Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2013:0271
HistoryFeb 20, 2013 - 3:20 a.m.

devhelp, firefox, libproxy, xulrunner, yelp security update

2013-02-2003:20:40
CentOS Project
lists.centos.org
90

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.027

Percentile

90.6%

JSON

CentOS Errata and Security Advisory CESA-2013:0271

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782,
CVE-2013-0783)

It was found that, after canceling a proxy server’s authentication
prompt, the address bar continued to show the requested site’s address. An
attacker could use this flaw to conduct phishing attacks by tricking a
user into believing they are viewing a trusted site. (CVE-2013-0776)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Nils, Abhishek Arya, Olli Pettay, Christoph Diehl,
Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, and
Michal Zalewski as the original reporters of these issues.

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 17.0.3 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.

Note that due to a Kerberos credentials change, the following configuration
steps may be required when using Firefox 17.0.3 ESR with the Enterprise
Identity Management (IPA) web interface:

https://access.redhat.com/knowledge/solutions/294303

Important: Firefox 17 is not completely backwards-compatible with all
Mozilla add-ons and Firefox plug-ins that worked with Firefox 10.0.
Firefox 17 checks compatibility on first-launch, and, depending on the
individual configuration and the installed add-ons and plug-ins, may
disable said Add-ons and plug-ins, or attempt to check for updates and
upgrade them. Add-ons and plug-ins may have to be manually updated.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 17.0.3 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-February/081404.html
https://lists.centos.org/pipermail/centos-announce/2013-February/081405.html
https://lists.centos.org/pipermail/centos-announce/2013-February/081406.html
https://lists.centos.org/pipermail/centos-announce/2013-February/081407.html
https://lists.centos.org/pipermail/centos-announce/2013-February/081409.html
https://lists.centos.org/pipermail/centos-announce/2013-February/081410.html
https://lists.centos.org/pipermail/centos-announce/2013-February/081411.html
https://lists.centos.org/pipermail/centos-announce/2013-February/081412.html

Affected packages:
devhelp
devhelp-devel
firefox
libproxy
libproxy-bin
libproxy-devel
libproxy-gnome
libproxy-kde
libproxy-mozjs
libproxy-python
libproxy-webkit
xulrunner
xulrunner-devel
yelp

Upstream details at:
https://access.redhat.com/errata/RHSA-2013:0271

OSVersionArchitecturePackageVersionFilename
CentOS5i386xulrunner< 17.0.3-1.el5_9xulrunner-17.0.3-1.el5_9.i386.rpm
CentOS5i386xulrunner-devel< 17.0.3-1.el5_9xulrunner-devel-17.0.3-1.el5_9.i386.rpm
CentOS5i386xulrunner< 17.0.3-1.el5_9xulrunner-17.0.3-1.el5_9.i386.rpm
CentOS5x86_64xulrunner< 17.0.3-1.el5_9xulrunner-17.0.3-1.el5_9.x86_64.rpm
CentOS5i386xulrunner-devel< 17.0.3-1.el5_9xulrunner-devel-17.0.3-1.el5_9.i386.rpm
CentOS5x86_64xulrunner-devel< 17.0.3-1.el5_9xulrunner-devel-17.0.3-1.el5_9.x86_64.rpm
CentOS5i386devhelp< 0.12-23.el5_9devhelp-0.12-23.el5_9.i386.rpm
CentOS5i386devhelp-devel< 0.12-23.el5_9devhelp-devel-0.12-23.el5_9.i386.rpm
CentOS5i386devhelp< 0.12-23.el5_9devhelp-0.12-23.el5_9.i386.rpm
CentOS5x86_64devhelp< 0.12-23.el5_9devhelp-0.12-23.el5_9.x86_64.rpm
Rows per page:
1-10 of 461

Related

openvas 64
redhat 2
nessus 32
centos 1
oraclelinux 2
suse 4
ubuntu 3
securityvulns 1
freebsd 1
nvd 5
ubuntucve 5
cvelist 5
veracode 5
prion 5
cve 5
mozilla 4
debian 1
ibm 2
gentoo 1
openvas
openvas
Oracle: Security Advisory (ELSA-2013-0271)
2015-10-06 00:00:00
CentOS Update for firefox CESA-2013:0271 centos6
2013-02-22 00:00:00
CentOS Update for yelp CESA-2013:0271 centos6
2013-02-22 00:00:00
redhat
redhat
(RHSA-2013:0272) Critical: thunderbird security update
2013-02-19 00:00:00
(RHSA-2013:0271) Critical: firefox security update
2013-02-19 00:00:00
nessus
nessus
Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130219)
2013-02-21 00:00:00
CentOS 5 / 6 : devhelp / firefox / libproxy / xulrunner / yelp (CESA-2013:0271)
2013-02-20 00:00:00
RHEL 5 / 6 : thunderbird (RHSA-2013:0272)
2013-02-20 00:00:00
centos
centos
thunderbird security update
2013-02-20 04:09:27
oraclelinux
oraclelinux
firefox security update
2013-02-19 00:00:00
thunderbird security update
2013-02-19 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2013-03-08 22:04:48
Security update for Mozilla Firefox (important)
2013-03-15 19:04:45
Mozilla: February 2013 update round (Firefox 19) (important)
2013-02-22 14:04:25
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-02-25 00:00:00
Firefox vulnerabilities
2013-02-20 00:00:00
Firefox regression
2013-03-01 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-02-24 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-02-19 00:00:00
nvd
nvd
CVE-2013-0782
2013-02-19 23:55:01
CVE-2013-0780
2013-02-19 23:55:01
CVE-2013-0783
2013-02-19 23:55:01
ubuntucve
ubuntucve
CVE-2013-0782
2013-02-20 00:00:00
CVE-2013-0783
2013-02-20 00:00:00
CVE-2013-0776
2013-02-20 00:00:00
cvelist
cvelist
CVE-2013-0782
2013-02-19 23:00:00
CVE-2013-0783
2013-02-19 23:00:00
CVE-2013-0780
2013-02-19 23:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:52:50
Arbitrary Code Execution
2019-05-02 04:52:50
Arbitrary Code Execution
2019-05-02 04:52:51
prion
prion
Heap overflow
2013-02-19 23:55:00
Cross site scripting
2013-02-19 23:55:00
Memory corruption
2013-02-19 23:55:00
cve
cve
CVE-2013-0782
2013-02-19 23:55:01
CVE-2013-0780
2013-02-19 23:55:01
CVE-2013-0783
2013-02-19 23:55:01
mozilla
mozilla
Phishing on HTTPS connection through malicious proxy — Mozilla
2013-02-19 00:00:00
Use-after-free in nsImageLoadingContent — Mozilla
2013-02-19 00:00:00
Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer — Mozilla
2013-02-19 00:00:00
debian
debian
[SECURITY] [DSA 2699-1] iceweasel security update
2013-06-02 16:37:13
ibm
ibm
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.027

Percentile

90.6%

JSON
Related for CESA-2013:0271
openvas64redhat2nessus32centos1oraclelinux2suse4ubuntu3securityvulns1freebsd1nvd5ubuntucve5cvelist5veracode5prion5cve5mozilla4debian1ibm2gentoo1