[gentoo-announce] [ GLSA 200504-18 ] Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities - gentoo-announce

From:	Thierry Carrez <koon@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200504-18 ] Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities
Date:	Tue, 19 Apr 2005 11:35:26
Message-Id:	`4264ECF9.1010602@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200504-18

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities

9

      Date: April 19, 2005

10

      Bugs: #89303, #89305

11

        ID: 200504-18

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

New Mozilla Firefox and Mozilla Suite releases fix new security

19

vulnerabilities, including memory disclosure and various ways of

20

executing JavaScript code with elevated privileges.

21

22

Background

23

==========

24

25

The Mozilla Suite is a popular all-in-one web browser that includes a

26

mail and news reader. Mozilla Firefox is the next-generation browser

27

from the Mozilla project.

28

29

Affected packages

30

=================

31

32

    -------------------------------------------------------------------

33

     Package                         /  Vulnerable  /       Unaffected

34

    -------------------------------------------------------------------

35

  1  www-client/mozilla-firefox           < 1.0.3             >= 1.0.3

36

  2  www-client/mozilla-firefox-bin       < 1.0.3             >= 1.0.3

37

  3  www-client/mozilla                   < 1.7.7             >= 1.7.7

38

  4  www-client/mozilla-bin               < 1.7.7             >= 1.7.7

39

    -------------------------------------------------------------------

40

     4 affected packages on all of their supported architectures.

41

    -------------------------------------------------------------------

42

43

Description

44

===========

45

46

The following vulnerabilities were found and fixed in the Mozilla Suite

47

and Mozilla Firefox:

48

49

* Vladimir V. Perepelitsa reported a memory disclosure bug in

50

  JavaScript's regular expression string replacement when using an

51

  anonymous function as the replacement argument (CAN-2005-0989).

52

53

* moz_bug_r_a4 discovered that Chrome UI code was overly trusting DOM

54

  nodes from the content window, allowing privilege escalation via DOM

55

  property overrides.

56

57

* Michael Krax reported a possibility to run JavaScript code with

58

  elevated privileges through the use of javascript: favicons.

59

60

* Michael Krax also discovered that malicious Search plugins could

61

  run JavaScript in the context of the displayed page or stealthily

62

  replace existing search plugins.

63

64

* shutdown discovered a technique to pollute the global scope of a

65

  window in a way that persists from page to page.

66

67

* Doron Rosenberg discovered a possibility to run JavaScript with

68

  elevated privileges when the user asks to "Show" a blocked popup that

69

  contains a JavaScript URL.

70

71

* Finally, Georgi Guninski reported missing Install object instance

72

  checks in the native implementations of XPInstall-related JavaScript

73

  objects.

74

75

The following Firefox-specific vulnerabilities have also been

76

discovered:

77

78

* Kohei Yoshino discovered a new way to abuse the sidebar panel to

79

  execute JavaScript with elevated privileges.

80

81

* Omar Khan reported that the Plugin Finder Service can be tricked to

82

  open javascript: URLs with elevated privileges.

83

84

Impact

85

======

86

87

The various JavaScript execution with elevated privileges issues can be

88

exploited by a remote attacker to install malicious code or steal data.

89

The memory disclosure issue can be used to reveal potentially sensitive

90

information. Finally, the cache pollution issue and search plugin abuse

91

can be leveraged in cross-site-scripting attacks.

92

93

Workaround

94

==========

95

96

There is no known workaround at this time.

97

98

Resolution

99

==========

100

101

All Mozilla Firefox users should upgrade to the latest version:

102

103

    # emerge --sync

104

    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.3"

105

106

All Mozilla Firefox binary users should upgrade to the latest version:

107

108

    # emerge --sync

109

    # emerge --ask --oneshot --verbose

110

">=www-client/mozilla-firefox-bin-1.0.3"

111

112

All Mozilla Suite users should upgrade to the latest version:

113

114

    # emerge --sync

115

    # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.7"

116

117

All Mozilla Suite binary users should upgrade to the latest version:

118

119

    # emerge --sync

120

    # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.7"

121

122

References

123

==========

124

125

  [ 1 ] Mozilla Security Advisories

126

        http://www.mozilla.org/projects/security/known-vulnerabilities.html

127

  [ 2 ] CAN-2005-0989

128

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989

129

130

Availability

131

============

132

133

This GLSA and any updates to it are available for viewing at

134

the Gentoo Security Website:

135

136

  http://security.gentoo.org/glsa/glsa-200504-18.xml

137

138

Concerns?

139

=========

140

141

Security is a primary focus of Gentoo Linux and ensuring the

142

confidentiality and security of our users machines is of utmost

143

importance to us. Any security concerns should be addressed to

144

security@g.o or alternatively, you may file a bug at

145

http://bugs.gentoo.org.

146

147

License

148

=======

149

150

Copyright 2005 Gentoo Foundation, Inc; referenced text

151

belongs to its owner(s).

