Bug 3593

Summary: [UPDATE REQUEST] [UPSTREAM UPDATE] firefox
Product: Server Bugs Reporter: Andrew Lukoshko <andrew.lukoshko>
Component: Main PackagesAssignee: Andrew Lukoshko <andrew.lukoshko>
Status: RESOLVED FIXED QA Contact: ROSA Server Bugs <server-bugs>
Severity: normal    
Priority: Normal CC: alexander.petryakov
Version: unspecifiedFlags: alexander.petryakov: qa_verified+
andrew.lukoshko: published_server+
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:
Attachments: Update has removed firefox icon from task panel

Description Andrew Lukoshko 2014-01-13 18:33:44 MSK 
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613)

A flaw was found in the way Firefox rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross-site scripting (XSS) attacks. (CVE-2013-5612)

It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5614)

http://rhn.redhat.com/errata/RHSA-2013-1812.html

https://abf.rosalinux.ru/build_lists/1516711
https://abf.rosalinux.ru/build_lists/1516712
Comment 1 Andrew Lukoshko 2014-01-13 18:34:15 MSK 
Use with updated packages from http://bugs.rosalinux.ru/show_bug.cgi?id=3592
Comment 3 Alexander Petryakov 2014-01-22 02:33:05 MSK 
Created attachment 2576 [details]
Update has removed firefox icon from task panel
Comment 5 Alexander Petryakov 2014-01-24 03:16:48 MSK 
firefox-24.2.0-1.res6
*********************** RHEL Advisory *************************
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613)

A flaw was found in the way Firefox rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross-site scripting (XSS) attacks. (CVE-2013-5612)

It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5614)

http://rhn.redhat.com/errata/RHSA-2013-1812.html
***************************************************************
QA Verified