=====================================================================

                           CERT-Renater

               Note d'Information No. 2014/VULN040
_____________________________________________________________________

DATE                : 05/02/2014

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Zabbix versions prior to 1.8.20rc1,
                                   2.2.2rc2, 2.0.11rc1.

======================================================================
http://sourceforge.net/mailarchive/message.php?msg_id=31928543
http://sourceforge.net/mailarchive/message.php?msg_id=31934246
http://sourceforge.net/mailarchive/message.php?msg_id=31926411
______________________________________________________________________

reetings!

Zabbix Team is pleased to announce the availability of *Zabbix
1.8.20rc1*, *first release candidate*.

*This release contains a security fix!*

Complete Release Notes are available at
http://www.zabbix.com/rn1.8.20rc1.php

Download: http://www.zabbix.com/download.php

Enjoy!

Kind regards,
Alexei

-- 
Alexei Vladishev
Zabbix Product Manager, CEO
Tel: +371 6 7784743
Fax: +371 6 7784741
Email: alexei.vladishev@...



______________________________________________________________________

Greetings!

Zabbix Team is pleased to announce the availability of *Zabbix
2.2.2rc2*, *second release candidate*.

*This release contains important security fixes!*

Complete Release Notes are available at http://www.zabbix.com/rn2.2.2rc2.php

Download: http://www.zabbix.com/download.php

Enjoy!

Kind regards,
Alexei

-- 
Alexei Vladishev
Zabbix Product Manager, CEO
Tel: +371 6 7784743
Fax: +371 6 7784741
Email: alexei.vladishev@...

______________________________________________________________________

Greetings!

Zabbix Team is pleased to announce the availability of *Zabbix
2.0.11rc1*, *first release candidate*.

*This release contains a security fix!*

Complete Release Notes are available at
http://www.zabbix.com/rn2.0.11rc1.php

Download: http://www.zabbix.com/download.php

Enjoy!

Kind regards,
Alexei

-- 
Alexei Vladishev
Zabbix Product Manager, CEO
Tel: +371 6 7784743
Fax: +371 6 7784741
Email: alexei.vladishev@...

______________________________________________________________________

Mozilla Foundation Security Advisory 2014-04

Title: Incorrect use of discarded images by RasterImage
Impact: Critical
Announced: February 4, 2014
Reporter: Fredrik Lönnqvist
Products: Firefox, Thunderbird, Seamonkey

Fixed in: Firefox 27
          Firefox ESR 24.3
          Thunderbird 24.3
          Seamonkey 2.24

Description

Fredrik 'Flonka' Lönnqvist discovered an issue with image decoding in
RasterImage caused by continued use of discarded images. This could
allow for the writing to unowned memory and a potentially exploitable
crash.

In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled in
mail, but is potentially a risk in browser or browser-like contexts.


References

    Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)

______________________________________________________________________

Mozilla Foundation Security Advisory 2014-05

Title: Information disclosure with *FromPoint on iframes
Impact: Moderate
Announced: February 4, 2014
Reporter: Jordan Milne
Products: Firefox, Seamonkey

Fixed in: Firefox 27
          Seamonkey 2.24

Description

Security researcher Jordan Milne reported an information leak where
document.caretPositionFromPoint and document.elementFromPoint functions
could be used on a cross-origin iframe to gain information on the
iframe's DOM and other attributes through a timing attack, violating
same-origin policy.

In general this flaw cannot be exploited through email in the Seamonkey
product because scripting is disabled in mail, but is potentially a
risk in browser or browser-like contexts.


References

    caretPositionFromPoint and elementFromPoint leak information about
iframe contents via timing information (CVE-2014-1483)

______________________________________________________________________

Mozilla Foundation Security Advisory 2014-06

Title: Profile path leaks to Android system log
Impact: Moderate
Announced: February 4, 2014
Reporter: Roee Hay
Products: Firefox

Fixed in: Firefox 27

Description

Mozilla developer Roee Hay reported that Firefox for Android profile
paths leak to the Android system log. When running on Android 4.2 or
earlier, other applications are able to read these log files, leading
to information disclosure from the user's profile directory. This issue
was also independently reported by Mozilla developer Richard Newman.


References

    Fennec leaks profile path to logcat (CVE-2014-1484)

______________________________________________________________________

Mozilla Foundation Security Advisory 2014-07

Title: XSLT stylesheets treated as styles in Content Security Policy
Impact: Moderate
Announced: February 4, 2014
Reporter: Frederik Braun
Products: Firefox, Seamonkey

Fixed in: Firefox 27
          Seamonkey 2.24

Description

Mozilla security engineer Frederik Braun reported an issue where the
implementation of Content Security Policy (CSP) is not in compliance
with the specification. XSLT stylesheets must be subject to script-src
directives but Mozilla's implementation of CSP treats them as styles.
This could lead to unexpected script execution if the style-src
directives were less restrictive than those for scripts.

