Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 413655 (CVE-2011-1187) - www-client/firefox{,-bin} , mail-client/thunderbird{,-bin} : Multiple vulnerabilities (CVE-2011-{1187,3062} (CVE-2012-{0467,0468,0469,0470,0471,0472,0473,0474,0475,0476,0477,0478,0479})
Summary: www-client/firefox{,-bin} , mail-client/thunderbird{,-bin} : Multiple vulnera...
Status: RESOLVED FIXED
Alias: CVE-2011-1187
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/48932/
Whiteboard: ~2 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-26 18:41 UTC by Agostino Sarubbo
Modified: 2013-09-27 08:47 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-04-26 18:41:52 UTC
From secunia security advisory at $URL:


Description
Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose certain system and sensitive information, bypass certain security restrictions, and compromise a user's system.

1) Multiple unspecified errors can be exploited to corrupt memory.

2) A use-after-free error exists within the XPConnect hashtable when handling IDBKeyRange indexedDB.

3) An error within the gfxImageSurface class when handling certain graphic values can be exploited to cause a heap-based buffer overflow.

4) An error when handling multi-octet encoding can be exploited to conduct cross-site scripting attacks.

5) An error within the "cairo_dwrite_font_face()" function when rendering fonts can be exploited to corrupt memory.

6) An error within the "WebGL.drawElements()" function when handling certain template arguments can be exploited to disclose contents of arbitrary video memory.

7) An error within docshell when loading pages can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar and e.g. conduct cross-site scripting attacks.

8) An error within the handling of XMLHttpRequest and WebSocket while using an IPv6 address can be exploited to bypass the same-origin policy.

9) An error when decoding ISO-2022-KR and ISO-2022-CN character sets can be exploited to conduct cross-site scripting attacks.

10) An error exists within the "texImage2D()" function within WebGL when using JSVAL_TO_OBJECT.

11) An off-by-one error exists within the OpenType sanitizer when parsing certain data.

12) An error within the handling of javascript errors can be exploited to disclose the file names and location of javascript files on a server.

13) An error when handling RSS and Atom XML content loaded over HTTPS can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.

Successful exploitation of vulnerabilities #1, #2, #3, #5, #10, and #11 may allow execution of arbitrary code.


Solution
Upgrade to Firefox version 12.0 and Thunderbird version 12.0
Comment 1 KinG-InFeT 2012-04-28 11:32:44 UTC
v12.0 bump request
Comment 2 Sergey Popov gentoo-dev 2013-09-27 08:47:55 UTC
Old bug, closing as fixed cause we have 17.0.* in tree