| Summary: | www-client/mozilla-firefox < 2.0.0.12 +others Multiple vulnerabilities (CVE-2008-{0304,0412,0413,0414,0415,0416,0417,0418,0419,0420,0591,0592,0593,0594}) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | normal | CC: | mail, michael.schachtebeck, mozilla, polynomial-c | ||||
| Priority: | High | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | A3 [glsa] | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Bug Depends on: | |||||||
| Bug Blocks: | 181361 | ||||||
| Attachments: |
|
||||||
|
Description
Robert Buchholz (RETIRED)
2008-01-30 01:50:43 UTC
I assume this also affects Linux, but the POC is for Windows only. Mozilla herd, can you advise here? Otherwise, we'd have to dig into that. I've been told this affects Linux as well, a release is expected for monday. Thanks, let's wait then. Hi, www-client/seamonkey is also affected by this. Should seamonkey get its own bugreport or can someone add seamonkey to this bug? firefox-2.0.0.12 and seamonkey-1.1.8 have been released and both contain fixes for this bug. List of fixes for firefox: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.12 List of fixes for saeamonkey: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey1.1.8 Cheers Poly-C Created attachment 142973 [details, diff]
seamonkey-1.1.7-to-1.1.8-patchupdates.diff
This diff is for the seamonkey-1.1.7-patches-05 patchset so that the patchset can be used for seamonkey-1.1.8
net-libs/xulrunner-1.8.1.12 www-client/mozilla-firefox[-bin]-2.0.0.12 www-client/seamonkey[-bin]-1.1.8 in the tree Arches, please test and mark stable: =www-client/mozilla-firefox-2.0.0.12 Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 release sparc x86" =www-client/mozilla-firefox-bin-2.0.0.12 Target keywords : "amd64 release x86" =www-client/seamonkey-1.1.8 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86" =www-client/seamonkey-bin-1.1.8 Target keywords : "amd64 release x86" =net-libs/xulrunner-1.8.1.12 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86" alpha/ia64/sparc stable powerpc done x86 stable readding x86, only firefox non-bin has been marked stable....seamonkey, xulrunner are still missing. x86 stable Stable for HPPA:
> =www-client/mozilla-firefox-2.0.0.12
> =www-client/seamonkey-1.1.8
> =net-libs/xulrunner-1.8.1.12
net-libs/xulrunner-1.8.1.12 USE="java -debug -gnome -ipv6 -xinerama -xprint" * Emerges on AMD64. * Works with mplayerplug-in. www-client/seamonkey-1.1.8 USE="crypt -debug -gnome -ipv6 -java -ldap -mozdevelop -moznocompose -moznoirc -moznomail -moznopango -moznoroaming -postgres -xforms -xinerama -xprint" * Emerges on AMD64. * Works! - - Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r3 x86_64) ================================================================= System uname: 2.6.23-gentoo-r3 x86_64 AMD Turion(tm) 64 X2 Mobile Technology TL-56 Timestamp of tree: Sun, 10 Feb 2008 23:30:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] app-shells/bash: 3.2_p17-r1 dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.10-r5 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -Os -msse3 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=k8 -Os -msse3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://213.186.33.37/gentoo-distfiles/" LANG="en_US" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X a52 aac acpi alsa amd64 amr amrnb amrwb bash-completion berkdb bitmap-fonts branding bzip2 cairo cli cracklib crypt cups dbus divx doc dvd dvdr emerald fam ffmpeg firefox flac fortran gd gdbm gif glade glib glitz gtk gtkspell hal hddtemp iconv imagemagick insecure-savers isdnlog javascript jpeg jpeg2k kqemu libcaca libnotify midi mmx mmxext mp2 mp3 mp4 mpeg mplayer mudflap musicbrainz mysql ncurses nls nptl nptlonly offensive ogg opengl openmp pam pcre png pppd python quicktime readline realmedia reflection samba sdl session smp spell spl sse sse2 ssl stream svg syslog taglib tcpd threads truetype truetype-fonts type1 type1-fonts unicode v4l v4l2 vhosts vim-syntax vorbis wifi wmp xcomposite xorg xosd xpm xscreensaver xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics joystick" KERNEL="linux" LCD_DEVICES="xosd" USERLAND="GNU" VIDEO_CARDS="nv nvidia none" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS amd64 done CVE-2008-0412:
The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird
before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to
cause a denial of service (crash) and possibly trigger memory
corruption via vectors related to the (1)
nsTableFrame::GetFrameAtOrBefore, (2)
nsAccessibilityService::GetAccessible, (3)
nsBindingManager::GetNestedInsertionPoint, (4)
nsXBLPrototypeBinding::AttributeChanged, (5)
nsColumnSetFrame::GetContentInsertionFrame, and (6)
nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.
