mozilla: Multiple security issues fixed in 1.7.12
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mozilla (Debian) |
Fix Released
|
Unknown
|
|||
mozilla (Ubuntu) |
Fix Released
|
High
|
Martin Pitt |
Bug Description
Automatically imported from Debian bug report #329778 http://
Debian Bug Importer (debzilla) wrote : | #1 |
Debian Bug Importer (debzilla) wrote : | #2 |
Message-Id: <email address hidden>
Date: Fri, 23 Sep 2005 11:53:17 +0200
From: Moritz Muehlenhoff <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: mozilla: Multiple security issues fixed in 1.7.12
Package: mozilla
Version: 2:1.7.11-1
Severity: grave
Tags: security
Justification: user security hole
As usual Mozilla 1.7.12 fixes several security issues. I'm copying
the bug descriptions from a Red Hat advisory, because they are not
yet public on the Mozilla website:
<-->
A bug was found in the way Mozilla processes XBM image files. If a user
views a specially crafted XBM file, it becomes possible to execute
arbitrary code as the user running Mozilla. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to
this issue.
A bug was found in the way Mozilla processes certain Unicode sequences.
It may be possible to execute arbitrary code as the user running
Mozilla, if the user views a specially crafted Unicode sequence.
(CAN-2005-2702)
A bug was found in the way Mozilla makes XMLHttp requests. It is possible
that a malicious web page could leverage this flaw to exploit other proxy
or server flaws from the victim's machine. It is also possible that this
flaw could be leveraged to send XMLHttp requests to hosts other than the
originator; the default behavior of the browser is to disallow this.
(CAN-2005-2703)
A bug was found in the way Mozilla implemented its XBL interface. It may be
possible for a malicious web page to create an XBL binding in a way
that would allow arbitrary JavaScript execution with chrome permissions.
Please note that in Mozilla 1.7.10 this issue is not directly exploitable
and would need to leverage other unknown exploits. (CAN-2005-2704)
An integer overflow bug was found in Mozilla's JavaScript engine. Under
favorable conditions, it may be possible for a malicious web page to
execute arbitrary code as the user running Mozilla. (CAN-2005-2705)
A bug was found in the way Mozilla displays about: pages. It is possible
for a malicious web page to open an about: page, such as about:mozilla, in
such a way that it becomes possible to execute JavaScript with chrome
privileges. (CAN-2005-2706)
A bug was found in the way Mozilla opens new windows. It is possible for a
malicious web site to construct a new window without any user interface
components, such as the address bar and the status bar. This window could
hen be used to mislead the user for malicious purposes. (CAN-2005-2707)
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.29-vs1.2.10
Locale: LANG=C, LC_CTYPE=C (charmap=
Versions of packages mozilla depends on:
pn mozilla-browser Not found.
pn mozilla-mailnews Not found.
pn mozilla-psm Not found.
Martin Pitt (pitti) wrote : | #3 |
1.7.12 is in Breezy, warty and hoary updates are prepared, tested, uploaded, and
currently building.
Martin Pitt (pitti) wrote : | #4 |
stables have been fixed in USN-186-1.
In Debian Bug tracker #329778, Alexander Sack (asac) wrote : Fixed in NMU of mozilla 2:1.7.12-1 | #5 |
tag 318723 + fixed
tag 321644 + fixed
tag 325532 + fixed
tag 327366 + fixed
tag 327455 + fixed
tag 329778 + fixed
tag 332480 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 6 Oct 2005 23:48:00 +0200
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-
Architecture: source i386
Version: 2:1.7.12-1
Distribution: unstable
Urgency: high
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
libnspr-dev - Netscape Portable Runtime library - development files
libnspr4 - Netscape Portable Runtime Library
libnss-dev - Network Security Service Libraries - development
libnss3 - Network Security Service Libraries - runtime
mozilla - The Mozilla Internet application suite - meta package
mozilla-browser - The Mozilla Internet application suite - core and browser
mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
mozilla-chatzilla - Mozilla Web Browser - irc client
mozilla-dev - The Mozilla Internet application suite - development files
mozilla-
mozilla-
mozilla-mailnews - The Mozilla Internet application suite - mail and news support
mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 318723 321644 325532 327366 327455 329778 332480
Changes:
mozilla (2:1.7.12-1) unstable; urgency=high
.
