Nom du paquet
firefox
Date
2013-05-15
Advisory ID
MDVSA-2013:165
Affected versions
MES5 i586 , MES5 x86_64

Problem description

Multiple security issues was identified and fixed in mozilla firefox:

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2013-0801).

Security researcher Cody Crews reported a method to call a content
level constructor that allows for this constructor to have chrome
privileged accesss. This affects chrome object wrappers (COW) and
allows for write actions on objects when only read actions should
be allowed. This can lead to cross-site scripting (XSS) attacks
(CVE-2013-1670).

Security researcher Nils reported a use-after-free when resizing
video while playing. This could allow for arbitrary code execution
(CVE-2013-1674).

Mozilla community member Ms2ger discovered that some DOMSVGZoomEvent
functions are used without being properly initialized, causing
uninitialized memory to be used when they are called by web
content. This could lead to a information leakage to sites depending
on the contents of this uninitialized memory (CVE-2013-1675).

Security researcher Abhishek Arya (Inferno) of the Google Chrome
Security Team used the Address Sanitizer tool to discover a series of
use-after-free, out of bounds read, and invalid write problems rated
as moderate to critical as security issues in shipped software. Some
of these issues are potentially exploitable, allowing for remote
code execution. We would also like to thank Abhishek for reporting
additional use-after-free flaws in dir=auto code introduced during
Firefox development. These were fixed before general release
(CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679,
CVE-2013-1680, CVE-2013-1681).

The mozilla firefox packages has been upgraded to the latest ESR
version (17.0.6) which is unaffected by these security flaws.

