Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Critical: firefox security update

Related Vulnerabilities: CVE-2013-5609   CVE-2013-5612   CVE-2013-5614   CVE-2013-5616   CVE-2013-5618   CVE-2013-6671   CVE-2013-5613   CVE-2013-5609   CVE-2013-6671   CVE-2013-5613   CVE-2013-5612   CVE-2013-5616   CVE-2013-5614   CVE-2013-5618   CVE-2013-0772  

Source

Synopsis

Critical: firefox security update

Type/Severity

Security Advisory: Critical

Topic

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to terminate
unexpectedly or, potentially, execute arbitrary code with the privileges of
the user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618,
CVE-2013-6671, CVE-2013-5613)

A flaw was found in the way Firefox rendered web content with missing
character encoding information. An attacker could use this flaw to possibly
bypass same-origin inheritance and perform cross-site scripting (XSS)
attacks. (CVE-2013-5612)

It was found that certain malicious web content could bypass restrictions
applied by sandboxed iframes. An attacker could combine this flaw with
other vulnerabilities to execute arbitrary code with the privileges of the
user running Firefox. (CVE-2013-5614)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian
Holler, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson
Smith, and Atte Kettunen as the original reporters of these issues.

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.2.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 24.2.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 6.5 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 6.5 i386
  • Red Hat Enterprise Linux Server - AUS 6.5 x86_64
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.5 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.5 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support 6.5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.5 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.5 i386
  • Red Hat Enterprise Linux EUS Compute Node 6.5 x86_64
  • Red Hat Enterprise Linux Server - TUS 6.5 x86_64

Fixes

  • BZ - 1039417 - CVE-2013-5609 Mozilla: Miscellaneous memory safety hazards (rv:24.2) (MFSA 2013-104)
  • BZ - 1039420 - CVE-2013-5612 Mozilla: Character encoding cross-origin XSS attack (MFSA 2013-106)
  • BZ - 1039421 - CVE-2013-5614 Mozilla: Sandbox restrictions not applied to nested object elements (MFSA 2013-107)
  • BZ - 1039422 - CVE-2013-5616 Mozilla: Use-after-free in event listeners (MFSA 2013-108)
  • BZ - 1039423 - CVE-2013-5618 Mozilla: Use-after-free during Table Editing (MFSA 2013-109)
  • BZ - 1039426 - CVE-2013-6671 Mozilla: Segmentation violation when replacing ordered list elements (MFSA 2013-111)
  • BZ - 1039429 - CVE-2013-5613 Mozilla: Use-after-free in synthetic mouse movement (MFSA 2013-114)

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started