-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:024 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : firefox Date : January 13, 2013 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A security issue was identified and fixed in mozilla firefox: VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution (CVE-2013-0787). The mozilla firefox packages has been upgraded to the latest ESR version which is unaffected by this security flaw. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787 http://www.mozilla.org/security/announce/2013/mfsa2013-29.html _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 2c37f101824b6a75260d6be2ba6526f4 mes5/i586/firefox-17.0.4-0.1mdvmes5.2.i586.rpm 067ef1b5cb43e108598783bb2ca3e904 mes5/i586/firefox-af-17.0.4-0.1mdvmes5.2.i586.rpm a9b33290ee48559ab9bf552c11a77867 mes5/i586/firefox-ar-17.0.4-0.1mdvmes5.2.i586.rpm 56eede1229650b50f838c4d62cf3088f mes5/i586/firefox-be-17.0.4-0.1mdvmes5.2.i586.rpm 2f1ed6761c118ca1d499c996c267fd5c mes5/i586/firefox-bg-17.0.4-0.1mdvmes5.2.i586.rpm 0af0df661fdf99dce981a34105bf3db2 mes5/i586/firefox-bn-17.0.4-0.1mdvmes5.2.i586.rpm 4fbacdfae22286a4d1565f5e07a99e59 mes5/i586/firefox-ca-17.0.4-0.1mdvmes5.2.i586.rpm 3ea6ca41d6d738d7b8fbb285e78d06f7 mes5/i586/firefox-cs-17.0.4-0.1mdvmes5.2.i586.rpm 7735a4756a43b940cd288f486e7d2de9 mes5/i586/firefox-cy-17.0.4-0.1mdvmes5.2.i586.rpm 9bec5943921b3bddcc4e3497d027fc2d mes5/i586/firefox-da-17.0.4-0.1mdvmes5.2.i586.rpm 0b9041b5eaf52e7e06dd3437626620a4 mes5/i586/firefox-de-17.0.4-0.1mdvmes5.2.i586.rpm 5cc0c1b6523e17c8d79d678d7d7aad53 mes5/i586/firefox-devel-17.0.4-0.1mdvmes5.2.i586.rpm e9a01322cd40f797ba03b52d58671b86 mes5/i586/firefox-el-17.0.4-0.1mdvmes5.2.i586.rpm 22cc5f00f67563a7734bdced5e1d7bfb mes5/i586/firefox-en_GB-17.0.4-0.1mdvmes5.2.i586.rpm 0aebbb068c1d4d85b1b2827d5b5b2431 mes5/i586/firefox-eo-17.0.4-0.1mdvmes5.2.i586.rpm a57a4e00740b7babfcb51b0328fc135f mes5/i586/firefox-es_AR-17.0.4-0.1mdvmes5.2.i586.rpm 9710fd28c150da0eb976fa8347b9cd86 mes5/i586/firefox-es_ES-17.0.4-0.1mdvmes5.2.i586.rpm e66547fd26bd582df43ff480895f6674 mes5/i586/firefox-et-17.0.4-0.1mdvmes5.2.i586.rpm 90e1a82354eb2aee9eba6b0bdc4dda92 mes5/i586/firefox-eu-17.0.4-0.1mdvmes5.2.i586.rpm 32e588d40734ae29f2fc84c37f4468ea mes5/i586/firefox-fi-17.0.4-0.1mdvmes5.2.i586.rpm 4140a4088ffb39522548b24f1294d752 mes5/i586/firefox-fr-17.0.4-0.1mdvmes5.2.i586.rpm 1202edce26a621ee77e458766e2c9026 mes5/i586/firefox-fy-17.0.4-0.1mdvmes5.2.i586.rpm 6099e1f5dd1b0529b205a89327169aed mes5/i586/firefox-ga_IE-17.0.4-0.1mdvmes5.2.i586.rpm 