diff options
author | Alex Legler <alex@a3li.li> | 2015-03-08 22:02:38 +0100 |
---|---|---|
committer | Alex Legler <alex@a3li.li> | 2015-03-08 22:02:38 +0100 |
commit | a24567fbc43f221b14e805f9bc0b7c6d16911c46 (patch) | |
tree | 910a04fe6ee560ac0eebac55f3cd2781c3519760 /glsa-200503-30.xml | |
download | glsa-a24567fbc43f221b14e805f9bc0b7c6d16911c46.tar.gz glsa-a24567fbc43f221b14e805f9bc0b7c6d16911c46.tar.bz2 glsa-a24567fbc43f221b14e805f9bc0b7c6d16911c46.zip |
Import existing advisories
Diffstat (limited to 'glsa-200503-30.xml')
-rw-r--r-- | glsa-200503-30.xml | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/glsa-200503-30.xml b/glsa-200503-30.xml new file mode 100644 index 00000000..432af8db --- /dev/null +++ b/glsa-200503-30.xml @@ -0,0 +1,140 @@ +<?xml version="1.0" encoding="utf-8"?> +<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?> +<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> + +<glsa id="200503-30"> + <title>Mozilla Suite: Multiple vulnerabilities</title> + <synopsis> + The Mozilla Suite is vulnerable to multiple issues ranging from the remote + execution of arbitrary code to various issues allowing to trick the user + into trusting fake web sites or interacting with privileged content. + </synopsis> + <product type="ebuild">Mozilla</product> + <announced>March 25, 2005</announced> + <revised>March 25, 2005: 01</revised> + <bug>84074</bug> + <access>remote and local</access> + <affected> + <package name="www-client/mozilla" auto="yes" arch="*"> + <unaffected range="ge">1.7.6</unaffected> + <vulnerable range="lt">1.7.6</vulnerable> + </package> + <package name="www-client/mozilla-bin" auto="yes" arch="*"> + <unaffected range="ge">1.7.6</unaffected> + <vulnerable range="lt">1.7.6</vulnerable> + </package> + </affected> + <background> + <p> + The Mozilla Suite is a popular all-in-one web browser that + includes a mail and news reader. + </p> + </background> + <description> + <p> + The following vulnerabilities were found and fixed in the Mozilla + Suite: + </p> + <ul> + <li>Mark Dowd from ISS X-Force reported an exploitable + heap overrun in the GIF processing of obsolete Netscape extension 2 + (CAN-2005-0399)</li> + <li>Michael Krax reported that plugins can be used + to load privileged content and trick the user to interact with it + (CAN-2005-0232, CAN-2005-0527)</li> + <li>Michael Krax also reported + potential spoofing or cross-site-scripting issues through overlapping + windows, image or scrollbar drag-and-drop, and by dropping javascript: + links on tabs (CAN-2005-0230, CAN-2005-0231, CAN-2005-0401, + CAN-2005-0591)</li> + <li>Daniel de Wildt and Gael Delalleau discovered a + memory overwrite in a string library (CAN-2005-0255)</li> + <li>Wind Li + discovered a possible heap overflow in UTF8 to Unicode conversion + (CAN-2005-0592)</li> + <li>Eric Johanson reported that Internationalized + Domain Name (IDN) features allow homograph attacks (CAN-2005-0233)</li> + <li>Mook, Doug Turner, Kohei Yoshino and M. Deaudelin reported various + ways of spoofing the SSL "secure site" indicator (CAN-2005-0593)</li> + <li>Georgi Guninski discovered that XSLT can include stylesheets from + arbitrary hosts (CAN-2005-0588)</li> + <li>Secunia discovered a way of + injecting content into a popup opened by another website + (CAN-2004-1156)</li> + <li>Phil Ringnalda reported a possible way to + spoof Install source with user:pass@host (CAN-2005-0590)</li> + <li>Jakob + Balle from Secunia discovered a possible way of spoofing the Download + dialog source (CAN-2005-0585)</li> + <li>Christian Schmidt reported a + potential spoofing issue in HTTP auth prompt tab (CAN-2005-0584)</li> + <li>Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team + discovered that Mozilla insecurely creates temporary filenames in + /tmp/plugtmp (CAN-2005-0578)</li> + </ul> + </description> + <impact type="normal"> + <ul> + <li>The GIF heap overflow could be triggered by a malicious GIF + image that would end up executing arbitrary code with the rights of the + user running Mozilla. The other overflow issues, while not thought to + be exploitable, would have the same impact</li> + <li>By setting up + malicious websites and convincing users to follow untrusted links or + obey very specific drag-and-drop or download instructions, attackers + may leverage the various spoofing issues to fake other websites to get + access to confidential information, push users to download malicious + files or make them interact with their browser preferences</li> + <li>The + temporary directory issue allows local attackers to overwrite arbitrary + files with the rights of another local user</li> + </ul> + </impact> + <workaround> + <p> + There is no known workaround at this time. + </p> + </workaround> + <resolution> + <p> + All Mozilla Suite users should upgrade to the latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.6"</code> + <p> + All Mozilla Suite binary users should upgrade to the latest + version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.6"</code> + </resolution> + <references> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156">CAN-2004-1156</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230">CAN-2005-0230</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231">CAN-2005-0231</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232">CAN-2005-0232</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233">CAN-2005-0233</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255">CAN-2005-0255</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399">CAN-2005-0399</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401">CAN-2005-0401</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527">CAN-2005-0527</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578">CAN-2005-0578</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584">CAN-2005-0584</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585">CAN-2005-0585</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588">CAN-2005-0588</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590">CAN-2005-0590</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591">CAN-2005-0591</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0592">CAN-2005-0592</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593">CAN-2005-0593</uri> + <uri link="http://www.mozilla.org/projects/security/known-vulnerabilities.html">Mozilla Security Advisories</uri> + </references> + <metadata tag="submitter" timestamp="Tue, 22 Mar 2005 09:19:22 +0000"> + koon + </metadata> + <metadata tag="bugReady" timestamp="Fri, 25 Mar 2005 12:49:52 +0000"> + koon + </metadata> +</glsa> |