The remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Firefox, Thunderbird,       and SeaMonkey. Please review the CVE identifiers referenced below for       details.
  Impact :

    A remote attacker could entice a user to view a specially crafted web       page or email, possibly resulting in execution of arbitrary code or a       Denial of Service condition. Furthermore, a remote attacker may be able       to perform Man-in-the-Middle attacks, obtain sensitive information, spoof       the address bar, conduct clickjacking attacks, bypass security       restrictions and protection mechanisms,  or have other unspecified       impact.
  Workaround :

    There are no known workarounds at this time.

Mozilla Firefox was updated to version 27. Mozilla SeaMonkey was updated to 2.24, fixing similar issues as Firefox 27. Mozilla Thunderbird was updated to 24.3.0, fixing similar issues as Firefox 27.

The Firefox 27 release brings TLS 1.2 support as a major security feature.

It also fixes following security issues :

  - MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous     memory safety hazards (rv:27.0 / rv:24.3)

  - MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected     content with XBL scopes

  - MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection     timeout missing on download prompts

  - MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of     discarded images by RasterImage

  - MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information     disclosure with *FromPoint on iframes

  - MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path     leaks to Android system log

  - MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT stylesheets     treated as styles in Content Security Policy

  - MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free     with imgRequestProxy and image proccessing

  - MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin     information leak through web workers

  - MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default     start page UI content invokable by script

  - MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when using     web workers with asm.js

  - MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545,     bmo#930874, bmo#930857) NSS ticket handling issues

  - MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent     JavaScript handling of access to Window objects

Mozilla NSS was updated to 3.15.4 :

  - required for Firefox 27

  - regular CA root store update (1.96)

  - Reordered the cipher suites offered in SSL/TLS client     hello messages to match modern best practices.

  - Improved SSL/TLS false start. In addition to enabling     the SSL_ENABLE_FALSE_START option, an application must     now register a callback using the     SSL_SetCanFalseStartCallback function.

  - When false start is enabled, libssl will sometimes     return unencrypted, unauthenticated data from PR_Recv     (CVE-2013-1740, bmo#919877)

  - MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 NSS ticket     handling issues New functionality

  - Implemented OCSP querying using the HTTP GET method,     which is the new default, and will fall back to the HTTP     POST method.

  - Implemented OCSP server functionality for testing     purposes (httpserv utility).

  - Support SHA-1 signatures with TLS 1.2 client     authentication.

  - Added the --empty-password command-line option to     certutil, to be used with -N: use an empty password when     creating a new database.

  - Added the -w command-line option to pp: don't wrap long     output lines.

See http://www.mozilla.org/en-US/thunderbird/24.3.0/releasenotes/ for changelog.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1477)

Cody Crews discovered a method to bypass System Only Wrappers. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Thunderbird. (CVE-2014-1479)

Fredrik Lonnqvist discovered a use-after-free in Thunderbird. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Thunderbird.
(CVE-2014-1482)

Arthur Gerkis discovered a use-after-free in Thunderbird. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Thunderbird.
(CVE-2014-1486)

Masato Kinugawa discovered a cross-origin information leak in web worker error messages. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential information.
(CVE-2014-1487)

Several issues were discovered with ticket handling in NSS. An attacker could potentially exploit these to cause a denial of service or bypass cryptographic protection mechanisms. (CVE-2014-1490, CVE-2014-1491)

Boris Zbarsky discovered that security restrictions on window objects could be bypassed under certain circumstances. (CVE-2014-1481)

Fabian Cuchietti and Ateeq ur Rehman Khan discovered that it was possible to bypass JavaScript execution restrictions when replying to or forwarding mail messages in certain circumstances. An attacker could potentially exploit this to steal confidential information or modify message content. (CVE-2013-6674).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances.
This update fixes the problem.

We apologize for the inconvenience.

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-1477, CVE-2014-1478)

Cody Crews discovered a method to bypass System Only Wrappers. An attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Firefox. (CVE-2014-1479)

Jordi Chancel discovered that the downloads dialog did not implement a security timeout before button presses are processed. An attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2014-1480)

Fredrik Lonnqvist discovered a use-after-free in Firefox.
An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Firefox.
(CVE-2014-1482)

Jordan Milne discovered a timing flaw when using document.elementFromPoint and document.caretPositionFromPoint on cross-origin iframes. An attacker could potentially exploit this to steal confidential imformation. (CVE-2014-1483)

Frederik Braun discovered that the CSP implementation in Firefox did not handle XSLT stylesheets in accordance with the specification, potentially resulting in unexpected script execution in some circumstances (CVE-2014-1485)

Arthur Gerkis discovered a use-after-free in Firefox. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Firefox.
(CVE-2014-1486)

Masato Kinugawa discovered a cross-origin information leak in web worker error messages. An attacker could potentially exploit this to steal confidential information.
(CVE-2014-1487)

Yazan Tommalieh discovered that web pages could activate buttons on the default Firefox startpage (about:home) in some circumstances. An attacker could potentially exploit this to cause data loss by triggering a session restore.
(CVE-2014-1489)

Soeren Balko discovered a crash in Firefox when terminating web workers running asm.js code in some circumstances. An attacker could potentially exploit this to execute arbitrary code with the priviliges of the user invoking Firefox.
(CVE-2014-1488)

Several issues were discovered with ticket handling in NSS.
An attacker could potentially exploit these to cause a denial of service or bypass cryptographic protection mechanisms. (CVE-2014-1490, CVE-2014-1491)

Boris Zbarsky discovered that security restrictions on window objects could be bypassed under certain circumstances. (CVE-2014-1481).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4.

The following security issues have been fixed :

  - Memory safety bugs fixed in Firefox ESR 24.3 and Firefox     27.0 (CVE-2014-1477)(bnc#862345). (MFSA 2014-01)

  - Using XBL scopes its possible to steal(clone) native     anonymous content (CVE-2014-1479)(bnc#862348). (MFSA     2014-02)

  - Download 'open file' dialog delay is too quick, doesn't     prevent clickjacking. (CVE-2014-1480). (MFSA 2014-03)

  - Image decoding causing FireFox to crash with Goo Create     (CVE-2014-1482)(bnc#862356). (MFSA 2014-04)

  - caretPositionFromPoint and elementFromPoint leak     information about iframe contents via timing information     (CVE-2014-1483)(bnc#862360). (MFSA 2014-05)

  - Fennec leaks profile path to logcat. (CVE-2014-1484).
    (MFSA 2014-06)

  - CSP should block XSLT as script, not as style.
    (CVE-2014-1485). (MFSA 2014-07)

  - imgRequestProxy Use-After-Free Remote Code Execution     Vulnerability. (CVE-2014-1486). (MFSA 2014-08)

  - Cross-origin information disclosure with error message     of Web Workers. (CVE-2014-1487). (MFSA 2014-09)

  - settings &amp; history ID bug. (CVE-2014-1489). (MFSA     2014-10)

  - Firefox reproducibly crashes when using asm.js code in     workers and transferable objects. (CVE-2014-1488). (MFSA     2014-11)

  - TOCTOU, potential use-after-free in libssl's session     ticket processing (CVE-2014-1490)(bnc#862300) Do not     allow p-1 as a public DH value     (CVE-2014-1491)(bnc#862289). (MFSA 2014-12)

  - Inconsistent this value when invoking getters on window     (CVE-2014-1481)(bnc#862309). (MFSA 2014-13)

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security checks or information disclosure. This update also addresses security issues in the bundled version of the NSS crypto library.

This update updates Iceweasel to the ESR24 series of Firefox.

