The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Firefox, Thunderbird, SeaMonkey: several vulnerabilities

Synthesis of the vulnerability 

Several vulnerabilities of Firefox, Thunderbird and SeaMonkey can be used by an attacker to execute code on victim's computer.
Impacted products: Debian, Fedora, Mandriva Linux, Firefox, SeaMonkey, Thunderbird, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity of this bulletin: 4/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 29/08/2012.
Références of this threat: BID-55249, BID-55256, BID-55257, BID-55260, BID-55264, BID-55266, BID-55274, BID-55276, BID-55277, BID-55278, BID-55292, BID-55304, BID-55306, BID-55308, BID-55310, BID-55311, BID-55312, BID-55313, BID-55316, BID-55317, BID-55318, BID-55319, BID-55320, BID-55321, BID-55322, BID-55323, BID-55324, BID-55325, BID-55340, BID-55341, BID-55342, BID-55344, BID-55857, CERTA-2012-AVI-467, CVE-2012-1956, CVE-2012-1970, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3965, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3973, CVE-2012-3974, CVE-2012-3975, CVE-2012-3976, CVE-2012-3977-REJECT, CVE-2012-3978, CVE-2012-3979, CVE-2012-3980, CVE-2012-4930, DSA-2553-1, DSA-2554-1, DSA-2556-1, FEDORA-2012-12871, FEDORA-2012-12892, FEDORA-2012-12958, FEDORA-2012-12979, FEDORA-2012-14049, FEDORA-2012-14102, MDVSA-2012:145, MDVSA-2012:146, MDVSA-2012:147, MFSA 2012-57, MFSA 2012-58, MFSA 2012-59, MFSA 2012-60, MFSA 2012-61, MFSA 2012-62, MFSA 2012-63, MFSA 2012-64, MFSA 2012-65, MFSA 2012-66, MFSA 2012-67, MFSA 2012-68, MFSA 2012-69, MFSA 2012-70, MFSA 2012-71, MFSA 2012-72, MFSA 2012-73, openSUSE-SU-2012:1064-1, openSUSE-SU-2012:1065-1, openSUSE-SU-2014:1100-1, RHSA-2012:1210-01, RHSA-2012:1211-01, SSA:2012-244-02, SSA:2012-244-03, SSA:2012-244-04, SUSE-SU-2012:1157-1, SUSE-SU-2012:1167-1, VIGILANCE-VUL-11901.

Description of the vulnerability 

Several vulnerabilities were announced in Firefox, Thunderbird and SeaMonkey.

An attacker can generate several memory corruptions, leading to code execution. [severity:4/4; BID-55264, BID-55266, CVE-2012-1970, CVE-2012-1971, MFSA 2012-57]

An attacker can use several freed memory areas, leading to code execution. [severity:4/4; BID-55316, BID-55317, BID-55318, BID-55319, BID-55320, BID-55321, BID-55322, BID-55323, BID-55324, BID-55325, BID-55340, BID-55341, BID-55342, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, MFSA 2012-58]

An attacker can use Object.defineProperty to hide the location of objects, in order to deceive the victim. [severity:3/4; BID-55260, CVE-2012-1956, MFSA 2012-59]

An attacker can use about:newtab, in order to execute code with chrome privileges. [severity:4/4; BID-55256, CVE-2012-3965, MFSA 2012-60]

An attacker can corrupt the memory with an icon in BMP format. [severity:4/4; BID-55274, CVE-2012-3966, MFSA 2012-61]

An attacker can generate a freed memory usage and a memory corruption in WebGL. [severity:4/4; BID-55276, BID-55277, CVE-2012-3967, CVE-2012-3968, MFSA 2012-62]

An attacker can generate a freed memory usage and a buffer overflow via a SVG image. [severity:4/4; BID-55278, BID-55292, CVE-2012-3969, CVE-2012-3970, MFSA 2012-63]

An attacker can generate two memory corruptions in the Graphite 2 library. [severity:3/4; BID-55304, CVE-2012-3971, MFSA 2012-64]

An attacker can generate a read at an invalid memory address via an XSLT file. [severity:1/4; BID-55310, CVE-2012-3972, MFSA 2012-65]

When the HTTPMonitor extension is enabled, an attacker can debug the application remotely. [severity:4/4; BID-55308, CVE-2012-3973, MFSA 2012-66]

On Windows, an attacker can put a malicious executable in the root partition, in order to execute it during the installation of the software. [severity:2/4; BID-55312, CVE-2012-3974, MFSA 2012-67]

When DOMParser analyzes data of type text/html in an extension, linked resources are loaded. [severity:2/4; BID-55311, CVE-2012-3975, MFSA 2012-68]

Information displayed on a SSL certificate can belong to a site previously visited. [severity:3/4; BID-55313, CVE-2012-3976, MFSA 2012-69]

