Add 'metadata/glsa/' from commit 'aacff3c55fb52643f95332002ecdb7d439b8e4df'

git-subtree-dir: metadata/glsa
git-subtree-mainline: 3149e13ab601ad3a8f925656fd88567d2626de47
git-subtree-split: aacff3c55fb52643f95332002ecdb7d439b8e4df

1 files changed, 139 insertions, 0 deletions

diff --git a/metadata/glsa/glsa-200503-10.xml b/metadata/glsa/glsa-200503-10.xml
new file mode 100644
index 000000000000..c670e5507758
--- /dev/null
+++ b/metadata/glsa/glsa-200503-10.xml
@@ -0,0 +1,139 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200503-10">
+  <title>Mozilla Firefox: Various vulnerabilities</title>
+  <synopsis>
+    Mozilla Firefox is vulnerable to a local file deletion issue and to various
+    issues allowing to trick the user into trusting fake web sites or
+    interacting with privileged content.
+  </synopsis>
+  <product type="ebuild">Firefox</product>
+  <announced>March 04, 2005</announced>
+  <revised>March 04, 2005: 01</revised>
+  <bug>83267</bug>
+  <access>remote and local</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1</unaffected>
+      <vulnerable range="lt">1.0.1</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0.1</unaffected>
+      <vulnerable range="lt">1.0.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is the popular next-generation browser from the
+    Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were found and fixed in Mozilla
+    Firefox:
+    </p>
+    <ul>
+    <li>Michael Krax reported that plugins can be used
+    to load privileged content and trick the user to interact with it
+    (CAN-2005-0232, CAN-2005-0527)</li>
+    <li>Michael Krax also reported
+    potential spoofing or cross-site-scripting issues through overlapping
+    windows, image drag-and-drop, and by dropping javascript: links on tabs
+    (CAN-2005-0230, CAN-2005-0231, CAN-2005-0591)</li>
+    <li>Daniel de Wildt
+    and Gael Delalleau discovered a memory overwrite in a string library
+    (CAN-2005-0255)</li>
+    <li>Wind Li discovered a possible heap overflow in
+    UTF8 to Unicode conversion (CAN-2005-0592)</li>
+    <li>Eric Johanson
+    reported that Internationalized Domain Name (IDN) features allow
+    homograph attacks (CAN-2005-0233)</li>
+    <li>Mook, Doug Turner, Kohei
+    Yoshino and M. Deaudelin reported various ways of spoofing the SSL
+    "secure site" indicator (CAN-2005-0593)</li>
+    <li>Matt Brubeck reported
+    a possible Autocomplete data leak (CAN-2005-0589)</li>
+    <li>Georgi
+    Guninski discovered that XSLT can include stylesheets from arbitrary
+    hosts (CAN-2005-0588)</li>
+    <li>Secunia discovered a way of injecting
+    content into a popup opened by another website (CAN-2004-1156)</li>
+    <li>Phil Ringnalda reported a possible way to spoof Install source with
+    user:pass@host (CAN-2005-0590)</li>
+    <li>Jakob Balle from Secunia
+    discovered a possible way of spoofing the Download dialog source
+    (CAN-2005-0585)</li>
+    <li>Christian Schmidt reported a potential
+    spoofing issue in HTTP auth prompt tab (CAN-2005-0584)</li>
+    <li>Andreas
+    Sanblad from Secunia discovered a possible way of spoofing the Download
+    dialog using the Content-Disposition header (CAN-2005-0586)</li>
+    <li>Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team
+    discovered that Firefox insecurely creates temporary filenames in
+    /tmp/plugtmp (CAN-2005-0578)</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <ul>
+    <li>By setting up malicious websites and convincing users to
+    follow untrusted links or obey very specific drag-and-drop or download
+    instructions, attackers may leverage the various spoofing issues to
+    fake other websites to get access to confidential information, push
+    users to download malicious files or make them interact with their
+    browser preferences.</li>
+    <li>The temporary directory issue allows
+    local attackers to overwrite arbitrary files with the rights of another
+    local user.</li>
+    <li>The overflow issues, while not thought to be
+    exploitable, may allow a malicious downloaded page to execute arbitrary
+    code with the rights of the user viewing the page.</li>
+    </ul>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose &quot;&gt;=www-client/mozilla-firefox-1.0.1&quot;</code>
+    <p>
+    All Firefox binary users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose &quot;&gt;=www-client/mozilla-firefox-bin-1.0.1&quot;</code>
+  </resolution>
+  <references>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156">CAN-2004-1156</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230">CAN-2005-0230</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231">CAN-2005-0231</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232">CAN-2005-0232</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233">CAN-2005-0233</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255">CAN-2005-0255</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527">CAN-2005-0527</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578">CAN-2005-0578</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584">CAN-2005-0584</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585">CAN-2005-0585</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586">CAN-2005-0586</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588">CAN-2005-0588</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0589">CAN-2005-0589</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590">CAN-2005-0590</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591">CAN-2005-0591</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0592">CAN-2005-0592</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593">CAN-2005-0593</uri>
+    <uri link="http://www.mozilla.org/projects/security/known-vulnerabilities.html">Mozilla Security Advisories</uri>
+  </references>
+  <metadata tag="submitter" timestamp="Fri,  4 Mar 2005 10:53:24 +0000">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="Fri,  4 Mar 2005 12:44:33 +0000">
+    koon
+  </metadata>
+</glsa>