100 lines
3.7 KiB
XML
100 lines
3.7 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
|
|
<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
|
|
<glsa id="200507-14">
|
|
<title>Mozilla Firefox: Multiple vulnerabilities</title>
|
|
<synopsis>
|
|
Several vulnerabilities in Mozilla Firefox allow attacks ranging from
|
|
execution of script code with elevated privileges to information leak.
|
|
</synopsis>
|
|
<product type="ebuild">mozilla</product>
|
|
<announced>July 15, 2005</announced>
|
|
<revised>July 15, 2005: 01</revised>
|
|
<bug>95199</bug>
|
|
<access>remote</access>
|
|
<affected>
|
|
<package name="www-client/mozilla-firefox" auto="yes" arch="*">
|
|
<unaffected range="ge">1.0.5</unaffected>
|
|
<vulnerable range="lt">1.0.5</vulnerable>
|
|
</package>
|
|
<package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
|
|
<unaffected range="ge">1.0.5</unaffected>
|
|
<vulnerable range="lt">1.0.5</vulnerable>
|
|
</package>
|
|
</affected>
|
|
<background>
|
|
<p>
|
|
Mozilla Firefox is the next-generation web browser from the
|
|
Mozilla project.
|
|
</p>
|
|
</background>
|
|
<description>
|
|
<p>
|
|
The following vulnerabilities were found and fixed in Mozilla
|
|
Firefox:
|
|
</p>
|
|
<ul>
|
|
<li>"moz_bug_r_a4" and "shutdown" discovered that
|
|
Firefox was improperly cloning base objects (MFSA 2005-56).</li>
|
|
<li>Michael Krax reported that Firefox was not correctly handling
|
|
JavaScript URLs from external applications (MFSA 2005-53), and that the
|
|
"Set as wallpaper" function in versions 1.0.3 and 1.0.4 could be abused
|
|
to load JavaScript (MFSA 2005-47).</li>
|
|
<li>Several researchers
|
|
reported ways to trick Firefox into accepting events generated by web
|
|
content (MFSA 2005-45).</li>
|
|
<li>Kohei Yoshino discovered a new way to
|
|
inject script from the sidebar panel using data: (MFSA 2005-49).</li>
|
|
<li>"moz_bug_r_a4" reported that Firefox failed to validate XHTML DOM
|
|
nodes properly (MFSA 2005-55), and that XBL scripts ran even when
|
|
Javascript is disabled (MFSA 2005-46).</li>
|
|
<li>"shutdown" discovered a
|
|
possibly exploitable crash in InstallVersion.compareTo (MFSA
|
|
2005-50).</li>
|
|
<li>Finally, Secunia discovered that a child frame can
|
|
call top.focus() even if the framing page comes from a different origin
|
|
and has overridden the focus() routine (MFSA 2005-52), and that the
|
|
frame injection spoofing bug fixed in 1.0.2 was mistakenly reintroduced
|
|
in 1.0.3 and 1.0.4 (MFSA 2005-51).</li>
|
|
</ul>
|
|
</description>
|
|
<impact type="normal">
|
|
<p>
|
|
A remote attacker could craft malicious web pages that would
|
|
leverage these issues to inject and execute arbitrary script code with
|
|
elevated privileges, steal cookies or other information from web pages,
|
|
or spoof content.
|
|
</p>
|
|
</impact>
|
|
<workaround>
|
|
<p>
|
|
There are no known workarounds for all the issues at this time.
|
|
</p>
|
|
</workaround>
|
|
<resolution>
|
|
<p>
|
|
All Mozilla Firefox users should upgrade to the latest version:
|
|
</p>
|
|
<code>
|
|
# emerge --sync
|
|
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.5"</code>
|
|
<p>
|
|
All Mozilla Firefox binary users should upgrade to the latest
|
|
version:
|
|
</p>
|
|
<code>
|
|
# emerge --sync
|
|
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.5"</code>
|
|
</resolution>
|
|
<references>
|
|
<uri link="http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox">Mozilla Foundation Security Advisories</uri>
|
|
</references>
|
|
<metadata tag="submitter" timestamp="Wed, 13 Jul 2005 20:26:29 +0000">
|
|
koon
|
|
</metadata>
|
|
<metadata tag="bugReady" timestamp="Fri, 15 Jul 2005 05:32:06 +0000">
|
|
jaervosz
|
|
</metadata>
|
|
</glsa>
|