Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 230567
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 230567 depends on: Show dependency tree
Bug 230567 blocks: 204337 218065

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-07-02 20:14 0000 
Fixed in Firefox 2.0.0.15
MFSA 2008-33  Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

Fixed in SeaMonkey 1.1.10
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
MFSA 2008-20 Crash in JavaScript garbage collector

------- Comment #1 From Raúl Porcel 2008-07-03 14:23:39 0000 ------- 
To stabilize:
=www-client/mozilla-firefox-2.0.0.15
Arches: "alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"
=www-client/mozilla-firefox-bin-2.0.0.15
ches: "amd64 x86"
=www-client/seamonkey-1.1.10
Arches: "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
=www-client/seamonkey-bin-1.1.10
ches: "amd64 x86"
=net-libs/xulrunner-1.8.1.15
Arches: "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
=net-libs/xulrunner-bin-1.8.1.15
Arches: "amd64 x86"

Have fun

------- Comment #2 From Christian Faulhammer 2008-07-04 09:16:38 0000 ------- 
x86 done

------- Comment #3 From Raúl Porcel 2008-07-04 16:57:50 0000 ------- 
alpha/ia64/sparc stable

------- Comment #4 From Jeroen Roovers 2008-07-04 17:19:26 0000 ------- 
Stable for HPPA:
 =net-libs/xulrunner-1.8.1.15
 =www-client/seamonkey-1.1.10
 =www-client/mozilla-firefox-2.0.0.15

------- Comment #5 From Thomas Anderson (tanderson) 2008-07-04 21:27:43 0000 ------- 
amd64 stable for -bin

------- Comment #6 From Brent Baude 2008-07-05 16:03:01 0000 ------- 
ppc and ppc64 done

------- Comment #7 From Pierre-Yves Rofes 2008-07-06 18:10:26 0000 ------- 
what about thunderbird? Did someone requests CVE ids for these? anyway, glsa
request filed.

------- Comment #8 From Raúl Porcel 2008-07-06 18:25:23 0000 ------- 
thunderbird will be out when firefox 2.0.0.16 is and 3.0.1, which is supposed
to be 15th july

------- Comment #9 From Robert Buchholz 2008-07-09 20:58:39 0000 ------- 
CVE-2008-2798 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2798):
  Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15,
  Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote
  attackers to cause a denial of service (application crash) and possibly
  execute arbitrary code via unknown vectors related to the layout engine.

CVE-2008-2799 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2799):
  Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15,
  Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote
  attackers to cause a denial of service (application crash) and possibly
  execute arbitrary code via unknown vectors related to the JavaScript engine.

CVE-2008-2800 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2800):
  Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote
  attackers to bypass the Same Origin Policy and conduct cross-site scripting
  (XSS) attacks via vectors involving (1) an event handler attached to an outer
  window, (2) a SCRIPT element in an unloaded document, or (3) the
  onreadystatechange handler in conjunction with an XMLHttpRequest.

CVE-2008-2801 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2801):
  Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly
  implement JAR signing, which allows remote attackers to execute arbitrary
  code via (1) injection of JavaScript into documents within a JAR archive or
  (2) a JAR archive that uses relative URLs to JavaScript files.

CVE-2008-2802 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2802):
  Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and
  SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via
  an XUL document that includes a script from a chrome: URI that points to a
  fastload file, related to this file's "privilege level."

CVE-2008-2803 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2803):
  The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before
  2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does
  not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data:
  URIs, or (3) certain non-canonical chrome: URIs, which allows remote
  attackers to execute arbitrary code via vectors involving third-party
add-ons.

CVE-2008-2805 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2805):
  Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote
  attackers to force the upload of arbitrary local files from a client computer
  via vectors involving originalTarget and DOM Range.

CVE-2008-2806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2806):
  Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow
  remote attackers to bypass the Same Origin Policy and create arbitrary socket
  connections via a crafted Java applet, related to the Java Embedding Plugin
  (JEP) and Java LiveConnect.

CVE-2008-2807 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2807):
  Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly
  handle an invalid .properties file for an add-on, which allows remote
  attackers to read uninitialized memory, as demonstrated by use of ISO 8859
  encoding instead of UTF-8 encoding in a French .properties file.

CVE-2008-2808 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2808):
  Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly
  escape HTML in file:// URLs in directory listings, which allows remote
  attackers to conduct cross-site scripting (XSS) attacks or have unspecified
  other impact via a crafted filename.

CVE-2008-2809 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2809):
  Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey
  1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based
  web browsers, when a user accepts an SSL server certificate on the basis of
  the CN domain name in the DN field, regard the certificate as also accepted
  for all domain names in subjectAltName:dNSName fields, which makes it easier
  for remote attackers to trick a user into accepting an invalid certificate
  for a spoofed web site.

CVE-2008-2810 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2810):
  Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly
  identify the context of Windows shortcut files, which allows user-assisted
  remote attackers to bypass the Same Origin Policy via a crafted web site for
  which the user has previously saved a shortcut.

CVE-2008-2811 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2811):
  The block reflow implementation in Mozilla Firefox before 2.0.0.15,
  Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote
  attackers to execute arbitrary code or cause a denial of service (application
  crash) via an image whose display requires more pixels than nscoord_MAX,
  related to nsBlockFrame::DrainOverflowLines.

------- Comment #10 From Martin von Gagern 2008-07-24 09:19:17 0000 ------- 
Thunderbird 2.0.0.16 is out, fixing 8 MFSAs.
http://www.mozilla.com/en-US/thunderbird/2.0.0.16/releasenotes/
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html

------- Comment #11 From Robert Buchholz 2008-08-06 00:43:46 0000 ------- 
GLSA 200808-03
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug