Summary: | <www-client/firefox{,-bin}-3.6.3 <www-client/icecat-3.6.3 Memory Corrpution (CVE-2010-1121) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | bugs_gentoo_org.korobkov, pacho |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.mozilla.org/security/announce/2010/mfsa2010-25.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 314011, 314025 | ||
Bug Blocks: |
Description
Alex Legler (RETIRED)
2010-04-02 08:39:09 UTC
firefox/xulrunner/firefox-bin all in tree, will be a few days on icecat. all packages are in tree, we just have to wait on a few other packages before we push forward with finishing this up. @security: I would suggest not waiting for hppa before releasing the GLSAs. We already have a newer security bug to be tackled as well: bug 324735 Removing gnome-doc-utils/yelp from dependencies since only hppa is left for those, and they're listed in the deps of bug 314025 anyway. Please note that a www-client/mozilla-firefox -> www-client/firefox pkgmove was just done. Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore. Added to existing mozilla GLSA request. CVE-2010-1121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121): Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle). |