Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 419917 (CVE-2011-3101) - <mail-client/thunderbird{,-bin}-10.0.5,<www-client/firefox{,-bin}-10.0.5,<www-client/seamonkey{,-bin}-2.10.1 multiple vulnerabilities (CVE-2011-3101,CVE-2012-{0441,1937,1938,1939,1940,1941,1942,1943,1944,1945,1946,1947,3105})
Summary: <mail-client/thunderbird{,-bin}-10.0.5,<www-client/firefox{,-bin}-10.0.5,<www...
Status: RESOLVED FIXED
Alias: CVE-2011-3101
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa]
Keywords:
Depends on: CVE-2012-1948
Blocks:
  Show dependency tree
 
Reported: 2012-06-06 13:30 UTC by Jory A. Pratt
Modified: 2013-10-06 15:31 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jory A. Pratt gentoo-dev 2012-06-06 13:30:48 UTC
MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-34 Miscellaneous memory safety hazards 

nspr-4.9.1 and nss-3.13.5 can start to be stabilized. Ebuilds for fx/tb-10.0.5 are being worked on and will be added soon as possible.

Reproducible: Always
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2012-06-06 14:43:39 UTC
Thanks for the bug, Jory.

MFSA 2012-34: CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939
MFSA 2012-35: CVE-2012-1942, CVE-2012-1943
MFSA 2012-36: CVE-2012-1944
MFSA 2012-37: CVE-2012-1945
MFSA 2012-38: CVE-2012-1946
MFSA 2012-39: CVE-2012-0441
MFSA 2012-40: CVE-2012-1940, CVE-2012-1941, CVE-2012-1947
Comment 2 Lars Wendler (Polynomial-C) gentoo-dev 2012-06-06 14:44:04 UTC
+*firefox-10.0.5 (06 Jun 2012)
+
+  06 Jun 2012; Lars Wendler <polynomial-c@gentoo.org> -firefox-10.0.3.ebuild,
+  +firefox-10.0.5.ebuild:
+  Security bump. Removed old.
+

+*thunderbird-10.0.5 (06 Jun 2012)
+
+  06 Jun 2012; Lars Wendler <polynomial-c@gentoo.org>
+  -thunderbird-10.0.3.ebuild, +thunderbird-10.0.5.ebuild:
+  Security bump. Removed old.
+
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2012-06-06 15:30:16 UTC
Thanks much; let's roll on tb/fx and readd arches as others become available.

Arches, please test and mark stable:
=www-client/firefox-10.0.5
Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86"

=dev-libs/nspr-4.9.1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=dev-libs/nss-3.13.5
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=mail-client/thunderbird-10.0.5
Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86"
Comment 4 Jory A. Pratt gentoo-dev 2012-06-06 19:56:49 UTC
(In reply to comment #3)
> Thanks much; let's roll on tb/fx and readd arches as others become available.
> 
> Arches, please test and mark stable:
> =www-client/firefox-10.0.5
> Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86"
> 
> =dev-libs/nspr-4.9.1
> Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
> 
> =dev-libs/nss-3.13.5
> Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
> 
> =mail-client/thunderbird-10.0.5
> Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86"

You can bring in seamonkey and seamonkey-bin they are both in the tree as well.
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-06-06 20:00:08 UTC
(In reply to comment #4)
> 
> You can bring in seamonkey and seamonkey-bin they are both in the tree as
> well.

Thanks, updated targets:

Arches, please test and mark stable:
=www-client/firefox-10.0.5
Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86"

=dev-libs/nspr-4.9.1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=dev-libs/nss-3.13.5
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=mail-client/thunderbird-10.0.5
Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86"

=www-client/seamonkey-2.10
Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86"

=www-client/seamonkey-bin-2.10
Target keywords : "amd64 x86"
Comment 6 Maurizio Camisaschi (amd64 AT) 2012-06-08 11:37:31 UTC
(In reply to comment #5)
> =www-client/firefox-10.0.5
> =dev-libs/nspr-4.9.1
> =dev-libs/nss-3.13.5
> =www-client/seamonkey-bin-2.10

amd64 ok

> =mail-client/thunderbird-10.0.5

a part usually known bug (Bug 398389) for everything else amd64 is ok
 
> =www-client/seamonkey-2.10

fails to build with specific use flags (Bug 420233) but for everything else amd64 is ok
Comment 7 Agostino Sarubbo gentoo-dev 2012-06-09 15:16:08 UTC
why there aren't -bin for firefox and thunderbird in the list of stabilization?lapse?
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2012-06-10 15:14:51 UTC
Agostino, next time just fix it, please.

