Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 348316 (CVE-2010-3766) - <www-client/firefox{,-bin}-3.6.13, <mail-client/thunderbird{,-bin}-3.1.7, <www-client/seamonkey{,-bin}-2.0.11, <www-client/icecat-3.6.13, <net-libs/xulrunner-1.9.2.13: Multiple Vulnerabilities (CVE-2010-{3766,3767,3768,3769,3770,3771,3772,3773,3775,377...
Summary: <www-client/firefox{,-bin}-3.6.13, <mail-client/thunderbird{,-bin}-3.1.7, <ww...
Status: RESOLVED FIXED
Alias: CVE-2010-3766
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/security/know...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-12-09 22:10 UTC by Tim Sammut (RETIRED)
Modified: 2013-01-08 01:04 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-12-09 22:10:37 UTC
From $URL:

MFSA 2010-84, CVE-2010-3770: XSS hazard in multiple character encodings
MFSA 2010-83, CVE-2010-3774: Location bar SSL spoofing using network error page
MFSA 2010-82, CVE-2010-3773: Incomplete fix for CVE-2010-0179
MFSA 2010-81, CVE-2010-3767: Integer overflow vulnerability in NewIdArray
MFSA 2010-80, CVE-2010-3766: Use-after-free error with nsDOMAttribute MutationObserver
MFSA 2010-79, CVE-2010-3775: Java security bypass from LiveConnect loaded via data: URL meta refresh
MFSA 2010-78, CVE-2010-3768: Add support for OTS font sanitizer
MFSA 2010-77, CVE-2010-3772: Crash and remote code execution using HTML tags inside a XUL tree
MFSA 2010-76, CVE-2010-3771: Chrome privilege escalation with window.open and <isindex> element
MFSA 2010-75,CVE-2010-3769: Buffer overflow while line breaking after document.write with long string
MFSA 2010-74,CVE-2010-3776, CVE-2010-3777, CVE-2010-3778: Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
Comment 1 Jory A. Pratt gentoo-dev 2010-12-10 04:38:26 UTC
Feel free to bring in the archs, xulrunner-1.9.2.13,firefox{-bin}-3.6.13,thunderbird{-bin}-3.0.7,seamonkey{-bin}-2.0.11 are all in tree, icecat-3.6.13 will be add once avaliable.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2010-12-10 05:14:17 UTC
Thanks, anarchy and polynomial-c.

Arches, please test and mark stable:
=net-libs/xulrunner-1.9.2.13
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=www-client/firefox-3.6.13
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=www-client/firefox-bin-3.6.13
Target keywords : "amd64 x86"

=mail-client/thunderbird-3.1.7
Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86"

=mail-client/thunderbird-bin-3.1.7
Target keywords : "amd64 x86"

=www-client/seamonkey-2.0.11
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=www-client/seamonkey-bin-2.0.11
Target keywords : "amd64 x86"
Comment 3 Agostino Sarubbo gentoo-dev 2010-12-10 16:42:30 UTC
amd64: ok
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2010-12-10 16:43:37 UTC
Stable for PPC.
Comment 5 Agostino Sarubbo gentoo-dev 2010-12-10 19:46:05 UTC
On my x86 i've tested:

=net-libs/xulrunner-1.9.2.13
=www-client/firefox-3.6.13
=mail-client/thunderbird-3.1.7

Ok all, but for thunderbird i've found:

QA Notice: Pre-stripped files found:
 * /usr/lib/thunderbird/extensions/{e2fda1a4-762b-4020-b5ad-a41df1933103}/components/libcalbasecomps.so

If it isn't a problem, ignore this.
Comment 6 Markos Chandras (RETIRED) gentoo-dev 2010-12-10 21:42:31 UTC
amd64 done. Thanks Agostino
Comment 7 Alex Buell 2010-12-11 00:30:18 UTC
Tested on SPARC, appears to load OK and run just fine, browsing a few sites seems to be fine. Although I noticed an odd thing in that when run for the first time it seems to have 'gentoo' in the URL for the 'what's new' page on Mozilla, wonder what's causing that as it fails to find the page due to the extra 'gentoo'!
Comment 8 Markus Meier gentoo-dev 2010-12-11 10:37:37 UTC
x86 stable, thanks Agostino
Comment 9 Markus Meier gentoo-dev 2010-12-11 10:47:52 UTC
arm stable
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2010-12-11 16:00:47 UTC
Stable for HPPA.
Comment 11 Brent Baude (RETIRED) gentoo-dev 2010-12-11 19:39:02 UTC
ppc64 done
Comment 12 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2010-12-14 10:37:56 UTC
+*icecat-3.6.13 (14 Dec 2010)
+
+  14 Dec 2010; Lars Wendler <polynomial-c@gentoo.org>
+  -files/xulrunner-1.9.2-noalsa-fixup.patch,
+  -files/137-bz460917_reload_new_plugins-gentoo-update-3.6.4.patch,
+  -icecat-3.6.9.ebuild, -icecat-3.6.9-r1.ebuild,
+  -files/801-enable-x86_64-tracemonkey.patch, -icecat-3.6.11.ebuild,
+  +icecat-3.6.13.ebuild, -files/fix_blocklist_support.patch:
+  Security bump(bug #348316). Removed old. No language packs availabe for
+  3.6.13 yet so we gonna use those from 3.6.12 meanwhile.


Target keywords for =www-client/icecat-3.6.13:
amd64 ppc ppc64 x86

Readded all four arches. As usual, sorry for the inconveniences.
Comment 13 Christian Faulhammer (RETIRED) gentoo-dev 2010-12-14 12:39:08 UTC
x86 stable
Comment 14 Markos Chandras (RETIRED) gentoo-dev 2010-12-14 13:50:39 UTC
amd64 done
Comment 15 Brent Baude (RETIRED) gentoo-dev 2010-12-27 14:32:29 UTC
ppc and ppc64 done
Comment 16 Jory A. Pratt gentoo-dev 2010-12-30 03:52:41 UTC
Nothing for mozilla team to handle, tree has all appropriate updates.
Comment 17 Jory A. Pratt gentoo-dev 2010-12-30 03:54:16 UTC
sorry for the noise just forgot to remove mozilla team from the bug reports.
Comment 18 Raúl Porcel (RETIRED) gentoo-dev 2011-01-01 19:57:19 UTC
alpha/ia64 stable for everything, sparc all done except xulrunner and firefox since it sigbuses again...
Comment 19 Tim Sammut (RETIRED) gentoo-dev 2011-03-07 00:06:52 UTC
The original summary for this bug was longer than 255 characters, and so it was truncated when Bugzilla was upgraded. The original summary was:

<www-client/firefox{,-bin}-3.6.13, <mail-client/thunderbird{,-bin}-3.1.7, <www-client/seamonkey{,-bin}-2.0.11, <www-client/icecat-3.6.13, <net-libs/xulrunner-1.9.2.13: Multiple Vulnerabilities (CVE-2010-{3766,3767,3768,3769,3770,3771,3772,3773,3775,3774,3776,3777,3778})
Comment 20 GLSAMaker/CVETool Bot gentoo-dev 2011-06-14 16:42:12 UTC
CVE-2010-3778 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778):
  Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16,
  Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote
  attackers to cause a denial of service (memory corruption and application
  crash) or possibly execute arbitrary code via unknown vectors.

CVE-2010-3777 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777):
  Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and
  Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of
  service (memory corruption and application crash) or possibly execute
  arbitrary code via unknown vectors.

CVE-2010-3776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and
  3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to
  cause a denial of service (memory corruption and application crash) or
  possibly execute arbitrary code via unknown vectors.

CVE-2010-3775 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775):
  Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before
  2.0.11, does not properly handle certain redirections involving data: URLs
  and Java LiveConnect scripts, which allows remote attackers to start
  processes, read arbitrary local files, and establish network connections via
  vectors involving a refresh value in the http-equiv attribute of a META
  element, which causes the wrong security principal to be used.

CVE-2010-3774 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774):
  The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in
  Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before
  2.0.11, does not properly handle (1) about:neterror and (2) about:certerror
  pages, which allows remote attackers to spoof the location bar via a crafted
  web site.

CVE-2010-3773 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773):
  Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before
  2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used,
  does not properly handle interaction between the XMLHttpRequestSpy object
  and chrome privileged objects, which allows remote attackers to execute
  arbitrary JavaScript via a crafted HTTP response.  NOTE: this vulnerability
  exists because of an incomplete fix for CVE-2010-0179.

CVE-2010-3772 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772):
  Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before
  2.0.11, does not properly calculate index values for certain child content
  in a XUL tree, which allows remote attackers to execute arbitrary code via
  vectors involving a DIV element within a treechildren element.

CVE-2010-3771 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771):
  Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before
  2.0.11, does not properly handle injection of an ISINDEX element into an
  about:blank page, which allows remote attackers to execute arbitrary
  JavaScript code with chrome privileges via vectors related to redirection to
  a chrome: URI.

CVE-2010-3770 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770):
  Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine
  in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey
  before 2.0.11, allow remote attackers to inject arbitrary web script or HTML
  via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that
  may be converted to angle brackets during rendering.

CVE-2010-3769 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769):
  The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x
  before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and
  SeaMonkey before 2.0.11 on Windows does not properly handle long strings,
  which allows remote attackers to execute arbitrary code via a crafted
  document.write call that triggers a buffer over-read.

CVE-2010-3768 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768):
  Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before
  3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly
  validate downloadable fonts before use within an operating system's font
  implementation, which allows remote attackers to execute arbitrary code via
  vectors related to @font-face Cascading Style Sheets (CSS) rules.

CVE-2010-3767 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767):
  Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16
  and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote
  attackers to execute arbitrary code via a JavaScript array with many
  elements.

CVE-2010-3766 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766):
  Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x
  before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to
  execute arbitrary code via vectors involving a change to an nsDOMAttribute
  node.
Comment 21 Alex Legler (RETIRED) archtester gentoo-dev Security 2011-12-13 19:51:07 UTC
sparc keywords have been dropped in subsequent versions, proceeding with advisory
Comment 22 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:04:29 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).