Updated packages

MES5 i586

 c88316420e3a39b03b522954c236dc96  mes5/i586/firefox-17.0.6-0.1mdvmes5.2.i586.rpm
 2a9365aba3f68bb9914c56da44dcb0dd  mes5/i586/firefox-af-17.0.6-0.1mdvmes5.2.i586.rpm
 d11c9d35449e4c9fcec09708dfc701ac  mes5/i586/firefox-ar-17.0.6-0.1mdvmes5.2.i586.rpm
 f4d316bad207d98a6e308ba2b6a746c4  mes5/i586/firefox-be-17.0.6-0.1mdvmes5.2.i586.rpm
 d5f047c75b5759ec600392376ffee13a  mes5/i586/firefox-bg-17.0.6-0.1mdvmes5.2.i586.rpm
 f623893bbf6e07c3b9366f1e956a51f6  mes5/i586/firefox-bn-17.0.6-0.1mdvmes5.2.i586.rpm
 d87eba77ba8fa5c00ac3f9c35e950e47  mes5/i586/firefox-ca-17.0.6-0.1mdvmes5.2.i586.rpm
 171222c63c6f91eede3081a022a5fc76  mes5/i586/firefox-cs-17.0.6-0.1mdvmes5.2.i586.rpm
 ccd4df1cf1e8acda7148ec592a888a6e  mes5/i586/firefox-cy-17.0.6-0.1mdvmes5.2.i586.rpm
 8bc8d150f4f6cdba72e006d231c1674a  mes5/i586/firefox-da-17.0.6-0.1mdvmes5.2.i586.rpm
 be8e9314d98dc2f7e30d016d3f84c660  mes5/i586/firefox-de-17.0.6-0.1mdvmes5.2.i586.rpm
 a5d9fafc65e755b481e0c6115e64b0cc  mes5/i586/firefox-devel-17.0.6-0.1mdvmes5.2.i586.rpm
 a312d9f37b38d32bdf7fce1a549d95e2  mes5/i586/firefox-el-17.0.6-0.1mdvmes5.2.i586.rpm
 142897193cd2217074bd9f05f24a7be8  mes5/i586/firefox-en_GB-17.0.6-0.1mdvmes5.2.i586.rpm
 594a453517e40bd4b61d768c9ae109fa  mes5/i586/firefox-eo-17.0.6-0.1mdvmes5.2.i586.rpm
 5b429497503915de716b87cbca19a3e4  mes5/i586/firefox-es_AR-17.0.6-0.1mdvmes5.2.i586.rpm
 613463dff3d004b29579ee9d8121ef51  mes5/i586/firefox-es_ES-17.0.6-0.1mdvmes5.2.i586.rpm
 e4444f8493ff640ba08413461dc6ff7e  mes5/i586/firefox-et-17.0.6-0.1mdvmes5.2.i586.rpm
 c1d8d6cb6e4510fd077014294ba0468f  mes5/i586/firefox-eu-17.0.6-0.1mdvmes5.2.i586.rpm
 b23b7421fe0bde4b9f9860f4600ff01a  mes5/i586/firefox-fi-17.0.6-0.1mdvmes5.2.i586.rpm
 c288b5f979fb586251656a51cab331d3  mes5/i586/firefox-fr-17.0.6-0.1mdvmes5.2.i586.rpm
 164eb3c41ddb4fc49d3db7c59647b0c9  mes5/i586/firefox-fy-17.0.6-0.1mdvmes5.2.i586.rpm
 e84bf6c9a9e2db27092e10177b8d255e  mes5/i586/firefox-ga_IE-17.0.6-0.1mdvmes5.2.i586.rpm
 74fbc1e389495998ce44cda028001e6d  mes5/i586/firefox-gl-17.0.6-0.1mdvmes5.2.i586.rpm
 088a7cf0f7659904733e53c66408b37c  mes5/i586/firefox-gu_IN-17.0.6-0.1mdvmes5.2.i586.rpm
 b2f5e76139dac036a2f1b0111005c26b  mes5/i586/firefox-he-17.0.6-0.1mdvmes5.2.i586.rpm
 6e77be20831befde175cba58d6a8ccba  mes5/i586/firefox-hi-17.0.6-0.1mdvmes5.2.i586.rpm
 9947e99f63f2d31acd946403e8623c3e  mes5/i586/firefox-hu-17.0.6-0.1mdvmes5.2.i586.rpm
 8b85372119923c162601e605a94fb954  mes5/i586/firefox-id-17.0.6-0.1mdvmes5.2.i586.rpm
 346442bdc854b8f7673847b7be942e1e  mes5/i586/firefox-is-17.0.6-0.1mdvmes5.2.i586.rpm
 b0ba5a91e67d6a2a06134647eccca7cf  mes5/i586/firefox-it-17.0.6-0.1mdvmes5.2.i586.rpm
 c2eba26cca38967bafd72ea6c923fd95  mes5/i586/firefox-ja-17.0.6-0.1mdvmes5.2.i586.rpm
 1fb59347ef23d56f923cad12c7ea6045  mes5/i586/firefox-kn-17.0.6-0.1mdvmes5.2.i586.rpm
 269f4d6bc2e82b2efbff52efe1e8985a  mes5/i586/firefox-ko-17.0.6-0.1mdvmes5.2.i586.rpm
 f5c532e5c5098376c3e85c74dec6e2ce  mes5/i586/firefox-ku-17.0.6-0.1mdvmes5.2.i586.rpm
