Debian Bug report logs -
#703071
CVE-2011-1187, CVE-2012-0475, CVE-2013-{0773,0775,0776,0780,0782,0783}
Reported by: Arne Wichmann <aw@anhrefn.saar.de>
Date: Thu, 14 Mar 2013 22:18:02 UTC
Severity: grave
Tags: security, wheezy-ignore
Fixed in versions iceweasel/19.0-1, 17.0.5esr-1
Done: Moritz Muehlenhoff <jmm@inutil.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>:
Bug#703071; Package iceweasel.
(Thu, 14 Mar 2013 22:18:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Arne Wichmann <aw@anhrefn.saar.de>:
New Bug report received and forwarded. Copy sent to Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>.
(Thu, 14 Mar 2013 22:18:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: iceweasel
Severity: grave
Tags: security
Hi,
the following vulnerabilities were published for iceweasel.
(I am aware that these are fixed in experimental, but they should also be
fixed in testing and stable. If I can be of assistance please indicate so.)
CVE-2011-1187[0]:
| Google Chrome before 10.0.648.127 allows remote attackers to bypass
| the Same Origin Policy via unspecified vectors, related to an "error
| message leak."
CVE-2012-0475[1]:
| Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and
| SeaMonkey before 2.9 do not properly construct the Origin and
| Sec-WebSocket-Origin HTTP headers, which might allow remote attackers
| to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or
| (2) WebSocket operation involving a nonstandard port number and an
| IPv6 address that contains certain zero fields.
CVE-2013-0773[2]:
| The Chrome Object Wrapper (COW) and System Only Wrapper (SOW)
| implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x
| before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before
| 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a
| prototype, which allows remote attackers to obtain sensitive
| information from chrome objects or possibly execute arbitrary
| JavaScript code with chrome privileges via a crafted web site.
CVE-2013-0775[3]:
| Use-after-free vulnerability in the
| nsImageLoadingContent::OnStopContainer function in Mozilla Firefox
| before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before
| 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16
| allows remote attackers to execute arbitrary code via crafted web
| script.
CVE-2013-0780[4]:
| Use-after-free vulnerability in the
| nsOverflowContinuationTracker::Finish function in Mozilla Firefox
| before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before
| 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16
| allows remote attackers to execute arbitrary code or cause a denial of
| service (heap memory corruption) via a crafted document that uses
| Cascading Style Sheets (CSS) -moz-column-* properties.
CVE-2013-0782[5]:
| Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion
| function in Mozilla Firefox before 19.0, Firefox ESR 17.x before
| 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3,
| and SeaMonkey before 2.16 allows remote attackers to execute arbitrary
| code via unspecified vectors.
CVE-2013-0783[6]:
| Multiple unspecified vulnerabilities in the browser engine in Mozilla
| Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird
| before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey
| before 2.16 allow remote attackers to cause a denial of service
| (memory corruption and application crash) or possibly execute
| arbitrary code via unknown vectors.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187
http://security-tracker.debian.org/tracker/CVE-2011-1187
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0475
http://security-tracker.debian.org/tracker/CVE-2012-0475
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773
http://security-tracker.debian.org/tracker/CVE-2013-0773
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775
http://security-tracker.debian.org/tracker/CVE-2013-0775
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780
http://security-tracker.debian.org/tracker/CVE-2013-0780
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782
http://security-tracker.debian.org/tracker/CVE-2013-0782
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783
http://security-tracker.debian.org/tracker/CVE-2013-0783
Please adjust the affected versions in the BTS as needed.
cu
AW
--
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (aw@linux.de)
Added tag(s) wheezy-ignore.
Request was from Julien Cristau <jcristau@debian.org>
to control@bugs.debian.org.
(Sun, 24 Mar 2013 12:00:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>:
Bug#703071; Package iceweasel.
(Tue, 30 Apr 2013 12:15:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Arne Wichmann <aw@anhrefn.saar.de>:
Extra info received and forwarded to list. Copy sent to Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>.
(Tue, 30 Apr 2013 12:15:09 GMT) (full text, mbox, link).
Message #12 received at 703071@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
This grave bug is no open for more than a month with no action on it. Do
you have any plans to do something about it or shall wheezy be released
with arbitrary code executions in iceweasel?
cu
AW
--
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (aw@linux.de)
[signature.asc (application/pgp-signature, inline)]
Marked as fixed in versions iceweasel/19.0-1.
Request was from Arne Wichmann <aw@anhrefn.saar.de>
to control@bugs.debian.org.
(Tue, 30 Apr 2013 19:39:04 GMT) (full text, mbox, link).
Reply sent
to Moritz Muehlenhoff <jmm@inutil.org>:
You have taken responsibility.
(Mon, 03 Jun 2013 16:27:18 GMT) (full text, mbox, link).
Notification sent
to Arne Wichmann <aw@anhrefn.saar.de>:
Bug acknowledged by developer.
(Mon, 03 Jun 2013 16:27:18 GMT) (full text, mbox, link).
Message #19 received at 703071-done@bugs.debian.org (full text, mbox, reply):
Version: 17.0.5esr-1
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 02 Jul 2013 07:44:11 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:48:50 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon