-17.0.4-0.1mdvmes5.2.i586.rpm
6099e1f5dd1b0529b205a89327169aed mes5/i586/firefox-ga_IE-17.0.4-0.1mdvmes5.2.i586.rpm
13818d623506c2f2c94752c54d4b379d mes5/i586/firefox-gl-17.0.4-0.1mdvmes5.2.i586.rpm
bf5e73d3f9b7aeb7d6b4d32751615211 mes5/i586/firefox-gu_IN-17.0.4-0.1mdvmes5.2.i586.rpm
a324f1da21be53ce595dcbb446a3f95f mes5/i586/firefox-he-17.0.4-0.1mdvmes5.2.i586.rpm
efd3a7d1712e3c49a5105f8568bf3413 mes5/i586/firefox-hi-17.0.4-0.1mdvmes5.2.i586.rpm
a47c70e2a0af9886942f7b8b36aae01d mes5/i586/firefox-hu-17.0.4-0.1mdvmes5.2.i586.rpm
dee1f90622dcc9e52ec07b92132a73bf mes5/i586/firefox-id-17.0.4-0.1mdvmes5.2.i586.rpm
5f63f198f5a332a65029ec6773339087 mes5/i586/firefox-is-17.0.4-0.1mdvmes5.2.i586.rpm
be0fb5af91ead3cc9e659ca36d6907ce mes5/i586/firefox-it-17.0.4-0.1mdvmes5.2.i586.rpm
75466d58f640181559cf203f9766e223 mes5/i586/firefox-ja-17.0.4-0.1mdvmes5.2.i586.rpm
f0be98911d65cf3d9f0ccba7eb39861a mes5/i586/firefox-kn-17.0.4-0.1mdvmes5.2.i586.rpm
20ec7397f0df85a5821df4c2ab698671 mes5/i586/firefox-ko-17.0.4-0.1mdvmes5.2.i586.rpm
b9237e59391bc7f9f82bcb798b2e5822 mes5/i586/firefox-ku-17.0.4-0.1mdvmes5.2.i586.rpm
991acfb783d2088c74f6cef901be39eb mes5/i586/firefox-lt-17.0.4-0.1mdvmes5.2.i586.rpm
de4073f73eee8d334746cc8bf897197a mes5/i586/firefox-lv-17.0.4-0.1mdvmes5.2.i586.rpm
da1fd3d4c29ac26717fae391779b931a mes5/i586/firefox-mk-17.0.4-0.1mdvmes5.2.i586.rpm
7e306e1eb4301b80f6d21b9a836f1f16 mes5/i586/firefox-mr-17.0.4-0.1mdvmes5.2.i586.rpm
8b776ce85ce48c83210417dc0963615b mes5/i586/firefox-nb_NO-17.0.4-0.1mdvmes5.2.i586.rpm
68006e43d84cc0ed69b03f15bdfd21c0 mes5/i586/firefox-nl-17.0.4-0.1mdvmes5.2.i586.rpm
0aaac65bb81de7df1915f719721b9bde mes5/i586/firefox-nn_NO-17.0.4-0.1mdvmes5.2.i586.rpm
a36ca1ab708abfbf97dfe15ffbcd70c4 mes5/i586/firefox-pa_IN-17.0.4-0.1mdvmes5.2.i586.rpm
c3422982ad96d57efac1697e687586fc mes5/i586/firefox-pl-17.0.4-0.1mdvmes5.2.i586.rpm
f6293f8a9f8a918176d8077cc1677291 mes5/i586/firefox-pt_BR-17.0.4-0.1mdvmes5.2.i586.rpm
5a83838e5d32c2d7496387192e34d47b mes5/i586/firefox-pt_PT-17.0.4-0.1mdvmes5.2.i586.rpm
c8a588d637addb4c9f7e76e17da6849c mes5/i586/firefox-ro-17.0.4-0.1mdvmes5.2.i586.rpm
e6f6a2e3cc18c2be27d481408694813b mes5/i586/firefox-ru-17.0.4-0.1mdvmes5.2.i586.rpm
6690c7411453a8740d4ab5f70f45fe45 mes5/i586/firefox-si-17.0.4-0.1mdvmes5.2.i586.rpm
f7c7414a0b9204af35494d56220b50ff mes5/i586/firefox-sk-17.0.4-0.1mdvmes5.2.i586.rpm
3af49111160da69db59dd56931951d23 mes5/i586/firefox-sl-17.0.4-0.1mdvmes5.2.i586.rpm
5df93e272288640e67153315b2ed8b04 mes5/i586/firefox-sq-17.0.4-0.1mdvmes5.2.i586.rpm
