aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorsimon <simon@FreeBSD.org>2005-09-24 03:19:03 +0800
committersimon <simon@FreeBSD.org>2005-09-24 03:19:03 +0800
commit94aaa730910efb3f014390cc0ff9edcc791e82a8 (patch)
tree94c35526402f538460dbb15639d123f0870251b0 /security
parent3b59a4a4cf1d9bd40077db5b1d16c3c5c59f15c8 (diff)
downloadfreebsd-ports-gnome-94aaa730910efb3f014390cc0ff9edcc791e82a8.tar.gz
freebsd-ports-gnome-94aaa730910efb3f014390cc0ff9edcc791e82a8.tar.zst
freebsd-ports-gnome-94aaa730910efb3f014390cc0ff9edcc791e82a8.zip
- Document mozilla & firefox -- multiple vulnerabilities.
- Add Mozilla Foundation Security Advisory references to two other firefox/mozilla entries.
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml147
1 files changed, 147 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index ff12c089c6e6..10be9af2d0e5 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,149 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="8f5dd74b-2c61-11da-a263-0001020eed82">
+ <topic>mozilla &amp; firefox -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>1.0.7,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><gt>1.0.7</gt></range>
+ </package>
+ <package>
+ <name>mozilla</name>
+ <range><lt>1.7.12,2</lt></range>
+ <range><ge>1.8.*,2</ge></range>
+ </package>
+ <package>
+ <name>linux-mozilla</name>
+ <name>linux-mozilla-devel</name>
+ <range><gt>0</gt></range>
+ </package>
+ <package>
+ <name>netscape7</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <!-- These ports are obsolete. -->
+ <name>de-linux-mozillafirebird</name>
+ <name>el-linux-mozillafirebird</name>
+ <name>ja-linux-mozillafirebird-gtk1</name>
+ <name>ja-mozillafirebird-gtk2</name>
+ <name>linux-mozillafirebird</name>
+ <name>ru-linux-mozillafirebird</name>
+ <name>zhCN-linux-mozillafirebird</name>
+ <name>zhTW-linux-mozillafirebird</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <!-- These package names are obsolete. -->
+ <name>de-linux-netscape</name>
+ <name>de-netscape7</name>
+ <name>fr-linux-netscape</name>
+ <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name>
+ <name>ja-netscape7</name>
+ <name>linux-netscape</name>
+ <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name>
+ <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name>
+ <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name>
+ <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name>
+ <name>phoenix</name>
+ <name>pt_BR-netscape7</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A Mozilla Foundation Security Advisory reports of multiple
+ issues:</p>
+ <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-58.html">
+ <h1>Heap overrun in XBM image processing</h1>
+ <p>jackerror reports that an improperly terminated XBM image
+ ending with space characters instead of the expected end
+ tag can lead to a heap buffer overrun. This appears to be
+ exploitable to install or run malicious code on the user's
+ machine.</p>
+ <p>Thunderbird does not support the XBM format and is not
+ affected by this flaw.</p>
+ <h1>Crash on "zero-width non-joiner" sequence</h1>
+ <p>Mats Palmgren discovered that a reported crash on Unicode
+ sequences with "zero-width non-joiner" characters was due
+ to stack corruption that may be exploitable.</p>
+ <h1>XMLHttpRequest header spoofing</h1>
+ <p>It was possible to add illegal and malformed headers to
+ an XMLHttpRequest. This could have been used to exploit
+ server or proxy flaws from the user's machine, or to fool
+ a server or proxy into thinking a single request was a
+ stream of separate requests. The severity of this
+ vulnerability depends on the value of servers which might
+ be vulnerable to HTTP request smuggling and similar
+ attacks, or which share an IP address (virtual hosting)
+ with the attacker's page.</p>
+ <p>For users connecting to the web through a proxy this flaw
+ could be used to bypass the same-origin restriction on
+ XMLHttpRequests by fooling the proxy into handling a
+ single request as multiple pipe-lined requests directed at
+ arbitrary hosts. This could be used, for example, to read
+ files on intranet servers behind a firewall.</p>
+ <h1>Object spoofing using XBL &lt;implements&gt;</h1>
+ <p>moz_bug_r_a4 demonstrated a DOM object spoofing bug
+ similar to <a
+ href="http://www.mozilla.org/security/announce/mfsa2005-55.html">MFSA
+ 2005-55</a> using an XBL control that &lt;implements&gt;
+ an internal interface. The severity depends on the version
+ of Firefox: investigation so far indicates Firefox 1.0.x
+ releases don't expose any vulnerable functionality to
+ interfaces spoofed in this way, but that early Deer Park
+ Alpha 1 versions did.</p>
+ <p>XBL was changed to no longer allow unprivileged controls
+ from web content to implement XPCOM interfaces.</p>
+ <h1>JavaScript integer overflow</h1>
+ <p>Georgi Guninski reported an integer overflow in the
+ JavaScript engine. We presume this could be exploited to
+ run arbitrary code under favorable conditions.</p>
+ <h1>Privilege escalation using about: scheme</h1>
+ <p>heatsync and shutdown report two different ways to bypass
+ the restriction on loading high privileged "chrome" pages
+ from an unprivileged "about:" page. By itself this is
+ harmless--once the "about" page's privilege is raised the
+ original page no longer has access--but should this be
+ combined with a same-origin violation this could lead to
+ arbitrary code execution.</p>
+ <h1>Chrome window spoofing</h1>
+ <p>moz_bug_r_a4 demonstrates a way to get a blank "chrome"
+ canvas by opening a window from a reference to a closed
+ window. The resulting window is not privileged, but the
+ normal browser UI is missing and can be used to construct
+ a spoof page without any of the safety features of the
+ browser chrome designed to alert users to phishing sites,
+ such as the address bar and the status bar.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2005-2701</cvename>
+ <cvename>CAN-2005-2702</cvename>
+ <cvename>CAN-2005-2703</cvename>
+ <cvename>CAN-2005-2704</cvename>
+ <cvename>CAN-2005-2705</cvename>
+ <cvename>CAN-2005-2706</cvename>
+ <cvename>CAN-2005-2707</cvename>
+ <url>http://www.mozilla.org/security/announce/mfsa2005-58.html</url>
+ </references>
+ <dates>
+ <discovery>2005-09-22</discovery>
+ <entry>2005-09-23</entry>
+ </dates>
+ </vuln>
+
<vuln vid="2e28cefb-2aee-11da-a263-0001020eed82">
<topic>mozilla &amp; firefox -- command line URL shell command injection</topic>
<affects>
@@ -112,10 +255,12 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
<cvename>CAN-2005-2968</cvename>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=307185</url>
<url>http://secunia.com/advisories/16869/</url>
+ <url>http://www.mozilla.org/security/announce/mfsa2005-59.html</url>
</references>
<dates>
<discovery>2005-09-06</discovery>
<entry>2005-09-22</entry>
+ <modified>2005-09-23</modified>
</dates>
</vuln>
@@ -336,10 +481,12 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
<url>http://marc.theaimsgroup.com/?l=full-disclosure&amp;m=112624614008387</url>
<url>http://www.mozilla.org/security/idn.html</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=307259</url>
+ <url>http://www.mozilla.org/security/announce/mfsa2005-57.html</url>
</references>
<dates>
<discovery>2005-09-08</discovery>
<entry>2005-09-10</entry>
+ <modified>2005-09-23</modified>
</dates>
</vuln>