diff options
author | simon <simon@FreeBSD.org> | 2005-09-24 03:19:03 +0800 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2005-09-24 03:19:03 +0800 |
commit | 94aaa730910efb3f014390cc0ff9edcc791e82a8 (patch) | |
tree | 94c35526402f538460dbb15639d123f0870251b0 /security | |
parent | 3b59a4a4cf1d9bd40077db5b1d16c3c5c59f15c8 (diff) | |
download | freebsd-ports-gnome-94aaa730910efb3f014390cc0ff9edcc791e82a8.tar.gz freebsd-ports-gnome-94aaa730910efb3f014390cc0ff9edcc791e82a8.tar.zst freebsd-ports-gnome-94aaa730910efb3f014390cc0ff9edcc791e82a8.zip |
- Document mozilla & firefox -- multiple vulnerabilities.
- Add Mozilla Foundation Security Advisory references to two other
firefox/mozilla entries.
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ff12c089c6e6..10be9af2d0e5 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,149 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="8f5dd74b-2c61-11da-a263-0001020eed82"> + <topic>mozilla & firefox -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>1.0.7,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <range><gt>1.0.7</gt></range> + </package> + <package> + <name>mozilla</name> + <range><lt>1.7.12,2</lt></range> + <range><ge>1.8.*,2</ge></range> + </package> + <package> + <name>linux-mozilla</name> + <name>linux-mozilla-devel</name> + <range><gt>0</gt></range> + </package> + <package> + <name>netscape7</name> + <range><ge>0</ge></range> + </package> + <package> + <!-- These ports are obsolete. --> + <name>de-linux-mozillafirebird</name> + <name>el-linux-mozillafirebird</name> + <name>ja-linux-mozillafirebird-gtk1</name> + <name>ja-mozillafirebird-gtk2</name> + <name>linux-mozillafirebird</name> + <name>ru-linux-mozillafirebird</name> + <name>zhCN-linux-mozillafirebird</name> + <name>zhTW-linux-mozillafirebird</name> + <range><ge>0</ge></range> + </package> + <package> + <!-- These package names are obsolete. --> + <name>de-linux-netscape</name> + <name>de-netscape7</name> + <name>fr-linux-netscape</name> + <name>fr-netscape7</name> + <name>ja-linux-netscape</name> + <name>ja-netscape7</name> + <name>linux-netscape</name> + <name>linux-phoenix</name> + <name>mozilla+ipv6</name> + <name>mozilla-embedded</name> + <name>mozilla-firebird</name> + <name>mozilla-gtk1</name> + <name>mozilla-gtk2</name> + <name>mozilla-gtk</name> + <name>mozilla-thunderbird</name> + <name>phoenix</name> + <name>pt_BR-netscape7</name> + <range><ge>0</ge></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Mozilla Foundation Security Advisory reports of multiple + issues:</p> + <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-58.html"> + <h1>Heap overrun in XBM image processing</h1> + <p>jackerror reports that an improperly terminated XBM image + ending with space characters instead of the expected end + tag can lead to a heap buffer overrun. This appears to be + exploitable to install or run malicious code on the user's + machine.</p> + <p>Thunderbird does not support the XBM format and is not + affected by this flaw.</p> + <h1>Crash on "zero-width non-joiner" sequence</h1> + <p>Mats Palmgren discovered that a reported crash on Unicode + sequences with "zero-width non-joiner" characters was due + to stack corruption that may be exploitable.</p> + <h1>XMLHttpRequest header spoofing</h1> + <p>It was possible to add illegal and malformed headers to + an XMLHttpRequest. This could have been used to exploit + server or proxy flaws from the user's machine, or to fool + a server or proxy into thinking a single request was a + stream of separate requests. The severity of this + vulnerability depends on the value of servers which might + be vulnerable to HTTP request smuggling and similar + attacks, or which share an IP address (virtual hosting) + with the attacker's page.</p> + <p>For users connecting to the web through a proxy this flaw + could be used to bypass the same-origin restriction on + XMLHttpRequests by fooling the proxy into handling a + single request as multiple pipe-lined requests directed at + arbitrary hosts. This could be used, for example, to read + files on intranet servers behind a firewall.</p> + <h1>Object spoofing using XBL <implements></h1> + <p>moz_bug_r_a4 demonstrated a DOM object spoofing bug + similar to <a + href="http://www.mozilla.org/security/announce/mfsa2005-55.html">MFSA + 2005-55</a> using an XBL control that <implements> + an internal interface. The severity depends on the version + of Firefox: investigation so far indicates Firefox 1.0.x + releases don't expose any vulnerable functionality to + interfaces spoofed in this way, but that early Deer Park + Alpha 1 versions did.</p> + <p>XBL was changed to no longer allow unprivileged controls + from web content to implement XPCOM interfaces.</p> + <h1>JavaScript integer overflow</h1> + <p>Georgi Guninski reported an integer overflow in the + JavaScript engine. We presume this could be exploited to + run arbitrary code under favorable conditions.</p> + <h1>Privilege escalation using about: scheme</h1> + <p>heatsync and shutdown report two different ways to bypass + the restriction on loading high privileged "chrome" pages + from an unprivileged "about:" page. By itself this is + harmless--once the "about" page's privilege is raised the + original page no longer has access--but should this be + combined with a same-origin violation this could lead to + arbitrary code execution.</p> + <h1>Chrome window spoofing</h1> + <p>moz_bug_r_a4 demonstrates a way to get a blank "chrome" + canvas by opening a window from a reference to a closed + window. The resulting window is not privileged, but the + normal browser UI is missing and can be used to construct + a spoof page without any of the safety features of the + browser chrome designed to alert users to phishing sites, + such as the address bar and the status bar.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2005-2701</cvename> + <cvename>CAN-2005-2702</cvename> + <cvename>CAN-2005-2703</cvename> + <cvename>CAN-2005-2704</cvename> + <cvename>CAN-2005-2705</cvename> + <cvename>CAN-2005-2706</cvename> + <cvename>CAN-2005-2707</cvename> + <url>http://www.mozilla.org/security/announce/mfsa2005-58.html</url> + </references> + <dates> + <discovery>2005-09-22</discovery> + <entry>2005-09-23</entry> + </dates> + </vuln> + <vuln vid="2e28cefb-2aee-11da-a263-0001020eed82"> <topic>mozilla & firefox -- command line URL shell command injection</topic> <affects> @@ -112,10 +255,12 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. <cvename>CAN-2005-2968</cvename> <url>https://bugzilla.mozilla.org/show_bug.cgi?id=307185</url> <url>http://secunia.com/advisories/16869/</url> + <url>http://www.mozilla.org/security/announce/mfsa2005-59.html</url> </references> <dates> <discovery>2005-09-06</discovery> <entry>2005-09-22</entry> + <modified>2005-09-23</modified> </dates> </vuln> @@ -336,10 +481,12 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. <url>http://marc.theaimsgroup.com/?l=full-disclosure&m=112624614008387</url> <url>http://www.mozilla.org/security/idn.html</url> <url>https://bugzilla.mozilla.org/show_bug.cgi?id=307259</url> + <url>http://www.mozilla.org/security/announce/mfsa2005-57.html</url> </references> <dates> <discovery>2005-09-08</discovery> <entry>2005-09-10</entry> + <modified>2005-09-23</modified> </dates> </vuln> |