752203497a6b445da76eb00d076fd9eb mes5/i586/firefox-sr-17.0.4-0.1mdvmes5.2.i586.rpm
cb08903c37a21719bdd2a778e333167a mes5/i586/firefox-sv_SE-17.0.4-0.1mdvmes5.2.i586.rpm
08c87cf3e01c7bffee681e1c759b79e2 mes5/i586/firefox-te-17.0.4-0.1mdvmes5.2.i586.rpm
fa5e0205d25779a8651b41fd06aaf52e mes5/i586/firefox-th-17.0.4-0.1mdvmes5.2.i586.rpm
8f7cc4304a6a80498099ed237cc77f61 mes5/i586/firefox-tr-17.0.4-0.1mdvmes5.2.i586.rpm
42764b52119941d02701b806f4946bff mes5/i586/firefox-uk-17.0.4-0.1mdvmes5.2.i586.rpm
be2bdd8e5ba6ecdf6d8ee668c658037a mes5/i586/firefox-zh_CN-17.0.4-0.1mdvmes5.2.i586.rpm
0f86e5ba2391474d3975539fdaf83453 mes5/i586/firefox-zh_TW-17.0.4-0.1mdvmes5.2.i586.rpm
2ef5622f5ad07e0c66b67ca56c002859 mes5/i586/icedtea-web-1.3.1-0.2mdvmes5.2.i586.rpm
4d938d0495e1eeeb35a559d87beb61cd mes5/i586/icedtea-web-javadoc-1.3.1-0.2mdvmes5.2.i586.rpm
7409dc71781ab8c50adae85919751476 mes5/i586/libxulrunner17.0.4-17.0.4-0.1mdvmes5.2.i586.rpm
d4c6fdc68927660d069523a55b665742 mes5/i586/libxulrunner-devel-17.0.4-0.1mdvmes5.2.i586.rpm
158e0b68ebd245540dd7f3927fc613dc mes5/i586/xulrunner-17.0.4-0.1mdvmes5.2.i586.rpm
45f223e23dfe50fefb48503c607e2672 mes5/SRPMS/firefox-17.0.4-0.1mdvmes5.2.src.rpm
14e3516e0830a7efd15a403fbd9da583 mes5/SRPMS/firefox-l10n-17.0.4-0.1mdvmes5.2.src.rpm
f3f4b9f27b949720d17a67bd71bc3b8e mes5/SRPMS/icedtea-web-1.3.1-0.2mdvmes5.2.src.rpm
fbde715b98bec0176fb6ab3d86b56bea mes5/SRPMS/xulrunner-17.0.4-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
f9eb8e530ae0e00f5918b0dc285bc2c6 mes5/x86_64/firefox-17.0.4-0.1mdvmes5.2.x86_64.rpm
5ffc3fae8c54123e8f83290ce4609e1b mes5/x86_64/firefox-af-17.0.4-0.1mdvmes5.2.x86_64.rpm
c26ac25114b2b57edcc4d70cbd3baa54 mes5/x86_64/firefox-ar-17.0.4-0.1mdvmes5.2.x86_64.rpm
6e14243609ef885ddd3efdf0e0ef8784 mes5/x86_64/firefox-be-17.0.4-0.1mdvmes5.2.x86_64.rpm
fe371a2c363d494e281bc118b70196cd mes5/x86_64/firefox-bg-17.0.4-0.1mdvmes5.2.x86_64.rpm
511bd9c3adef9b29f877a52cbdbd535b mes5/x86_64/firefox-bn-17.0.4-0.1mdvmes5.2.x86_64.rpm
987444660229984e701ade32b902601c mes5/x86_64/firefox-ca-17.0.4-0.1mdvmes5.2.x86_64.rpm
dbd04ae2dd3b0e18327831a0d075e746 mes5/x86_64/firefox-cs-17.0.4-0.1mdvmes5.2.x86_64.rpm
0322f0bf0d19cd0d52336d735ef9710d mes5/x86_64/firefox-cy-17.0.4-0.1mdvmes5.2.x86_64.rpm
7ea4edf11f3f79e8520660609e548ba6 mes5/x86_64/firefox-da-17.0.4-0.1mdvmes5.2.x86_64.rpm
3fb2628652685f298619f8970a48d22c mes5/x86_64/firefox-de-17.0.4-0.1mdvmes5.2.x86_64.rpm
be987af478d561f8d42e3a84002f6f73 mes5/x86_64/firefox-devel-17.0.4-0.1mdvmes5.2.x86_64.rpm
200f375a2f71efc352634cc94bd53904 mes5/x86_64/firefox-el-17.0.4-0.1mdvmes5.2.x86_64.rpm
