Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 267234 (CVE-2009-1302) - <www-client/mozilla-firefox{-bin}-3.0.10, <mail-client/mozilla-thunderbird{-bin}-2.0.0.22, <www-client/seamonkey{-bin}-1.1.16 multiple vulnerabilities (CVE-2009-{1302,1303,1304,1305,1306,1307,1308,1309,1310,1311,1312,1313})
Summary: <www-client/mozilla-firefox{-bin}-3.0.10, <mail-client/mozilla-thunderbird{-b...
Status: RESOLVED FIXED
Alias: CVE-2009-1302
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: https://bugzilla.mozilla.org/show_bug...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-04-23 16:28 UTC by Stefan Behte (RETIRED)
Modified: 2013-01-08 01:03 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-04-23 16:28:13 UTC
CVE-2009-1302 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302):
  The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird
  before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers
  to cause a denial of service (application crash) and possibly trigger
  memory corruption via vectors related to (1)
  nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3)
  nsComputedDOMStyle::GetWidth, (4) the
  xslt_attributeset_ImportSameName.html test case for the XSLT
  stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener,
  (6) IsBindingAncestor, (7) PL_DHashTableOperate and
  nsEditor::EndUpdateViewBatch, and (8)
  gfxSkipCharsIterator::SetOffsets, and other vectors.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-04-23 16:37:46 UTC
CVE-2009-1303 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303):
  The browser engine in Mozilla Firefox before 3.0.9, Thunderbird
  before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers
  to cause a denial of service (application crash) and possibly trigger
  memory corruption via vectors related to nsSVGElement::BindToTree.

CVE-2009-1304 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304):
  The JavaScript engine in Mozilla Firefox 3.x before 3.0.9,
  Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows
  remote attackers to cause a denial of service (application crash) and
  possibly trigger memory corruption via vectors involving (1)
  js_FindPropertyHelper, related to the definitions of Math and Date;
  and (2) js_CheckRedeclaration.

CVE-2009-1305 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305):
  The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird
  before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers
  to cause a denial of service (application crash) and possibly trigger
  memory corruption via vectors involving JSOP_DEFVAR and properties
  that lack the JSPROP_PERMANENT attribute.

CVE-2009-1306 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306):
  The jar: URI implementation in Mozilla Firefox before 3.0.9,
  Thunderbird, and SeaMonkey does not follow the Content-Disposition
  header of the inner URI, which allows remote attackers to conduct
  cross-site scripting (XSS) attacks and possibly other attacks via an
  uploaded .jar file with a "Content-Disposition: attachment"
  designation.

CVE-2009-1307 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307):
  The view-source: URI implementation in Mozilla Firefox before 3.0.9,
  Thunderbird, and SeaMonkey does not properly implement the Same
  Origin Policy, which allows remote attackers to (1) bypass
  crossdomain.xml restrictions and connect to arbitrary web sites via a
  Flash file; (2) read, create, or modify Local Shared Objects via a
  Flash file; or (3) bypass unspecified restrictions and render content
  via vectors involving a jar: URI.

CVE-2009-1308 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308):
  Cross-site scripting (XSS) vulnerability in Mozilla Firefox before
  3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject
  arbitrary web script or HTML via vectors involving XBL JavaScript
  bindings and remote stylesheets, as exploited in the wild by a March
  2009 eBay listing.

CVE-2009-1309 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309):
  Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not
  properly implement the Same Origin Policy for (1) XMLHttpRequest,
  involving a mismatch for a document's principal, and (2)
  XPCNativeWrapper.toString, involving an incorrect __proto__ scope,
  which allows remote attackers to conduct cross-site scripting (XSS)
  attacks and possibly other attacks via a crafted document.

CVE-2009-1310 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310):
  Cross-site scripting (XSS) vulnerability in the MozSearch plugin
  implementation in Mozilla Firefox before 3.0.9 allows user-assisted
  remote attackers to inject arbitrary web script or HTML via a
  javascript: URI in the SearchForm element.

CVE-2009-1311 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311):
  Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow
  user-assisted remote attackers to obtain sensitive information via a
  web page with an embedded frame, which causes POST data from an outer
  page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY
  save of the inner frame.

CVE-2009-1312 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312):
  Mozilla Firefox before 3.0.9 and SeaMonkey do not block javascript:
  URIs in Refresh headers in HTTP responses, which allows remote
  attackers to conduct cross-site scripting (XSS) attacks via vectors
  related to (1) injecting a Refresh header or (2) specifying the
  content of a Refresh header.

Comment 2 Raúl Porcel (RETIRED) gentoo-dev 2009-04-29 16:59:30 UTC
net-libs/xulrunner-1.9.0.10, www-client/mozilla-firefox[-bin]-3.0.10 are in the tree. There are no thunderbird release planned, and not sure about seamonkey.

So let's go ahead meanwhile.


net-libs/xulrunner-1.9.0.10:
Arches: alpha arm amd64 hppa ia64 ppc ppc64 sparc x86

www-client/mozilla-firefox-3.0.10:
Arches: alpha arm amd64 hppa ia64 ppc ppc64 sparc x86
www-client/mozilla-firefox-bin-3.0.10:
Arches: amd64 x86
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2009-04-29 20:37:54 UTC
x86 stable
Comment 4 Brent Baude (RETIRED) gentoo-dev 2009-04-29 22:56:32 UTC
ppc64 done
Comment 5 Brent Baude (RETIRED) gentoo-dev 2009-04-29 22:56:38 UTC
ppc done
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2009-04-30 10:35:44 UTC
Stable for HPPA:
 =dev-libs/nspr-4.7.4
 =net-libs/xulrunner-1.9.0.10
 =www-client/mozilla-firefox-3.0.10
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2009-04-30 17:18:39 UTC
alpha/arm/ia64/sparc stable
Comment 8 Markus Meier gentoo-dev 2009-05-01 14:07:47 UTC
amd64 stable, all arches done.
Comment 9 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-01 20:31:37 UTC
CVE-2009-1313 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313):
  The nsTextFrame::ClearTextRun function in
  layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows
  remote attackers to cause a denial of service (memory corruption) and
  probably execute arbitrary code via unspecified vectors.  NOTE: this
  vulnerability reportedly exists because of an incorrect fix for
  CVE-2009-1302.
Comment 10 Nirbheek Chauhan (RETIRED) gentoo-dev 2010-09-16 13:35:53 UTC
Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:03:15 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).