Calling a specially crafted javascript function can expose parts of firefox's allocated memory to an external host. Secunia provides an online demo (follow URL above), mozilla suite is also vulnerable. The problem is already fixed in the development branches, a patch is available here: https://bugzilla.mozilla.org/show_bug.cgi?id=288688 I recompiled mozilla-firefox-1.0.2-r1 with "fix, v4" (see mozilla bug report), Secunia's demo no longer works. Please consider to upgrade the ebuild. Reproducible: Always Steps to Reproduce: 1. Go to secunia's demo site: http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/ 2. Click the demo button.
Just read about firefox-1.0.3 coming up, it will address this issue: http://mozillazine.org/talkback.html?article=6336
Created attachment 55569 [details] jsstr.c.patch Just added the full path to the diff output of the original patch.
Created attachment 55570 [details] mozilla-firefox-1.0.2-r2.ebuild Ebuild which expects the patch file in the files dir. Pretty easy to fix, but worth a GLSA, isn't it?
Created attachment 56434 [details] mozilla-firefox-1.0.2-r4.diff Since I currently maintain the state of mozilla-firefox' ebuild I made a diff to include the js-fix, so we have the most current state. Revision is bumped to r4. The filesdir-name of the fix should be mozilla-firefox-1.0.2-jsstr.c.patch The diff is against the mozilla-ebuild from http://bugs.gentoo.org/show_bug.cgi?id=86070
Hi, Mozilla released version 1.0.3 of Firefox which solved the security vulnerable. Hope we found the ebuild asap in portage. The current version 1.0.3 source can be downloaded at http://www.mozilla.org/download-mozilla.html Thanks, Benjamin
Obsolete bug, 1.0.7 is the oldest version in portage now.
