Gentoo Bug 130887 - www-client/mozilla: 1.7.13 fixes several vuln's, included code execution (CVE 2006-0748)

Description:

Opened: 2006-04-22 14:02 0000

splitting #129924 in one bug per package for helping handling

http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla

Fixed in Mozilla 1.7.13
MFSA 2006-27  Table Rebuilding Code Execution Vulnerability
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-23 File stealing by changing input type
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-21 JavaScript execution in mail when forwarding in-line
MFSA 2006-19 Cross-site scripting using .valueOf.call()
MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
MFSA 2006-17 cross-site scripting through window.controllers
MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent
MFSA 2006-14 Privilege escalation via XBL.method.eval
MFSA 2006-13 Downloading executables with "Save Image As..."
MFSA 2006-12 Secure-site spoof (requires security warning dialog)
MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
MFSA 2006-10 JavaScript garbage-collection hazard audit
MFSA 2006-09 Cross-site JavaScript injection using event handlers
MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
MFSA 2006-03 Long document title causes startup denial of Service
MFSA 2006-01 JavaScript garbage-collection hazards

------- Comment #1 From Raphael Marichez 2006-04-22 14:05:41 0000 -------

same as the moz-1.0.8 thing (#129924), moz team, please provide a new ebuild
www-client/mozilla-1.7.13

------- Comment #2 From Carsten Lohrke 2006-04-22 15:02:19 0000 -------

include net-libs/gecko-sdk

------- Comment #3 From Jory A. Pratt 2006-04-22 21:18:03 0000 -------

-bin is in the tree, go ahead and test and mark stable.

------- Comment #4 From Jory A. Pratt 2006-04-23 14:15:16 0000 -------

1.7.13 source is in tree mark stable. amd64 and x86 do not forget to mark -bin
stable as well.

------- Comment #5 From Thomas Cort (RETIRED) 2006-04-23 18:22:48 0000 -------

mozilla-1.7.13 stable on alpha and amd64
mozilla-bin-1.7.13 stable on amd64

(In reply to comment #2)
> include net-libs/gecko-sdk

Leaving alpha and amd64 on CC while we wait for a new net-libs/gecko-sdk.

------- Comment #6 From Jory A. Pratt 2006-04-23 19:07:25 0000 -------

(In reply to comment #2)
> include net-libs/gecko-sdk
> 
is now in the tree please mark 1.7.13 stable

------- Comment #7 From Thomas Cort (RETIRED) 2006-04-23 20:08:42 0000 -------

gecko-sdk-1.7.13 stable on amd64

------- Comment #8 From Thomas Cort (RETIRED) 2006-04-24 02:25:31 0000 -------

gecko-sdk-1.7.13 stable on alpha

------- Comment #9 From Gustavo Zacarias (RETIRED) 2006-04-24 14:57:15 0000 -------

sparc stable.

------- Comment #10 From Chris Gianelloni (RETIRED) 2006-04-25 08:02:27 0000 -------

Stable on x86.

We had mozilla-bin failed due to the older ebuilds not being ported to modular
X, but I ignored it, since this is definitely more important.  I definitely
recommend removing all of the older ebuilds for -bin.

------- Comment #11 From Tobias Scherbaum 2006-04-25 12:56:34 0000 -------

ppc stable

------- Comment #12 From Guy Martin 2006-04-26 09:57:44 0000 -------

Stable on hppa.

------- Comment #13 From Thierry Carrez (RETIRED) 2006-04-28 10:44:50 0000 -------

This is GLSA 200604-18 thx everyone and especially falco

Bug 130887 depends on:			Show dependency tree
Bug 130887 blocks:			Show dependency tree

Bugzilla Bug 130887

www-client/mozilla: 1.7.13 fixes several vuln's, included code execution (CVE 2006-0748)

Last modified: 2006-10-15 04:28:53 0000