1f479fb94eed6f239f5f05df36e9466a mes5/x86_64/firefox-en_GB-17.0.4-0.1mdvmes5.2.x86_64.rpm
9c8a2101adc9213490d31c139a2b050a mes5/x86_64/firefox-eo-17.0.4-0.1mdvmes5.2.x86_64.rpm
e70711cc23fa3faeb5846c847792ab63 mes5/x86_64/firefox-es_AR-17.0.4-0.1mdvmes5.2.x86_64.rpm
0d7bdd5085dc1a93eb24610de1932f37 mes5/x86_64/firefox-es_ES-17.0.4-0.1mdvmes5.2.x86_64.rpm
aced4393712cb0e9c233f31d17981155 mes5/x86_64/firefox-et-17.0.4-0.1mdvmes5.2.x86_64.rpm
0064c43f63a52eafe7f579064ff32689 mes5/x86_64/firefox-eu-17.0.4-0.1mdvmes5.2.x86_64.rpm
5098b68b362f9c62bc773fa918649c39 mes5/x86_64/firefox-fi-17.0.4-0.1mdvmes5.2.x86_64.rpm
b22f1bb943aa387ff17e916184244b96 mes5/x86_64/firefox-fr-17.0.4-0.1mdvmes5.2.x86_64.rpm
2174fb96ebd97aee0fd93aa56f283d9e mes5/x86_64/firefox-fy-17.0.4-0.1mdvmes5.2.x86_64.rpm
94de3afc378ea394ad726b94260634c5 mes5/x86_64/firefox-ga_IE-17.0.4-0.1mdvmes5.2.x86_64.rpm
76a87cfdaa3503514078ebfe47e21d5f mes5/x86_64/firefox-gl-17.0.4-0.1mdvmes5.2.x86_64.rpm
fa68885eb006b91f858a9bef60cb9f78 mes5/x86_64/firefox-gu_IN-17.0.4-0.1mdvmes5.2.x86_64.rpm
28f53c40d3e0b489fb6b55f9098230bc mes5/x86_64/firefox-he-17.0.4-0.1mdvmes5.2.x86_64.rpm
981b5dea1a5b706fa3b19f2ba760a02b mes5/x86_64/firefox-hi-17.0.4-0.1mdvmes5.2.x86_64.rpm
dbb9aa6c9640b1815d2e9b3d9230fa8a mes5/x86_64/firefox-hu-17.0.4-0.1mdvmes5.2.x86_64.rpm
3e751b60e3c6a2c138b94f4439535b4f mes5/x86_64/firefox-id-17.0.4-0.1mdvmes5.2.x86_64.rpm
d49033a409b63b095e8464a60b931f5d mes5/x86_64/firefox-is-17.0.4-0.1mdvmes5.2.x86_64.rpm
e91405e2f3393ea39acfd5fb638a2e2b mes5/x86_64/firefox-it-17.0.4-0.1mdvmes5.2.x86_64.rpm
654ccba9b85cba4aaf029e16e3ac3486 mes5/x86_64/firefox-ja-17.0.4-0.1mdvmes5.2.x86_64.rpm
b0d820b5beb54ff5c7769faa6a5ad6a0 mes5/x86_64/firefox-kn-17.0.4-0.1mdvmes5.2.x86_64.rpm
f94e258ca92f8cc155ad7d92706ceff8 mes5/x86_64/firefox-ko-17.0.4-0.1mdvmes5.2.x86_64.rpm
c3974b7a9cbd5be82c2ad369e8c10ac9 mes5/x86_64/firefox-ku-17.0.4-0.1mdvmes5.2.x86_64.rpm
18f5b36547dafd44cf7ca984313a4d52 mes5/x86_64/firefox-lt-17.0.4-0.1mdvmes5.2.x86_64.rpm
17d483f4808d0da0b1b5c54c0b60d063 mes5/x86_64/firefox-lv-17.0.4-0.1mdvmes5.2.x86_64.rpm
0baf6ab04a5eeac0f99866487412d693 mes5/x86_64/firefox-mk-17.0.4-0.1mdvmes5.2.x86_64.rpm
ed18bd9a7386f405c285d4f1e028aa36 mes5/x86_64/firefox-mr-17.0.4-0.1mdvmes5.2.x86_64.rpm
af57326421b13abcf28728331325c33d mes5/x86_64/firefox-nb_NO-17.0.4-0.1mdvmes5.2.x86_64.rpm
f4047958cd8f2d94d5270d2e78eb4632 mes5/x86_64/firefox-nl-17.0.4-0.1mdvmes5.2.x86_64.rpm
9072ddd33fb412fc063966ba467c7bdc mes5/x86_64/firefox-nn_NO-17.0.4-0.1mdvmes5.2.x86_64.rpm
