{"id":"MGASA-2014-0421","summary":"Updated firefox and thunderbird packages fix security vulnerabilities","details":"Several flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox or Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning it (CVE-2014-1574, CVE-2014-1578, CVE-2014-1581, CVE-2014-1576,\nCVE-2014-1577).\n\nA flaw was found in the Alarm API in Firefox, which allows applications to\nschedule actions to be run in the future. A malicious web application could\nuse this flaw to bypass cross-origin restrictions (CVE-2014-1583).\n\nThis update provides Firefox and Thunderbird 31.2, which fixes these issues\nand other bugs, and also provides several new features, including WebRTC\nsupport.  The thunderbird-lightning package has also been updated to version\n3.3 which is compatible with the new Thunderbird version.\n\nAlso, Enigmail (part of the Thunderbird package) has been updated to version\n1.7.2 which contains several bugfixes including mail with only Bcc recipients\nbeing sent in plain text unexpectedly (CVE-2014-5369).\n","modified":"2026-02-04T04:30:19.352692Z","published":"2014-10-25T20:23:09Z","related":["CVE-2014-1574","CVE-2014-1576","CVE-2014-1577","CVE-2014-1578","CVE-2014-1581","CVE-2014-1583","CVE-2014-5369"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0421.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14293"},{"type":"REPORT","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-74.html"},{"type":"REPORT","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-75.html"},{"type":"REPORT","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-76.html"},{"type":"REPORT","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-77.html"},{"type":"REPORT","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-79.html"},{"type":"REPORT","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-82.html"},{"type":"REPORT","url":"https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html"},{"type":"REPORT","url":"https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html"},{"type":"REPORT","url":"https://rhn.redhat.com/errata/RHSA-2014-1635.html"},{"type":"REPORT","url":"https://rhn.redhat.com/errata/RHSA-2014-1647.html"},{"type":"REPORT","url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00008.html"}],"affected":[{"package":{"name":"libvpx","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/libvpx?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"sqlite3","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/sqlite3?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.6-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"nss","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.17.2-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"31.2.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"31.2.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"thunderbird","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"31.2.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"31.2.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"thunderbird-lightning","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/thunderbird-lightning?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"libpng","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/libpng?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.13-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"libvpx","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/libvpx?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"sqlite3","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/sqlite3?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.6-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"nss","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.17.2-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"31.2.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"31.2.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"thunderbird","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"31.2.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"31.2.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}},{"package":{"name":"thunderbird-lightning","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/thunderbird-lightning?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0421.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}