{"id":"MGASA-2015-0126","summary":"Updated iceape packages fix security vulnerabilities","details":"Updated iceape packages fix security issues:\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla \nFirefox before 36.0 allow remote attackers to cause a denial of service \n(memory corruption and application crash) or possibly execute arbitrary \ncode via unknown vectors. (CVE-2015-0835)\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla \nFirefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before \n31.5 allow remote attackers to cause a denial of service (memory corruption \nand application crash) or possibly execute arbitrary code via unknown \nvectors. (CVE-2015-0836)\n\nMozilla Firefox before 36.0 does not properly recognize the equivalence of \ndomain names with and without a trailing . (dot) character, which allows \nman-in-the-middle attackers to bypass the HPKP and HSTS protection \nmechanisms by constructing a URL with this character and leveraging access \nto an X.509 certificate for a domain with this character. (CVE-2015-0832)\n\nThe WebGL implementation in Mozilla Firefox before 36.0 does not properly \nallocate memory for copying an unspecified string to a shader's compilation \nlog, which allows remote attackers to cause a denial of service \n(application crash) via crafted WebGL content. (CVE-2015-0830)\n\nUse-after-free vulnerability in the \nmozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla \nFirefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before \n31.5 allows remote attackers to execute arbitrary code or cause a denial of \nservice (heap memory corruption) via crafted content that is improperly \nhandled during IndexedDB index creation. (CVE-2015-0831)\n\nBuffer overflow in libstagefright in Mozilla Firefox before 36.0 allows \nremote attackers to execute arbitrary code via a crafted MP4 video that is \nimproperly handled during playback. (CVE-2015-0829)\n\nDouble free vulnerability in the nsXMLHttpRequest::GetResponse function in \nMozilla Firefox before 36.0, when a nonstandard memory allocator is used, \nallows remote attackers to execute arbitrary code or cause a denial of \nservice (heap memory corruption) via crafted JavaScript code that makes an \nXMLHttpRequest call with zero bytes of data. (CVE-2015-0828)\n\nHeap-based buffer overflow in the mozilla::gfx::CopyRect function in \nMozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird \nbefore 31.5 allows remote attackers to obtain sensitive information from \nuninitialized process memory via a malformed SVG graphic. (CVE-2015-0827)\n\nThe nsTransformedTextRun::SetCapitalization function in Mozilla Firefox \nbefore 36.0 allows remote attackers to execute arbitrary code or cause a \ndenial of service (out-of-bounds read of heap memory) via a crafted \nCascading Style Sheets (CSS) token sequence that triggers a restyle or \nreflow operation. (CVE-2015-0826)\n\nStack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer \nfunction in Mozilla Firefox before 36.0 allows remote attackers to obtain \nsensitive information from process memory via a malformed MP3 file that \nimproperly interacts with memory allocation during playback. \n(CVE-2015-0825)\n\nThe mozilla::layers::BufferTextureClient::AllocateForSurface function in \nMozilla Firefox before 36.0 allows remote attackers to cause a denial of \nservice (out-of-bounds write of zero values, and application crash) via \nvectors that trigger use of DrawTarget and the Cairo library for image \ndrawing. (CVE-2015-0824)\n\nThe Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR \n31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to \nread arbitrary files via crafted JavaScript code. (CVE-2015-0822)\n\nMozilla Firefox before 36.0 allows user-assisted remote attackers to read \narbitrary files or execute arbitrary JavaScript code with chrome privileges \nvia a crafted web site that is accessed with unspecified mouse and keyboard \nactions. (CVE-2015-0821)\n\nMozilla Firefox before 36.0 does not properly restrict transitions of \nJavaScript objects from a non-extensible state to an extensible state, \nwhich allows remote attackers to bypass a Caja Compiler sandbox protection \nmechanism or a Secure EcmaScript sandbox protection mechanism via a crafted \nweb site. (CVE-2015-0820)\n\nMozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and \nSeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin \nPolicy and execute arbitrary JavaScript code with chrome privileges via \nvectors involving SVG hash navigation. (CVE-2015-0818)\n\nThe asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR \n31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine \nthe cases in which bounds checking may be safely skipped during JIT \ncompilation and heap access, which allows remote attackers to read or write \nto unintended memory locations, and consequently execute arbitrary code, \nvia crafted JavaScript. (CVE-2015-0817)\n","modified":"2026-04-16T06:25:40.501928925Z","published":"2015-04-03T13:11:23Z","upstream":["CVE-2015-0817","CVE-2015-0818","CVE-2015-0820","CVE-2015-0821","CVE-2015-0822","CVE-2015-0824","CVE-2015-0825","CVE-2015-0826","CVE-2015-0827","CVE-2015-0828","CVE-2015-0829","CVE-2015-0830","CVE-2015-0831","CVE-2015-0832","CVE-2015-0835","CVE-2015-0836"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0126.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15476"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-13/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-14/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-20/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-21/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-22/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-25/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-27/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/"}],"affected":[{"package":{"name":"iceape","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/iceape?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.33.1-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0126.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}