Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Robert Buchholz <rbu@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200808-03 ] Mozilla products: Multiple vulnerabilities
Date: Wed, 06 Aug 2008 00:46:22
Message-Id: 200808060242.25071.rbu@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200808-03
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Mozilla products: Multiple vulnerabilities
9 Date: August 06, 2008
10 Bugs: #204337, #218065, #230567, #231975
11 ID: 200808-03
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been reported in Mozilla Firefox,
19 Thunderbird, SeaMonkey and XULRunner, some of which may allow
20 user-assisted execution of arbitrary code.
21
22 Background
23 ==========
24
25 Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
26 an open-source email client, both from the Mozilla Project. The
27 SeaMonkey project is a community effort to deliver production-quality
28 releases of code derived from the application formerly known as the
29 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
30 that can be used to bootstrap XUL+XPCOM applications like Firefox and
31 Thunderbird.
32
33 Affected packages
34 =================
35
36 -------------------------------------------------------------------
37 Package / Vulnerable / Unaffected
38 -------------------------------------------------------------------
39 1 mozilla-firefox < 2.0.0.16 >= 2.0.0.16
40 2 mozilla-firefox-bin < 2.0.0.16 >= 2.0.0.16
41 3 mozilla-thunderbird < 2.0.0.16 >= 2.0.0.16
42 4 mozilla-thunderbird-bin < 2.0.0.16 >= 2.0.0.16
43 5 seamonkey < 1.1.11 >= 1.1.11
44 6 seamonkey-bin < 1.1.11 >= 1.1.11
45 7 xulrunner < 1.8.1.16 >= 1.8.1.16
46 8 xulrunner-bin < 1.8.1.16 >= 1.8.1.16
47 -------------------------------------------------------------------
48 8 affected packages on all of their supported architectures.
49 -------------------------------------------------------------------
50
51 Description
52 ===========
53
54 The following vulnerabilities were reported in all mentioned Mozilla
55 products:
56
57 * TippingPoint's Zero Day Initiative reported that an incorrect
58 integer data type is used as a CSS object reference counter, leading
59 to a counter overflow and a free() of in-use memory (CVE-2008-2785).
60
61 * Igor Bukanov, Jesse Ruderman and Gary Kwong reported crashes in the
62 JavaScript engine, possibly triggering memory corruption
63 (CVE-2008-2799).
64
65 * Devon Hubbard, Jesse Ruderman, and Martijn Wargers reported crashes
66 in the layout engine, possibly triggering memory corruption
67 (CVE-2008-2798).
68
69 * moz_bug_r_a4 reported that XUL documents that include a script from
70 a chrome: URI that points to a fastload file would be executed with
71 the privileges specified in the file (CVE-2008-2802).
72
73 * moz_bug_r_a4 reported that the mozIJSSubScriptLoader.LoadScript()
74 function only apply XPCNativeWrappers to scripts loaded from standard
75 "chrome:" URIs, which could be the case in third-party add-ons
76 (CVE-2008-2803).
77
78 * Astabis reported a crash in the block reflow implementation related
79 to large images (CVE-2008-2811).
80
81 * John G. Myers, Frank Benkstein and Nils Toedtmann reported a
82 weakness in the trust model used by Mozilla, that when a user accepts
83 an SSL server certificate on the basis of the CN domain name in the
84 DN field, the certificate is also regarded as accepted for all domain
85 names in subjectAltName:dNSName fields (CVE-2008-2809).
86
87 The following vulnerabilities were reported in Firefox, SeaMonkey and
88 XULRunner:
89
90 * moz_bug_r_a4 reported that the Same Origin Policy is not properly
91 enforced on JavaScript (CVE-2008-2800).
92
93 * Collin Jackson and Adam Barth reported that JAR signing is not
94 properly implemented, allowing injection of JavaScript into documents
95 within a JAR archive (CVE-2008-2801).
96
97 * Opera Software reported an error allowing for arbitrary local file
98 upload (CVE-2008-2805).
99
100 * Daniel Glazman reported that an invalid .properties file for an
101 add-on might lead to the usage of uninitialized memory
102 (CVE-2008-2807).
103
104 * Masahiro Yamada reported that HTML in "file://" URLs in directory
105 listings is not properly escaped (CVE-2008-2808).
106
107 * Geoff reported that the context of Windows Internet shortcut files
108 is not correctly identified (CVE-2008-2810).
109
110 * The crash vulnerability (CVE-2008-1380) that was previously
111 announced in GLSA 200805-18 is now also also resolved in Seamonkey
112 binary ebuilds.
113
114 The following vulnerability was reported in Firefox only:
115
116 * Billy Rios reported that the Pipe character in a command-line URI
117 is identified as a request to open multiple tabs, allowing to open
118 "chrome" and "file" URIs (CVE-2008-2933).
119
120 Impact
121 ======
122
123 A remote attacker could entice a user to view a specially crafted web
124 page or email that will trigger one of the vulnerabilities, possibly
125 leading to the execution of arbitrary code or a Denial of Service. It
126 is also possible for an attacker to trick a user to upload arbitrary
127 files or to accept an invalid certificate for a spoofed web site, to
128 read uninitialized memory, to violate Same Origin Policy, or to conduct
129 Cross-Site Scripting attacks.
130
131 Workaround
132 ==========
133
134 There is no known workaround at this time.
135
136 Resolution
137 ==========
138
139 All Mozilla Firefox users should upgrade to the latest version:
140
141 # emerge --sync
142 # emerge --ask --oneshot -v ">=www-client/mozilla-firefox-2.0.0.16"
143
144 All Mozilla Firefox binary users should upgrade to the latest version:
145
146 # emerge --sync
147 # emerge --ask -1 -v ">=www-client/mozilla-firefox-bin-2.0.0.16"
148
149 All Mozilla Thunderbird users should upgrade to the latest version:
150
151 # emerge --sync
152 # emerge --ask -1 -v ">=mail-client/mozilla-thunderbird-2.0.0.16"
153
154 All Mozilla Thunderbird binary users should upgrade to the latest
155 version:
156
157 # emerge --sync
158 # emerge -a -1 -v ">=mail-client/mozilla-thunderbird-bin-2.0.0.16"
159
160 All Seamonkey users should upgrade to the latest version:
161
162 # emerge --sync
163 # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.11"
164
165 All Seamonkey binary users should upgrade to the latest version:
166
167 # emerge --sync
168 # emerge --ask --oneshot -v ">=www-client/seamonkey-bin-1.1.11"
169
170 All XULRunner users should upgrade to the latest version:
171
172 # emerge --sync
173 # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.16"
174
175 All XULRunner binary users should upgrade to the latest version:
176
177 # emerge --sync
178 # emerge --ask --oneshot -v ">=net-libs/xulrunner-bin-1.8.1.16"
179
180 References
181 ==========
182
183 [ 1 ] CVE-2008-1380
184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380
185 [ 2 ] CVE-2008-2785
186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785
187 [ 3 ] CVE-2008-2798
188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798
189 [ 4 ] CVE-2008-2799
190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799
191 [ 5 ] CVE-2008-2800
192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800
193 [ 6 ] CVE-2008-2801
194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801
195 [ 7 ] CVE-2008-2802
196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802
197 [ 8 ] CVE-2008-2803
198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803
199 [ 9 ] CVE-2008-2805
200 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805
201 [ 10 ] CVE-2008-2807
202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807
203 [ 11 ] CVE-2008-2808
204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808
205 [ 12 ] CVE-2008-2809
206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809
207 [ 13 ] CVE-2008-2810
208 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810
209 [ 14 ] CVE-2008-2811
210 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811
211 [ 15 ] CVE-2008-2933
212 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2933
213 [ 16 ] GLSA 200805-18
214 http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
215
216 Availability
217 ============
218
219 This GLSA and any updates to it are available for viewing at
220 the Gentoo Security Website:
221
222 http://security.gentoo.org/glsa/glsa-200808-03.xml
223
224 Concerns?
225 =========
226
227 Security is a primary focus of Gentoo Linux and ensuring the
228 confidentiality and security of our users machines is of utmost
229 importance to us. Any security concerns should be addressed to
230 security@g.o or alternatively, you may file a bug at
231 http://bugs.gentoo.org.
232
233 License
234 =======
235
236 Copyright 2008 Gentoo Foundation, Inc; referenced text
237 belongs to its owner(s).
238
239 The contents of this document are licensed under the
240 Creative Commons - Attribution / Share Alike license.
241
242 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups