Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 88430

Summary: Please upgrade firefox in portage to latest nightly / 1.0.3 pre version
Product: Gentoo Linux Reporter: Roel Brook <Rainmaker526>
Component: Current packagesAssignee: Mozilla Gentoo Team <mozilla>
Status: RESOLVED DUPLICATE    
Severity: critical CC: Rainmaker526, security
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/14820/
Whiteboard:
Package list:
Runtime testing required: ---

Description Roel Brook 2005-04-08 23:18:12 UTC 
Title says it all... A vuneribility has been found in firefox < 1.0.3, which makes it possible for remote attackers to read (parts of) the memory.

See https://bugzilla.mozilla.org/show_bug.cgi?id=288688 and http://secunia.com/advisories/14820/

test at http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/ for vunurability.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.




Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.4.3-20050110,
glibc-2.3.4.20050125-r1, 2.6.12-rc1-love1 i686)
=================================================================
System uname: 2.6.12-rc1-love1 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.6.10
Python:              dev-lang/python-2.3.5 [2.3.5 (#1, Feb 18 2005, 00:46:55)]
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
dev-lang/python:     2.3.5
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.7.9-r1, 1.8.5-r3, 1.6.3, 1.5, 1.9.5
sys-devel/binutils:  2.15.92.0.2-r8
sys-devel/libtool:   1.5.14
virtual/os-headers:  2.6.8.1-r4
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer -mmmx -msse -m3dnow
-mfpmath=sse,387 -ffast-math"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env
/usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/lib/fax /usr/lib/mozilla/defaults/pref /usr/share/config
/var/qmail/alias /var/qmail/control /var/spool/fax/etc"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer -mmmx -msse -m3dnow
-mfpmath=sse,387 -ffast-math"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks parallel-fetch sandbox
sfperms"GENTOO_MIRRORS="http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/
ftp://gd.tuwien.ac.at/opsys/linux/gentoo/
ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo"
LANG="nl_NL@euro"
LC_ALL="nl_NL@euro"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="x86 3dnow 3dnowex X aalib alsa apache2 apm arts audiofile avi
bash-completion bitmap-fonts bonobo bzlib calender cdparanoia cdr chipcard
chroot crypt cups curl dba divx4linux dvd dvdr dvdread emboss encode esd fam
festival filepro flac foomaticdb fortran gd gdbm gif gnome gphoto2 gpm gstreamer
gtk gtk2 guile hal imagemagick imlib insecure-drivers java jpeg jpeg2k junit kde
ldap libg++ libwww live mad mikmod mime mmx mmxext mono motif mozdevelop mozilla
moznomail moznoxft mp3 mpeg mplayer msn mysql ncurses network nls nptl nvidia
odbc offensive oggvorbis ooo-kde opengl pam pdflib perl php pic png postgres
python qmail qt quicktime readline real rplay samba scanner sdk sdl session
sftplogging slang softmmu speex spell sqlite sse ssl stroke svga tcltk tcpd
threads tiff truetype truetype-fonts type1-fonts usb userlocales v4l wmf xine
xinerama xml xml2 xmms xprint xscreensaver xv xvid zlib video_cards_nvidia
linguas_nl"
Unset:  ASFLAGS, CBUILD, CTARGET, LDFLAGS
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-04-09 04:07:20 UTC 

*** This bug has been marked as a duplicate of 87906 ***