Fixed in Firefox 2.0.0.15 MFSA 2008-33 Crash and remote code execution in block reflow MFSA 2008-32 Remote site run as local file via Windows URL shortcut MFSA 2008-31 Peer-trusted certs can use alt names to spoof MFSA 2008-30 File location URL in directory listings not escaped properly MFSA 2008-29 Faulty .properties file results in uninitialized memory being used MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-24 Chrome script loading from fastload file MFSA 2008-23 Signed JAR tampering MFSA 2008-22 XSS through JavaScript same-origin violation MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15) Fixed in SeaMonkey 1.1.10 MFSA 2008-33 Crash and remote code execution in block reflow MFSA 2008-32 Remote site run as local file via Windows URL shortcut MFSA 2008-31 Peer-trusted certs can use alt names to spoof MFSA 2008-30 File location URL in directory listings not escaped properly MFSA 2008-29 Faulty .properties file results in uninitialized memory being used MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-24 Chrome script loading from fastload file MFSA 2008-23 Signed JAR tampering MFSA 2008-22 XSS through JavaScript same-origin violation MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15) MFSA 2008-20 Crash in JavaScript garbage collector
To stabilize: =www-client/mozilla-firefox-2.0.0.15 Arches: "alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86" =www-client/mozilla-firefox-bin-2.0.0.15 ches: "amd64 x86" =www-client/seamonkey-1.1.10 Arches: "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =www-client/seamonkey-bin-1.1.10 ches: "amd64 x86" =net-libs/xulrunner-1.8.1.15 Arches: "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =net-libs/xulrunner-bin-1.8.1.15 Arches: "amd64 x86" Have fun
x86 done
alpha/ia64/sparc stable
Stable for HPPA: =net-libs/xulrunner-1.8.1.15 =www-client/seamonkey-1.1.10 =www-client/mozilla-firefox-2.0.0.15
amd64 stable for -bin
ppc and ppc64 done
what about thunderbird? Did someone requests CVE ids for these? anyway, glsa request filed.
thunderbird will be out when firefox 2.0.0.16 is and 3.0.1, which is supposed to be 15th july
CVE-2008-2798 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2798): Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. CVE-2008-2799 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2799): Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. CVE-2008-2800 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2800): Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest. CVE-2008-2801 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2801): Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files. CVE-2008-2802 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2802): Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level." CVE-2008-2803 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2803): The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. CVE-2008-2805 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2805): Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range. CVE-2008-2806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2806): Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect. CVE-2008-2807 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2807): Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file. CVE-2008-2808 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2808): Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. CVE-2008-2809 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2809): Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. CVE-2008-2810 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2810): Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut. CVE-2008-2811 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2811): The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.
Thunderbird 2.0.0.16 is out, fixing 8 MFSAs. http://www.mozilla.com/en-US/thunderbird/2.0.0.16/releasenotes/ http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
GLSA 200808-03