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-1477, CVE-2014-1478)

Cody Crews discovered a method to bypass System Only Wrappers. An attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Firefox.
(CVE-2014-1479)

Jordi Chancel discovered that the downloads dialog did not implement a security timeout before button presses are processed. An attacker could potentially exploit this to conduct clickjacking attacks.
(CVE-2014-1480)

Fredrik Lonnqvist discovered a use-after-free in Firefox. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1482)

Jordan Milne discovered a timing flaw when using document.elementFromPoint and document.caretPositionFromPoint on cross-origin iframes. An attacker could potentially exploit this to steal confidential imformation. (CVE-2014-1483)

Frederik Braun discovered that the CSP implementation in Firefox did not handle XSLT stylesheets in accordance with the specification, potentially resulting in unexpected script execution in some circumstances (CVE-2014-1485)

Arthur Gerkis discovered a use-after-free in Firefox. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1486)

Masato Kinugawa discovered a cross-origin information leak in web worker error messages. An attacker could potentially exploit this to steal confidential information. (CVE-2014-1487)

Yazan Tommalieh discovered that web pages could activate buttons on the default Firefox startpage (about:home) in some circumstances. An attacker could potentially exploit this to cause data loss by triggering a session restore. (CVE-2014-1489)

Soeren Balko discovered a crash in Firefox when terminating web workers running asm.js code in some circumstances. An attacker could potentially exploit this to execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2014-1488)

Several issues were discovered with ticket handling in NSS. An attacker could potentially exploit these to cause a denial of service or bypass cryptographic protection mechanisms. (CVE-2014-1490, CVE-2014-1491)

Boris Zbarsky discovered that security restrictions on window objects could be bypassed under certain circumstances. (CVE-2014-1481).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed content.
Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486)

A flaw was found in the way Thunderbird handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487)

A flaw was found in the implementation of System Only Wrappers (SOW).
An attacker could use this flaw to crash Thunderbird. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479)

It was found that the Thunderbird JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code.
(CVE-2014-1481)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Sotaro Ikeda, Cody Crews, Fredrik 'Flonka' Lonnqvist, Arthur Gerkis, Masato Kinugawa, and Boris Zbarsky as the original reporters of these issues.

Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.

For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.3.0. You can find a link to the Mozilla advisories in the References section of this erratum.

All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.3.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes to take effect.

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486)

A flaw was found in the way Firefox handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487)

A flaw was found in the implementation of System Only Wrappers (SOW).
An attacker could use this flaw to crash Firefox. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479)

It was found that the Firefox JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code.
(CVE-2014-1481)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Sotaro Ikeda, Cody Crews, Fredrik 'Flonka' Lonnqvist, Arthur Gerkis, Masato Kinugawa, and Boris Zbarsky as the original reporters of these issues.

For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.3.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain Firefox version 24.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

The installed version of SeaMonkey is earlier than 2.24 and is, therefore, potentially affected by the following vulnerabilities :

  - Memory issues exist in the browser engine that could     result in a denial of service or arbitrary code     execution. (CVE-2014-1477, CVE-2014-1478)

  - An error exists related to System Only Wrappers (SOW)     and the XML Binding Language (XBL) that could allow     XUL content to be disclosed. (CVE-2014-1479)

  - An error exists related to the 'open file' dialog that     could allow users to take unintended actions.
    (CVE-2014-1480)

  - An error exists related to the JavaScript engine and     'window' object handling that has unspecified impact.
    (CVE-2014-1481)

  - An error exists related to 'RasterImage' and image     decoding that could allow application crashes and     possibly arbitrary code execution. (CVE-2014-1482)

  - Errors exist related to IFrames,     'document.caretPositionFromPoint' and     'document.elementFromPoint' that could allow cross-     origin information disclosure. (CVE-2014-1483)

  - An error exists related to the Content Security     Policy (CSP) and XSLT stylesheets that could allow     unintended script execution.  (CVE-2014-1485)

  - A use-after-free error exists related to image handling     and 'imgRequestProxy' that could allow application     crashes and possibly arbitrary code execution.
    (CVE-2014-1486)

  - An error exists related to 'web workers' that could     allow cross-origin information disclosure.
    (CVE-2014-1487)

  - An error exists related to 'web workers' and 'asm.js'     that could allow application crashes and possibly     arbitrary code execution. (CVE-2014-1488)

  - Network Security Services (NSS) contains a race     condition in libssl that occurs during session ticket     processing. A remote attacker can exploit this flaw     to cause a denial of service. (CVE-2014-1490)

  - Network Security Services (NSS) does not properly     restrict public values in Diffie-Hellman key exchanges,     allowing a remote attacker to bypass cryptographic     protection mechanisms. (CVE-2014-1491)

The installed version of Thunderbird is earlier than 24.3 and is, therefore, potentially affected the following vulnerabilities:

  - Memory issues exist in the browser engine that could     result in a denial of service or arbitrary code     execution. (CVE-2014-1477)

  - An error exists related to System Only Wrappers (SOW)     and the XML Binding Language (XBL) that could allow     XUL content to be disclosed. (CVE-2014-1479)

  - An error exists related to the JavaScript engine and     'window' object handling that has unspecified impact.
    (CVE-2014-1481)

  - An error exists related to 'RasterImage' and image     decoding that could allow application crashes and     possibly arbitrary code execution. (CVE-2014-1482)

  - A use-after-free error exists related to image handling     and 'imgRequestProxy' that could allow application     crashes and possibly arbitrary code execution.
    (CVE-2014-1486)

  - An error exists related to 'web workers' that could     allow cross-origin information disclosure.
    (CVE-2014-1487)

  - Network Security Services (NSS) contains a race     condition in libssl that occurs during session ticket     processing. A remote attacker can exploit this flaw     to cause a denial of service. (CVE-2014-1490)

  - Network Security Services (NSS) does not properly     restrict public values in Diffie-Hellman key exchanges,     allowing a remote attacker to bypass cryptographic     protection mechanisms. (CVE-2014-1491)

The installed version of Firefox is earlier than 27.0 and is, therefore, potentially affected by the following vulnerabilities :

  - Memory issues exist in the browser engine that could     result in a denial of service or arbitrary code     execution. (CVE-2014-1477, CVE-2014-1478)

  - An error exists related to System Only Wrappers (SOW)     and the XML Binding Language (XBL) that could allow     XUL content to be disclosed. (CVE-2014-1479)

  - An error exists related to the 'open file' dialog that     could allow users to take unintended actions.
    (CVE-2014-1480)

  - An error exists related to the JavaScript engine and     'window' object handling that has unspecified impact.
    (CVE-2014-1481)

  - An error exists related to 'RasterImage' and image     decoding that could allow application crashes and     possibly arbitrary code execution. (CVE-2014-1482)

  - Errors exist related to IFrames,     'document.caretPositionFromPoint' and     'document.elementFromPoint' that could allow cross-     origin information disclosure. (CVE-2014-1483)

  - An error exists related to the Content Security     Policy (CSP) and XSLT stylesheets that could allow     unintended script execution.  (CVE-2014-1485)

  - A use-after-free error exists related to image handling     and 'imgRequestProxy' that could allow application     crashes and possibly arbitrary code execution.
    (CVE-2014-1486)

  - An error exists related to 'web workers' that could     allow cross-origin information disclosure.
    (CVE-2014-1487)

  - An error exists related to 'web workers' and 'asm.js'     that could allow application crashes and possibly     arbitrary code execution. (CVE-2014-1488)

  - An error exists that could allow webpages to access     activate content from the 'about:home' page that     could lead to data loss. (CVE-2014-1489)

  - Network Security Services (NSS) contains a race     condition in libssl that occurs during session ticket     processing. A remote attacker can exploit this flaw     to cause a denial of service. (CVE-2014-1490)

  - Network Security Services (NSS) does not properly     restrict public values in Diffie-Hellman key exchanges,     allowing a remote attacker to bypass cryptographic     protection mechanisms. (CVE-2014-1491)

The installed version of Firefox ESR 24.x is earlier than 24.3, and is, therefore, potentially affected by the following vulnerabilities :