13818d623506c2f2c94752c54d4b379d mes5/i586/firefox-gl-17.0.4-0.1mdvmes5.2.i586.rpm bf5e73d3f9b7aeb7d6b4d32751615211 mes5/i586/firefox-gu_IN-17.0.4-0.1mdvmes5.2.i586.rpm a324f1da21be53ce595dcbb446a3f95f mes5/i586/firefox-he-17.0.4-0.1mdvmes5.2.i586.rpm efd3a7d1712e3c49a5105f8568bf3413 mes5/i586/firefox-hi-17.0.4-0.1mdvmes5.2.i586.rpm a47c70e2a0af9886942f7b8b36aae01d mes5/i586/firefox-hu-17.0.4-0.1mdvmes5.2.i586.rpm dee1f90622dcc9e52ec07b92132a73bf mes5/i586/firefox-id-17.0.4-0.1mdvmes5.2.i586.rpm 5f63f198f5a332a65029ec6773339087 mes5/i586/firefox-is-17.0.4-0.1mdvmes5.2.i586.rpm be0fb5af91ead3cc9e659ca36d6907ce mes5/i586/firefox-it-17.0.4-0.1mdvmes5.2.i586.rpm 75466d58f640181559cf203f9766e223 mes5/i586/firefox-ja-17.0.4-0.1mdvmes5.2.i586.rpm f0be98911d65cf3d9f0ccba7eb39861a mes5/i586/firefox-kn-17.0.4-0.1mdvmes5.2.i586.rpm 20ec7397f0df85a5821df4c2ab698671 mes5/i586/firefox-ko-17.0.4-0.1mdvmes5.2.i586.rpm b9237e59391bc7f9f82bcb798b2e5822 mes5/i586/firefox-ku-17.0.4-0.1mdvmes5.2.i586.rpm 991acfb783d2088c74f6cef901be39eb mes5/i586/firefox-lt-17.0.4-0.1mdvmes5.2.i586.rpm de4073f73eee8d334746cc8bf897197a mes5/i586/firefox-lv-17.0.4-0.1mdvmes5.2.i586.rpm da1fd3d4c29ac26717fae391779b931a mes5/i586/firefox-mk-17.0.4-0.1mdvmes5.2.i586.rpm 7e306e1eb4301b80f6d21b9a836f1f16 mes5/i586/firefox-mr-17.0.4-0.1mdvmes5.2.i586.rpm 8b776ce85ce48c83210417dc0963615b mes5/i586/firefox-nb_NO-17.0.4-0.1mdvmes5.2.i586.rpm 68006e43d84cc0ed69b03f15bdfd21c0 mes5/i586/firefox-nl-17.0.4-0.1mdvmes5.2.i586.rpm 0aaac65bb81de7df1915f719721b9bde mes5/i586/firefox-nn_NO-17.0.4-0.1mdvmes5.2.i586.rpm a36ca1ab708abfbf97dfe15ffbcd70c4 mes5/i586/firefox-pa_IN-17.0.4-0.1mdvmes5.2.i586.rpm c3422982ad96d57efac1697e687586fc mes5/i586/firefox-pl-17.0.4-0.1mdvmes5.2.i586.rpm f6293f8a9f8a918176d8077cc1677291 mes5/i586/firefox-pt_BR-17.0.4-0.1mdvmes5.2.i586.rpm 5a83838e5d32c2d7496387192e34d47b mes5/i586/firefox-pt_PT-17.0.4-0.1mdvmes5.2.i586.rpm c8a588d637addb4c9f7e76e17da6849c mes5/i586/firefox-ro-17.0.4-0.1mdvmes5.2.i586.rpm e6f6a2e3cc18c2be27d481408694813b mes5/i586/firefox-ru-17.0.4-0.1mdvmes5.2.i586.rpm 6690c7411453a8740d4ab5f70f45fe45 mes5/i586/firefox-si-17.0.4-0.1mdvmes5.2.i586.rpm f7c7414a0b9204af35494d56220b50ff mes5/i586/firefox-sk-17.0.4-0.1mdvmes5.2.i586.rpm 3af49111160da69db59dd56931951d23 mes5/i586/firefox-sl-17.0.4-0.1mdvmes5.2.i586.rpm 5df93e272288640e67153315b2ed8b04 mes5/i586/firefox-sq-17.0.4-0.1mdvmes5.2.i586.rpm 752203497a6b445da76eb00d076fd9eb mes5/i586/firefox-sr-17.0.4-0.1mdvmes5.2.i586.rpm