Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 238535 - Mozilla Firefox, Thunderbird, Seamonkey, Xulrunner: ".17" fixes (CVE-2008-{0016,3835,3836,3837,4058,4059,4060,4061,4062,4063,4064,4065,4066,4067,4068,4069,4070})
Summary: Mozilla Firefox, Thunderbird, Seamonkey, Xulrunner: ".17" fixes (CVE-2008-{00...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.mozilla.org/security/annou...
Whiteboard: A2 [glsa]
Keywords:
: 238543 (view as bug list)
Depends on:
Blocks: CVE-2007-3073
  Show dependency tree
 
Reported: 2008-09-24 02:58 UTC by Robert Buchholz (RETIRED)
Modified: 2013-01-08 01:02 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-09-24 02:58:25 UTC
MFSA 2008-45 XBM image uninitialized memory reading
MFSA 2008-44 resource: traversal vulnerabilities
MFSA 2008-43 BOM characters stripped from JavaScript before execution
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
MFSA 2008-40 Forced mouse drag
MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 UTF-8 URL stack buffer overflow
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-09-24 03:00:55 UTC
Updates we're targeting:
  Firefox 3.0.2
  Firefox 2.0.0.17
  Thunderbird 2.0.0.17
  SeaMonkey 1.1.12
Comment 2 Serkan Kaba (RETIRED) gentoo-dev 2008-09-24 10:11:04 UTC
*** Bug 238543 has been marked as a duplicate of this bug. ***
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2008-09-24 17:19:34 UTC
In the tree:
www-client/mozilla-firefox[-bin]-2.0.0.17
www-client/seamonkey[-bin]-1.1.12
net-libs/xulrunner-1.8.1.17

Need to do xulrunner-bin and mozilla-thunderbird-2.0.0.17 needs to be released, which is scheduled for tomorrow, but since they release it at night on european time, i'll do it the 26th. *IF* they release it...
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-09-24 18:04:16 UTC
Arches, please test and mark stable:
=www-client/mozilla-firefox-2.0.0.17
=www-client/seamonkey-1.1.12
=net-libs/xulrunner-1.8.1.17
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=www-client/mozilla-firefox-bin-2.0.0.17
=www-client/seamonkey-bin-1.1.12
Target keywords : "amd64 x86"
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2008-09-24 21:50:09 UTC
and 
=net-libs/xulrunner-bin-1.8.1.17
Target keywords : "amd64 x86"
Comment 6 Brent Baude (RETIRED) gentoo-dev 2008-09-25 17:08:17 UTC
ppc and ppc64 lovin' done
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2008-09-26 09:05:10 UTC
and 
=mail-client/mozilla-thunderbird-2.0.0.17
=x11-plugins/enigmail-0.95.7-r1
Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86 ~x86-fbsd"

=mail-client/mozilla-thunderbird-bin-2.0.0.17
Target keywords : "amd64 x86"
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2008-09-26 13:25:39 UTC
CVE-2008-0016 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016):
  Stack-based buffer overflow in the URL parsing implementation in
  Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows
  remote attackers to execute arbitrary code via a crafted UTF-8 URL in
  a link.

CVE-2008-3835 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835):
  The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox
  before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before
  1.1.12 allows remote attackers to bypass the Same Origin Policy and
  execute arbitrary JavaScript code via unknown vectors.

CVE-2008-3836 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836):
  feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers
  to execute scripts with chrome privileges via vectors related to feed
  preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3)
  _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI
  functions.

CVE-2008-3837 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837):
  Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey
  before 1.1.12, allow user-assisted remote attackers to move a window
  during a mouse click, and possibly force a file download or
  unspecified other drag-and-drop action, via a crafted onmousedown
  action that calls window.moveBy, a variant of CVE-2003-0823.

CVE-2008-4058 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058):
  The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x
  before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before
  1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and
  execute arbitrary code with chrome privileges via vectors related to
  (1) chrome XBL and (2) chrome JS.

CVE-2008-4059 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059):
  The XPConnect component in Mozilla Firefox before 2.0.0.17 allows
  remote attackers to "pollute XPCNativeWrappers" and execute arbitrary
  code with chrome privileges via vectors related to a SCRIPT element.

CVE-2008-4060 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060):
  Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird
  before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers
  to create documents that lack script-handling objects, and execute
  arbitrary code with chrome privileges, via vectors related to (1) the
  document.loadBindingDocument function and (2) XSLT.

CVE-2008-4061 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061):
  Integer overflow in the MathML component in Mozilla Firefox before
  2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and
  SeaMonkey before 1.1.12 allows remote attackers to cause a denial of
  service (memory corruption and application crash) or possibly execute
  arbitrary code via an mtd element with a large integer value in the
  rowspan attribute, related to the layout engine.

