multiple critical security holes prior to Firefox 1.0PR

Automatically imported from Debian bug report #271888 http://bugs.debian.org/271888

Message-Id: <email address hidden>
Date: Wed, 15 Sep 2004 22:33:49 +0200
From: Laszlo Boszormenyi <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: multiple critical security holes prior to Firefox 1.0PR

Package: mozilla-firefox
Version: 0.9.3-4
Severity: critical
Tags: security sid sarge

According to Secunia[1] multiple security bugs found in Firefox, all
fixed in 1.0PR:
Cross Site Scripting
Manipulation of data
Exposure of sensitive information
System access

Regards,
Laszlo/GCS
[1] http://secunia.com/advisories/12526/

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-rc2
Locale: LANG=C, LC_CTYPE=C

Versions of packages mozilla-firefox depends on:
ii debianutils 2.8.4 Miscellaneous utilities specific t
ii fontconfig 2.2.3-1 generic font configuration library
ii libatk1.0-0 1.6.1-3 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-16 GNU C Library: Shared libraries an
ii libfontconfig1 2.2.3-1 generic font configuration library
ii libfreetype6 2.1.7-2.2 FreeType 2 font engine, shared lib
ii libgcc1 1:3.4.1-4sarge1 GCC support library
ii libglib2.0-0 2.4.6-2 The GLib library of C routines
ii libgtk2.0-0 2.4.9-1 The GTK+ graphical user interface
ii libidl0 0.8.3-1 library for parsing CORBA IDL file
ii libjpeg62 6b-9 The Independent JPEG Group's JPEG
ii libpango1.0-0 1.4.1-2 Layout and rendering of internatio
ii libpng12-0 1.2.5.0-7 PNG library - runtime
ii libstdc++5 1:3.3.4-6sarge1.2 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-4 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-4 X Window System miscellaneous exte
ii libxft2 2.1.2-6 FreeType-based font drawing librar
ii libxp6 4.3.0.dfsg.1-4 X Window System printing extension
ii libxrender1 0.8.3-7 X Rendering Extension client libra
ii libxt6 4.3.0.dfsg.1-4 X Toolkit Intrinsics
ii psmisc 21.5-1 Utilities that use the proc filesy
ii xlibs 4.3.0.dfsg.1-4 X Window System client libraries m
ii zlib1g 1:1.2.1.1-7 compression library - runtime

-- no debconf information

Message-ID: <email address hidden>
Date: Thu, 16 Sep 2004 15:10:48 -0400
From: Eric Dorland <email address hidden>
To: Laszlo Boszormenyi <email address hidden>, <email address hidden>
Subject: Re: Bug#271888: multiple critical security holes prior to Firefox 1.0PR

* Laszlo Boszormenyi (<email address hidden>) wrote:
> Package: mozilla-firefox
> Version: 0.9.3-4
> Severity: critical
> Tags: security sid sarge
>
> According to Secunia[1] multiple security bugs found in Firefox, all
> fixed in 1.0PR:
> Cross Site Scripting
> Manipulation of data
> Exposure of sensitive information
> System access

The vulnerability report lists 10 different bugs, I believe only 5 of
them actually apply to firefox:

http://bugzilla.mozilla.org/show_bug.cgi?id=257523
http://bugzilla.mozilla.org/show_bug.cgi?id=256316
http://bugzilla.mozilla.org/show_bug.cgi?id=255067
http://bugzilla.mozilla.org/show_bug.cgi?id=250862
http://bugzilla.mozilla.org/show_bug.cgi?id=253942

Anyone who disagrees with my assessment please let me know. I'll apply
patches and make a new upload tonight.

--
Eric Dorland <email address hidden>
ICQ: #61138586, Jabber: <email address hidden>
1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+
G e h! r- y+
------END GEEK CODE BLOCK------

Once the preview has settled down, and we're building daily CDs again, let's
bring in 1.0PR

Message-Id: <email address hidden>
Date: Thu, 16 Sep 2004 21:47:55 -0400
From: Eric Dorland <email address hidden>
To: <email address hidden>
Subject: Bug#271888: fixed in mozilla-firefox 0.9.3-5

Source: mozilla-firefox
Source-Version: 0.9.3-5

We believe that the bug you reported is fixed in the latest version of
mozilla-firefox, which is due to be installed in the Debian FTP archive:

mozilla-firefox-dom-inspector_0.9.3-5_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_0.9.3-5_i386.deb
mozilla-firefox_0.9.3-5.diff.gz
  to pool/main/m/mozilla-firefox/mozilla-firefox_0.9.3-5.diff.gz
mozilla-firefox_0.9.3-5.dsc
  to pool/main/m/mozilla-firefox/mozilla-firefox_0.9.3-5.dsc
mozilla-firefox_0.9.3-5_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox_0.9.3-5_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Eric Dorland <email address hidden> (supplier of updated mozilla-firefox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 16 Sep 2004 20:06:47 -0400
Source: mozilla-firefox
Binary: mozilla-firefox mozilla-firefox-dom-inspector
Architecture: source i386
Version: 0.9.3-5
Distribution: unstable
Urgency: high
Maintainer: Eric Dorland <email address hidden>
Changed-By: Eric Dorland <email address hidden>
Description:
 mozilla-firefox - lightweight web browser based on Mozilla
 mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox
Closes: 271480 271888
Changes:
 mozilla-firefox (0.9.3-5) unstable; urgency=high
 .
   * debian/update-mozilla-firefox-chrome: Apply another patch form Mike
     Hommey to fix a few more issues in the script. (Closes: #271480)
   * Fixes to Secunia security bugs, ported from bugzilla:
     (Closes: #271888)
     - browser/base/content/browser.js,
       xpfe/communicator/resources/content/contentAreaDD.js: Fix for
       drag and drop exploit, bz#250862.
     - caps/include/nsScriptSecurityManager.h, caps/src/caps.properties,
       caps/src/nsScriptSecurityManager.cpp: Fix for enablePrivilege
       exploit, bz#253942.
     - gfx/src/shared/gfxImageFrame.cpp, gfx/src/windows/nsImageWin.cpp,
       modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp: Fix for various
       overflows in the BMP code, bz#255067.
     - netwerk/dns/src/nsIDNService.cpp: Fix for bug in non-ASCII
       characters in domain names, bz#256316
     - content/xbl/src/nsXBLPrototypeHandler.cpp: Clipboard injection
       fix, bz#257523.
Files:
 99e5fa335e48cbc257abbdbbf7fb8304 933 web optional mozilla-firefox_0.9.3-5.dsc
 aa2da4089971a01fa078d2e5ea05237a 178110 web optional mozilla-firefox_0.9.3-5.diff.gz
 1bd2b52f99e4252633e09cc3a1adef29 9838518 web optional mozilla-firefox_0.9.3-5_i386.deb
 9a2...

 mozilla-firefox (0.99+1.0PR-0ubuntu1) warty; urgency=low
 .
   * New upstream release
     - really fix the default homepage
     - ditch a slew of patches that are upstream
     - fix broken stupidity