  - Memory issues exist in the browser engine that could     result in a denial of service or arbitrary code     execution. (CVE-2014-1477)

  - An error exists related to System Only Wrappers (SOW)     and the XML Binding Language (XBL) that could allow     XUL content to be disclosed. (CVE-2014-1479)

  - An error exists related to the JavaScript engine and     'window' object handling that has unspecified impact.
    (CVE-2014-1481)

  - An error exists related to 'RasterImage' and image     decoding that could allow application crashes and     possibly arbitrary code execution. (CVE-2014-1482)

  - A use-after-free error exists related to image handling     and 'imgRequestProxy' that could allow application     crashes and possibly arbitrary code execution.
    (CVE-2014-1486)

  - An error exists related to 'web workers' that could     allow cross-origin information disclosure.
    (CVE-2014-1487)

  - Network Security Services (NSS) contains a race     condition in libssl that occurs during session ticket     processing. A remote attacker can exploit this flaw     to cause a denial of service. (CVE-2014-1490)

  - Network Security Services (NSS) does not properly     restrict public values in Diffie-Hellman key exchanges,     allowing a remote attacker to bypass cryptographic     protection mechanisms. (CVE-2014-1491)

The installed version of Thunderbird is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities :

  - Memory issues exist in the browser engine that could     result in a denial of service or arbitrary code     execution. (CVE-2014-1477)

  - An error exists related to System Only Wrappers (SOW)     and the XML Binding Language (XBL) that could allow     XUL content to be disclosed. (CVE-2014-1479)

  - An error exists related to the JavaScript engine and     'window' object handling that has unspecified impact.
    (CVE-2014-1481)

  - An error exists related to 'RasterImage' and image     decoding that could allow application crashes and     possibly arbitrary code execution. (CVE-2014-1482)

  - A use-after-free error exists related to image handling     and 'imgRequestProxy' that could allow application     crashes and possibly arbitrary code execution.
    (CVE-2014-1486)

  - An error exists related to 'web workers' that could     allow cross-origin information disclosure.
    (CVE-2014-1487)

  - Network Security Services (NSS) contains a race     condition in libssl that occurs during session ticket     processing. A remote attacker can exploit this flaw     to cause a denial of service. (CVE-2014-1490)

  - Network Security Services (NSS) does not properly     restrict public values in Diffie-Hellman key exchanges,     allowing a remote attacker to bypass cryptographic     protection mechanisms. (CVE-2014-1491)

The installed version of Firefox is earlier than 27.0 and is, therefore, potentially affected by multiple vulnerabilities :

  - Memory issues exist in the browser engine that could     result in a denial of service or arbitrary code     execution. (CVE-2014-1477, CVE-2014-1478)

  - An error exists related to System Only Wrappers (SOW)     and the XML Binding Language (XBL) that could allow     XUL content to be disclosed. (CVE-2014-1479)

  - An error exists related to the 'open file' dialog that     could allow users to take unintended actions.
    (CVE-2014-1480)

  - An error exists related to the JavaScript engine and     'window' object handling that has unspecified impact.
    (CVE-2014-1481)

  - An error exists related to 'RasterImage' and image     decoding that could allow application crashes and     possibly arbitrary code execution. (CVE-2014-1482)

  - Errors exist related to IFrames,     'document.caretPositionFromPoint' and     'document.elementFromPoint' that could allow cross-     origin information disclosure. (CVE-2014-1483)

  - An error exists related to the Content Security     Policy (CSP) and XSLT stylesheets that could allow     unintended script execution.  (CVE-2014-1485)

  - A use-after-free error exists related to image handling     and 'imgRequestProxy' that could allow application     crashes and possibly arbitrary code execution.
    (CVE-2014-1486)

  - An error exists related to 'web workers' that could     allow cross-origin information disclosure.
    (CVE-2014-1487)

  - An error exists related to 'web workers' and 'asm.js'     that could allow application crashes and possibly     arbitrary code execution. (CVE-2014-1488)

