Summary: | <www-client/mozilla-firefox-3.5.4: Multiple vulnerabilities (CVE-2009-{1563,3274,3370,3371,3372,3373,3374,3375,3376,3377,3378,3379,3380,3381,3382,3383}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | David Barrera <davidbb> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | Manfred.Knick, prote |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.4 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
David Barrera
2009-10-28 15:15:49 UTC
CVE-2009-1563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563): Array index error in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows remote attackers to execute arbitrary code via a long string that triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. CVE-2009-3370 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3370): Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. CVE-2009-3371 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371): Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. CVE-2009-3372 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372): Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. CVE-2009-3373 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373): Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2009-3374 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374): The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." CVE-2009-3375 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375): content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. CVE-2009-3376 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376): Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. CVE-2009-3377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377): Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3378 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378): The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file. CVE-2009-3379 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379): Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. CVE-2009-3380 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3381 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3383 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383): Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. GLSA request filed. CVE-2009-3274 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274): Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. CVE-2009-3382 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382): layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore. This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle). |