cb08903c37a21719bdd2a778e333167a mes5/i586/firefox-sv_SE-17.0.4-0.1mdvmes5.2.i586.rpm 08c87cf3e01c7bffee681e1c759b79e2 mes5/i586/firefox-te-17.0.4-0.1mdvmes5.2.i586.rpm fa5e0205d25779a8651b41fd06aaf52e mes5/i586/firefox-th-17.0.4-0.1mdvmes5.2.i586.rpm 8f7cc4304a6a80498099ed237cc77f61 mes5/i586/firefox-tr-17.0.4-0.1mdvmes5.2.i586.rpm 42764b52119941d02701b806f4946bff mes5/i586/firefox-uk-17.0.4-0.1mdvmes5.2.i586.rpm be2bdd8e5ba6ecdf6d8ee668c658037a mes5/i586/firefox-zh_CN-17.0.4-0.1mdvmes5.2.i586.rpm 0f86e5ba2391474d3975539fdaf83453 mes5/i586/firefox-zh_TW-17.0.4-0.1mdvmes5.2.i586.rpm 2ef5622f5ad07e0c66b67ca56c002859 mes5/i586/icedtea-web-1.3.1-0.2mdvmes5.2.i586.rpm 4d938d0495e1eeeb35a559d87beb61cd mes5/i586/icedtea-web-javadoc-1.3.1-0.2mdvmes5.2.i586.rpm 7409dc71781ab8c50adae85919751476 mes5/i586/libxulrunner17.0.4-17.0.4-0.1mdvmes5.2.i586.rpm d4c6fdc68927660d069523a55b665742 mes5/i586/libxulrunner-devel-17.0.4-0.1mdvmes5.2.i586.rpm 158e0b68ebd245540dd7f3927fc613dc mes5/i586/xulrunner-17.0.4-0.1mdvmes5.2.i586.rpm 45f223e23dfe50fefb48503c607e2672 mes5/SRPMS/firefox-17.0.4-0.1mdvmes5.2.src.rpm 14e3516e0830a7efd15a403fbd9da583 mes5/SRPMS/firefox-l10n-17.0.4-0.1mdvmes5.2.src.rpm f3f4b9f27b949720d17a67bd71bc3b8e mes5/SRPMS/icedtea-web-1.3.1-0.2mdvmes5.2.src.rpm fbde715b98bec0176fb6ab3d86b56bea mes5/SRPMS/xulrunner-17.0.4-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: f9eb8e530ae0e00f5918b0dc285bc2c6 mes5/x86_64/firefox-17.0.4-0.1mdvmes5.2.x86_64.rpm 5ffc3fae8c54123e8f83290ce4609e1b mes5/x86_64/firefox-af-17.0.4-0.1mdvmes5.2.x86_64.rpm c26ac25114b2b57edcc4d70cbd3baa54 mes5/x86_64/firefox-ar-17.0.4-0.1mdvmes5.2.x86_64.rpm 6e14243609ef885ddd3efdf0e0ef8784 mes5/x86_64/firefox-be-17.0.4-0.1mdvmes5.2.x86_64.rpm fe371a2c363d494e281bc118b70196cd mes5/x86_64/firefox-bg-17.0.4-0.1mdvmes5.2.x86_64.rpm 511bd9c3adef9b29f877a52cbdbd535b mes5/x86_64/firefox-bn-17.0.4-0.1mdvmes5.2.x86_64.rpm 987444660229984e701ade32b902601c mes5/x86_64/firefox-ca-17.0.4-0.1mdvmes5.2.x86_64.rpm dbd04ae2dd3b0e18327831a0d075e746 mes5/x86_64/firefox-cs-17.0.4-0.1mdvmes5.2.x86_64.rpm 0322f0bf0d19cd0d52336d735ef9710d mes5/x86_64/firefox-cy-17.0.4-0.1mdvmes5.2.x86_64.rpm 7ea4edf11f3f79e8520660609e548ba6 mes5/x86_64/firefox-da-17.0.4-0.1mdvmes5.2.x86_64.rpm 3fb2628652685f298619f8970a48d22c mes5/x86_64/firefox-de-17.0.4-0.1mdvmes5.2.x86_64.rpm be987af478d561f8d42e3a84002f6f73 mes5/x86_64/firefox-devel-17.0.4-0.1mdvmes5.2.x86_64.rpm 200f375a2f71efc352634cc94bd53904 mes5/x86_64/firefox-el-17.0.4-0.1mdvmes5.2.x86_64.rpm 