-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0009 Title: Several vulnerabilities in Firefox, Thunderbird and Seamonkey Version history 09.01.2013 Initial publication Summary and Potential impact ============================ Mozilla developers identified and fixed several vulnerabilities [1-20]: Memory safety bugs fixed in Firefox ESR 10.0.12, Firefox ESR 17.0.1, and Firefox 18 (CVE-2013-0769) Memory safety bugs fixed in Firefox ESR 17.0.1 and Firefox 18 (CVE-2013-0749) Memory safety bugs fixed in Firefox 18 (CVE-2013-0770) Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar (CVE-2013-0760) Heap-use-after-free in imgRequest::OnStopFrame (CVE-2013-0762) Heap-use-after-free in ~nsHTMLEditRules (CVE-2013-0766) Out of bounds read in nsSVGPathElement::GetPathLengthScale (CVE-2013-0767) Heap-use-after-free in mozilla::TrackUnionStream::EndTrack (CVE-2013-0761) Heap-use-after-free in Mesa, triggerable by resizing a WebGL canvas (CVE-2013-0763) Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771) Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) Stack buffer overflow with canvas (CVE-2013-0768) URL spoofing with credentials info of URL & 204 (CVE-2013-0759) Heap-use-after-free in TableBackgroundPainter::TableBackgroundData::Destroy (CVE-2013-0744) Touch events are shared across iframes (CVE-2013-0751) Crash [@ nsSOCKSSocketInfo::ConnectToProxy(PRFileDesc*) ] clicking "Download the rest of the message" (CVE-2013-0764) Investigate if AutoWrapperChanger causes security problems (CVE-2013-0745) Quickstubs returning jsval should JS_WrapValue (CVE-2013-0746) I can confuse gPluginHandler.handleEvent by listening for mutation events (CVE-2013-0747) XBL.__proto__.toString is ugly and reveals address space layout (CVE-2013-0748) String Replacement Heap Corruption Remote Code Execution Vulnerability (CVE-2013-0750) Crash when XML binding (XBL) includes another binding which contains SVG (CVE-2013-0752) Chrome Object Wrapper can be bypassed using Object.prototype.__proto__ (CVE-2013-0757) Content can access chrome-privileged pages using plugin objects (CVE-2013-0758) XMLSerializer Use-After-Free Remote Code Execution Vulnerability (CVE-2013-0753) ListenerManager Use-After-Free Remote Code Execution Vulnerability (CVE-2013-0754) mozVibrate Use-After-Free Remote Code Execution Vulnerability (CVE-2013-0755) obj_toSource Use-After-Free Remote Code Execution Vulnerability (CVE-2013-0756) Deal with TURKTRUST mis-issued *.google.com certificate (CVE-2013-0743) Updates/Fixes =========== The vulnerabilities are fixed in Firefox 18.0 Firefox ESR 10.0.12 Firefox ESR 17.0.2 Thunderbird 17.0.2 Thunderbird ESR 10.0.12 Thunderbird ESR 17.0.2 SeaMonkey 2.15 What can you do? ================ Update to the fixed versions of the products. What to tell your users? ======================== N/A More information ================ [1] http://www.mozilla.org/security/announce/2013/mfsa2013-01.html [2] http://www.mozilla.org/security/announce/2013/mfsa2013-02.html [3] http://www.mozilla.org/security/announce/2013/mfsa2013-03.html [4] http://www.mozilla.org/security/announce/2013/mfsa2013-04.html [5] http://www.mozilla.org/security/announce/2013/mfsa2013-05.html [6] http://www.mozilla.org/security/announce/2013/mfsa2013-06.html [7] http://www.mozilla.org/security/announce/2013/mfsa2013-07.html [8] http://www.mozilla.org/security/announce/2013/mfsa2013-08.html [9] http://www.mozilla.org/security/announce/2013/mfsa2013-09.html [10] http://www.mozilla.org/security/announce/2013/mfsa2013-10.html [11] http://www.mozilla.org/security/announce/2013/mfsa2013-11.html [12] http://www.mozilla.org/security/announce/2013/mfsa2013-12.html [13] http://www.mozilla.org/security/announce/2013/mfsa2013-13.html [14] http://www.mozilla.org/security/announce/2013/mfsa2013-14.html [15] http://www.mozilla.org/security/announce/2013/mfsa2013-15.html [16] http://www.mozilla.org/security/announce/2013/mfsa2013-16.html [17] http://www.mozilla.org/security/announce/2013/mfsa2013-17.html [18] http://www.mozilla.org/security/announce/2013/mfsa2013-18.html [19] http://www.mozilla.org/security/announce/2013/mfsa2013-19.html [20] http://www.mozilla.org/security/announce/2013/mfsa2013-20.html Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQ7ZyHAAoJEPpzpNLI8SVoYQcQALyI57Gh+O3MyJN4Mp2TeVSo pUcSy8+tBx+qRv0zikXjWQTx7vXQ8lOTJltgqHVH9KrgOrMw+Skz8HJu8k/xiWu2 qV5QIG39UKrP1PXZGyr7LeP41ibWde7WC4dEnYmrYAzJG0D/3NYTCzYZK/k0HlHR DUDtaABHZeRuAJbbzUr1qZLB0mar/tXDY7JC72Jspky8A36VSyWkSCZsZX3Kq69f qyRc6UaiYcr9N7s8+RxZiqrqCW/G/JZRa/Ow9XDflzrd54EQ1y5bgw2/paUtiw/W puHn9wTElNJY1mu5yS73KDwCb58UeSNgUA8qADM1Uab9R0UUbs+ApBzRlNVVP73c anTmiCw6FKh+s6yEWRfJtgqgO8l3KG7/v+Gh8jr9I6fq66tDxv0MQl8hKW9zbpAI g61fP0+rt/ls3SfUmMZ0WwgBYxznzWTFiL1ohOxBtgwRHi9cL3cte2C/m0ACW3VB v2aLutOss4iO20m3MYqdJHz7FzAIco1x3lfzNPEfFQcNKJwCEoXB/MsUZdY8AXe7 qg4XZ84LDjNRphsP42PtQYxdR7jMl1Dx/6Pzdz0t0CEvK6+b6oqcb+EzYkx02eiT MPQJUGKC+R63bFB/I9elUoYy2upVxSR+5TJ0dvPTqdA2oQMvYls4pUj8JryKgcwd ohBvojX++mmXh54goiR4 =8V3b -----END PGP SIGNATURE-----