diff options
| author |   Alex Legler <alex@a3li.li> | 2015-03-08 22:02:38 +0100 |
|---|---|---|
| committer | Alex Legler <alex@a3li.li> | 2015-03-08 22:02:38 +0100 |
| commit | a24567fbc43f221b14e805f9bc0b7c6d16911c46 (patch) | |
| tree | 910a04fe6ee560ac0eebac55f3cd2781c3519760 /glsa-200503-10.xml | |
| download | gentoo-a24567fbc43f221b14e805f9bc0b7c6d16911c46.tar.gz gentoo-a24567fbc43f221b14e805f9bc0b7c6d16911c46.tar.bz2 gentoo-a24567fbc43f221b14e805f9bc0b7c6d16911c46.zip | |
Import existing advisories
Diffstat (limited to 'glsa-200503-10.xml')
| -rw-r--r-- | glsa-200503-10.xml | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/glsa-200503-10.xml b/glsa-200503-10.xml new file mode 100644 index 000000000000..09165f3629e3 --- /dev/null +++ b/glsa-200503-10.xml @@ -0,0 +1,141 @@ +<?xml version="1.0" encoding="utf-8"?> +<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?> +<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> + +<glsa id="200503-10"> + <title>Mozilla Firefox: Various vulnerabilities</title> + <synopsis> + Mozilla Firefox is vulnerable to a local file deletion issue and to various + issues allowing to trick the user into trusting fake web sites or + interacting with privileged content. + </synopsis> + <product type="ebuild">Firefox</product> + <announced>March 04, 2005</announced> + <revised>March 04, 2005: 01</revised> + <bug>83267</bug> + <access>remote and local</access> + <affected> + <package name="www-client/mozilla-firefox" auto="yes" arch="*"> + <unaffected range="ge">1.0.1</unaffected> + <vulnerable range="lt">1.0.1</vulnerable> + </package> + <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*"> + <unaffected range="ge">1.0.1</unaffected> + <vulnerable range="lt">1.0.1</vulnerable> + </package> + </affected> + <background> + <p> + Mozilla Firefox is the popular next-generation browser from the + Mozilla project. + </p> + </background> + <description> + <p> + The following vulnerabilities were found and fixed in Mozilla + Firefox: + </p> + <ul> + <li>Michael Krax reported that plugins can be used + to load privileged content and trick the user to interact with it + (CAN-2005-0232, CAN-2005-0527)</li> + <li>Michael Krax also reported + potential spoofing or cross-site-scripting issues through overlapping + windows, image drag-and-drop, and by dropping javascript: links on tabs + (CAN-2005-0230, CAN-2005-0231, CAN-2005-0591)</li> + <li>Daniel de Wildt + and Gael Delalleau discovered a memory overwrite in a string library + (CAN-2005-0255)</li> + <li>Wind Li discovered a possible heap overflow in + UTF8 to Unicode conversion (CAN-2005-0592)</li> + <li>Eric Johanson + reported that Internationalized Domain Name (IDN) features allow + homograph attacks (CAN-2005-0233)</li> + <li>Mook, Doug Turner, Kohei + Yoshino and M. Deaudelin reported various ways of spoofing the SSL + "secure site" indicator (CAN-2005-0593)</li> + <li>Matt Brubeck reported + a possible Autocomplete data leak (CAN-2005-0589)</li> + <li>Georgi + Guninski discovered that XSLT can include stylesheets from arbitrary + hosts (CAN-2005-0588)</li> + <li>Secunia discovered a way of injecting + content into a popup opened by another website (CAN-2004-1156)</li> + <li>Phil Ringnalda reported a possible way to spoof Install source with + user:pass@host (CAN-2005-0590)</li> + <li>Jakob Balle from Secunia + discovered a possible way of spoofing the Download dialog source + (CAN-2005-0585)</li> + <li>Christian Schmidt reported a potential + spoofing issue in HTTP auth prompt tab (CAN-2005-0584)</li> + <li>Andreas + Sanblad from Secunia discovered a possible way of spoofing the Download + dialog using the Content-Disposition header (CAN-2005-0586)</li> + <li>Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team + discovered that Firefox insecurely creates temporary filenames in + /tmp/plugtmp (CAN-2005-0578)</li> + </ul> + </description> + <impact type="normal"> + <ul> + <li>By setting up malicious websites and convincing users to + follow untrusted links or obey very specific drag-and-drop or download + instructions, attackers may leverage the various spoofing issues to + fake other websites to get access to confidential information, push + users to download malicious files or make them interact with their + browser preferences.</li> + <li>The temporary directory issue allows + local attackers to overwrite arbitrary files with the rights of another + local user.</li> + <li>The overflow issues, while not thought to be + exploitable, may allow a malicious downloaded page to execute arbitrary + code with the rights of the user viewing the page.</li> + </ul> + </impact> + <workaround> + <p> + There is no known workaround at this time. + </p> + </workaround> + <resolution> + <p> + All Firefox users should upgrade to the latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.1"</code> + <p> + All Firefox binary users should upgrade to the latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.1"</code> + </resolution> + <references> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156">CAN-2004-1156</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230">CAN-2005-0230</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231">CAN-2005-0231</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232">CAN-2005-0232</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233">CAN-2005-0233</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255">CAN-2005-0255</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527">CAN-2005-0527</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578">CAN-2005-0578</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584">CAN-2005-0584</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585">CAN-2005-0585</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586">CAN-2005-0586</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588">CAN-2005-0588</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0589">CAN-2005-0589</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590">CAN-2005-0590</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591">CAN-2005-0591</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0592">CAN-2005-0592</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593">CAN-2005-0593</uri> + <uri link="http://www.mozilla.org/projects/security/known-vulnerabilities.html">Mozilla Security Advisories</uri> + </references> + <metadata tag="submitter" timestamp="Fri, 4 Mar 2005 10:53:24 +0000"> + koon + </metadata> + <metadata tag="bugReady" timestamp="Fri, 4 Mar 2005 12:44:33 +0000"> + koon + </metadata> +</glsa> |