Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 357057 (CVE-2010-1585) - <www-client/firefox{,-bin}-3.6.15, <mail-client/thunderbird{,-bin}-3.1.9, <www-client/seamonkey{,-bin}-2.0.12, <www-client/icecat-3.6.15, <net-libs/xulrunner-1.9.2.15: Multiple Vulnerabilities... (CVE-2010-1585,CVE-2011-{0051,0053,0054,0055,0056,0057})
Summary: <www-client/firefox{,-bin}-3.6.15, <mail-client/thunderbird{,-bin}-3.1.9, <ww...
Status: RESOLVED FIXED
Alias: CVE-2010-1585
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/security/anno...
Whiteboard: A2 [glsa]
Keywords:
: 357117 357119 357263 357551 (view as bug list)
Depends on:
Blocks:
 
Reported: 2011-03-02 06:38 UTC by Tim Sammut (RETIRED)
Modified: 2013-01-08 01:04 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2011-03-02 06:38:10 UTC
MFSA 2011-10 CSRF risk with plugins and 307 redirects
CVE-2011-0059
https://www.mozilla.org/security/announce/2011/mfsa2011-10.html

MFSA 2011-09 Crash caused by corrupted JPEG image
CVE-2011-0061
https://www.mozilla.org/security/announce/2011/mfsa2011-09.html

MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents
CVE-2010-1585
https://www.mozilla.org/security/announce/2011/mfsa2011-08.html

MFSA 2011-07 Memory corruption during text run construction (Windows)
CVE-2011-0058
https://www.mozilla.org/security/announce/2011/mfsa2011-07.html
** This headline indicates this vulnerability is only present on Windows, but
** I don't have access to details to support that.

MFSA 2011-06 Use-after-free error using Web Workers
CVE-2011-0057
https://www.mozilla.org/security/announce/2011/mfsa2011-06.html

MFSA 2011-05 Buffer overflow in JavaScript atom map
CVE-2011-0056
https://www.mozilla.org/security/announce/2011/mfsa2011-05.html

MFSA 2011-04 Buffer overflow in JavaScript upvarMap
CVE-2011-0054
https://www.mozilla.org/security/announce/2011/mfsa2011-04.html

MFSA 2011-03 Use-after-free error in JSON.stringify
CVE-2011-0055
https://www.mozilla.org/security/announce/2011/mfsa2011-03.html

MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
CVE-2011-0051
https://www.mozilla.org/security/announce/2011/mfsa2011-02.html

MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
CVE-2011-0053 CVE-2011-0062
https://www.mozilla.org/security/announce/2011/mfsa2011-01.html
Comment 1 Jory A. Pratt gentoo-dev 2011-03-03 13:18:04 UTC
*** Bug 357119 has been marked as a duplicate of this bug. ***
Comment 2 Jory A. Pratt gentoo-dev 2011-03-03 13:18:43 UTC

*** This bug has been marked as a duplicate of bug 357117 ***
Comment 3 Jory A. Pratt gentoo-dev 2011-03-03 13:19:08 UTC
err dup'd wrong bug.
Comment 4 Jory A. Pratt gentoo-dev 2011-03-03 13:19:51 UTC
*** Bug 357117 has been marked as a duplicate of this bug. ***
Comment 5 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2011-03-03 20:38:05 UTC
*** Bug 357263 has been marked as a duplicate of this bug. ***
Comment 6 Jory A. Pratt gentoo-dev 2011-03-03 22:31:51 UTC
We will not proceed with this version, a new releases is being rolled that will be out friday, there are too many issues with this releases to land it in the tree.
Comment 7 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2011-03-05 23:06:49 UTC
*** Bug 357551 has been marked as a duplicate of this bug. ***
Comment 8 Jory A. Pratt gentoo-dev 2011-03-06 01:25:17 UTC
thunderbird{-bin}-3.1.9, xulrunner-1.9.2.15, firefox{-bin}-3.6.15 , seamonkey{-bin}-2.0.12, and icecat-3.6.15 are all in the tree, feel free to bring archs in to stabilize.
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2011-03-06 05:05:19 UTC
Arches, please test and mark stable:

