Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 92393 - www-client/mozilla-firefox: 1.0.4 fixes (CAN-2005-147{6|7})
Summary: www-client/mozilla-firefox: 1.0.4 fixes (CAN-2005-147{6|7})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
URL: http://www.mozilla.org/projects/secur...
Whiteboard: A2 [glsa] koon
Keywords:
Depends on:
Blocks:
 
Reported: 2005-05-12 09:17 UTC by Jean-François Brunette (RETIRED)
Modified: 2005-08-15 21:40 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jean-François Brunette (RETIRED) gentoo-dev 2005-05-12 09:17:43 UTC
MFSA 2005-44  Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL
Comment 1 Jory A. Pratt 2005-05-12 09:49:23 UTC

*** This bug has been marked as a duplicate of 91859 ***
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-12 09:52:19 UTC
Reopening to handle stable marking for firefox and mozilla seperately.
Comment 3 Lars Weiler (RETIRED) gentoo-dev 2005-05-12 12:20:50 UTC
Firefox 1.0.4 already stable on ppc.
Comment 4 Björn Michaelsen 2005-05-12 14:10:49 UTC
tested 1.0.4 on x86 - builds and runs with various extensions.

Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.4.20041102-r1, 2.6.10-rc3 i686)
=================================================================
System uname: 2.6.10-rc3 i686 AMD Athlon(tm) XP 2400+
Gentoo Base System version 1.4.16
Python:              dev-lang/python-2.1.3-r1,dev-lang/python-2.2.3-r5,dev-lang/python-2.3.5 [2.3.5 (#1, Apr 28 2005, 23:17:06)]
distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
dev-lang/python:     2.1.3-r1, 2.2.3-r5, 2.3.5
sys-apps/sandbox:    [Not Present]
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.5
sys-devel/binutils:  2.15.92.0.2-r7
sys-devel/libtool:   1.5.16
virtual/os-headers:  2.6.8.1-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=athlon-xp -mmmx -m3dnow -fomit-frame-pointer -fforce-addr -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=athlon-xp -mmmx -m3dnow -fomit-frame-pointer -fforce-addr -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig candy ccache distlocks sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.gentoo.skynet.be/pub/gentoo/"
LANG="de_DE.utf8"
LC_ALL="de_DE.utf8"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="x86 3dnow 3ds X Xaw3d aalib acpi acpi4linux alsa avi berkdb bitmap-fonts blas bzlib cdparanoia cdr crypt cscope cups curl dga divx4linux dvd dvdread editor eds emboss encode esd f2c fam fbcon ffmpeg font-server foomaticdb fortran gdbm gif gimpprint glut gstreamer gtk gtk2 guile imagemagick imlib java jikes joystick jpeg junit libg++ libwww live ltsp mad maildir mcal mikmod mmx mng motif mozilla moznocompose moznoirc moznomail mozp3p mozsvg mozxmlterm mp3 mpeg mpeg4 nas ncurses network nls nntp nptl nvidia offensive ogg oggvorbis openal opengl oscar oss pam pcre pdflib perl physfs pic plotutils png ppds python readline real rtc sasl sdl server slang softmmu spell sqlite sse ssl svg tcpd tetex tiff tools transcode truetype truetype-fonts type1-fonts unicode usb userlocales v4l v4l2 vim-with-x vorbis xinerama xml xml2 xsl xv xvid zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CBUILD, CTARGET, LDFLAGS, LINGUAS
Comment 5 Bryan Østergaard (RETIRED) gentoo-dev 2005-05-13 01:50:32 UTC
Stable on alpha + ia64.
Comment 6 Jannick Kuhr 2005-05-13 02:15:07 UTC
Shouldn't mozilla-firefox-bin be marked stable (amd64,x86) as well?
Comment 7 Olivier Calle 2005-05-13 07:49:53 UTC
Just a note: I think this has been there a long time, but at lines 152-153, there is no escape of the newline, so the first sed substitution never occurs and the "s:/lib/firefox... line generates extraneous errors in the emerge logfile (or to the screen).  The fix would be to put that all on one line, or escape the newline.
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-13 09:03:02 UTC
Readding amd64 to mark -bin stable.
Comment 9 Guy Martin (RETIRED) gentoo-dev 2005-05-13 09:04:09 UTC
Stable on hppa.
Comment 10 Carsten Lohrke (RETIRED) gentoo-dev 2005-05-13 10:58:22 UTC
Stable on x86.
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2005-05-13 13:36:45 UTC
x86, amd64: please test and mark mozilla-firefox-bin-1.0.4 stable.
Comment 12 Simon Stelling (RETIRED) gentoo-dev 2005-05-14 01:06:56 UTC
amd64 stable
Comment 13 Olivier Crete (RETIRED) gentoo-dev 2005-05-14 10:42:14 UTC
x86 there... sorry for the delay
Comment 14 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-15 03:29:04 UTC
GLSA 200505-11

arm please remember to mark stable.