 72c542436610898796bfe0c11dda8224  mes5/i586/firefox-lt-17.0.6-0.1mdvmes5.2.i586.rpm
 859ed4654242ebd72a4e62e4705e340d  mes5/i586/firefox-lv-17.0.6-0.1mdvmes5.2.i586.rpm
 e14e66a825e409a0e6ef981000562bf1  mes5/i586/firefox-mk-17.0.6-0.1mdvmes5.2.i586.rpm
 400fd692e2c5e5a4a5ecf4c86bbea09d  mes5/i586/firefox-mr-17.0.6-0.1mdvmes5.2.i586.rpm
 abfc8de7d7ee80544201e9de9ede3c66  mes5/i586/firefox-nb_NO-17.0.6-0.1mdvmes5.2.i586.rpm
 3713736fb2062c8c41d1bc9bdadbd8aa  mes5/i586/firefox-nl-17.0.6-0.1mdvmes5.2.i586.rpm
 797187f48bc69a8ab6ece3ecbc14940b  mes5/i586/firefox-nn_NO-17.0.6-0.1mdvmes5.2.i586.rpm
 6991ecfd9dae72588f53ddeac9f4a959  mes5/i586/firefox-pa_IN-17.0.6-0.1mdvmes5.2.i586.rpm
 7d11a8a39bb4efcb50722a3951aff36b  mes5/i586/firefox-pl-17.0.6-0.1mdvmes5.2.i586.rpm
 dc447c550c7ca6b6209205f9dbdbf11d  mes5/i586/firefox-pt_BR-17.0.6-0.1mdvmes5.2.i586.rpm
 40a13c0c7bac7b046098a89f66817768  mes5/i586/firefox-pt_PT-17.0.6-0.1mdvmes5.2.i586.rpm
 489f1cd793af09cc3bf1257d45af6121  mes5/i586/firefox-ro-17.0.6-0.1mdvmes5.2.i586.rpm
 22346dfbab9b10bc5c56829ed1df230e  mes5/i586/firefox-ru-17.0.6-0.1mdvmes5.2.i586.rpm
 d7cd83c8056416a017748bcb0c48925d  mes5/i586/firefox-si-17.0.6-0.1mdvmes5.2.i586.rpm
 b4af80fc6839a9d132a71cd07344c530  mes5/i586/firefox-sk-17.0.6-0.1mdvmes5.2.i586.rpm
 b63fce1ee28b497da3765ef44a889925  mes5/i586/firefox-sl-17.0.6-0.1mdvmes5.2.i586.rpm
 5bd71dbc6ac37fc548418197fa1dd236  mes5/i586/firefox-sq-17.0.6-0.1mdvmes5.2.i586.rpm
 654506c5748cfee3db91ab0451b07dad  mes5/i586/firefox-sr-17.0.6-0.1mdvmes5.2.i586.rpm
 06e4d3928c66bb34751eb169319cacc3  mes5/i586/firefox-sv_SE-17.0.6-0.1mdvmes5.2.i586.rpm
 084aef338fa2ed6ece85b92ba8b0b685  mes5/i586/firefox-te-17.0.6-0.1mdvmes5.2.i586.rpm
 390a3897d8923da3849b1e78a61453d2  mes5/i586/firefox-th-17.0.6-0.1mdvmes5.2.i586.rpm
 36e182907b42478654c6160be2e91464  mes5/i586/firefox-tr-17.0.6-0.1mdvmes5.2.i586.rpm
 596472bc10dc65f2ea2d2f945c344f18  mes5/i586/firefox-uk-17.0.6-0.1mdvmes5.2.i586.rpm
 8c789a0ace5dfaff30fc4dfdbc786254  mes5/i586/firefox-zh_CN-17.0.6-0.1mdvmes5.2.i586.rpm
 cd6ce4aff5da65fb8e3baede6a731f75  mes5/i586/firefox-zh_TW-17.0.6-0.1mdvmes5.2.i586.rpm
 cec85f986c99ac9b399118c4d69dfec4  mes5/i586/icedtea-web-1.3.2-0.2mdvmes5.2.i586.rpm
 667568b8cd09f5010920af924098d8be  mes5/i586/icedtea-web-javadoc-1.3.2-0.2mdvmes5.2.i586.rpm
 7a8ce58834255da06790b0f40c7a698e  mes5/i586/libxulrunner17.0.6-17.0.6-0.1mdvmes5.2.i586.rpm
 9e3cb855449c4990bc42184abb417b1a  mes5/i586/libxulrunner-devel-17.0.6-0.1mdvmes5.2.i586.rpm
 882d2750f36eed27d75538b73ba83213  mes5/i586/xulrunner-17.0.6-0.1mdvmes5.2.i586.rpm 
 286be14ee601e23133130b24b0f6b3e6  mes5/SRPMS/firefox-17.0.6-0.1mdvmes5.2.src.rpm
 14d72c343e1dbac2d7e54e2a63321292  mes5/SRPMS/firefox-l10n-17.0.6-0.1mdvmes5.2.src.rpm
 1c610d89b0b529bd4a8cfb1ae6c59126  mes5/SRPMS/icedtea-web-1.3.2-0.2mdvmes5.2.src.rpm
 c825f9cb255a5f04a60d6e2796718de6  mes5/SRPMS/xulrunner-17.0.6-0.1mdvmes5.2.src.rpm