=mail-client/thunderbird-3.1.9
Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86"

=mail-client/thunderbird-bin-3.1.9
Target keywords : "amd64 x86"

=www-client/firefox-3.6.15
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=www-client/firefox-bin-3.6.15
Target keywords : "amd64 x86"

=www-client/seamonkey-2.0.12
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=www-client/seamonkey-bin-2.0.12
Target keywords : "amd64 x86"

=net-libs/xulrunner-1.9.2.15
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=www-client/icecat-3.6.15
Target keywords : "amd64 ppc ppc64 x86"




Comment 10 Agostino Sarubbo gentoo-dev 2011-03-06 12:04:25 UTC
when i open all programs i see:

$PROGRAM could not install this item because "install.rdf" (provided by the item) is not well-formed or does not exist. Please contact the author about this problem.

but they run. This warning can be dangerous?
Comment 11 Alex Buell 2011-03-06 12:20:51 UTC
Tested on SPARC, both firefox-3.6.15 and xulrunner-1.9.2.15 still exhibit crashes, cannot stabilise at all. I know I've been told that someone needs to debug the program on SPARC, but the fact that the same software works on x86 and PPC makes me wonder if there's some kind of miscompilation going on within GCC. 
Comment 12 Alex Buell 2011-03-06 12:21:04 UTC
Tested on SPARC, both firefox-3.6.15 and xulrunner-1.9.2.15 still exhibit crashes, cannot stabilise at all. I know I've been told that someone needs to debug the program on SPARC, but the fact that the same software works on x86 and PPC makes me wonder if there's some kind of miscompilation going on within GCC. 
Comment 13 Markos Chandras (RETIRED) gentoo-dev 2011-03-06 18:56:33 UTC
amd64 done
Comment 14 Tim Sammut (RETIRED) gentoo-dev 2011-03-07 00:06:52 UTC
The original summary for this bug was longer than 255 characters, and so it was truncated when Bugzilla was upgraded. The original summary was:

<www-client/firefox{,-bin}-3.6.15, <mail-client/thunderbird{,-bin}-3.1.9, <www-client/seamonkey{,-bin}-2.0.12, <www-client/icecat-3.6.15, <net-libs/xulrunner-1.9.2.15: Multiple Vulnerabilities (CVE-2010-1585, CVE-2011-{0051,0053,0054,0055,0056,0057,0058,0059,0061,0062})
Comment 15 Jeroen Roovers (RETIRED) gentoo-dev 2011-03-07 13:02:37 UTC
Stable for HPPA.
Comment 16 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-03-08 08:28:51 UTC
ppc/ppc64 stable
Comment 17 Thomas Kahle (RETIRED) gentoo-dev 2011-03-08 14:37:49 UTC
x86 done. Thanks fellows.
Comment 18 Markus Meier gentoo-dev 2011-03-13 20:43:47 UTC
arm stable
Comment 19 Raúl Porcel (RETIRED) gentoo-dev 2011-03-18 17:21:17 UTC
alpha/ia64/sparc done, sparc will pass on xulrunner and firefox since it sigbuses(so does 3.6.13)
Comment 20 Tim Sammut (RETIRED) gentoo-dev 2011-03-19 22:38:28 UTC
Thank you, everyone. Added to existing GLSA request.
Comment 21 Jory A. Pratt gentoo-dev 2011-10-31 21:54:02 UTC
nothing for mozilla team here.
Comment 22 Jory A. Pratt gentoo-dev 2011-12-12 16:42:18 UTC
remove mozilla from cc, if needed add us back.
Comment 23 GLSAMaker/CVETool Bot gentoo-dev 2012-07-21 14:28:44 UTC
CVE-2010-1585 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585):
  The nsIScriptableUnescapeHTML.parseFragment method in the
  ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17
  and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before
  2.0.12 does not properly sanitize HTML in a chrome document, which makes it
  easier for remote attackers to execute arbitrary JavaScript with chrome
  privileges via a javascript: URI in input to an extension, as demonstrated
  by a javascript:alert sequence in (1) the HREF attribute of an A element or
  (2) the ACTION attribute of a FORM element.
Comment 24 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:04:31 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).