{"id":"MGASA-2013-0320","summary":"Updated firefox & related packages fix multiple security vulnerabilities","details":"Updated firefox packages fix security vulnerabilities:\n\nMozilla Network Security Services (NSS) before 3.15.2 does not ensure\nthat data structures are initialized before read operations, which\nallow remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors that trigger a decryption failure\n(CVE-2013-1739).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to terminate\nunexpectedly or, potentially, execute arbitrary code with the privileges of\nthe user running Firefox (CVE-2013-5590, CVE-2013-5597, CVE-2013-5599,\nCVE-2013-5600, CVE-2013-5601, CVE-2013-5602).\n\nIt was found that the Firefox JavaScript engine incorrectly allocated\nmemory for certain functions. An attacker could combine this flaw with\nother vulnerabilities to execute arbitrary code with the privileges of the\nuser running Firefox (CVE-2013-5595).\n\nA flaw was found in the way Firefox handled certain Extensible Stylesheet\nLanguage Transformations (XSLT) files. An attacker could combine this flaw\nwith other vulnerabilities to execute arbitrary code with the privileges of\nthe user running Firefox (CVE-2013-5604).\n\nAdditionally, the rootcerts, nspr, nss, and sqlite3 packages have been updated\nto newer versions required by this update.\n","modified":"2026-04-16T01:46:14.335908336Z","published":"2013-11-09T18:55:13Z","upstream":["CVE-2013-1739","CVE-2013-5590","CVE-2013-5595","CVE-2013-5597","CVE-2013-5599","CVE-2013-5600","CVE-2013-5601","CVE-2013-5602","CVE-2013-5604"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0320.html"},{"type":"WEB","url":"http://www.mozilla.org/security/announce/2013/mfsa2013-93.html"},{"type":"WEB","url":"http://www.mozilla.org/security/announce/2013/mfsa2013-95.html"},{"type":"WEB","url":"http://www.mozilla.org/security/announce/2013/mfsa2013-96.html"},{"type":"WEB","url":"http://www.mozilla.org/security/announce/2013/mfsa2013-98.html"},{"type":"WEB","url":"http://www.mozilla.org/security/announce/2013/mfsa2013-100.html"},{"type":"WEB","url":"http://www.mozilla.org/security/announce/2013/mfsa2013-101.html"},{"type":"WEB","url":"http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html"},{"type":"ADVISORY","url":"http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:257/"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2013-1476.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11370"}],"affected":[{"package":{"name":"sqlite3","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/sqlite3?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.17-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0320.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20130411.00-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0320.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.10.1-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0320.json"}},{"package":{"name":"nss","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.15.2-1.1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0320.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.1.0-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0320.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.1.0-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0320.json"}},{"package":{"name":"sqlite3","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/sqlite3?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.17-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0320.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20130411.00-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0320.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.10.1-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0320.json"}},{"package":{"name":"nss","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.15.2-1.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0320.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.1.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0320.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.1.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0320.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}