CVE-2008-4062 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062):
  Multiple unspecified vulnerabilities in Mozilla Firefox before
  2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and
  SeaMonkey before 1.1.12 allow remote attackers to cause a denial of
  service (memory corruption and application crash) or possibly execute
  arbitrary code via vectors related to the JavaScript engine and (1)
  misinterpretation of the characteristics of Namespace and QName in
  jsxml.c, (2) misuse of signed integers in the nsEscapeCount function
  in nsEscape.cpp, and (3) interaction of JavaScript garbage collection
  with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed
  function in nsJSNPRuntime.cpp.

CVE-2008-4063 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063):
  Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before
  3.0.2 allow remote attackers to cause a denial of service (memory
  corruption and application crash) or possibly execute arbitrary code
  via vectors related to the layout engine and (1) a zero value of the
  "this" variable in the nsContentList::Item function; (2) interaction
  of the indic IME extension, a Hindi language selection, and the "g"
  character; and (3) interaction of the nsFrameList::SortByContentOrder
  function with a certain insufficient protection of inline frames.

CVE-2008-4064 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064):
  Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before
  3.0.2 allow remote attackers to cause a denial of service (memory
  corruption and application crash) or possibly execute arbitrary code
  via vectors related to graphics rendering and (1) handling of a long
  alert messagebox in the cairo_surface_set_device_offset function, (2)
  integer overflows when handling animated PNG data in the
  info_callback function in nsPNGDecoder.cpp, and (3) an integer
  overflow when handling SVG data in the
  nsSVGFEGaussianBlurElement::SetupPredivide function in
  nsSVGFilters.cpp.

CVE-2008-4065 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065):
  Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird
  before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers
  to bypass cross-site scripting (XSS) protection mechanisms and
  conduct XSS attacks via byte order mark (BOM) characters that are
  removed from JavaScript code before execution, aka "Stripped BOM
  characters bug."

CVE-2008-4066 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066):
  Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows
  remote attackers to bypass cross-site scripting (XSS) protection
  mechanisms and conduct XSS attacks via HTML-escaped low surrogate
  characters that are ignored by the HTML parser, as demonstrated by a
  "jav?ascript" sequence, aka "HTML escaped low surrogates bug."

CVE-2008-4067 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067):
  Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17
  and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey
  before 1.1.12 on Linux allows remote attackers to read arbitrary
  files via a .. (dot dot) and URL-encoded / (slash) characters in a
  resource: URI.

CVE-2008-4068 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068):
  Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17
  and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey
  before 1.1.12 allows remote attackers to bypass "restrictions imposed
  on local HTML files," and obtain sensitive information and prompt
  users to write this information into a file, via directory traversal
  sequences in a resource: URI.

CVE-2008-4069 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069):
  The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey
  before 1.1.12 allows remote attackers to read uninitialized memory,
  and possibly obtain sensitive information in opportunistic
  circumstances, via a crafted XBM image file.

Comment 9 Brent Baude (RETIRED) gentoo-dev 2008-09-26 23:35:07 UTC
ppc and ppc64 done
Comment 10 Olivier Crete (RETIRED) gentoo-dev 2008-09-27 00:06:43 UTC
Btw, ffox 3.0.3 was just released to replace 3.0.2
Comment 11 Jeroen Roovers (RETIRED) gentoo-dev 2008-09-27 15:20:04 UTC
Stable for HPPA:
 =www-client/mozilla-firefox-2.0.0.17
 =www-client/seamonkey-1.1.12
 =net-libs/xulrunner-1.8.1.17
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2008-09-27 17:22:31 UTC
alpha/arm/ia64/sparc/x86 stable
Comment 13 Markus Meier gentoo-dev 2008-09-28 13:19:30 UTC
amd64 stable, all arches done.
Comment 14 Tobias Heinlein (RETIRED) gentoo-dev 2008-09-28 15:17:08 UTC
Request filed.
Comment 15 Robert Buchholz (RETIRED) gentoo-dev 2008-09-29 14:58:18 UTC
CVE-2008-4070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070):
  Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and
  SeaMonkey before 1.1.12 allows remote attackers to cause a denial of
  service (application crash) or possibly execute arbitrary code via a
  long header in a news article, related to "canceling [a] newsgroup
  message" and "cancelled newsgroup messages."

Comment 16 Jory A. Pratt gentoo-dev 2010-09-16 13:06:00 UTC
mozilla has nothing to do here.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:02:46 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).