Gentoo Bug 246602 - Mozilla Firefox, Thunderbird, Seamonkey, Xulrunner: ".18" fixes (CVE-2008-{0017,4582,5012,5013,5014,5015,5017,5018,5019,5021,5022,5023,5024,5052})

Description:

Opened: 2008-11-13 11:57 0000

MFSA 2008-48 Image stealing via canvas and HTTP redirect
MFSA 2008-50 Crash and remote code execution via __proto__ tampering
MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-47 Information stealing via local shortcut files (appears to be
Windows-only)
MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
MFSA 2008-54 Buffer overflow in http-index-format parser
MFSA 2008-57 -moz-binding property bypasses security checks on codebase
principals
MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome


Problems Fixed in:
Firefox 3.0.4
Firefox 2.0.0.18
Thunderbird 2.0.0.18
SeaMonkey 1.1.13

Reproducible: Always

------- Comment #1 From Raúl Porcel 2008-11-14 09:55:27 0000 -------

www-client/mozilla-firefox-2.0.0.18:
Arches: alpha arm amd64 hppa ia64 ppc ppc64 sparc x86
www-client/mozilla-firefox-bin-2.0.0.18:
Arches: amd64 x86

www-client/seamonkey-1.1.13:
Arches: alpha arm amd64 hppa ia64 ppc ppc64 sparc x86
www-client/seamonkey-bin-1.1.13:
Arches: amd64 x86

net-libs/xulrunner-1.8.1.18:
Arches: alpha arm amd64 hppa ia64 ppc ppc64 sparc x86
net-libs/xulrunner-bin-1.8.1.18:
Arches: amd64 x86

All in the tree, thunderbird will go out on 19th november

------- Comment #2 From Lars Wendler (Polynomial-C) 2008-11-14 16:41:40 0000 -------

*** Bug 246751 has been marked as a duplicate of this bug. ***

------- Comment #3 From Markus Rothe 2008-11-15 12:59:38 0000 -------

ppc64 stable

------- Comment #4 From Markus Meier 2008-11-15 16:04:19 0000 -------

amd64/x86 stable

------- Comment #5 From Raúl Porcel 2008-11-15 17:21:49 0000 -------

alpha/arm/ia64/sparc stable

------- Comment #6 From Tobias Scherbaum 2008-11-15 17:52:36 0000 -------

ppc stable

------- Comment #7 From Stefan Behte 2008-11-15 22:17:48 0000 -------

CVE-2008-5052 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052):
  The AppendAttributeValue function in the JavaScript engine in Mozilla
  Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and
  SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial
  of service (crash) via unknown vectors that trigger memory
  corruption, as demonstrated by e4x/extensions/regress-410192.js.

------- Comment #8 From Jeroen Roovers 2008-11-16 15:32:16 0000 -------

Stable for HPPA.

------- Comment #9 From Raúl Porcel 2008-11-20 19:49:57 0000 -------

Please stabilize:
mail-client/mozilla-thunderbird-2.0.0.18
Arches: alpha amd64 ia64 ppc ppc64 sparc x86

mail-client/mozilla-thunderbird-bin-2.0.0.18
Arches: amd64 x86

Thanks

------- Comment #10 From Markus Meier 2008-11-22 14:03:14 0000 -------

amd64/x86 stable

------- Comment #11 From Tobias Scherbaum 2008-11-22 15:52:46 0000 -------

ppc stable

------- Comment #12 From Raúl Porcel 2008-11-23 16:22:47 0000 -------

alpha/ia64/sparc stable

------- Comment #13 From Brent Baude 2008-11-24 20:33:54 0000 -------

ppc64 done

------- Comment #14 From Tobias Heinlein 2008-12-07 20:24:19 0000 -------

GLSA request filed, any reason why nobody did this before me?

Bug 246602 depends on:			Show dependency tree
Bug 246602 blocks:			Show dependency tree

Bugzilla Bug 246602

Mozilla Firefox, Thunderbird, Seamonkey, Xulrunner: ".18" fixes (CVE-2008-{0017,4582,5012,5013,5014,5015,5017,5018,5019,5021,5022,5023,5024,5052})

Last modified: 2009-11-07 06:29:12 0000