Bug 3195 - [UPDATE REQUEST] [UPSTREAM UPDATE] firefox + xulrunner
: [UPDATE REQUEST] [UPSTREAM UPDATE] firefox + xulrunner
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-20 14:07 MSK by Andrew Lukoshko
Modified: 2013-11-28 13:05 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
alexander.petryakov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2013-11-20 14:07:00 MSK
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to terminate
unexpectedly or, potentially, execute arbitrary code with the privileges of
the user running Firefox. (CVE-2013-5590, CVE-2013-5597, CVE-2013-5599,
CVE-2013-5600, CVE-2013-5601, CVE-2013-5602)

It was found that the Firefox JavaScript engine incorrectly allocated
memory for certain functions. An attacker could combine this flaw with
other vulnerabilities to execute arbitrary code with the privileges of the
user running Firefox. (CVE-2013-5595)

A flaw was found in the way Firefox handled certain Extensible Stylesheet
Language Transformations (XSLT) files. An attacker could combine this flaw
with other vulnerabilities to execute arbitrary code with the privileges of
the user running Firefox. (CVE-2013-5604)

http://rhn.redhat.com/errata/RHSA-2013-1476.html

https://abf.rosalinux.ru/build_lists/1391577
https://abf.rosalinux.ru/build_lists/1391578
https://abf.rosalinux.ru/build_lists/1391262
https://abf.rosalinux.ru/build_lists/1391263
Comment 1 Alexander Petryakov 2013-11-22 02:44:41 MSK
firefox-17.0.10-1.res6
xulrunner-17.0.10-1.res6
*********************** RHEL Advisory *************************
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to terminate
unexpectedly or, potentially, execute arbitrary code with the privileges of
the user running Firefox. (CVE-2013-5590, CVE-2013-5597, CVE-2013-5599,
CVE-2013-5600, CVE-2013-5601, CVE-2013-5602)

It was found that the Firefox JavaScript engine incorrectly allocated
memory for certain functions. An attacker could combine this flaw with
other vulnerabilities to execute arbitrary code with the privileges of the
user running Firefox. (CVE-2013-5595)

A flaw was found in the way Firefox handled certain Extensible Stylesheet
Language Transformations (XSLT) files. An attacker could combine this flaw
with other vulnerabilities to execute arbitrary code with the privileges of
the user running Firefox. (CVE-2013-5604)

http://rhn.redhat.com/errata/RHSA-2013-1476.html
***************************************************************
QA Verified