diff options
Diffstat (limited to 'xml/htdocs/security/en/glsa/glsa-200608-02.xml')
-rw-r--r-- | xml/htdocs/security/en/glsa/glsa-200608-02.xml | 131 |
1 files changed, 131 insertions, 0 deletions
diff --git a/xml/htdocs/security/en/glsa/glsa-200608-02.xml b/xml/htdocs/security/en/glsa/glsa-200608-02.xml new file mode 100644 index 00000000..bbabe7f2 --- /dev/null +++ b/xml/htdocs/security/en/glsa/glsa-200608-02.xml @@ -0,0 +1,131 @@ +<?xml version="1.0" encoding="utf-8"?> +<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?> +<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> + +<glsa id="200608-02"> + <title>Mozilla SeaMonkey: Multiple vulnerabilities</title> + <synopsis> + The Mozilla Foundation has reported numerous security vulnerabilities + related to Mozilla SeaMonkey. + </synopsis> + <product type="ebuild">SeaMonkey</product> + <announced>August 03, 2006</announced> + <revised>August 03, 2006: 01</revised> + <bug>141842</bug> + <access>remote</access> + <affected> + <package name="www-client/seamonkey" auto="yes" arch="*"> + <unaffected range="ge">1.0.3</unaffected> + <vulnerable range="lt">1.0.3</vulnerable> + </package> + </affected> + <background> + <p> + The Mozilla SeaMonkey project is a community effort to deliver + production-quality releases of code derived from the application + formerly known as "Mozilla Application Suite". + </p> + </background> + <description> + <p> + The following vulnerabilities have been reported: + </p> + <ul> + <li>Benjamin Smedberg discovered that chrome URL's could be made to + reference remote files.</li> + <li>Developers in the Mozilla community + looked for and fixed several crash bugs to improve the stability of + Mozilla clients, which could lead to the execution of arbitrary code by + a remote attacker.</li> + <li>"shutdown" reports that cross-site + scripting (XSS) attacks could be performed using the construct + XPCNativeWrapper(window).Function(...), which created a function that + appeared to belong to the window in question even after it had been + navigated to the target site.</li> + <li>"shutdown" reports that scripts + granting the UniversalBrowserRead privilege can leverage that into the + equivalent of the far more powerful UniversalXPConnect since they are + allowed to "read" into a privileged context.</li> + <li>"moz_bug_r_a4" + reports that A malicious Proxy AutoConfig (PAC) server could serve a + PAC script that can execute code with elevated privileges by setting + the required FindProxyForURL function to the eval method on a + privileged object that leaked into the PAC sandbox.</li> + <li>"moz_bug_r_a4" discovered that Named JavaScript functions have a + parent object created using the standard Object() constructor + (ECMA-specified behavior) and that this constructor can be redefined by + script (also ECMA-specified behavior).</li> + <li>Igor Bukanov and + shutdown found additional places where an untimely garbage collection + could delete a temporary object that was in active use.</li> + <li>Georgi + Guninski found potential integer overflow issues with long strings in + the toSource() methods of the Object, Array and String objects as well + as string function arguments.</li> + <li>H. D. Moore reported a testcase + that was able to trigger a race condition where JavaScript garbage + collection deleted a temporary variable still being used in the + creation of a new Function object.</li> + <li>A malicious page can hijack + native DOM methods on a document object in another domain, which will + run the attacker's script when called by the victim page.</li> + <li>Secunia Research has discovered a vulnerability which is caused due + to an memory corruption error within the handling of simultaneously + happening XPCOM events. This leads to use of a deleted timer + object.</li> + <li>An anonymous researcher for TippingPoint and the Zero + Day Initiative showed that when used in a web page Java would reference + properties of the window.navigator object as it started up.</li> + <li>Thilo Girmann discovered that in certain circumstances a JavaScript + reference to a frame or window was not properly cleared when the + referenced content went away.</li> + </ul> + </description> + <impact type="normal"> + <p> + A user can be enticed to open specially crafted URLs, visit webpages + containing malicious JavaScript or execute a specially crafted script. + These events could lead to the execution of arbitrary code, or the + installation of malware on the user's computer. + </p> + </impact> + <workaround> + <p> + There is no known workaround at this time. + </p> + </workaround> + <resolution> + <p> + All Thunderbird users should upgrade to the latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.0.3"</code> + </resolution> + <references> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113">CVE-2006-3113</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677">CVE-2006-3677</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801">CVE-2006-3801</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802">CVE-2006-3802</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803">CVE-2006-3803</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804">CVE-2006-3804</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805">CVE-2006-3805</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806">CVE-2006-3806</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807">CVE-2006-3807</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808">CVE-2006-3808</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809">CVE-2006-3809</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810">CVE-2006-3810</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811">CVE-2006-3811</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812">CVE-2006-3812</uri> + </references> + <metadata tag="requester" timestamp="Fri, 28 Jul 2006 14:37:24 +0000"> + DerCorny + </metadata> + <metadata tag="submitter" timestamp="Fri, 28 Jul 2006 18:00:11 +0000"> + dizzutch + </metadata> + <metadata tag="bugReady" timestamp="Thu, 03 Aug 2006 16:55:20 +0000"> + DerCorny + </metadata> +</glsa> |