An attacker can use the location object, in order to load restricted contents. [severity:3/4; BID-55306, CVE-2012-3978, MFSA 2012-70]

On Android, an attacker can use the JavaScript dump() function, which uses __android_log_print and corrupts the memory. [severity:3/4; BID-55344, CVE-2012-3979, MFSA 2012-71]

An attacker can evaluate code with chrome privileges in the web console. [severity:3/4; BID-55257, CVE-2012-3980, MFSA 2012-72]

An attacker, who can control HTTPS connections of victim's web browser, can use several SSL sessions compressed with Deflate in order to compute SPDY headers, such as cookies (similar to VIGILANCE-VUL-11952). [severity:1/4; BID-55857, CVE-2012-3977-REJECT, CVE-2012-4930, MFSA 2012-73]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security weakness impacts software or systems such as Debian, Fedora, Mandriva Linux, Firefox, SeaMonkey, Thunderbird, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this threat bulletin is critical.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 17 vulnerabilities.

An attacker with a expert ability can exploit this threat.

Solutions for this threat 

Firefox: version 15.
The version 15 is corrected:
  http://www.mozilla.org/en-US/firefox/new/

Firefox: version 10.0.7.
The version 10.0.7 is corrected:
  http://www.mozilla.org/en-US/firefox/organizations/all.html

Thunderbird: version 15.
The version 15 is corrected:
  http://www.mozilla.org/en-US/thunderbird/

Thunderbird: version 10.0.7.
The version 10.0.7 is corrected:
  http://www.mozilla.org/en-US/thunderbird/organizations/all-esr.html

SeaMonkey: version 2.12.
The version 2.12 is corrected:
  http://www.seamonkey-project.org/

Debian: new iceape packages.
New packages are available:
  iceape 2.0.11-15

Debian: new icedove packages.
New packages are available:
  icedove 3.0.11-1+squeeze13

Debian: new iceweasel packages.
New packages are available:
  iceweasel 3.5.16-18

Fedora: new firefox and thunderbird packages.
New packages are available:
  firefox-15.0-1.fc16
  thunderbird-15.0-1.fc16
  thunderbird-lightning-1.7-2.fc16
  xulrunner-15.0-2.fc16
  seamonkey-2.12-1.fc16
  firefox-15.0-1.fc17
  thunderbird-15.0-1.fc17
  thunderbird-lightning-1.7-2.fc17
  xulrunner-15.0-2.fc17
  seamonkey-2.12-1.fc17

Mandriva: new firefox and thunderbird packages.
New packages are available:
  firefox-15.0-0.1-mdv2011.0
  mozilla-thunderbird-15.0-0.1-mdv2011.0
  firefox-10.0.7-0.1mdvmes5.2

openSUSE 11.4: new MozillaFirefox packages (09/09/2014).
New packages are available:
  openSUSE 11.4: MozillaFirefox 24.8.0-127.1

RHEL: new firefox packages.
New packages are available:
  firefox-10.0.7-1.el5_8
  firefox-10.0.7-1.el6_3

RHEL: new thunderbird packages.
New packages are available:
  thunderbird-10.0.7-1.el5_8
  thunderbird-10.0.7-1.el6_3

Slackware: new mozilla packages.
New packages are available:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-firefox-15.0-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-thunderbird-15.0-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/seamonkey-2.12-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/seamonkey-solibs-2.12-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-firefox-15.0-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-thunderbird-15.0-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/seamonkey-2.12-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/seamonkey-solibs-2.12-x86_64-1_slack13.37.txz

Solaris 10: patch for Thunderbird and Firefox.
A patch is available:
  Thunderbird :
  SPARC: 145200-12 (https://updates.oracle.com/Orion/Services/download?type=readme&bugfix_name=145200-12)
  x86: 145201-12 (https://updates.oracle.com/Orion/Services/download?type=readme&bugfix_name=145201-12)
  Firefox :
  SPARC: 145080-12 (https://updates.oracle.com/Orion/Services/download?type=readme&bugfix_name=145080-12)
  x86: 145081-11 (https://updates.oracle.com/Orion/Services/download?type=readme&bugfix_name=145081-11)

Solaris 11.1: patch 11.1.2.5.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1513858.1

SUSE: new MozillaFirefox packages.
New packages are available:
  openSUSE 11.4 : MozillaFirefox-15.0-31.1
  openSUSE 12.1 : MozillaFirefox-15.0-2.36.1
  openSUSE 12.2 : MozillaFirefox-15.0-2.7.1
  SUSE LE 10 : MozillaFirefox-10.0.7-0.5.1
  SUSE LE 11 : MozillaFirefox-10.0.7-0.3.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer security watch. The Vigil@nce vulnerability database contains several thousand vulnerabilities.