Mandriva Linux Security Advisory 2013-050 - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes. The TLS implementation in Mozilla Network Security Services does not properly consider timing side-channel attacks on a non-compliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. The NSPR package has been upgraded to the 4.9.5 version due to dependencies of newer NSS. The NSS package has been upgraded to the 3.14.3 version which is not vulnerable to this issue. The sqlite3 update addresses a crash when using svn commit after export MALLOC_CHECK_=3.
6f28f25462373688057eaa4d71d9be8e68c769c5e5d47a46c0bf0334b46cfca6Ubuntu Security Notice 1681-4 - USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
bf192cfff19c29e10b100e4aec1f13cafb8ca88e7634b0553139b7a451b50736Ubuntu Security Notice 1681-3 - USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
aef9bd0134382453da04d18de3f8d989d0313ca67877b0a7c7b82b2dd398cd22Ubuntu Security Notice 1687-2 - USN-1687-1 fixed a vulnerability NSS. This update provides the NSPR needed to use the new NSS. Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Various other issues were also addressed.
83cecb914e0d84557ebb4ebd287e67e2410142d4bda1a45acb0c83ad55cb99daUbuntu Security Notice 1687-1 - Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
2c880fd754a63df7f4e2ab3b0fb2a8d3137ab98e86a46fe7a2f65b59f9d403e7Mandriva Linux Security Advisory 2013-003 - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes.
3d94d3b0d2d1647beb5ae26b794650a765c690cdc66365234712f301f98b0429Mandriva Linux Security Advisory 2013-002 - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle traffic management of domain names that the customer did not legitimately own or control. Various other issues were also addressed.
9ee750b2b8c7902fd7785c0edbfdc5773ae0ab089e0b3acc4daccaf1b8b4b1c4Ubuntu Security Notice 1681-2 - USN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
f5f21baaa2090e5debbc39691d9b154f1862f668e44f0e1c14d83a6f6939615aUbuntu Security Notice 1681-1 - Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered several user-after-free and buffer overflows in Firefox. An attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
2b169ae0a8e50a945bfa9a6ad63afd568bcd5a5ccd5f1e2be9c786c6f49cbde9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed