Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 373595 (CVE-2011-0083) - <net-libs/xulrunner-1.9.2.18, <www-client/firefox{,-bin}-3.6.18, <mail-client/thunderbird{,-bin}-3.1.11, www-client/seamonkey{,-bin}: multiple vulnerabilities (CVE-2011-{0083,0085,2362,2363,2364,2365,2371,2373,2374,2375,2376,2377,2605})
Summary: <net-libs/xulrunner-1.9.2.18, <www-client/firefox{,-bin}-3.6.18, <mail-client...
Status: RESOLVED FIXED
Alias: CVE-2011-0083
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.mozilla.org/security/known...
Whiteboard: B2 [glsa]
Keywords:
: 374303 (view as bug list)
Depends on: CVE-2011-0084
Blocks:
  Show dependency tree
 
Reported: 2011-06-30 15:09 UTC by Mike Limansky
Modified: 2013-01-08 01:04 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Limansky 2011-06-30 15:09:04 UTC
Fixed in Firefox 3.6.18
MFSA 2011-24 Cookie isolation error
MFSA 2011-23 Multiple dangling pointer vulnerabilities
MFSA 2011-22 Integer overflow and arbitrary code execution in Array.reduceRight()
MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images
MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled
MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)

Also, the fixes are available in Firefox-5.0
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-07-03 15:54:52 UTC
The following four also affect seamonkey.

MFSA 2011-22 Integer overflow and arbitrary code execution in
Array.reduceRight()
MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images
MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script
disabled
MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)

@mozilla, would it be possible to add fixed seamonkey and seamonkey-bin to the tree too? icecat too, but we usually do not wait for that. Thanks.
Comment 2 Agostino Sarubbo gentoo-dev 2011-07-07 09:32:33 UTC
*** Bug 374303 has been marked as a duplicate of this bug. ***
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2011-07-11 22:54:10 UTC
CVE-2011-2377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377):
  Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before
  3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a
  denial of service (memory corruption and application crash) or possibly
  execute arbitrary code via a multipart/x-mixed-replace image.

CVE-2011-2376 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers
  to cause a denial of service (memory corruption and application crash) or
  possibly execute arbitrary code via unknown vectors.

CVE-2011-2375 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to
  cause a denial of service (memory corruption and application crash) or
  possibly execute arbitrary code via unknown vectors.

CVE-2011-2374 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11,
  allow remote attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2011-2371 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371):
  Integer overflow in the Array.reduceRight method in Mozilla Firefox before
  3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey
  through 2.0.14 allows remote attackers to execute arbitrary code via vectors
  involving a long JavaScript Array object.

CVE-2011-2365 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365):
  Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x
  before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause
  a denial of service (memory corruption and application crash) or possibly
  execute arbitrary code via unknown vectors, a different vulnerability than
  CVE-2011-2364.

CVE-2011-2364 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364):
  Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x
  before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause
  a denial of service (memory corruption and application crash) or possibly
  execute arbitrary code via unknown vectors, a different vulnerability than
  CVE-2011-2365.

CVE-2011-2363 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363):
  Use-after-free vulnerability in the nsSVGPointList::AppendElement function
  in the implementation of SVG element lists in Mozilla Firefox before 3.6.18,
  Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote
  attackers to cause a denial of service (application crash) or possibly
  execute arbitrary code via vectors involving a user-supplied callback.

CVE-2011-2362 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362):
  Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey
  through 2.0.14 do not distinguish between cookies for two domain names that
  differ only in a trailing dot, which allows remote web servers to bypass the
  Same Origin Policy via Set-Cookie headers.

CVE-2011-0085 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085):
  Use-after-free vulnerability in the nsXULCommandDispatcher function in
  Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey
  through 2.0.14 allows remote attackers to execute arbitrary code via a
  crafted XUL document that dequeues the current command updater.

CVE-2011-0083 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083):
  Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function
  in the implementation of SVG element lists in Mozilla Firefox before 3.6.18,
  Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote
  attackers to cause a denial of service (application crash) or possibly
  execute arbitrary code via vectors involving a user-supplied callback.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2011-07-11 22:56:30 UTC
CVE-2011-2605 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605):
  CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal
  function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before
  3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote
  attackers to bypass intended access restrictions via a string containing a
  \n (newline) character, which is not properly handled in a JavaScript
  "document.cookie =" expression, a different vulnerability than
  CVE-2011-2374.
Comment 5 Jory A. Pratt gentoo-dev 2011-08-01 02:15:32 UTC
ebuilds are already in the tree, any reason we do not have archs cc'd?
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2011-08-17 17:41:27 UTC
We've got a newer mozilla bug in 379549; let's work there.
Comment 7 Jory A. Pratt gentoo-dev 2011-12-12 17:05:04 UTC
re-add if needed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:04:52 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).