Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 130887 - www-client/mozilla: 1.7.13 fixes several vuln's, included code execution (CVE 2006-0748)
Summary: www-client/mozilla: 1.7.13 fixes several vuln's, included code execution (CVE...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.mozilla.org/projects/secur...
Whiteboard: A2 [glsa] Falco
Keywords:
Depends on:
Blocks:
 
Reported: 2006-04-22 14:02 UTC by Raphael Marichez (Falco) (RETIRED)
Modified: 2006-10-15 04:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-04-22 14:02:37 UTC
splitting #129924 in one bug per package for helping handling

http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla

Fixed in Mozilla 1.7.13
MFSA 2006-27  Table Rebuilding Code Execution Vulnerability
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-23 File stealing by changing input type
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-21 JavaScript execution in mail when forwarding in-line
MFSA 2006-19 Cross-site scripting using .valueOf.call()
MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
MFSA 2006-17 cross-site scripting through window.controllers
MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent
MFSA 2006-14 Privilege escalation via XBL.method.eval
MFSA 2006-13 Downloading executables with "Save Image As..."
MFSA 2006-12 Secure-site spoof (requires security warning dialog)
MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
MFSA 2006-10 JavaScript garbage-collection hazard audit
MFSA 2006-09 Cross-site JavaScript injection using event handlers
MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
MFSA 2006-03 Long document title causes startup denial of Service
MFSA 2006-01 JavaScript garbage-collection hazards
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-04-22 14:05:41 UTC
same as the moz-1.0.8 thing (#129924), moz team, please provide a new ebuild www-client/mozilla-1.7.13
Comment 2 Carsten Lohrke (RETIRED) gentoo-dev 2006-04-22 15:02:19 UTC
include net-libs/gecko-sdk
Comment 3 Jory A. Pratt 2006-04-22 21:18:03 UTC
-bin is in the tree, go ahead and test and mark stable.
Comment 4 Jory A. Pratt 2006-04-23 14:15:16 UTC
1.7.13 source is in tree mark stable. amd64 and x86 do not forget to mark -bin stable as well.
Comment 5 Thomas Cort (RETIRED) gentoo-dev 2006-04-23 18:22:48 UTC
mozilla-1.7.13 stable on alpha and amd64
mozilla-bin-1.7.13 stable on amd64

(In reply to comment #2)
> include net-libs/gecko-sdk

Leaving alpha and amd64 on CC while we wait for a new net-libs/gecko-sdk.
Comment 6 Jory A. Pratt 2006-04-23 19:07:25 UTC
(In reply to comment #2)
> include net-libs/gecko-sdk
> 
is now in the tree please mark 1.7.13 stable
Comment 7 Thomas Cort (RETIRED) gentoo-dev 2006-04-23 20:08:42 UTC
gecko-sdk-1.7.13 stable on amd64
Comment 8 Thomas Cort (RETIRED) gentoo-dev 2006-04-24 02:25:31 UTC
gecko-sdk-1.7.13 stable on alpha
Comment 9 Gustavo Zacarias (RETIRED) gentoo-dev 2006-04-24 14:57:15 UTC
sparc stable.
Comment 10 Chris Gianelloni (RETIRED) gentoo-dev 2006-04-25 08:02:27 UTC
Stable on x86.

We had mozilla-bin failed due to the older ebuilds not being ported to modular X, but I ignored it, since this is definitely more important.  I definitely recommend removing all of the older ebuilds for -bin.
Comment 11 Tobias Scherbaum (RETIRED) gentoo-dev 2006-04-25 12:56:34 UTC
ppc stable
Comment 12 Guy Martin (RETIRED) gentoo-dev 2006-04-26 09:57:44 UTC
Stable on hppa.
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2006-04-28 10:44:50 UTC
This is GLSA 200604-18 thx everyone and especially falco