Fixed in Firefox 3.6.18 MFSA 2011-24 Cookie isolation error MFSA 2011-23 Multiple dangling pointer vulnerabilities MFSA 2011-22 Integer overflow and arbitrary code execution in Array.reduceRight() MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18) Also, the fixes are available in Firefox-5.0
The following four also affect seamonkey. MFSA 2011-22 Integer overflow and arbitrary code execution in Array.reduceRight() MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18) @mozilla, would it be possible to add fixed seamonkey and seamonkey-bin to the tree too? icecat too, but we usually do not wait for that. Thanks.
*** Bug 374303 has been marked as a duplicate of this bug. ***
CVE-2011-2377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377): Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. CVE-2011-2376 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2011-2375 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2011-2374 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2011-2371 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371): Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. CVE-2011-2365 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365): Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364. CVE-2011-2364 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364): Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365. CVE-2011-2363 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363): Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. CVE-2011-2362 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362): Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. CVE-2011-0085 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085): Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater. CVE-2011-0083 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083): Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
CVE-2011-2605 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605): CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
ebuilds are already in the tree, any reason we do not have archs cc'd?
We've got a newer mozilla bug in 379549; let's work there.
re-add if needed.
This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle).
