Ubuntu

[warty] [CAN-2005-0399][CAN-2005-0401][CAN-2005-0402] Three security vulnerabilities in Firefox 1.0.1

Reported by Debian Bug Importer on 2005-03-24
8
Affects Status Importance Assigned to Milestone
firefox (Debian)
Fix Released
Unknown
firefox (Ubuntu)
High
Thom May

Bug Description

Automatically imported from Debian bug report #301243 http://bugs.debian.org/301243

CVE References

Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #301243 http://bugs.debian.org/301243

Debian Bug Importer (debzilla) wrote :
Download full text (3.4 KiB)

Message-Id: <20050324162807.91676B6EC4@anton>
Date: Thu, 24 Mar 2005 17:28:07 +0100
From: Moritz Muehlenhoff <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: [CAN-2005-0399][CAN-2005-0401][CAN-2005-0402] Three security vulnerabilities
 in Firefox 1.0.1

Package: mozilla-firefox
Version: 1.0-2.37.200411220627
Severity: grave
Tags: security

Three security vulnerabilities have been found in Firefox:
I'm write a collective bugreport for all three vulnerabilities, as you'll they're
all fixed in 1.0.2:

CAN-2005-0399:
An GIF processing error when parsing the obsolete Netscape extension 2 can lead to
an exploitable heap overrun, allowing an attacker to run arbitrary code on the
user's machine.

CAN-2005-0401:
A malicious page that could lure a user into dragging something (such as a fake
scrollbar) can bypass the restriction on opening privileged XUL. The startup
scripts in the XUL will run with enhanced privilege, though the actions taken
upon merely opening most XUL are benign. So far no way to run arbitrary code
supplied by the attacker has been found, but this could be a stepping-stone to
future attacks.

CAN-2005-0402:
If a user bookmarked a malicious page as a Firefox sidebar panel that page could
execute arbitrary programs by opening a privileged page and injecting javascript
into it.

Cheers,
          Moritz

-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.29-univention.1 #1 SMP Thu Jan 27 17:08:46 CET 2005 i686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro

Versions of packages mozilla-firefox depends on:
ii debianutil 2.5.4.1.200308251040 Miscellaneous utilities specific t
ii fontconfig 2.2.1-2.18.200308310006 generic font configuration library
ii libatk1.0- 1.4.1-1.5.200312191610 The ATK accessibility toolkit
ii libc6 2.3.2-9 GNU C Library: Shared libraries an
ii libfontcon 2.2.1-2.18.200308310006 generic font configuration library
ii libfreetyp 2.1.5-2.3.200310081510 FreeType 2 font engine, shared lib
ii libgcc1 1:3.3.2-0pre4.12.200309291809 GCC support library
ii libglib2.0 2.2.2-1.6.200308220957 The GLib library of C routines
ii libgtk2.0- 2.2.2-2.24.200409211203 The GTK+ graphical user interface
ii libidl0 0.8.2-1.4.200308222135 library for parsing CORBA IDL file
ii libjpeg62 6b-5.4.200308222202 The Independent JPEG Group's JPEG
ii libkrb53 1.3-2.5.200308221740 MIT Kerberos runtime libraries
ii libpango1. 1.2.3-1.15.200408231011 Layout and rendering of internatio
ii libpng12-0 1.2.5.0-8.6.200410161035 PNG library - runtime
ii libstdc++5 1:3.3.2-0pre4.12.200309291809 The GNU Standard C++ Library v3
ii libx11-6 4.3.0-0pre1v5.51.200409211658 X Window System protocol client li
ii libxext6 4.3.0-0pre1v5.51.200409211658 X Window System miscellaneous exte
ii libxft2 2.1.2-6.13.200408230823 FreeType-based font drawing librar
ii libxp6 4.3.0-0pre1v5.51.200409211658 X Window System printing extension
ii libxrender 0.8.2-1.3.200308092126 X Rendering Extension client libra
ii libxt6 4.3.0-0pre1v...

Read more...

Download full text (3.2 KiB)

Source: mozilla-firefox
Source-Version: 1.0.2-1

We believe that the bug you reported is fixed in the latest version of
mozilla-firefox, which is due to be installed in the Debian FTP archive:

mozilla-firefox-dom-inspector_1.0.2-1_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-1_i386.deb
mozilla-firefox-gnome-support_1.0.2-1_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-1_i386.deb
mozilla-firefox_1.0.2-1.diff.gz
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-1.diff.gz
mozilla-firefox_1.0.2-1.dsc
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-1.dsc
mozilla-firefox_1.0.2-1_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-1_i386.deb
mozilla-firefox_1.0.2.orig.tar.gz
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Eric Dorland <email address hidden> (supplier of updated mozilla-firefox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 25 Mar 2005 02:30:10 -0500
Source: mozilla-firefox
Binary: mozilla-firefox mozilla-firefox-gnome-support mozilla-firefox-dom-inspector
Architecture: source i386
Version: 1.0.2-1
Distribution: unstable
Urgency: low
Maintainer: Eric Dorland <email address hidden>
Changed-By: Eric Dorland <email address hidden>
Description:
 mozilla-firefox - lightweight web browser based on Mozilla
 mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox
 mozilla-firefox-gnome-support - Support for Gnome in Mozilla Firefox
Closes: 286038 300976 301243
Changes:
 mozilla-firefox (1.0.2-1) unstable; urgency=low
 .
   * New upstream release. Fixes CAN-2005-0399, CAN-2005-0401,
     CAN-2005-0402. (Closes: #301243)
   * debian/control: Update suggest for xprint rename. (Closes: #300976)
   * xpcom/reflect/xptcall/src/md/unix/{Makefile.in,
     xptcinvoke_asm_parisc_linux.s, xptcstubs_asm_parisc_linux.s}: Apply
     patch from Ivar (Contributed by Randolph Chung) to fix Firefox on
     hppa. (Closes: #286038)
Files:
 e1b4f4b62371c4246aef9744fc58b3d8 990 web optional mozilla-firefox_1.0.2-1.dsc
 629a9bdd1e9fa93808ad951583e2ba39 40204410 web optional mozilla-firefox_1.0.2.orig.tar.gz
 bdda824de7eac4e6757a74d50198f627 219322 web optional mozilla-firefox_1.0.2-1.diff.gz
 85e1236d0088a001e9c129683ea41a83 8877364 web optional mozilla-firefox_1.0.2-1_i386.deb
 8c7cf922fec8ed3821b6a24b7a33a6dd 154084 web optional mozilla-firefox-dom-inspector_1.0.2-1_i386.deb
 36686c83c557675a92fe3d10bdcf5f01 51362 web optional mozilla-firefox-gnome-support_1.0.2-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCRD9ZYemOzxbZcMYRAu32AKCbDRtt6rEOshBUj7znDQ11N6hiVgCgnQLJ...

Read more...

Debian Bug Importer (debzilla) wrote :
Download full text (3.4 KiB)

Message-Id: <email address hidden>
Date: Fri, 25 Mar 2005 12:03:24 -0500
From: Eric Dorland <email address hidden>
To: <email address hidden>
Subject: Bug#301243: fixed in mozilla-firefox 1.0.2-1

Source: mozilla-firefox
Source-Version: 1.0.2-1

We believe that the bug you reported is fixed in the latest version of
mozilla-firefox, which is due to be installed in the Debian FTP archive:

mozilla-firefox-dom-inspector_1.0.2-1_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-1_i386.deb
mozilla-firefox-gnome-support_1.0.2-1_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-1_i386.deb
mozilla-firefox_1.0.2-1.diff.gz
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-1.diff.gz
mozilla-firefox_1.0.2-1.dsc
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-1.dsc
mozilla-firefox_1.0.2-1_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-1_i386.deb
mozilla-firefox_1.0.2.orig.tar.gz
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Eric Dorland <email address hidden> (supplier of updated mozilla-firefox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 25 Mar 2005 02:30:10 -0500
Source: mozilla-firefox
Binary: mozilla-firefox mozilla-firefox-gnome-support mozilla-firefox-dom-inspector
Architecture: source i386
Version: 1.0.2-1
Distribution: unstable
Urgency: low
Maintainer: Eric Dorland <email address hidden>
Changed-By: Eric Dorland <email address hidden>
Description:
 mozilla-firefox - lightweight web browser based on Mozilla
 mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox
 mozilla-firefox-gnome-support - Support for Gnome in Mozilla Firefox
Closes: 286038 300976 301243
Changes:
 mozilla-firefox (1.0.2-1) unstable; urgency=low
 .
   * New upstream release. Fixes CAN-2005-0399, CAN-2005-0401,
     CAN-2005-0402. (Closes: #301243)
   * debian/control: Update suggest for xprint rename. (Closes: #300976)
   * xpcom/reflect/xptcall/src/md/unix/{Makefile.in,
     xptcinvoke_asm_parisc_linux.s, xptcstubs_asm_parisc_linux.s}: Apply
     patch from Ivar (Contributed by Randolph Chung) to fix Firefox on
     hppa. (Closes: #286038)
Files:
 e1b4f4b62371c4246aef9744fc58b3d8 990 web optional mozilla-firefox_1.0.2-1.dsc
 629a9bdd1e9fa93808ad951583e2ba39 40204410 web optional mozilla-firefox_1.0.2.orig.tar.gz
 bdda824de7eac4e6757a74d50198f627 219322 web optional mozilla-firefox_1.0.2-1.diff.gz
 85e1236d0088a001e9c129683ea41a83 8877364 web optional mozilla-firefox_1.0.2-1_i386.deb
 8c7cf922fec8ed3821b6a24b7a33a6dd 154084 web optional mozilla-firefox-dom-inspector_1.0.2-1_i386.deb
 36686c83c557675...

Read more...

Martin Pitt (pitti) wrote :

Warty was fixed in USN-155-1.

Changed in firefox:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.