Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[gentoo-announce] [ GLSA 200808-03 ] Mozilla products: Multiple vulnerabilities

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 200808-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

http://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Severity: Normal

Title: Mozilla products: Multiple vulnerabilities

Date: August 06, 2008

Bugs: #204337, #218065, #230567, #231975

ID: 200808-03

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Synopsis

========

 

Multiple vulnerabilities have been reported in Mozilla Firefox,

Thunderbird, SeaMonkey and XULRunner, some of which may allow

user-assisted execution of arbitrary code.

 

Background

==========

 

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird

an open-source email client, both from the Mozilla Project. The

SeaMonkey project is a community effort to deliver production-quality

releases of code derived from the application formerly known as the

'Mozilla Application Suite'. XULRunner is a Mozilla runtime package

that can be used to bootstrap XUL+XPCOM applications like Firefox and

Thunderbird.

 

Affected packages

=================

 

-------------------------------------------------------------------

Package / Vulnerable / Unaffected

-------------------------------------------------------------------

1 mozilla-firefox < 2.0.0.16 >= 2.0.0.16

2 mozilla-firefox-bin < 2.0.0.16 >= 2.0.0.16

3 mozilla-thunderbird < 2.0.0.16 >= 2.0.0.16

4 mozilla-thunderbird-bin < 2.0.0.16 >= 2.0.0.16

5 seamonkey < 1.1.11 >= 1.1.11

6 seamonkey-bin < 1.1.11 >= 1.1.11

7 xulrunner < 1.8.1.16 >= 1.8.1.16

8 xulrunner-bin < 1.8.1.16 >= 1.8.1.16

-------------------------------------------------------------------

8 affected packages on all of their supported architectures.

-------------------------------------------------------------------

 

Description

===========

 

The following vulnerabilities were reported in all mentioned Mozilla

products:

 

* TippingPoint's Zero Day Initiative reported that an incorrect

integer data type is used as a CSS object reference counter, leading

to a counter overflow and a free() of in-use memory (CVE-2008-2785).

 

* Igor Bukanov, Jesse Ruderman and Gary Kwong reported crashes in the

JavaScript engine, possibly triggering memory corruption

(CVE-2008-2799).

 

* Devon Hubbard, Jesse Ruderman, and Martijn Wargers reported crashes

in the layout engine, possibly triggering memory corruption

(CVE-2008-2798).

 

* moz_bug_r_a4 reported that XUL documents that include a script from

a chrome: URI that points to a fastload file would be executed with

the privileges specified in the file (CVE-2008-2802).

 

* moz_bug_r_a4 reported that the mozIJSSubScriptLoader.LoadScript()

function only apply XPCNativeWrappers to scripts loaded from standard

"chrome:" URIs, which could be the case in third-party add-ons

(CVE-2008-2803).

 

* Astabis reported a crash in the block reflow implementation related

to large images (CVE-2008-2811).

 

* John G. Myers, Frank Benkstein and Nils Toedtmann reported a

weakness in the trust model used by Mozilla, that when a user accepts

an SSL server certificate on the basis of the CN domain name in the

DN field, the certificate is also regarded as accepted for all domain

names in subjectAltName:dNSName fields (CVE-2008-2809).

 

The following vulnerabilities were reported in Firefox, SeaMonkey and

XULRunner:

 

* moz_bug_r_a4 reported that the Same Origin Policy is not properly

enforced on JavaScript (CVE-2008-2800).

 

* Collin Jackson and Adam Barth reported that JAR signing is not

properly implemented, allowing injection of JavaScript into documents

within a JAR archive (CVE-2008-2801).

 

* Opera Software reported an error allowing for arbitrary local file

upload (CVE-2008-2805).

 

* Daniel Glazman reported that an invalid .properties file for an

add-on might lead to the usage of uninitialized memory

(CVE-2008-2807).

 

* Masahiro Yamada reported that HTML in "file://" URLs in directory

listings is not properly escaped (CVE-2008-2808).

 

* Geoff reported that the context of Windows Internet shortcut files

is not correctly identified (CVE-2008-2810).

 

* The crash vulnerability (CVE-2008-1380) that was previously

announced in GLSA 200805-18 is now also also resolved in Seamonkey

binary ebuilds.

 

The following vulnerability was reported in Firefox only:

 

* Billy Rios reported that the Pipe character in a command-line URI

is identified as a request to open multiple tabs, allowing to open

"chrome" and "file" URIs (CVE-2008-2933).

 

Impact

======

 

A remote attacker could entice a user to view a specially crafted web

page or email that will trigger one of the vulnerabilities, possibly

leading to the execution of arbitrary code or a Denial of Service. It

is also possible for an attacker to trick a user to upload arbitrary

files or to accept an invalid certificate for a spoofed web site, to

read uninitialized memory, to violate Same Origin Policy, or to conduct

Cross-Site Scripting attacks.

 

Workaround

==========

 

There is no known workaround at this time.

 

Resolution

==========

 

All Mozilla Firefox users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot -v ">=www-client/mozilla-firefox-2.0.0.16"

 

All Mozilla Firefox binary users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask -1 -v ">=www-client/mozilla-firefox-bin-2.0.0.16"

 

All Mozilla Thunderbird users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask -1 -v ">=mail-client/mozilla-thunderbird-2.0.0.16"

 

All Mozilla Thunderbird binary users should upgrade to the latest

version:

 

# emerge --sync

# emerge -a -1 -v ">=mail-client/mozilla-thunderbird-bin-2.0.0.16"

 

All Seamonkey users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.11"

 

All Seamonkey binary users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot -v ">=www-client/seamonkey-bin-1.1.11"

 

All XULRunner users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.16"

 

All XULRunner binary users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot -v ">=net-libs/xulrunner-bin-1.8.1.16"

 

References

==========

 

[ 1 ] CVE-2008-1380

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380

[ 2 ] CVE-2008-2785

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785

[ 3 ] CVE-2008-2798

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798

[ 4 ] CVE-2008-2799

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799

[ 5 ] CVE-2008-2800

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800

[ 6 ] CVE-2008-2801

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801

[ 7 ] CVE-2008-2802

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802

[ 8 ] CVE-2008-2803

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803

[ 9 ] CVE-2008-2805

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805

[ 10 ] CVE-2008-2807

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807

[ 11 ] CVE-2008-2808

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808

[ 12 ] CVE-2008-2809

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809

[ 13 ] CVE-2008-2810

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810

[ 14 ] CVE-2008-2811

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811

[ 15 ] CVE-2008-2933

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2933

[ 16 ] GLSA 200805-18

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

 

Availability

============

 

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

 

http://security.gentoo.org/glsa/glsa-200808-03.xml

 

Concerns?

=========

 

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users machines is of utmost

importance to us. Any security concerns should be addressed to

security ( -at -) gentoo.org or alternatively, you may file a bug at

http://bugs.gentoo.org.

 

License

=======

 

Copyright 2008 Gentoo Foundation, Inc; referenced text

belongs to its owner(s).

 

The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.

 

http://creativecommons.org/licenses/by-sa/2.5

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×