9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.026 Low
EPSS
Percentile
90.3%
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox or Thunderbird (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613). It was found that a subordinate Certificate Authority (CA) mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted (MFSA 2013-117). The rootcerts and nss packages have been updated to fix the MFSA 2013-117 issue. The thunderbird-lightning package has been updated to a version that is compatible with the updated thunderbird.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | rootcerts | <Β 20131204.00-1 | rootcerts-20131204.00-1.mga3 |
Mageia | 3 | noarch | nss | <Β 3.15.3.1-1 | nss-3.15.3.1-1.mga3 |
Mageia | 3 | noarch | firefox | <Β 24.2.0-1 | firefox-24.2.0-1.mga3 |
Mageia | 3 | noarch | firefox-l10n | <Β 24.2.0-1 | firefox-l10n-24.2.0-1.mga3 |
Mageia | 3 | noarch | thunderbird | <Β 24.2.0-1 | thunderbird-24.2.0-1.mga3 |
Mageia | 3 | noarch | thunderbird-l10n | <Β 24.2.0-1 | thunderbird-l10n-24.2.0-1.mga3 |
Mageia | 3 | noarch | thunderbird-lightning | <Β 2.6.4-1 | thunderbird-lightning-2.6.4-1.mga3 |
www.mozilla.org/security/announce/2013/mfsa2013-104.html
www.mozilla.org/security/announce/2013/mfsa2013-108.html
www.mozilla.org/security/announce/2013/mfsa2013-109.html
www.mozilla.org/security/announce/2013/mfsa2013-111.html
www.mozilla.org/security/announce/2013/mfsa2013-114.html
www.mozilla.org/security/announce/2013/mfsa2013-117.html
www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
www.mozilla.org/security/known-vulnerabilities/thunderbird.html
bugs.mageia.org/show_bug.cgi?id=11945
rhn.redhat.com/errata/RHSA-2013-1812.html
rhn.redhat.com/errata/RHSA-2013-1823.html
rhn.redhat.com/errata/RHSA-2013-1861.html
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.026 Low
EPSS
Percentile
90.3%