| Descripción: | Summary:
The remote host is missing an update for the 'iceape' package(s) announced via the MGASA-2014-0048 advisory.
Vulnerability Insight:
Updated iceape packages fix security issues:
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox
before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey
before 2.23 allow remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code via unknown vectors.
(CVE-2013-5609)
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox
before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial
of service (memory corruption and application crash) or possibly execute arbitrary
code via unknown vectors. (CVE-2013-5610)
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and
SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary
web script or HTML by leveraging a Same Origin Policy violation triggered by
lack of a charset parameter in a Content-Type HTTP header. (CVE-2013-5612)
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider
the sandbox attribute of an IFRAME element during processing of a contained
OBJECT element, which allows remote attackers to bypass intended sandbox
restrictions via a crafted web site. (CVE-2013-5614)
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType
function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2,
Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to
execute arbitrary code or cause a denial of service (heap memory corruption)
via vectors related to mListeners event listeners. (CVE-2013-5616)
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the
table-editing user interface in the editor component in Mozilla Firefox before
26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey
before 2.23 allows remote attackers to execute arbitrary code by triggering
improper garbage collection. (CVE-2013-5618)
Multiple integer overflows in the binary-search implementation in SpiderMonkey
in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote
attackers to cause a denial of service (out-of-bounds array access) or possibly
have unspecified other impact via crafted JavaScript code. (CVE-2013-5619)
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0,
Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before
2.23 allows remote attackers to execute arbitrary code via crafted use of
JavaScript code for ordered list elements. (CVE-2013-6671)
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted
remote attackers to read clipboard data by leveraging certain middle-click
paste operations. (CVE-2013-6672)
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before
24.2, and SeaMonkey before 2.23 do not recognize a user's removal of ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'iceape' package(s) on Mageia 3, Mageia 4.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