CVE-2008-0413:
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird
before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to
cause a denial of service (crash) and possibly trigger memory
corruption via (1) a large switch statement, (2) certain uses of watch
and eval, (3) certain uses of the mousedown event listener, and other
vectors.
CVE-2008-0414:
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows
user-assisted remote attackers to trick the user into uploading
arbitrary files via label tags that shift focus to a file input field,
aka "focus spoofing."
CVE-2008-0415:
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and
SeaMonkey before 1.1.8 allows remote attackers to execute script
outside of the sandbox and conduct cross-site scripting (XSS) attacks
via multiple vectors including the XMLDocument.load function, aka
"JavaScript privilege escalation bugs."
CVE-2008-0417:
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows
remote user-assisted web sites to corrupt the user's password store
via newlines that are not properly handled when the user saves a
password.
CVE-2008-0418:
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12,
Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using
"flat" addons, allows remote attackers to read arbitrary Javascript,
image, and stylesheet files via the chrome: URI scheme, as
demonstrated by stealing session information from sessionstore.js.
CVE-2008-0419:
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows
remote attackers to steal navigation history and cause a denial of
service (crash) via images in a page that uses designMode frames,
which triggers memory corruption related to resize handles.
CVE-2008-0591:
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 allows
user-assisted remote attackers to cause users to confirm a
timer-enabled security dialog by using a timer to change the window
focus.
CVE-2008-0592:
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows
user-assisted remote attackers to cause a denial of service via a
plain .txt file with a "Content-Disposition: attachment" and an
invalid "Content-Type: plain/text," which prevents Firefox from
rendering future plain text files within the browser.
CVE-2008-0593:
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and
SeaMonkey before 1.1.8, modifies the .href property of stylesheet DOM
nodes to the final URI of a 302 redirect, which might allow remote
attackers to bypass the Same Origin Policy and read sensitive
information from the original URL, such as with Single-Signon systems.
CVE-2008-0594:
Mozilla Firefox before 2.0.0.12 does not always display a web forgery
warning dialog if the entire contents of a web page are in a DIV tag
that uses absolute positioning, which makes it easier for remote
attackers to conduct phishing attacks.
Updated in release snapshot. Thunderbird-2.0.0.12 is in the tree Okay, arches please do: =mail-client/mozilla-thunderbird-2.0.0.12 =mail-client/mozilla-thunderbird-bin-2.0.0.12 And it's dep: =x11-plugins/enigmail-0.95.6-r2 Thanks x86 stable ppc64 done Adding release amd64 done ppc stable mips is going all ~arch. www-client/seamonkey, www-client/seamonkey-bin, www-client/mozilla-firefox, www-client/mozilla-firefox-bin, net-libs/xulrunner, x11-plugins/enigmail, mail-client/mozilla-thunderbird, mail-client/mozilla-thunderbird-bin are updated in release snapshot. Other apps than firefox finally stable on ppc. CVE-2008-0304 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0304): Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. *** Bug 211602 has been marked as a duplicate of this bug. *** CVE-2008-0420: modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10. CVE-2008-0416 was also fixed in .12, see http://www.mozilla.org/security/announce/2008/mfsa2008-13.html GLSA 200805-18, sorry for the delay. |