  - An error exists that could allow webpages to access     activate content from the 'about:home' page that     could lead to data loss. (CVE-2014-1489)

  - Network Security Services (NSS) contains a race     condition in libssl that occurs during session ticket     processing. A remote attacker can exploit this flaw     to cause a denial of service. (CVE-2014-1490)

  - Network Security Services (NSS) does not properly     restrict public values in Diffie-Hellman key exchanges,     allowing a remote attacker to bypass cryptographic     protection mechanisms. (CVE-2014-1491)

The installed version of Firefox ESR 24.x is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities :

  - Memory issues exist in the browser engine that could     result in a denial of service or arbitrary code     execution. (CVE-2014-1477)

  - An error exists related to System Only Wrappers (SOW)     and the XML Binding Language (XBL) that could allow     XUL content to be disclosed. (CVE-2014-1479)

  - An error exists related to the JavaScript engine and     'window' object handling that has unspecified impact.
    (CVE-2014-1481)

  - An error exists related to 'RasterImage' and image     decoding that could allow application crashes and     possibly arbitrary code execution. (CVE-2014-1482)

  - A use-after-free error exists related to image handling     and 'imgRequestProxy' that could allow application     crashes and possibly arbitrary code execution.
    (CVE-2014-1486)

  - An error exists related to 'web workers' that could     allow cross-origin information disclosure.
    (CVE-2014-1487)

  - Network Security Services (NSS) contains a race     condition in libssl that occurs during session ticket     processing. A remote attacker can exploit this flaw     to cause a denial of service. (CVE-2014-1490)

  - Network Security Services (NSS) does not properly     restrict public values in Diffie-Hellman key exchanges,     allowing a remote attacker to bypass cryptographic     protection mechanisms. (CVE-2014-1491)

Several flaws were found in the processing of malformed content.
Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486)

A flaw was found in the way Thunderbird handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487)

A flaw was found in the implementation of System Only Wrappers (SOW).
An attacker could use this flaw to crash Thunderbird. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479)

It was found that the Thunderbird JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code.
(CVE-2014-1481)

Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.

After installing the update, Thunderbird must be restarted for the changes to take effect.

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486)

A flaw was found in the way Firefox handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487)

A flaw was found in the implementation of System Only Wrappers (SOW).
An attacker could use this flaw to crash Firefox. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479)

It was found that the Firefox JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code.
(CVE-2014-1481)

After installing the update, Firefox must be restarted for the changes to take effect.

From Red Hat Security Advisory 2014:0133 :

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed content.
Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486)

A flaw was found in the way Thunderbird handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487)

A flaw was found in the implementation of System Only Wrappers (SOW).
An attacker could use this flaw to crash Thunderbird. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479)

It was found that the Thunderbird JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code.
(CVE-2014-1481)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Sotaro Ikeda, Cody Crews, Fredrik 'Flonka' Lonnqvist, Arthur Gerkis, Masato Kinugawa, and Boris Zbarsky as the original reporters of these issues.

Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.

For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.3.0. You can find a link to the Mozilla advisories in the References section of this erratum.

All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.3.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes to take effect.

From Red Hat Security Advisory 2014:0132 :

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486)

A flaw was found in the way Firefox handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487)

A flaw was found in the implementation of System Only Wrappers (SOW).
An attacker could use this flaw to crash Firefox. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479)

It was found that the Firefox JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code.
(CVE-2014-1481)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Sotaro Ikeda, Cody Crews, Fredrik 'Flonka' Lonnqvist, Arthur Gerkis, Masato Kinugawa, and Boris Zbarsky as the original reporters of these issues.

