MGASA-2014-0201

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2014-0201.html
Import Source
https://advisories.mageia.org/MGASA-2014-0201.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2014-0201
Related
  • CVE-2014-1518
  • CVE-2014-1523
  • CVE-2014-1524
  • CVE-2014-1529
  • CVE-2014-1530
  • CVE-2014-1531
  • CVE-2014-1532
Published
2014-05-02T18:03:24Z
Modified
2014-05-02T18:03:19Z
Summary
Updated firefox & thunderbird packages fix multiple vulnerabilities
Details

Updated firefox and thunderbird packages fix security vulnerabilities:

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531).

A use-after-free flaw was found in the way Firefox and Thunderbird resolved hosts in certain circumstances. An attacker could use this flaw to crash Firefox or Thunderbird or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2014-1532).

An out-of-bounds read flaw was found in the way Firefox and Thunderbird decoded JPEG images. Loading a web page containing a specially crafted JPEG image could cause Firefox or Thunderbird to crash (CVE-2014-1523).

A flaw was found in the way Firefox and Thunderbird handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks (CVE-2014-1530).

References
Credits

Affected packages

Mageia:4 / firefox

Package

Name
firefox
Purl
pkg:rpm/mageia/firefox?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.5.0-1.mga4

Ecosystem specific 

{
    "section": "core"
}

Mageia:4 / firefox-l10n

Package

Name
firefox-l10n
Purl
pkg:rpm/mageia/firefox-l10n?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.5.0-1.mga4

Ecosystem specific 

{
    "section": "core"
}

Mageia:4 / thunderbird

Package

Name
thunderbird
Purl
pkg:rpm/mageia/thunderbird?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.5.0-1.mga4

Ecosystem specific 

{
    "section": "core"
}

Mageia:4 / thunderbird-l10n

Package

Name
thunderbird-l10n
Purl
pkg:rpm/mageia/thunderbird-l10n?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.5.0-1.mga4

Ecosystem specific 

{
    "section": "core"
}

Mageia:3 / firefox

Package

Name
firefox
Purl
pkg:rpm/mageia/firefox?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.5.0-1.mga3

Ecosystem specific 

{
    "section": "core"
}

Mageia:3 / firefox-l10n

Package

Name
firefox-l10n
Purl
pkg:rpm/mageia/firefox-l10n?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.5.0-1.mga3

Ecosystem specific 

{
    "section": "core"
}

Mageia:3 / thunderbird

Package

Name
thunderbird
Purl
pkg:rpm/mageia/thunderbird?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.5.0-1.mga3

Ecosystem specific 

{
    "section": "core"
}

Mageia:3 / thunderbird-l10n

Package

Name
thunderbird-l10n
Purl
pkg:rpm/mageia/thunderbird-l10n?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.5.0-1.mga3

Ecosystem specific 

{
    "section": "core"
}