1f479fb94eed6f239f5f05df36e9466a mes5/x86_64/firefox-en_GB-17.0.4-0.1mdvmes5.2.x86_64.rpm 9c8a2101adc9213490d31c139a2b050a mes5/x86_64/firefox-eo-17.0.4-0.1mdvmes5.2.x86_64.rpm e70711cc23fa3faeb5846c847792ab63 mes5/x86_64/firefox-es_AR-17.0.4-0.1mdvmes5.2.x86_64.rpm 0d7bdd5085dc1a93eb24610de1932f37 mes5/x86_64/firefox-es_ES-17.0.4-0.1mdvmes5.2.x86_64.rpm aced4393712cb0e9c233f31d17981155 mes5/x86_64/firefox-et-17.0.4-0.1mdvmes5.2.x86_64.rpm 0064c43f63a52eafe7f579064ff32689 mes5/x86_64/firefox-eu-17.0.4-0.1mdvmes5.2.x86_64.rpm 5098b68b362f9c62bc773fa918649c39 mes5/x86_64/firefox-fi-17.0.4-0.1mdvmes5.2.x86_64.rpm b22f1bb943aa387ff17e916184244b96 mes5/x86_64/firefox-fr-17.0.4-0.1mdvmes5.2.x86_64.rpm 2174fb96ebd97aee0fd93aa56f283d9e mes5/x86_64/firefox-fy-17.0.4-0.1mdvmes5.2.x86_64.rpm 94de3afc378ea394ad726b94260634c5 mes5/x86_64/firefox-ga_IE-17.0.4-0.1mdvmes5.2.x86_64.rpm 76a87cfdaa3503514078ebfe47e21d5f mes5/x86_64/firefox-gl-17.0.4-0.1mdvmes5.2.x86_64.rpm fa68885eb006b91f858a9bef60cb9f78 mes5/x86_64/firefox-gu_IN-17.0.4-0.1mdvmes5.2.x86_64.rpm 28f53c40d3e0b489fb6b55f9098230bc mes5/x86_64/firefox-he-17.0.4-0.1mdvmes5.2.x86_64.rpm 981b5dea1a5b706fa3b19f2ba760a02b mes5/x86_64/firefox-hi-17.0.4-0.1mdvmes5.2.x86_64.rpm dbb9aa6c9640b1815d2e9b3d9230fa8a mes5/x86_64/firefox-hu-17.0.4-0.1mdvmes5.2.x86_64.rpm 3e751b60e3c6a2c138b94f4439535b4f mes5/x86_64/firefox-id-17.0.4-0.1mdvmes5.2.x86_64.rpm d49033a409b63b095e8464a60b931f5d mes5/x86_64/firefox-is-17.0.4-0.1mdvmes5.2.x86_64.rpm e91405e2f3393ea39acfd5fb638a2e2b mes5/x86_64/firefox-it-17.0.4-0.1mdvmes5.2.x86_64.rpm 654ccba9b85cba4aaf029e16e3ac3486 mes5/x86_64/firefox-ja-17.0.4-0.1mdvmes5.2.x86_64.rpm b0d820b5beb54ff5c7769faa6a5ad6a0 mes5/x86_64/firefox-kn-17.0.4-0.1mdvmes5.2.x86_64.rpm f94e258ca92f8cc155ad7d92706ceff8 mes5/x86_64/firefox-ko-17.0.4-0.1mdvmes5.2.x86_64.rpm c3974b7a9cbd5be82c2ad369e8c10ac9 mes5/x86_64/firefox-ku-17.0.4-0.1mdvmes5.2.x86_64.rpm 18f5b36547dafd44cf7ca984313a4d52 mes5/x86_64/firefox-lt-17.0.4-0.1mdvmes5.2.x86_64.rpm 17d483f4808d0da0b1b5c54c0b60d063 mes5/x86_64/firefox-lv-17.0.4-0.1mdvmes5.2.x86_64.rpm 0baf6ab04a5eeac0f99866487412d693 mes5/x86_64/firefox-mk-17.0.4-0.1mdvmes5.2.x86_64.rpm ed18bd9a7386f405c285d4f1e028aa36 mes5/x86_64/firefox-mr-17.0.4-0.1mdvmes5.2.x86_64.rpm af57326421b13abcf28728331325c33d mes5/x86_64/firefox-nb_NO-17.0.4-0.1mdvmes5.2.x86_64.rpm f4047958cd8f2d94d5270d2e78eb4632 mes5/x86_64/firefox-nl-17.0.4-0.1mdvmes5.2.x86_64.rpm 9072ddd33fb412fc063966ba467c7bdc mes5/x86_64/firefox-nn_NO-17.0.4-0.1mdvmes5.2.x86_64.rpm f597ce09993873eb11f5ac6a02289334 mes5/x86_64/firefox-pa_IN-17.0.4-0.1mdvmes5.2.x86_64.rpm 28b198ebac31fc7303d0fe7c04303f73 mes5/x86_64/firefox-pl-17.0.4-0.1mdvmes5.2.x86_64.rpm cfc75e822d0c5d2f064bef1da31a54f0 mes5/x86_64/firefox-pt_BR-17.0.4-0.1mdvmes5.2.x86_64.rpm 9f48e0928f077b6148d850eeb2d47479 mes5/x86_64/firefox-pt_PT-17.0.4-0.1mdvmes5.2.x86_64.rpm 628859469595c672098986b3b5659021 mes5/x86_64/firefox-ro-17.0.4-0.1mdvmes5.2.x86_64.rpm e6c9a18d2796ff8f47cf5be2f5613320 mes5/x86_64/firefox-ru-17.0.4-0.1mdvmes5.2.x86_64.rpm 2288a3548bfae492dd53e3ca325269e8 mes5/x86_64/firefox-si-17.0.4-0.1mdvmes5.2.x86_64.rpm f3690e6b231f7fb87f0c152d9bf9b218 mes5/x86_64/firefox-sk-17.0.4-0.1mdvmes5.2.x86_64.rpm a5e29b275889c820dd84609c379afa78 mes5/x86_64/firefox-sl-17.0.4-0.1mdvmes5.2.x86_64.rpm 4995351ae85124ac6e432a28358f0ab0 mes5/x86_64/firefox-sq-17.0.4-0.1mdvmes5.2.x86_64.rpm 0a9b65cc23186af1a85820ad550d4551 mes5/x86_64/firefox-sr-17.0.4-0.1mdvmes5.2.x86_64.rpm 8d3fea48b01bb1d01c2597be5973c845 mes5/x86_64/firefox-sv_SE-17.0.4-0.1mdvmes5.2.x86_64.rpm e7b9fffe4891be12a8c4646748fe7aa4 mes5/x86_64/firefox-te-17.0.4-0.1mdvmes5.2.x86_64.rpm a87bede237874ae2fbcf1d6afa93e543 mes5/x86_64/firefox-th-17.0.4-0.1mdvmes5.2.x86_64.rpm e97e338bd7e3c4398941a6bfb5f5ec0a mes5/x86_64/firefox-tr-17.0.4-0.1mdvmes5.2.x86_64.rpm 26de595f0a137ca6f306c79da2e855c3 mes5/x86_64/firefox-uk-17.0.4-0.1mdvmes5.2.x86_64.rpm f2bbad0e1cc842cb14b232c92fd31c8c mes5/x86_64/firefox-zh_CN-17.0.4-0.1mdvmes5.2.x86_64.rpm a13541b8296d26f9457cbb6f351ff2a9 mes5/x86_64/firefox-zh_TW-17.0.4-0.1mdvmes5.2.x86_64.rpm b5992d2bd7fb6eb844da037e3bf43622 mes5/x86_64/icedtea-web-1.3.1-0.2mdvmes5.2.x86_64.rpm e6a20835cbaaf06464e5720de5f84a7f mes5/x86_64/icedtea-web-javadoc-1.3.1-0.2mdvmes5.2.x86_64.rpm b261d9c69d8bd8dd33032a4e622c1554 mes5/x86_64/lib64xulrunner17.0.4-17.0.4-0.1mdvmes5.2.x86_64.rpm db2e7acd3ed1f365210187ff18e4a205 mes5/x86_64/lib64xulrunner-devel-17.0.4-0.1mdvmes5.2.x86_64.rpm bd65c7af7cc3ecc7ab4b903f489e8400 mes5/x86_64/xulrunner-17.0.4-0.1mdvmes5.2.x86_64.rpm 45f223e23dfe50fefb48503c607e2672 mes5/SRPMS/firefox-17.0.4-0.1mdvmes5.2.src.rpm 14e3516e0830a7efd15a403fbd9da583 mes5/SRPMS/firefox-l10n-17.0.4-0.1mdvmes5.2.src.rpm f3f4b9f27b949720d17a67bd71bc3b8e mes5/SRPMS/icedtea-web-1.3.1-0.2mdvmes5.2.src.rpm fbde715b98bec0176fb6ab3d86b56bea mes5/SRPMS/xulrunner-17.0.4-0.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFRQJ36mqjQ0CJFipgRAhMjAJoDYUvsZa7KYGly/y7EQwmSRw66+wCgzCVj kdWLRc3YzjV9WXqpoJIMYAE= =vP1w -----END PGP SIGNATURE-----