152

153

The contents of this document are licensed under the

154

Creative Commons - Attribution / Share Alike license.

155

156

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200504-18
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities
9	Date: April 19, 2005
10	Bugs: #89303, #89305
11	ID: 200504-18
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	New Mozilla Firefox and Mozilla Suite releases fix new security
19	vulnerabilities, including memory disclosure and various ways of
20	executing JavaScript code with elevated privileges.
21
22	Background
23	==========
24
25	The Mozilla Suite is a popular all-in-one web browser that includes a
26	mail and news reader. Mozilla Firefox is the next-generation browser
27	from the Mozilla project.
28
29	Affected packages
30	=================
31
32	-------------------------------------------------------------------
33	Package / Vulnerable / Unaffected
34	-------------------------------------------------------------------
35	1 www-client/mozilla-firefox < 1.0.3 >= 1.0.3
36	2 www-client/mozilla-firefox-bin < 1.0.3 >= 1.0.3
37	3 www-client/mozilla < 1.7.7 >= 1.7.7
38	4 www-client/mozilla-bin < 1.7.7 >= 1.7.7
39	-------------------------------------------------------------------
40	4 affected packages on all of their supported architectures.
41	-------------------------------------------------------------------
42
43	Description
44	===========
45
46	The following vulnerabilities were found and fixed in the Mozilla Suite
47	and Mozilla Firefox:
48
49	* Vladimir V. Perepelitsa reported a memory disclosure bug in
50	JavaScript's regular expression string replacement when using an
51	anonymous function as the replacement argument (CAN-2005-0989).
52
53	* moz_bug_r_a4 discovered that Chrome UI code was overly trusting DOM
54	nodes from the content window, allowing privilege escalation via DOM
55	property overrides.
56
57	* Michael Krax reported a possibility to run JavaScript code with
58	elevated privileges through the use of javascript: favicons.
59
60	* Michael Krax also discovered that malicious Search plugins could
61	run JavaScript in the context of the displayed page or stealthily
62	replace existing search plugins.
63
64	* shutdown discovered a technique to pollute the global scope of a
65	window in a way that persists from page to page.
66
67	* Doron Rosenberg discovered a possibility to run JavaScript with
68	elevated privileges when the user asks to "Show" a blocked popup that
69	contains a JavaScript URL.
70
71	* Finally, Georgi Guninski reported missing Install object instance
72	checks in the native implementations of XPInstall-related JavaScript
73	objects.
74
75	The following Firefox-specific vulnerabilities have also been
76	discovered:
77
78	* Kohei Yoshino discovered a new way to abuse the sidebar panel to
79	execute JavaScript with elevated privileges.
80
81	* Omar Khan reported that the Plugin Finder Service can be tricked to
82	open javascript: URLs with elevated privileges.
83
84	Impact
85	======
86
87	The various JavaScript execution with elevated privileges issues can be
88	exploited by a remote attacker to install malicious code or steal data.
89	The memory disclosure issue can be used to reveal potentially sensitive
90	information. Finally, the cache pollution issue and search plugin abuse
91	can be leveraged in cross-site-scripting attacks.
92
93	Workaround
94	==========
95
96	There is no known workaround at this time.
97
98	Resolution
99	==========
100
101	All Mozilla Firefox users should upgrade to the latest version:
102
103	# emerge --sync
104	# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.3"
105
106	All Mozilla Firefox binary users should upgrade to the latest version:
107
108	# emerge --sync
109	# emerge --ask --oneshot --verbose
110	">=www-client/mozilla-firefox-bin-1.0.3"
111
112	All Mozilla Suite users should upgrade to the latest version:
113
114	# emerge --sync
115	# emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.7"
116
117	All Mozilla Suite binary users should upgrade to the latest version:
118
119	# emerge --sync
120	# emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.7"
121
122	References
123	==========
124
125	[ 1 ] Mozilla Security Advisories
126	http://www.mozilla.org/projects/security/known-vulnerabilities.html
127	[ 2 ] CAN-2005-0989
128	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989
129
130	Availability
131	============
132
133	This GLSA and any updates to it are available for viewing at
134	the Gentoo Security Website:
135
136	http://security.gentoo.org/glsa/glsa-200504-18.xml
137
138	Concerns?
139	=========
140
141	Security is a primary focus of Gentoo Linux and ensuring the
142	confidentiality and security of our users machines is of utmost
143	importance to us. Any security concerns should be addressed to
144	security@g.o or alternatively, you may file a bug at
145	http://bugs.gentoo.org.
146
147	License
148	=======
149
150	Copyright 2005 Gentoo Foundation, Inc; referenced text
151	belongs to its owner(s).
152
153	The contents of this document are licensed under the
154	Creative Commons - Attribution / Share Alike license.
155
156	http://creativecommons.org/licenses/by-sa/2.0