MES5 x86_64

 f3b9f6c77166dbef19dd4504fce66728  mes5/x86_64/firefox-17.0.6-0.1mdvmes5.2.x86_64.rpm
 3e63385f08481a615c7ddbf485c8d14b  mes5/x86_64/firefox-af-17.0.6-0.1mdvmes5.2.x86_64.rpm
 f78f50d08001a86eb1d4d610af28aa24  mes5/x86_64/firefox-ar-17.0.6-0.1mdvmes5.2.x86_64.rpm
 54195c1df7571476082239d657c27273  mes5/x86_64/firefox-be-17.0.6-0.1mdvmes5.2.x86_64.rpm
 8b9833e6e007453b63ab103b4f65b240  mes5/x86_64/firefox-bg-17.0.6-0.1mdvmes5.2.x86_64.rpm
 0a47abc94aeb17af5d72656228725a61  mes5/x86_64/firefox-bn-17.0.6-0.1mdvmes5.2.x86_64.rpm
 e7c8e2baab753083a85701f160edb089  mes5/x86_64/firefox-ca-17.0.6-0.1mdvmes5.2.x86_64.rpm
 4379ee03133657e6c8cfa92c844563c3  mes5/x86_64/firefox-cs-17.0.6-0.1mdvmes5.2.x86_64.rpm
 e3d6ba8d2ff77674f7359de3d98a4c86  mes5/x86_64/firefox-cy-17.0.6-0.1mdvmes5.2.x86_64.rpm
 7ab8b849501801d3e7c06e786da5561d  mes5/x86_64/firefox-da-17.0.6-0.1mdvmes5.2.x86_64.rpm
 fc2db06bb48fbd504143d907c7d53edd  mes5/x86_64/firefox-de-17.0.6-0.1mdvmes5.2.x86_64.rpm
 2f6eafa19235fcb6f3bbac336a1f6cde  mes5/x86_64/firefox-devel-17.0.6-0.1mdvmes5.2.x86_64.rpm
 551a20dd416ec7227fcf9cdbcbac371e  mes5/x86_64/firefox-el-17.0.6-0.1mdvmes5.2.x86_64.rpm
 26818f2936ee468dccc02396010180fd  mes5/x86_64/firefox-en_GB-17.0.6-0.1mdvmes5.2.x86_64.rpm
 6d7bbe752918ee6c8b641513bf23cc93  mes5/x86_64/firefox-eo-17.0.6-0.1mdvmes5.2.x86_64.rpm
 93fc498b92eaa16b0b128a9cb2b96024  mes5/x86_64/firefox-es_AR-17.0.6-0.1mdvmes5.2.x86_64.rpm
 f65e922d32563ac1783db59bcaa15568  mes5/x86_64/firefox-es_ES-17.0.6-0.1mdvmes5.2.x86_64.rpm
 773cc253f6f3f9a5ed89196e66b9bcf8  mes5/x86_64/firefox-et-17.0.6-0.1mdvmes5.2.x86_64.rpm
 0b1c8d754a34e8f755bfc4534571d84b  mes5/x86_64/firefox-eu-17.0.6-0.1mdvmes5.2.x86_64.rpm
 06806de5a58750131f9e771cbf03bdaa  mes5/x86_64/firefox-fi-17.0.6-0.1mdvmes5.2.x86_64.rpm
 e8919942691d1eaf092995a5994e02ae  mes5/x86_64/firefox-fr-17.0.6-0.1mdvmes5.2.x86_64.rpm
 358d133cf551b244e9c1364f44c1f6a6  mes5/x86_64/firefox-fy-17.0.6-0.1mdvmes5.2.x86_64.rpm
 d3789ee0795d8a8ad131055d903e64b8  mes5/x86_64/firefox-ga_IE-17.0.6-0.1mdvmes5.2.x86_64.rpm