Arches, this is the complete list. Please test and mark stable:

=www-client/firefox-10.0.5
Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86"

=www-client/firefox-bin-10.0.5
Target keywords : "amd64 x86"

=dev-libs/nspr-4.9.1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=dev-libs/nss-3.13.5
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=mail-client/thunderbird-10.0.5
Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86"

=mail-client/thunderbird-bin-10.0.5
Target keywords : "amd64 x86"

=www-client/seamonkey-2.10
Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86"

=www-client/seamonkey-bin-2.10
Target keywords : "amd64 x86"
Comment 9 Agostino Sarubbo gentoo-dev 2012-06-11 12:29:12 UTC
amd64 stable
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2012-06-13 21:34:15 UTC
x86:
all *-bin packages was pass
Also i'm not see problems with other packages and libraries: compile and run: everything fine. Compile with specific USE flags combination:ok for me. All RDEPEND compile is fine. Also ho problems with repoman for this versions.
Thunderbird: i can reproduce Bug 398389.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 18:00:47 UTC
CVE-2012-3105 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3105):
  The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x
  through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0,
  Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not
  properly mitigate an unspecified flaw in an NVIDIA driver, which allows
  remote attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via unknown vectors, a
  related issue to CVE-2011-3101.

CVE-2012-1947 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947):
  Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla
  Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0
  through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10
  allows remote attackers to execute arbitrary code via vectors that trigger a
  character-set conversion failure.

CVE-2012-1946 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946):
  Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function
  in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
  Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and
  SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code
  via document changes involving replacement or insertion of a node.

CVE-2012-1945 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945):
  Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
  Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and
  SeaMonkey before 2.10 allow local users to obtain sensitive information via
  an HTML document that loads a shortcut (aka .lnk) file for display within an
  IFRAME element, as demonstrated by a network share implemented by (1)
  Microsoft Windows or (2) Samba.

CVE-2012-1944 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1944):
  The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x
  through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0,
  Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block
  inline event handlers, which makes it easier for remote attackers to conduct
  cross-site scripting (XSS) attacks via a crafted HTML document.

CVE-2012-1943 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1943):
  Untrusted search path vulnerability in Updater.exe in the Windows Updater
  Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on
  Windows allows local users to gain privileges via a Trojan horse wsock32.dll
  file in an application directory.

CVE-2012-1942 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1942):
  The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0,
  Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain
  privileges by loading a DLL file in a privileged context.

CVE-2012-1941 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941):
  Heap-based buffer overflow in the
  nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x
  through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0,
  Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote
  attackers to execute arbitrary code by resizing a window displaying
  absolutely positioned and relatively positioned elements in nested columns.

CVE-2012-1940 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940):
  Use-after-free vulnerability in the nsFrameList::FirstChild function in
  Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5,
  Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and
  SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or
  cause a denial of service (heap memory corruption and application crash) by
  changing the size of a container of absolutely positioned elements in a
  column.

CVE-2012-1939 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939):
  jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR
  10.x before 10.0.5 does not properly determine data types, which allows
  remote attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via crafted JavaScript
  code.

CVE-2012-1938 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10
  allow remote attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via vectors related to
  (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow
  function in js/src/jsarray.cpp, and unknown other components.

CVE-2012-1937 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0
  through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10
  allow remote attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2012-0441 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441):
  The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security
  Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox
  ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x
  before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a
  denial of service (application crash) via a zero-length item, as
  demonstrated by (1) a zero-length basic constraint or (2) a zero-length
  field in an OCSP response.
Comment 12 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-06-17 17:26:14 UTC
Please stabilise =www-client/seamonkey-2.10.1 and =www-client/seamonkey-bin-2.10.1 as they fix some MAJOR issues that cropped up in seamonkey(-bin)-2.10.

amd64 re-added for that reason.

No change for firefox and thunderbird stabilisation versions as the only stable branch is 10.0.x which is unaffected.
Comment 13 Agostino Sarubbo gentoo-dev 2012-06-18 10:34:43 UTC
amd64 stable
Comment 14 Andreas Schürch gentoo-dev 2012-06-19 05:13:05 UTC
x86 stable, thanks Mikle!
Comment 15 Sean Amoss gentoo-dev Security 2012-07-20 15:08:27 UTC
Remaining arches will continue in bug 427224.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:05:37 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).