In general this flaw cannot be exploited through email in the Seamonkey
product because scripting is disabled in mail, but is potentially a
risk in browser or browser-like contexts.


References

    CSP should block XSLT as script, not as style (CVE-2014-1485)

______________________________________________________________________

Mozilla Foundation Security Advisory 2014-08

Title: Use-after-free with imgRequestProxy and image proccessing
Impact: Critical
Announced: February 4, 2014
Reporter: Arthur Gerkis
Products: Firefox, Thunderbird, Seamonkey

Fixed in: Firefox 27
          Firefox ESR 24.3
          Thunderbird 24.3
          Seamonkey 2.24

Description

Security researcher Arthur Gerkis, via TippingPoint's Zero Day
Initiative, reported a use-after-free during image processing from
sites with specific content types in concert with the imgRequestProxy
function. This causes a potentially exploitable crash.

In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled in
mail, but is potentially a risk in browser or browser-like contexts.


References

    imgRequestProxy Use-After-Free Remote Code Execution Vulnerability
(CVE-2014-1486)

______________________________________________________________________

Mozilla Foundation Security Advisory 2014-09

Title: Cross-origin information leak through web workers
Impact: High
Announced: February 4, 2014
Reporter: Masato Kinugawa
Products: Firefox, Thunderbird, Seamonkey

Fixed in: Firefox 27
          Firefox ESR 24.3
          Thunderbird 24.3
          Seamonkey 2.24


Description

Security researcher Masato Kinugawa reported a cross-origin information
leak through web workers' error messages. This violates same-origin
policy and the leaked information could potentially be used to gather
authentication tokens and other data from third-party websites.

In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled in
mail, but is potentially a risk in browser or browser-like contexts.


References

    Cross-origin information disclosure with error message of Web
Workers (CVE-2014-1487)

______________________________________________________________________

Mozilla Foundation Security Advisory 2014-10

Title: Firefox default start page UI content invokable by script
Impact: Low
Announced: February 4, 2014
Reporter: Yazan Tommalieh
Products: Firefox

Fixed in: Firefox 27


Description

Yazan Tommalieh discovered a flaw that once users have viewed the
default Firefox start page (about:home), subsequent pages they navigate
 to in that same tab could use script to activate the buttons  that were
on the about:home page. Most of these simply open Firefox  dialogs such
as Settings or History, which might alarm users. In some  cases a
malicious page could trigger session restore and cause data  loss if the
current tabs are replaced by a previously stored set.


References

    settings & history ID bug (CVE-2014-1489)

______________________________________________________________________

Mozilla Foundation Security Advisory 2014-11

Title: Crash when using web workers with asm.js
Impact: Critical
Announced: February 4, 2014
Reporter: Soeren Balko
Products: Firefox, Seamonkey

Fixed in: Firefox 27
          Seamonkey 2.24

Description

Soeren Balko reported a crash when terminating a web worker running
asm.js code after passing an object between threads. This crash is
potentially exploitable.

In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled in
mail, but is potentially a risk in browser or browser-like contexts.


References

    Firefox reproducibly crashes when using asm.js code in workers and
transferable objects (CVE-2014-1488)

______________________________________________________________________

Mozilla Foundation Security Advisory 2014-12

Title: NSS ticket handling issues
Impact: High
Announced: February 4, 2014
Reporter: Brian Smith, Antoine Delignat-Lavaud, Karthikeyan Bhargavan
Products: Firefox, Thunderbird, Seamonkey

Fixed in: Firefox 27
          Firefox ESR 24.3
          Thunderbird 24.3
          Seamonkey 2.24

Description

Mozilla developer Brian Smith and security researchers Antoine Delignat-
Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA
Paris reported issues with ticket handling in the Network Security
Services (NSS) libraries. These have been addressed in the NSS 3.15.4
release, shipping on affected platforms.


References

    NewSessionTicket handshake message in a resumption handshake
replaces cached session's ticket before handshake is finished
    TOCTOU, potential use-after-free in libssl's session ticket
processing (CVE-2014-1490)

    Do not allow p-1 as a public DH value (CVE-2014-1491)

______________________________________________________________________

Mozilla Foundation Security Advisory 2014-13

Title: Inconsistent JavaScript handling of access to Window objects
Impact: High
Announced: February 4, 2014
Reporter: Boris Zbarsky
Products: Firefox, Thunderbird, Seamonkey

Fixed in: Firefox 27
          Firefox ESR 24.3
          Thunderbird 24.3
          Seamonkey 2.24

Description

Mozilla developer Boris Zbarsky reported an inconsistency with the
different JavaScript engines in how JavaScript native getters on window
objects are handled by these engines. This inconsistency can lead to
different behaviors in JavaScript code, allowing for a potential
security issue with window handling by bypassing of some security
checks.

In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled in
mail, but is potentially a risk in browser or browser-like contexts.


References

    Inconsistent this value when invoking getters on window (CVE-2014-1481)


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================