MGASA-2013-0320

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0320.html

Import Source

https://advisories.mageia.org/MGASA-2013-0320.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2013-0320

Related

CVE-2013-1739
CVE-2013-5590
CVE-2013-5595
CVE-2013-5597
CVE-2013-5599
CVE-2013-5600
CVE-2013-5601
CVE-2013-5602
CVE-2013-5604

Published

2013-11-09T18:55:13Z

Modified

2013-11-09T18:55:04Z

Summary

Updated firefox & related packages fix multiple security vulnerabilities

Details

Updated firefox packages fix security vulnerabilities:

Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure (CVE-2013-1739).

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2013-5590, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602).

It was found that the Firefox JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox (CVE-2013-5595).

A flaw was found in the way Firefox handled certain Extensible Stylesheet Language Transformations (XSLT) files. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox (CVE-2013-5604).

Additionally, the rootcerts, nspr, nss, and sqlite3 packages have been updated to newer versions required by this update.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / sqlite3

Package

Name: sqlite3
Purl: pkg:rpm/mageia/sqlite3?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.17-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / rootcerts

Package

Name: rootcerts
Purl: pkg:rpm/mageia/rootcerts?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20130411.00-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / nspr

Package

Name: nspr
Purl: pkg:rpm/mageia/nspr?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.10.1-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.15.2-1.1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.1.0-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.1.0-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:2 / sqlite3

Package

Name: sqlite3
Purl: pkg:rpm/mageia/sqlite3?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.17-1.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:2 / rootcerts

Package

Name: rootcerts
Purl: pkg:rpm/mageia/rootcerts?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20130411.00-1.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:2 / nspr

Package

Name: nspr
Purl: pkg:rpm/mageia/nspr?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.10.1-1.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:2 / nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.15.2-1.1.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:2 / firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.1.0-1.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:2 / firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.1.0-1.mga2

Ecosystem specific

{
    "section": "core"
}