For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.3.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain Firefox version 24.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

The Mozilla Project reports :

MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

MFSA 2014-02 Clone protected content with XBL scopes

MFSA 2014-03 UI selection timeout missing on download prompts

MFSA 2014-04 Incorrect use of discarded images by RasterImage

MFSA 2014-05 Information disclosure with *FromPoint on iframes

MFSA 2014-06 Profile path leaks to Android system log

MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy

MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing

MFSA 2014-09 Cross-origin information leak through web workers

MFSA 2014-10 Firefox default start page UI content invokable by script

MFSA 2014-11 Crash when using web workers with asm.js

MFSA 2014-12 NSS ticket handling issues

MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects

Older versions of Mozilla Firefox contain multiple unspecified vulnerabilities that have since been fixed by the vendor. Versions of Firefox for Android older than 27.0 contain the following two vulnerabilities:

  - Unauthorized information disclosure via profile path leaks to the Android system log, which is readable from other applications. (CVE-2014-1484)

  - Issues related to differences in how JavaScript engines deal with native getters on the 'window' object. This can lead to a potential security check bypass issue. (CVE-2014-1481)

Versions of Mozilla Thunderbird prior to 24.3 are prone to the following vulnerabilities :

 - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477, CVE-2014-1478)
 - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479)
 - An error exists related to the JavaScript engine and 'window' object handling that has unspecified impact. (CVE-2014-1481)
 - An error exists related to 'RasterImage' and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482)
 - A use-after-free error exists related to image handling and 'imgRequestProxy' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486)
 - An error exists related to 'web workers' that could allow cross-origin information disclosure. (CVE-2014-1487)
 - Errors exist related to the included Network Security Services (NSS) libraries, 'NewSessionTicket' handshakes and public Diffie-Hellman values that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1490, CVE-2014-1491)

Versions of SeaMonkey earlier than 2.24 are prone to the following vulnerabilities:

  - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477, CVE-2014-1478)

  - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479)

  - An error exists related to the 'open file' dialog that could allow users to take unintended actions. (CVE-2014-1480)

  - An error exists related to the JavaScript engine and 'window' object handling that has unspecified impact. (CVE-2014-1481)

  - An error exists related to 'RasterImage' and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482)

  - Errors exist related to IFrames, 'document.caretPositionFromPoint' and 'document.elementFromPoint' that could allow cross-origin information disclosure. (CVE-2014-1483)

  - An error exists related to the Content Security Policy (CSP) and XSLT stylesheets that could allow unintended script execution. (CVE-2014-1485)

  - A use-after-free error exists related to image handling and 'imgRequestProxy' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486)

  - An error exists related to 'web workers' that could allow cross-origin information disclosure. (CVE-2014-1487)

  - An error exists related to 'web workers' and 'asm.js' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1488)

  - Errors exist related to the included Network Security Services (NSS) libraries, 'NewSessionTicket' handshakes and public Diffie-Hellman values that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1490, CVE-2014-1491)

Versions of Mozilla Firefox earlier than 27.0 (or ESR versions earlier than 24.3) are prone to the following vulnerabilities :

 - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477, CVE-2014-1478)
 - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479)
 - An error exists related to the 'open file' dialog that could allow users to take unintended actions. (CVE-2014-1480)
 - An error exists related to the JavaScript engine and 'window' object handling that has unspecified impact. (CVE-2014-1481)
 - An error exists related to 'RasterImage' and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482)
 - Errors exist related to IFrames, 'document.caretPositionFromPoint' and 'document.elementFromPoint' that could allow cross-origin information disclosure. (CVE-2014-1483)
 - An error exists related to the Content Security Policy (CSP) and XSLT stylesheets that could allow unintended script execution. (CVE-2014-1485)
 - A use-after-free error exists related to image handling and 'imgRequestProxy' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486)
 - An error exists related to 'web workers' that could allow cross-origin information disclosure. (CVE-2014-1487)
 - An error exists related to 'web workers' and 'asm.js' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1488)
 - An error exists that could allow webpages to access activate content from the 'about:home' page that could lead to data loss. (CVE-2014-1489)
 - Errors exist related to the included Network Security Services (NSS) libraries, 'NewSessionTicket' handshakes and public Diffie-Hellman values that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1490, CVE-2014-1491)

CVE-2014-1481 is not available