FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
18.0,1 < firefox < 22.0,1
firefox < 17.0.7,1
linux-firefox < 17.0.7,1
linux-seamonkey < 2.19
linux-thunderbird < 17.0.7
seamonkey < 2.19
11.0 < thunderbird < 17.0.7

Details

VuXML ID b3fcb387-de4b-11e2-b1c6-0025905a4771
Discovery 2013-06-25
Entry 2013-06-26

The Mozilla Project reports:

Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

Title: Memory corruption found using Address Sanitizer

Privileged content access and execution via XBL

Arbitrary code execution within Profiler

Execution of unmapped memory through onreadystatechange

Data in the body of XHR HEAD requests leads to CSRF attacks

SVG filters can lead to information disclosure

PreserveWrapper has inconsistent behavior

Sandbox restrictions not applied to nested frame elements

X-Frame-Options ignored when using server push with multi-part responses

XrayWrappers can be bypassed to run user defined methods in a privileged context

getUserMedia permission dialog incorrectly displays location

Homograph domain spoofing in .com, .net and .name

Inaccessible updater can lead to local privilege escalation

References

CVE Name CVE-2013-1682
CVE Name CVE-2013-1683
CVE Name CVE-2013-1684
CVE Name CVE-2013-1685
CVE Name CVE-2013-1686
CVE Name CVE-2013-1687
CVE Name CVE-2013-1688
CVE Name CVE-2013-1690
CVE Name CVE-2013-1692
CVE Name CVE-2013-1693
CVE Name CVE-2013-1694
CVE Name CVE-2013-1695
CVE Name CVE-2013-1696
CVE Name CVE-2013-1697
CVE Name CVE-2013-1698
CVE Name CVE-2013-1699
CVE Name CVE-2013-1700
URL http://www.mozilla.org/security/announce/2013/mfsa2013-49.html
URL http://www.mozilla.org/security/announce/2013/mfsa2013-50.html
URL http://www.mozilla.org/security/announce/2013/mfsa2013-51.html
URL http://www.mozilla.org/security/announce/2013/mfsa2013-52.html
URL http://www.mozilla.org/security/announce/2013/mfsa2013-53.html
URL http://www.mozilla.org/security/announce/2013/mfsa2013-54.html
URL http://www.mozilla.org/security/announce/2013/mfsa2013-55.html
URL http://www.mozilla.org/security/announce/2013/mfsa2013-56.html
URL http://www.mozilla.org/security/announce/2013/mfsa2013-57.html
URL http://www.mozilla.org/security/announce/2013/mfsa2013-58.html
URL http://www.mozilla.org/security/announce/2013/mfsa2013-59.html
URL http://www.mozilla.org/security/announce/2013/mfsa2013-60.html
URL http://www.mozilla.org/security/announce/2013/mfsa2013-61.html
URL http://www.mozilla.org/security/announce/2013/mfsa2013-62.html
URL http://www.mozilla.org/security/known-vulnerabilities/