Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 312645 - Firefox <3.0.18 issue tracking bug (CVE-2009-{3981,3984,3985,3986,3987,3988},CVE-2010-{0159,0160,0162,0167,0169,0171})
Summary: Firefox <3.0.18 issue tracking bug (CVE-2009-{3981,3984,3985,3986,3987,3988},...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-01 15:50 UTC by Alex Legler (RETIRED)
Modified: 2013-01-08 01:04 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-01 15:50:46 UTC
Firefox 3.0.18 / 3.5.8 issue tracking bug
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-01 15:53:14 UTC
CVE-2009-1571 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571):
  Use-after-free vulnerability in the HTML parser in Mozilla Firefox
  3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2,
  and SeaMonkey before 2.0.3 allows remote attackers to execute
  arbitrary code via unspecified method calls that attempt to access
  freed objects in low-memory situations.

Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-01 16:45:03 UTC
CVE-2009-3981 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981):
  Unspecified vulnerability in the browser engine in Mozilla Firefox
  before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote
  attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via unknown
  vectors.

Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-01 16:46:55 UTC
CVE-2009-3984 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984):
  Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey
  before 2.0.1, allows remote attackers to spoof an SSL indicator for
  an http URL or a file URL by setting document.location to an https
  URL corresponding to a site that responds with a No Content (aka 204)
  status code and an empty body.

Comment 4 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-01 16:47:55 UTC
CVE-2009-3985 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985):
  Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey
  before 2.0.1, allows remote attackers to associate spoofed content
  with an invalid URL by setting document.location to this URL, and
  then writing arbitrary web script or HTML to the associated blank
  document, a related issue to CVE-2009-2654.

Comment 5 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-01 16:48:37 UTC
CVE-2009-3986 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986):
  Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey
  before 2.0.1, allows remote attackers to execute arbitrary JavaScript
  with chrome privileges by leveraging a reference to a chrome window
  from a content window, related to the window.opener property.

Comment 6 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-01 16:49:19 UTC
CVE-2009-3987 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987):
  The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and
  3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different
  exception messages depending on whether the referenced COM object is
  listed in the registry, which allows remote attackers to obtain
  potentially sensitive information about installed software by making
  multiple calls that specify the ProgID values of different COM
  objects.

Comment 7 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-01 16:50:02 UTC
CVE-2009-3988 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988):
  Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and
  SeaMonkey before 2.0.3, does not properly restrict read access to
  object properties in showModalDialog, which allows remote attackers
  to bypass the Same Origin Policy and conduct cross-site scripting
  (XSS) attacks via crafted dialogArguments values.

Comment 8 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-01 16:51:36 UTC
CVE-2010-0159 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159):
  The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x
  before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3
  allows remote attackers to cause a denial of service (memory
  corruption and application crash) or possibly execute arbitrary code
  via vectors related to the nsBlockFrame::StealFrame function in
  layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

Comment 9 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-01 16:52:38 UTC
CVE-2010-0160 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160):
  The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18
  and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly
  handle array data types for posted messages, which allows remote
  attackers to cause a denial of service (heap memory corruption and
  application crash) or possibly execute arbitrary code via unspecified
  vectors.

Comment 10 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-01 16:53:19 UTC
CVE-2010-0162 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162):
  Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and
  SeaMonkey before 2.0.3, does not properly support the
  application/octet-stream content type as a protection mechanism
  against execution of web script in certain circumstances involving
  SVG and the EMBED element, which allows remote attackers to bypass
  the Same Origin Policy and conduct cross-site scripting (XSS) attacks
  via an embedded SVG document.

Comment 11 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-01 17:00:05 UTC
CVE-2010-0167 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167):
  The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x
  before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and
  SeaMonkey before 2.0.3 allows remote attackers to cause a denial of
  service (memory corruption and application crash) and possibly
  execute arbitrary code via vectors related to (1)
  layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in
  modules/plugin/base/src/nsNPAPIPlugin.cpp.

Comment 12 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-01 17:06:09 UTC
CVE-2010-0169 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169):
  The CSSLoaderImpl::DoSheetComplete function in
  layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18,
  3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2;
  and SeaMonkey before 2.0.3 changes the case of certain strings in a
  stylesheet before adding this stylesheet to the XUL cache, which
  might allow remote attackers to modify the browser's font and other
  CSS attributes, and potentially disrupt rendering of a web page, by
  forcing the browser to perform this erroneous stylesheet caching.

CVE-2010-0171 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171):
  Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x
  before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3
  allow remote attackers to perform cross-origin keystroke capture, and
  possibly conduct cross-site scripting (XSS) attacks, by using the
  addEventListener and setTimeout functions in conjunction with a
  wrapped object.  NOTE: this vulnerability exists because of an
  incomplete fix for CVE-2007-3736.

Comment 13 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-10 12:36:50 UTC
Mozilla Team, do we have any affected packages in the tree, or some stabilizations still pending for those issues?
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:04:04 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).