f597ce09993873eb11f5ac6a02289334 mes5/x86_64/firefox-pa_IN-17.0.4-0.1mdvmes5.2.x86_64.rpm
28b198ebac31fc7303d0fe7c04303f73 mes5/x86_64/firefox-pl-17.0.4-0.1mdvmes5.2.x86_64.rpm
cfc75e822d0c5d2f064bef1da31a54f0 mes5/x86_64/firefox-pt_BR-17.0.4-0.1mdvmes5.2.x86_64.rpm
9f48e0928f077b6148d850eeb2d47479 mes5/x86_64/firefox-pt_PT-17.0.4-0.1mdvmes5.2.x86_64.rpm
628859469595c672098986b3b5659021 mes5/x86_64/firefox-ro-17.0.4-0.1mdvmes5.2.x86_64.rpm
e6c9a18d2796ff8f47cf5be2f5613320 mes5/x86_64/firefox-ru-17.0.4-0.1mdvmes5.2.x86_64.rpm
2288a3548bfae492dd53e3ca325269e8 mes5/x86_64/firefox-si-17.0.4-0.1mdvmes5.2.x86_64.rpm
f3690e6b231f7fb87f0c152d9bf9b218 mes5/x86_64/firefox-sk-17.0.4-0.1mdvmes5.2.x86_64.rpm
a5e29b275889c820dd84609c379afa78 mes5/x86_64/firefox-sl-17.0.4-0.1mdvmes5.2.x86_64.rpm
4995351ae85124ac6e432a28358f0ab0 mes5/x86_64/firefox-sq-17.0.4-0.1mdvmes5.2.x86_64.rpm
0a9b65cc23186af1a85820ad550d4551 mes5/x86_64/firefox-sr-17.0.4-0.1mdvmes5.2.x86_64.rpm
8d3fea48b01bb1d01c2597be5973c845 mes5/x86_64/firefox-sv_SE-17.0.4-0.1mdvmes5.2.x86_64.rpm
e7b9fffe4891be12a8c4646748fe7aa4 mes5/x86_64/firefox-te-17.0.4-0.1mdvmes5.2.x86_64.rpm
a87bede237874ae2fbcf1d6afa93e543 mes5/x86_64/firefox-th-17.0.4-0.1mdvmes5.2.x86_64.rpm
e97e338bd7e3c4398941a6bfb5f5ec0a mes5/x86_64/firefox-tr-17.0.4-0.1mdvmes5.2.x86_64.rpm
26de595f0a137ca6f306c79da2e855c3 mes5/x86_64/firefox-uk-17.0.4-0.1mdvmes5.2.x86_64.rpm
f2bbad0e1cc842cb14b232c92fd31c8c mes5/x86_64/firefox-zh_CN-17.0.4-0.1mdvmes5.2.x86_64.rpm
a13541b8296d26f9457cbb6f351ff2a9 mes5/x86_64/firefox-zh_TW-17.0.4-0.1mdvmes5.2.x86_64.rpm
b5992d2bd7fb6eb844da037e3bf43622 mes5/x86_64/icedtea-web-1.3.1-0.2mdvmes5.2.x86_64.rpm
e6a20835cbaaf06464e5720de5f84a7f mes5/x86_64/icedtea-web-javadoc-1.3.1-0.2mdvmes5.2.x86_64.rpm
b261d9c69d8bd8dd33032a4e622c1554 mes5/x86_64/lib64xulrunner17.0.4-17.0.4-0.1mdvmes5.2.x86_64.rpm
db2e7acd3ed1f365210187ff18e4a205 mes5/x86_64/lib64xulrunner-devel-17.0.4-0.1mdvmes5.2.x86_64.rpm
bd65c7af7cc3ecc7ab4b903f489e8400 mes5/x86_64/xulrunner-17.0.4-0.1mdvmes5.2.x86_64.rpm
45f223e23dfe50fefb48503c607e2672 mes5/SRPMS/firefox-17.0.4-0.1mdvmes5.2.src.rpm
14e3516e0830a7efd15a403fbd9da583 mes5/SRPMS/firefox-l10n-17.0.4-0.1mdvmes5.2.src.rpm
f3f4b9f27b949720d17a67bd71bc3b8e mes5/SRPMS/icedtea-web-1.3.1-0.2mdvmes5.2.src.rpm
fbde715b98bec0176fb6ab3d86b56bea mes5/SRPMS/xulrunner-17.0.4-0.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFRQJ36mqjQ0CJFipgRAhMjAJoDYUvsZa7KYGly/y7EQwmSRw66+wCgzCVj
kdWLRc3YzjV9WXqpoJIMYAE=
=vP1w
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists