javascript crasher

Automatically imported from Debian bug report #318723 http://bugs.debian.org/318723

Message-ID: <email address hidden>
Date: Sun, 17 Jul 2005 12:47:18 +0300
From: Joey Hess <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: javascript crasher

--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: mozilla-browser
Version: 2:1.7.8-1
Severity: serious
Tags: security

I've successfully crashed this version of mozilla using the proof of
concept exploits linked to from
http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D112008299210033&w=3D2

mozilla-firefox 1.0.5-1 doesn't crash.

This is CAN-2005-2114

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)

Versions of packages mozilla-browser depends on:
ii debconf 1.4.52 Debian configuration managemen=
t sy
ii libatk1.0-0 1.10.1-2 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-22 GNU C Library: Shared librarie=
s an
ii libfontconfig1 2.3.2-1 generic font configuration lib=
rary
ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared=
 lib
ii libgcc1 1:4.0.1-2 GCC support library
ii libglib2.0-0 2.6.5-1 The GLib library of C routines
ii libgtk2.0-0 2.6.8-1 The GTK+ graphical user interf=
ace=20
ii libnspr4 2:1.7.8-1 Netscape Portable Runtime Libr=
ary
ii libpango1.0-0 1.8.1-1 Layout and rendering of intern=
atio
ii libstdc++5 1:3.3.6-7 The GNU Standard C++ Library v3
ii libx11-6 6.8.2.dfsg.1-2 X Window System protocol clien=
t li
ii libxext6 6.8.2.dfsg.1-2 X Window System miscellaneous =
exte
ii libxft2 2.1.7-1 FreeType-based font drawing li=
brar
ii libxp6 6.8.2.dfsg.1-2 X Window System printing exten=
sion
ii libxrender1 1:0.9.0-2 X Rendering Extension client l=
ibra
ii libxt6 6.8.2.dfsg.1-2 X Toolkit Intrinsics
ii psmisc 21.6-1 Utilities that use the proc fi=
lesy
ii xlibs 6.8.2.dfsg.1-2 X Window System client librari=
es m
ii zlib1g 1:1.2.2-9 compression library - runtime

Versions of packages mozilla-browser recommends:
ii mozilla-psm 2:1.7.8-1 The Mozilla Internet applicati=
on s
pn myspell-en-us | myspell-dicti <none> (no description available)

-- debconf information excluded

--=20
see shy jo

--7JfCtLOvnd9MIVvH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC2ikmd8HHehbQuO8RAgVLAKCdVXoLdgtEtu7hcyEzrKAbiewu2ACeJdUj
6bS/qHpNiUv7MEabTQHZvhE=
=aMGx
-----END PGP SIGNATURE-----

--7JfCtLOvnd9MIVvH--

Message-ID: <email address hidden>
Date: Fri, 5 Aug 2005 20:29:24 +0300
From: =?ISO-8859-1?Q?T=F6r=F6k_Edvin?= <email address hidden>
To: <email address hidden>
Cc: <email address hidden>, Joey Hess <email address hidden>
Subject:

tags 318723 +confirmed security
thanks control

The bug is fixed in the new mozilla package in sid, so it should be
moved over to sarge!

Message-Id: <email address hidden>
Date: Tue, 9 Aug 2005 09:43:47 -0400
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: notfound 318723 in 2:1.7.10-1

# Automatically generated email from bts, devscripts version 2.9.4
notfound 318723 2:1.7.10-1

I checked again, doesn't happen any more in mozilla 1.7.10+ and firefox 1.0.6. I
marked CAN-2005-2114 appropriately in ubuntu-cve.

Message-ID: <email address hidden>
Date: Tue, 4 Oct 2005 16:16:57 -0400
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: closing

--wac7ysb48OaltWcw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Version: 2:1.7.10-1

Was fixed in this version.

--=20
see shy jo

--wac7ysb48OaltWcw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDQuM5d8HHehbQuO8RAg1lAJ9QV5mWEcF0CkVCmMPBM1zkwNLxpgCeN/5D
tYaIz9HfIZUOvc6b2b5IkaE=
=JyxY
-----END PGP SIGNATURE-----

--wac7ysb48OaltWcw--

Message-Id: <email address hidden>
Date: Sun, 09 Oct 2005 13:32:45 -0700
From: Alexander Sack <email address hidden>
To: <email address hidden>
Cc: Alexander Sack <email address hidden>, Takuo KITAME <email address hidden>
Subject: Fixed in NMU of mozilla 2:1.7.12-1

tag 318723 + fixed
tag 321644 + fixed
tag 325532 + fixed
tag 327366 + fixed
tag 327455 + fixed
tag 329778 + fixed
tag 332480 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 6 Oct 2005 23:48:00 +0200
Source: mozilla
Binary: mozilla mozilla-calendar mozilla-dom-inspector libnspr4 mozilla-js-debugger mozilla-browser libnss3 libnspr-dev mozilla-chatzilla mozilla-psm mozilla-mailnews libnss-dev mozilla-dev
Architecture: source i386
Version: 2:1.7.12-1
Distribution: unstable
Urgency: high
Maintainer: Takuo KITAME <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4 - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3 - Network Security Service Libraries - runtime
 mozilla - The Mozilla Internet application suite - meta package
 mozilla-browser - The Mozilla Internet application suite - core and browser
 mozilla-calendar - Todo organizer,calendar and reminder,integrated with Mozilla suit
 mozilla-chatzilla - Mozilla Web Browser - irc client
 mozilla-dev - The Mozilla Internet application suite - development files
 mozilla-dom-inspector - A tool for inspecting the DOM of pages in Mozilla.
 mozilla-js-debugger - JavaScript debugger for use with Mozilla
 mozilla-mailnews - The Mozilla Internet application suite - mail and news support
 mozilla-psm - The Mozilla Internet application suite - Personal Security Manage
Closes: 318723 321644 325532 327366 327455 329778 332480
Changes:
 mozilla (2:1.7.12-1) unstable; urgency=high
 .
   * NMU: fixing several security issues and most important RC bugs.
     (Closes: 332480)
   * new upstream version 1.7.12 fixes:
     + [CAN-2005-2871] IDN buffer overflow [MFSA 2005-57] (Closes: 327366)
     + security issue revealed: CAN-2005-2871 (Closes: 327455)
     + mozilla: Multiple security issues fixed in 1.7.12 (Closes: 329778)
     + javascript crasher - unsure about this ... have to test.
       (Closes: 318723)
     + mozilla 1.7.10 version crashes almost immediately (Closes: 321644)
   * applied patch by Steve Langasek <email address hidden> to make mozilla
     build on arm and other archs. (Closes: 325532)
Files:
 766dea59ec7f68b837ea0d42fd5a4188 1093 web optional mozilla_1.7.12-1.dsc
 6b5e421f09fef73ad972c8f6d7f7137b 30586755 web optional mozilla_1.7.12.orig.tar.gz
 0f7b83c1b25d5a6e3811c5d5add782ed 325638 web optional mozilla_1.7.12-1.diff.gz
 ad6d45717329823d52b98a7a5c9436ca 1022 web optional mozilla_1.7.12-1_i386.deb
 79c50292a9d41f7804c6b122d5989eec 9385338 web optional mozilla-browser_1.7.12-1_i386.deb
 d5b7b50bc5dd19ab8e8dc64aa05c12e9 3588608 devel optional mozilla-dev_1.7.12-1_i386.deb
 fdb59d0a9868df3d9bbaf72f3e997fab 1722632 mail ...