 00f73187e003b159936c61ca640ea2d8  mes5/x86_64/firefox-gl-17.0.6-0.1mdvmes5.2.x86_64.rpm
 0c40794ce31d475ab145f8238f4a69ef  mes5/x86_64/firefox-gu_IN-17.0.6-0.1mdvmes5.2.x86_64.rpm
 ecd796b009fbd0ebd2bd0c1327cd8a54  mes5/x86_64/firefox-he-17.0.6-0.1mdvmes5.2.x86_64.rpm
 d5fb35fb9450cb66147ca5f93b4b8d27  mes5/x86_64/firefox-hi-17.0.6-0.1mdvmes5.2.x86_64.rpm
 50bdc95c5b9dde4f1451bd252e25e912  mes5/x86_64/firefox-hu-17.0.6-0.1mdvmes5.2.x86_64.rpm
 33555e438f85781e71eb1890f68b0a5b  mes5/x86_64/firefox-id-17.0.6-0.1mdvmes5.2.x86_64.rpm
 3a1ceb86ed1d968cc7337c6bf6fd80f8  mes5/x86_64/firefox-is-17.0.6-0.1mdvmes5.2.x86_64.rpm
 3f97e32b514fa83502412d3b72e23848  mes5/x86_64/firefox-it-17.0.6-0.1mdvmes5.2.x86_64.rpm
 a678d8b39cf1e5e4ccbfce5c6369946f  mes5/x86_64/firefox-ja-17.0.6-0.1mdvmes5.2.x86_64.rpm
 60209cf511175c9a2083e181cb4dcc02  mes5/x86_64/firefox-kn-17.0.6-0.1mdvmes5.2.x86_64.rpm
 2114a7af6a05405e1a3258a7022082c7  mes5/x86_64/firefox-ko-17.0.6-0.1mdvmes5.2.x86_64.rpm
 d37ed3ad02fcf109a1bd7485557022be  mes5/x86_64/firefox-ku-17.0.6-0.1mdvmes5.2.x86_64.rpm
 9680db09665bd8efe45a28efebe570f3  mes5/x86_64/firefox-lt-17.0.6-0.1mdvmes5.2.x86_64.rpm
 0fd979fbc7fec9e9e643159ca99a71ab  mes5/x86_64/firefox-lv-17.0.6-0.1mdvmes5.2.x86_64.rpm
 56734a4a60e37fc093e72d5a97974419  mes5/x86_64/firefox-mk-17.0.6-0.1mdvmes5.2.x86_64.rpm
 791374a0fad76907d7958ea60aacdd79  mes5/x86_64/firefox-mr-17.0.6-0.1mdvmes5.2.x86_64.rpm
 0e1495138afc7e840b8e8148ebc3f0d9  mes5/x86_64/firefox-nb_NO-17.0.6-0.1mdvmes5.2.x86_64.rpm
 95be67b365b61ae443d121fbfe3de5ac  mes5/x86_64/firefox-nl-17.0.6-0.1mdvmes5.2.x86_64.rpm
 a54a6459e62a137a10e880b70d88693b  mes5/x86_64/firefox-nn_NO-17.0.6-0.1mdvmes5.2.x86_64.rpm
 cc055e95ea881ac2ff10a25ac1e3d3d1  mes5/x86_64/firefox-pa_IN-17.0.6-0.1mdvmes5.2.x86_64.rpm
 ba6725bd80630bda0b8ba64f799550a1  mes5/x86_64/firefox-pl-17.0.6-0.1mdvmes5.2.x86_64.rpm
 ecb7da0bc95ebeeabd11b92b13c872cd  mes5/x86_64/firefox-pt_BR-17.0.6-0.1mdvmes5.2.x86_64.rpm
 63849bd3f06e892cbf714c9aad2d546f  mes5/x86_64/firefox-pt_PT-17.0.6-0.1mdvmes5.2.x86_64.rpm
 2c817ff3fd51c9ee7ce90c8463562f43  mes5/x86_64/firefox-ro-17.0.6-0.1mdvmes5.2.x86_64.rpm
 0ec101c99272ade6df79eba8e7cf6abe  mes5/x86_64/firefox-ru-17.0.6-0.1mdvmes5.2.x86_64.rpm
 bad25d9a0633f3c1b22443f923de2231  mes5/x86_64/firefox-si-17.0.6-0.1mdvmes5.2.x86_64.rpm
 473a0caa64b218789fe36b307ede3487  mes5/x86_64/firefox-sk-17.0.6-0.1mdvmes5.2.x86_64.rpm
 43043fef94498907379e45aca2e930b5  mes5/x86_64/firefox-sl-17.0.6-0.1mdvmes5.2.x86_64.rpm
 4f516d06adb4b52678638b6778621f99  mes5/x86_64/firefox-sq-17.0.6-0.1mdvmes5.2.x86_64.rpm
 da0cd318a7752de046bac47020f35934  mes5/x86_64/firefox-sr-17.0.6-0.1mdvmes5.2.x86_64.rpm
 f373d1aae54563c023fb812dbea2003c  mes5/x86_64/firefox-sv_SE-17.0.6-0.1mdvmes5.2.x86_64.rpm
 39b61537b17aff4fbd564b12ec4a20d2  mes5/x86_64/firefox-te-17.0.6-0.1mdvmes5.2.x86_64.rpm
 8c45df0622f9683b9ee92c85b9094256  mes5/x86_64/firefox-th-17.0.6-0.1mdvmes5.2.x86_64.rpm
 a1dbe822f989254861efc76410b122a3  mes5/x86_64/firefox-tr-17.0.6-0.1mdvmes5.2.x86_64.rpm
 9ef9c2a82d43844639fa333a1dfd0917  mes5/x86_64/firefox-uk-17.0.6-0.1mdvmes5.2.x86_64.rpm
 929438752ef4acff1fb528b92c1ab5bb  mes5/x86_64/firefox-zh_CN-17.0.6-0.1mdvmes5.2.x86_64.rpm
 35ee7e83b80f5fb303d7b519a65d6ecb  mes5/x86_64/firefox-zh_TW-17.0.6-0.1mdvmes5.2.x86_64.rpm
 bf5e8d433d9cf7feced99272edc8a98d  mes5/x86_64/icedtea-web-1.3.2-0.2mdvmes5.2.x86_64.rpm
 f09ad1481d5496ca2d030b351dfeef4c  mes5/x86_64/icedtea-web-javadoc-1.3.2-0.2mdvmes5.2.x86_64.rpm
 fa2918c5114faf56c9ca8ed0c2f7ebc2  mes5/x86_64/lib64xulrunner17.0.6-17.0.6-0.1mdvmes5.2.x86_64.rpm
 9709ee51ad941d535e235833cdb43a9c  mes5/x86_64/lib64xulrunner-devel-17.0.6-0.1mdvmes5.2.x86_64.rpm
 3555051c085a68d34cb4eba61af2b13c  mes5/x86_64/xulrunner-17.0.6-0.1mdvmes5.2.x86_64.rpm 
 286be14ee601e23133130b24b0f6b3e6  mes5/SRPMS/firefox-17.0.6-0.1mdvmes5.2.src.rpm
 14d72c343e1dbac2d7e54e2a63321292  mes5/SRPMS/firefox-l10n-17.0.6-0.1mdvmes5.2.src.rpm
 1c610d89b0b529bd4a8cfb1ae6c59126  mes5/SRPMS/icedtea-web-1.3.2-0.2mdvmes5.2.src.rpm
 c825f9cb255a5f04a60d6e2796718de6  mes5/SRPMS/xulrunner-17.0.6-0.1mdvmes5.2.src.rpm

References