1 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
2 |
Gentoo Linux Security Advisory [UPDATE] GLSA 200509-11:02 |
3 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4 |
http://security.gentoo.org/ |
5 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
6 |
|
7 |
Severity: Normal |
8 |
Title: Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities |
9 |
Date: September 18, 2005 |
10 |
Updated: September 29, 2005 |
11 |
Bugs: #105396 |
12 |
ID: 200509-11:02 |
13 |
|
14 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
15 |
|
16 |
Update |
17 |
====== |
18 |
|
19 |
This advisory was originally released to fix the heap overflow in IDN |
20 |
headers. However, the official fixed release included several other |
21 |
security fixes as well. |
22 |
|
23 |
The updated sections appear below. |
24 |
|
25 |
Synopsis |
26 |
======== |
27 |
|
28 |
Mozilla Suite and Firefox are vulnerable to multiple issues, including |
29 |
some that might be exploited to execute arbitrary code. |
30 |
|
31 |
Background |
32 |
========== |
33 |
|
34 |
The Mozilla Suite is a popular all-in-one web browser that includes a |
35 |
mail and news reader. Mozilla Firefox is the next-generation browser |
36 |
from the Mozilla project. Gecko is the layout engine used in both |
37 |
products. |
38 |
|
39 |
Affected packages |
40 |
================= |
41 |
|
42 |
------------------------------------------------------------------- |
43 |
Package / Vulnerable / Unaffected |
44 |
------------------------------------------------------------------- |
45 |
1 www-client/mozilla-firefox < 1.0.7-r2 >= 1.0.7-r2 |
46 |
2 www-client/mozilla < 1.7.12-r2 >= 1.7.12-r2 |
47 |
3 www-client/mozilla-firefox-bin < 1.0.7 >= 1.0.7 |
48 |
4 www-client/mozilla-bin < 1.7.12 >= 1.7.12 |
49 |
5 net-libs/gecko-sdk < 1.7.12 >= 1.7.12 |
50 |
------------------------------------------------------------------- |
51 |
5 affected packages on all of their supported architectures. |
52 |
------------------------------------------------------------------- |
53 |
|
54 |
Description |
55 |
=========== |
56 |
|
57 |
The Mozilla Suite and Firefox are both vulnerable to the following |
58 |
issues: |
59 |
|
60 |
* Tom Ferris reported a heap overflow in IDN-enabled browsers with |
61 |
malicious Host: headers (CAN-2005-2871). |
62 |
|
63 |
* "jackerror" discovered a heap overrun in XBM image processing |
64 |
(CAN-2005-2701). |
65 |
|
66 |
* Mats Palmgren reported a potentially exploitable stack corruption |
67 |
using specific Unicode sequences (CAN-2005-2702). |
68 |
|
69 |
* Georgi Guninski discovered an integer overflow in the JavaScript |
70 |
engine (CAN-2005-2705) |
71 |
|
72 |
* Other issues ranging from DOM object spoofing to request header |
73 |
spoofing were also found and fixed in the latest versions |
74 |
(CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707). |
75 |
|
76 |
The Gecko engine in itself is also affected by some of these issues and |
77 |
has been updated as well. |
78 |
|
79 |
Impact |
80 |
====== |
81 |
|
82 |
A remote attacker could setup a malicious site and entice a victim to |
83 |
visit it, potentially resulting in arbitrary code execution with the |
84 |
victim's privileges or facilitated spoofing of known websites. |
85 |
|
86 |
Workaround |
87 |
========== |
88 |
|
89 |
There is no known workaround for all the issues. |
90 |
|
91 |
Resolution |
92 |
========== |
93 |
|
94 |
All Mozilla Firefox users should upgrade to the latest version: |
95 |
|
96 |
# emerge --sync |
97 |
# emerge --ask --oneshot --verbose |
98 |
">=www-client/mozilla-firefox-1.0.7-r2" |
99 |
|
100 |
All Mozilla Suite users should upgrade to the latest version: |
101 |
|
102 |
# emerge --sync |
103 |
# emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.12-r2" |
104 |
|
105 |
All Mozilla Firefox binary users should upgrade to the latest version: |
106 |
|
107 |
# emerge --sync |
108 |
# emerge --ask --oneshot --verbose |
109 |
">=www-client/mozilla-firefox-bin-1.0.7" |
110 |
|
111 |
All Mozilla Suite binary users should upgrade to the latest version: |
112 |
|
113 |
# emerge --sync |
114 |
# emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.12" |
115 |
|
116 |
All Gecko library users should upgrade to the latest version: |
117 |
|
118 |
# emerge --sync |
119 |
# emerge --ask --oneshot --verbose ">=net-libs/gecko-sdk-1.7.12" |
120 |
|
121 |
References |
122 |
========== |
123 |
|
124 |
[ 1 ] CAN-2005-2701 |
125 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2701 |
126 |
[ 2 ] CAN-2005-2702 |
127 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2702 |
128 |
[ 3 ] CAN-2005-2703 |
129 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2703 |
130 |
[ 4 ] CAN-2005-2704 |
131 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2704 |
132 |
[ 5 ] CAN-2005-2705 |
133 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2705 |
134 |
[ 6 ] CAN-2005-2706 |
135 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2706 |
136 |
[ 7 ] CAN-2005-2707 |
137 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2707 |
138 |
[ 8 ] CAN-2005-2871 |
139 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2871 |
140 |
[ 9 ] Mozilla Foundation Security Advisories |
141 |
http://www.mozilla.org/projects/security/known-vulnerabilities.html |
142 |
|
143 |
Availability |
144 |
============ |
145 |
|
146 |
This GLSA and any updates to it are available for viewing at |
147 |
the Gentoo Security Website: |
148 |
|
149 |
http://security.gentoo.org/glsa/glsa-200509-11.xml |
150 |
|
151 |
Concerns? |
152 |
========= |
153 |
|
154 |
Security is a primary focus of Gentoo Linux and ensuring the |
155 |
confidentiality and security of our users machines is of utmost |
156 |
importance to us. Any security concerns should be addressed to |
157 |
security@g.o or alternatively, you may file a bug at |
158 |
http://bugs.gentoo.org. |
159 |
|
160 |
License |
161 |
======= |
162 |
|
163 |
Copyright 2005 Gentoo Foundation, Inc; referenced text |
164 |
belongs to its owner(s). |
165 |
|
166 |
The contents of this document are licensed under the |
167 |
Creative Commons - Attribution / Share Alike license. |
168 |
|
169 |
http://creativecommons.org/licenses/by-sa/2.0 |