You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
139 lines
6.3 KiB
139 lines
6.3 KiB
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
<glsa id="200503-10">
|
|
<title>Mozilla Firefox: Various vulnerabilities</title>
|
|
<synopsis>
|
|
Mozilla Firefox is vulnerable to a local file deletion issue and to various
|
|
issues allowing to trick the user into trusting fake web sites or
|
|
interacting with privileged content.
|
|
</synopsis>
|
|
<product type="ebuild">Firefox</product>
|
|
<announced>2005-03-04</announced>
|
|
<revised count="01">2005-03-04</revised>
|
|
<bug>83267</bug>
|
|
<access>remote and local</access>
|
|
<affected>
|
|
<package name="www-client/mozilla-firefox" auto="yes" arch="*">
|
|
<unaffected range="ge">1.0.1</unaffected>
|
|
<vulnerable range="lt">1.0.1</vulnerable>
|
|
</package>
|
|
<package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
|
|
<unaffected range="ge">1.0.1</unaffected>
|
|
<vulnerable range="lt">1.0.1</vulnerable>
|
|
</package>
|
|
</affected>
|
|
<background>
|
|
<p>
|
|
Mozilla Firefox is the popular next-generation browser from the
|
|
Mozilla project.
|
|
</p>
|
|
</background>
|
|
<description>
|
|
<p>
|
|
The following vulnerabilities were found and fixed in Mozilla
|
|
Firefox:
|
|
</p>
|
|
<ul>
|
|
<li>Michael Krax reported that plugins can be used
|
|
to load privileged content and trick the user to interact with it
|
|
(CAN-2005-0232, CAN-2005-0527)</li>
|
|
<li>Michael Krax also reported
|
|
potential spoofing or cross-site-scripting issues through overlapping
|
|
windows, image drag-and-drop, and by dropping javascript: links on tabs
|
|
(CAN-2005-0230, CAN-2005-0231, CAN-2005-0591)</li>
|
|
<li>Daniel de Wildt
|
|
and Gael Delalleau discovered a memory overwrite in a string library
|
|
(CAN-2005-0255)</li>
|
|
<li>Wind Li discovered a possible heap overflow in
|
|
UTF8 to Unicode conversion (CAN-2005-0592)</li>
|
|
<li>Eric Johanson
|
|
reported that Internationalized Domain Name (IDN) features allow
|
|
homograph attacks (CAN-2005-0233)</li>
|
|
<li>Mook, Doug Turner, Kohei
|
|
Yoshino and M. Deaudelin reported various ways of spoofing the SSL
|
|
"secure site" indicator (CAN-2005-0593)</li>
|
|
<li>Matt Brubeck reported
|
|
a possible Autocomplete data leak (CAN-2005-0589)</li>
|
|
<li>Georgi
|
|
Guninski discovered that XSLT can include stylesheets from arbitrary
|
|
hosts (CAN-2005-0588)</li>
|
|
<li>Secunia discovered a way of injecting
|
|
content into a popup opened by another website (CAN-2004-1156)</li>
|
|
<li>Phil Ringnalda reported a possible way to spoof Install source with
|
|
user:pass@host (CAN-2005-0590)</li>
|
|
<li>Jakob Balle from Secunia
|
|
discovered a possible way of spoofing the Download dialog source
|
|
(CAN-2005-0585)</li>
|
|
<li>Christian Schmidt reported a potential
|
|
spoofing issue in HTTP auth prompt tab (CAN-2005-0584)</li>
|
|
<li>Andreas
|
|
Sanblad from Secunia discovered a possible way of spoofing the Download
|
|
dialog using the Content-Disposition header (CAN-2005-0586)</li>
|
|
<li>Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team
|
|
discovered that Firefox insecurely creates temporary filenames in
|
|
/tmp/plugtmp (CAN-2005-0578)</li>
|
|
</ul>
|
|
</description>
|
|
<impact type="normal">
|
|
<ul>
|
|
<li>By setting up malicious websites and convincing users to
|
|
follow untrusted links or obey very specific drag-and-drop or download
|
|
instructions, attackers may leverage the various spoofing issues to
|
|
fake other websites to get access to confidential information, push
|
|
users to download malicious files or make them interact with their
|
|
browser preferences.</li>
|
|
<li>The temporary directory issue allows
|
|
local attackers to overwrite arbitrary files with the rights of another
|
|
local user.</li>
|
|
<li>The overflow issues, while not thought to be
|
|
exploitable, may allow a malicious downloaded page to execute arbitrary
|
|
code with the rights of the user viewing the page.</li>
|
|
</ul>
|
|
</impact>
|
|
<workaround>
|
|
<p>
|
|
There is no known workaround at this time.
|
|
</p>
|
|
</workaround>
|
|
<resolution>
|
|
<p>
|
|
All Firefox users should upgrade to the latest version:
|
|
</p>
|
|
<code>
|
|
# emerge --sync
|
|
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.1"</code>
|
|
<p>
|
|
All Firefox binary users should upgrade to the latest version:
|
|
</p>
|
|
<code>
|
|
# emerge --sync
|
|
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.1"</code>
|
|
</resolution>
|
|
<references>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156">CAN-2004-1156</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230">CAN-2005-0230</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231">CAN-2005-0231</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232">CAN-2005-0232</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233">CAN-2005-0233</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255">CAN-2005-0255</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527">CAN-2005-0527</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578">CAN-2005-0578</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584">CAN-2005-0584</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585">CAN-2005-0585</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586">CAN-2005-0586</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588">CAN-2005-0588</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0589">CAN-2005-0589</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590">CAN-2005-0590</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591">CAN-2005-0591</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0592">CAN-2005-0592</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593">CAN-2005-0593</uri>
|
|
<uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html">Mozilla Security Advisories</uri>
|
|
</references>
|
|
<metadata tag="submitter" timestamp="2005-03-04T10:53:24Z">
|
|
koon
|
|
</metadata>
|
|
<metadata tag="bugReady" timestamp="2005-03-04T12:44:33Z">
|
|
koon
|
|
</metadata>
|
|
</glsa>
|