* NMU: fixing several security issues and most important RC bugs.
(Closes: 332480)
* new upstream version 1.7.12 fixes:
+ [CAN-2005-2871] IDN buffer overflow [MFSA 2005-57] (Closes: 327366)
+ security issue revealed: CAN-2005-2871 (Closes: 327455)
+ mozilla: Multiple security issues fixed in 1.7.12 (Closes: 329778)
+ javascript crasher - unsure about this ... have to test.
(Closes: 318723)
+ mozilla 1.7.10 version crashes almost immediately (Closes: 321644)
* applied patch by Steve Langasek <email address hidden> to make mozilla
build on arm and other archs. (Closes: 325532)
Files:
766dea59ec7f68
6b5e421f09fef7
0f7b83c1b25d5a
ad6d4571732982
79c50292a9d41f
d5b7b50bc5dd19
fdb59d0a9868df
58cb2343e9d24d
b1e4b565ff92d5
b57fa3506af263
Debian Bug Importer (debzilla) wrote : | #6 |
Message-Id: <email address hidden>
Date: Sun, 09 Oct 2005 13:32:45 -0700
From: Alexander Sack <email address hidden>
To: <email address hidden>
Cc: Alexander Sack <email address hidden>, Takuo KITAME <email address hidden>
Subject: Fixed in NMU of mozilla 2:1.7.12-1
tag 318723 + fixed
tag 321644 + fixed
tag 325532 + fixed
tag 327366 + fixed
tag 327455 + fixed
tag 329778 + fixed
tag 332480 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 6 Oct 2005 23:48:00 +0200
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-
Architecture: source i386
Version: 2:1.7.12-1
Distribution: unstable
Urgency: high
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
libnspr-dev - Netscape Portable Runtime library - development files
libnspr4 - Netscape Portable Runtime Library
libnss-dev - Network Security Service Libraries - development
libnss3 - Network Security Service Libraries - runtime
mozilla - The Mozilla Internet application suite - meta package
mozilla-browser - The Mozilla Internet application suite - core and browser
mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
mozilla-chatzilla - Mozilla Web Browser - irc client
mozilla-dev - The Mozilla Internet application suite - development files
mozilla-
mozilla-
mozilla-mailnews - The Mozilla Internet application suite - mail and news support
mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 318723 321644 325532 327366 327455 329778 332480
Changes:
mozilla (2:1.7.12-1) unstable; urgency=high
.
* NMU: fixing several security issues and most important RC bugs.
(Closes: 332480)
* new upstream version 1.7.12 fixes:
+ [CAN-2005-2871] IDN buffer overflow [MFSA 2005-57] (Closes: 327366)
+ security issue revealed: CAN-2005-2871 (Closes: 327455)
+ mozilla: Multiple security issues fixed in 1.7.12 (Closes: 329778)
+ javascript crasher - unsure about this ... have to test.
(Closes: 318723)
+ mozilla 1.7.10 version crashes almost immediately (Closes: 321644)
* applied patch by Steve Langasek <email address hidden> to make mozilla
build on arm and other archs. (Closes: 325532)
Files:
766dea59ec7f68
6b5e421f09fef7
0f7b83c1b25d5a
ad6d4571732982
79c50292a9d41f
d5b7b50bc5dd19
fdb59d0a9868df
In Debian Bug tracker #329778, Alexander Sack (asac) wrote : Fixed in NMU of mozilla 2:1.7.8-1sarge3 | #7 |
tag 321427 + fixed
tag 327366 + fixed
tag 329778 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 27 Sep 2005 13:00:00 +0100
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-
Architecture: source i386
Version: 2:1.7.8-1sarge3
Distribution: stable-security
Urgency: critical
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
libnspr-dev - Netscape Portable Runtime library - development files
libnspr4 - Netscape Portable Runtime Library
libnss-dev - Network Security Service Libraries - development
libnss3 - Network Security Service Libraries - runtime
mozilla - The Mozilla Internet application suite - meta package
mozilla-browser - The Mozilla Internet application suite - core and browser
mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
mozilla-chatzilla - Mozilla Web Browser - irc client
mozilla-dev - The Mozilla Internet application suite - development files
mozilla-
mozilla-
mozilla-mailnews - The Mozilla Internet application suite - mail and news support
mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 321427 327366 329778
Changes:
mozilla (2:1.7.8-1sarge3) stable-security; urgency=critical
.
* MFSA-2005-
Summary: Regressions introduced by mozilla 1.7.9 bugfix. There was no
advisory for it (debian/
Closes: 321427
Bugzilla: 294307 301917 300749
Issues addressed:
+ Regressions introduced by mozilla 1.7.9 bugfix.
* MFSA-2005-57: IDN heap overrun
Summary: Tom Ferris reported a Firefox crash when processing a domain
name consisting solely of soft-hyphen characters.
Closes: 327366
CVE-Ids: CAN-2005-2871
Bugzilla: 307259 308281
Issues addressed:
+ CAN-2005-2871 - IDN heap overrun
* MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
Summary: Fixes for multiple vulnerabilities with an overall severity
of "critical" have been released in Mozilla Firefox 1.0.7 and
the Mozilla Suite 1.7.12 (debian/
Closes: 329778
CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
306804 291178 300853 301180 302100
Issues addressed:
+ CAN-2005-2701 - Heap overrun in XBM image processing
+ CAN-2005-2702 - Crash on "zero-width non-joiner" sequence
+ CAN-2005-2703 - XMLHttpRequest header spoofing
+ CAN-2005-2704 - Object spoofing using XBL <implements>...
Debian Bug Importer (debzilla) wrote : | #8 |
Message-Id: <email address hidden>
Date: Sat, 12 Nov 2005 01:03:12 -0800
From: Alexander Sack <email address hidden>
To: <email address hidden>
Cc: Alexander Sack <email address hidden>, Takuo KITAME <email address hidden>
Subject: Fixed in NMU of mozilla 2:1.7.8-1sarge3
tag 321427 + fixed
tag 327366 + fixed
tag 329778 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 27 Sep 2005 13:00:00 +0100
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-
Architecture: source i386
Version: 2:1.7.8-1sarge3
Distribution: stable-security
Urgency: critical
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
libnspr-dev - Netscape Portable Runtime library - development files
libnspr4 - Netscape Portable Runtime Library
libnss-dev - Network Security Service Libraries - development
libnss3 - Network Security Service Libraries - runtime
mozilla - The Mozilla Internet application suite - meta package
mozilla-browser - The Mozilla Internet application suite - core and browser
mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
mozilla-chatzilla - Mozilla Web Browser - irc client
mozilla-dev - The Mozilla Internet application suite - development files
mozilla-
mozilla-
mozilla-mailnews - The Mozilla Internet application suite - mail and news support
mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 321427 327366 329778
Changes:
mozilla (2:1.7.8-1sarge3) stable-security; urgency=critical
.
* MFSA-2005-
Summary: Regressions introduced by mozilla 1.7.9 bugfix. There was no
advisory for it (debian/
Closes: 321427
Bugzilla: 294307 301917 300749
Issues addressed:
+ Regressions introduced by mozilla 1.7.9 bugfix.
* MFSA-2005-57: IDN heap overrun
Summary: Tom Ferris reported a Firefox crash when processing a domain
name consisting solely of soft-hyphen characters.
Closes: 327366
CVE-Ids: CAN-2005-2871
Bugzilla: 307259 308281
Issues addressed:
+ CAN-2005-2871 - IDN heap overrun
* MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
Summary: Fixes for multiple vulnerabilities with an overall severity
of "critical" have been released in Mozilla Firefox 1.0.7 and
the Mozilla Suite 1.7.12 (debian/
Closes: 329778
CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
306804 291178 300853 301180 302...
In Debian Bug tracker #329778, Alexander Sack (asac) wrote : | #9 |
tag 321427 + fixed
tag 327366 + fixed
tag 329778 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 27 Sep 2005 13:00:00 +0100
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-
Architecture: source i386
Version: 2:1.7.8-1sarge3
Distribution: stable-security
Urgency: critical
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
libnspr-dev - Netscape Portable Runtime library - development files
libnspr4 - Netscape Portable Runtime Library
libnss-dev - Network Security Service Libraries - development
libnss3 - Network Security Service Libraries - runtime
mozilla - The Mozilla Internet application suite - meta package
mozilla-browser - The Mozilla Internet application suite - core and browser
mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
mozilla-chatzilla - Mozilla Web Browser - irc client
mozilla-dev - The Mozilla Internet application suite - development files
mozilla-
mozilla-
mozilla-mailnews - The Mozilla Internet application suite - mail and news support
mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 321427 327366 329778
Changes:
mozilla (2:1.7.8-1sarge3) stable-security; urgency=critical
.
* MFSA-2005-
Summary: Regressions introduced by mozilla 1.7.9 bugfix. There was no
advisory for it (debian/
Closes: 321427
Bugzilla: 294307 301917 300749
Issues addressed:
+ Regressions introduced by mozilla 1.7.9 bugfix.
* MFSA-2005-57: IDN heap overrun
Summary: Tom Ferris reported a Firefox crash when processing a domain
name consisting solely of soft-hyphen characters.
Closes: 327366
CVE-Ids: CAN-2005-2871
Bugzilla: 307259 308281
Issues addressed:
+ CAN-2005-2871 - IDN heap overrun
* MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
Summary: Fixes for multiple vulnerabilities with an overall severity
of "critical" have been released in Mozilla Firefox 1.0.7 and
the Mozilla Suite 1.7.12 (debian/
Closes: 329778
CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
306804 291178 300853 301180 302100
Issues addressed:
+ CAN-2005-2701 - Heap overrun in XBM image processing
+ CAN-2005-2702 - Crash on "zero-width non-joiner" sequence
+ CAN-2005-2703 - XMLHttpRequest header spoofing
+ CAN-2005-2704 - Object spoofing using XBL <implements>...
Debian Bug Importer (debzilla) wrote : | #10 |
Message-Id: <email address hidden>
Date: Fri, 16 Dec 2005 21:34:34 -0800
From: Alexander Sack <email address hidden>
To: <email address hidden>
Cc: Alexander Sack <email address hidden>, Takuo KITAME <email address hidden>
Subject: Fixed in NMU of mozilla 2:1.7.8-1sarge3
tag 321427 + fixed
tag 327366 + fixed
tag 329778 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 27 Sep 2005 13:00:00 +0100
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-
Architecture: source i386
Version: 2:1.7.8-1sarge3
Distribution: stable-security
Urgency: critical
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
libnspr-dev - Netscape Portable Runtime library - development files
libnspr4 - Netscape Portable Runtime Library
libnss-dev - Network Security Service Libraries - development
libnss3 - Network Security Service Libraries - runtime
mozilla - The Mozilla Internet application suite - meta package
mozilla-browser - The Mozilla Internet application suite - core and browser
mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
mozilla-chatzilla - Mozilla Web Browser - irc client
mozilla-dev - The Mozilla Internet application suite - development files
mozilla-
mozilla-
mozilla-mailnews - The Mozilla Internet application suite - mail and news support
mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 321427 327366 329778
Changes:
mozilla (2:1.7.8-1sarge3) stable-security; urgency=critical
.
* MFSA-2005-
Summary: Regressions introduced by mozilla 1.7.9 bugfix. There was no
advisory for it (debian/
Closes: 321427
Bugzilla: 294307 301917 300749
Issues addressed:
+ Regressions introduced by mozilla 1.7.9 bugfix.
* MFSA-2005-57: IDN heap overrun
Summary: Tom Ferris reported a Firefox crash when processing a domain
name consisting solely of soft-hyphen characters.
Closes: 327366
CVE-Ids: CAN-2005-2871
Bugzilla: 307259 308281
Issues addressed:
+ CAN-2005-2871 - IDN heap overrun
* MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
Summary: Fixes for multiple vulnerabilities with an overall severity
of "critical" have been released in Mozilla Firefox 1.0.7 and
the Mozilla Suite 1.7.12 (debian/
Closes: 329778
CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
306804 291178 300853 301180 302...
In Debian Bug tracker #329778, Adam D. Barratt (debian-bts-adam-barratt) wrote : Bugs fixed in NMU, documenting versions | #11 |
# Hi,
#
# These bugs were fixed in an NMU, but have not been acknowledged by the
# maintainers. With version tracking in the Debian BTS, it is important
# to know which version of a package fixes each bug so that they can be
# tracked for release status, so I'm closing these bugs with the
#relevant version information now
close 271427 8.14+v8.11+urw-0.1
close 314698 0.35-2.1
close 325635 0.35-2.1
close 328017 0.35-2.1
close 320115 2.0-4.2
close 320284 1.11
close 320899 11.4.1870-7.1
close 327078 11.4.1870-7.1
close 327349 11.4.1870-7.1
close 320903 1:0.71-1.2
close 327946 1:0.71-1.2
close 320941 2.0.3-1.1
close 321126 2.6.3.2
close 321545 0.1.3b-1.1
close 341341 0.1.3b-1.1
close 321553 0.1.12-2.2
close 321644 2:1.7.12-1.1
close 346013 2:1.7.12-1.1
close 321816 2.61-2.1
close 321967 4.0.0-2.1
close 330024 4.0.0-2.1
close 321998 0.9.21-0.1
close 322583 0.3.8.1-4
close 322853 0.7.1-3.1
close 356739 0.7.1-3.1
close 322961 0.4.3.1.dfsg-0.1
close 322972 9.4.2-2.4
close 323084 0.4.5+cvs200308
close 323160 0.1.10-0.1
close 323355 1.2.11-0.2
close 323725 0.18.2-10.1
close 323942 0.4.0-4.1
close 324371 4.3-18.1
close 324553 2.9.5.0.37.5.2
close 324558 1.2-release-2.1
close 324579 1.11-6.2
close 324606 1.2-release-2.2
close 324908 0.12.4-4.1
close 325210 2.6.0-1.1
close 325490 0.7.1-1.1
close 325514 0.8.6-1.1
close 326468 0.8.6-1.1
close 325532 2:1.7.12-1
close 327366 2:1.7.12-1
close 329778 2:1.7.12-1
close 332480 2:1.7.12-1
close 325635 0.35-2.1
close 328017 0.35-2.1
close 325835 0.1.12-7.1
close 325851 2:1.7.8-1sarge2
close 325938 0.9.8beta2-4.1
close 327930 0.9.8beta2-4.1
close 326285 0.99.3-5.1
close 326295 0.8.2-5.1
close 373110 0.8.2-5.1
close 379331 0.8.2-5.1
close 379334 0.8.2-5.1
close 326298 0.2.12-2.1
close 326311 0.3.5-1pre1.1
close 326355 2.1.8-2.1
close 326362 0.6-7.2
close 326371 0.90beta1-10.1
close 326372 1.0-0.1
close 326378 0.1.17-4.3
close 326466 6.3.2-2.1
close 347129 6.3.2-2.1
close 347205 6.3.2-2.1
close 326489 0.3.7-2.1
close 326756 1.0.9-1.1
close 365518 1.0.9-1.1
close 327429 1.2-1.1
close 350429 1.2-1.1
close 327911 2.3.5-1.1
close 327718 0.6.0-8.2
close 327933 0.9.2-1.1
close 327936 0.8.5-1.1
close 327970 0.5.1-2.1
close 327984 1.3-2.1
close 327986 0.2.36-4.1
close 291328 0.2.36-4.1
close 327996 1.0-1.1
close 328002 1.0.0-9.1
close 328018 2.1.3-2.1
close 328039 1.18A-2.1
close 328172 1.002-0.2
close 328333 4.1.2-1.1
close 328334 1.34-7.1
close 328335 0.8.2-2.1
close 328352 0.13-3.1
close 328364 0.4.0-test5-2.1
close 329467 1.3.1
close 330446 0.1.83
close 333857 0.1.83
close 330666 6:6.2.4.5-0.2
close 330938 0.5.1-2.2
Changed in mozilla: | |
status: | Fix Committed → Fix Released |
Automatically imported from Debian bug report #329778 http:// bugs.debian. org/329778