Bug 3593 - [UPDATE REQUEST] [UPSTREAM UPDATE] firefox
: [UPDATE REQUEST] [UPSTREAM UPDATE] firefox
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-13 18:33 MSK by Andrew Lukoshko
Modified: 2014-01-30 14:16 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
alexander.petryakov: qa_verified+
andrew.lukoshko: published_server+


Attachments
Update has removed firefox icon from task panel (11.34 KB, application/octet-stream)
2014-01-22 02:33 MSK, Alexander Petryakov
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2014-01-13 18:33:44 MSK
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613)

A flaw was found in the way Firefox rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross-site scripting (XSS) attacks. (CVE-2013-5612)

It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5614)

http://rhn.redhat.com/errata/RHSA-2013-1812.html

https://abf.rosalinux.ru/build_lists/1516711
https://abf.rosalinux.ru/build_lists/1516712
Comment 1 Andrew Lukoshko 2014-01-13 18:34:15 MSK
Use with updated packages from http://bugs.rosalinux.ru/show_bug.cgi?id=3592
Comment 3 Alexander Petryakov 2014-01-22 02:33:05 MSK
Created attachment 2576 [details]
Update has removed firefox icon from task panel
Comment 5 Alexander Petryakov 2014-01-24 03:16:48 MSK
firefox-24.2.0-1.res6
*********************** RHEL Advisory *************************
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613)

A flaw was found in the way Firefox rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross-site scripting (XSS) attacks. (CVE-2013-5612)

It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5614)

http://rhn.redhat.com/errata/RHSA-2013-1812.html
***************************************************************
QA Verified