diff options
Diffstat (limited to 'metadata/glsa/glsa-200503-10.xml')
| -rw-r--r-- | metadata/glsa/glsa-200503-10.xml | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200503-10.xml b/metadata/glsa/glsa-200503-10.xml new file mode 100644 index 000000000000..4df8a7ef192b --- /dev/null +++ b/metadata/glsa/glsa-200503-10.xml @@ -0,0 +1,138 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="200503-10"> + <title>Mozilla Firefox: Various vulnerabilities</title> + <synopsis> + Mozilla Firefox is vulnerable to a local file deletion issue and to various + issues allowing to trick the user into trusting fake web sites or + interacting with privileged content. + </synopsis> + <product type="ebuild">Firefox</product> + <announced>2005-03-04</announced> + <revised count="01">2005-03-04</revised> + <bug>83267</bug> + <access>remote and local</access> + <affected> + <package name="www-client/mozilla-firefox" auto="yes" arch="*"> + <unaffected range="ge">1.0.1</unaffected> + <vulnerable range="lt">1.0.1</vulnerable> + </package> + <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*"> + <unaffected range="ge">1.0.1</unaffected> + <vulnerable range="lt">1.0.1</vulnerable> + </package> + </affected> + <background> + <p> + Mozilla Firefox is the popular next-generation browser from the + Mozilla project. + </p> + </background> + <description> + <p> + The following vulnerabilities were found and fixed in Mozilla + Firefox: + </p> + <ul> + <li>Michael Krax reported that plugins can be used + to load privileged content and trick the user to interact with it + (CAN-2005-0232, CAN-2005-0527)</li> + <li>Michael Krax also reported + potential spoofing or cross-site-scripting issues through overlapping + windows, image drag-and-drop, and by dropping javascript: links on tabs + (CAN-2005-0230, CAN-2005-0231, CAN-2005-0591)</li> + <li>Daniel de Wildt + and Gael Delalleau discovered a memory overwrite in a string library + (CAN-2005-0255)</li> + <li>Wind Li discovered a possible heap overflow in + UTF8 to Unicode conversion (CAN-2005-0592)</li> + <li>Eric Johanson + reported that Internationalized Domain Name (IDN) features allow + homograph attacks (CAN-2005-0233)</li> + <li>Mook, Doug Turner, Kohei + Yoshino and M. Deaudelin reported various ways of spoofing the SSL + "secure site" indicator (CAN-2005-0593)</li> + <li>Matt Brubeck reported + a possible Autocomplete data leak (CAN-2005-0589)</li> + <li>Georgi + Guninski discovered that XSLT can include stylesheets from arbitrary + hosts (CAN-2005-0588)</li> + <li>Secunia discovered a way of injecting + content into a popup opened by another website (CAN-2004-1156)</li> + <li>Phil Ringnalda reported a possible way to spoof Install source with + user:pass@host (CAN-2005-0590)</li> + <li>Jakob Balle from Secunia + discovered a possible way of spoofing the Download dialog source + (CAN-2005-0585)</li> + <li>Christian Schmidt reported a potential + spoofing issue in HTTP auth prompt tab (CAN-2005-0584)</li> + <li>Andreas + Sanblad from Secunia discovered a possible way of spoofing the Download + dialog using the Content-Disposition header (CAN-2005-0586)</li> + <li>Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team + discovered that Firefox insecurely creates temporary filenames in + /tmp/plugtmp (CAN-2005-0578)</li> + </ul> + </description> + <impact type="normal"> + <ul> + <li>By setting up malicious websites and convincing users to + follow untrusted links or obey very specific drag-and-drop or download + instructions, attackers may leverage the various spoofing issues to + fake other websites to get access to confidential information, push + users to download malicious files or make them interact with their + browser preferences.</li> + <li>The temporary directory issue allows + local attackers to overwrite arbitrary files with the rights of another + local user.</li> + <li>The overflow issues, while not thought to be + exploitable, may allow a malicious downloaded page to execute arbitrary + code with the rights of the user viewing the page.</li> + </ul> + </impact> + <workaround> + <p> + There is no known workaround at this time. + </p> + </workaround> + <resolution> + <p> + All Firefox users should upgrade to the latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.1"</code> + <p> + All Firefox binary users should upgrade to the latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.1"</code> + </resolution> + <references> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156">CAN-2004-1156</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230">CAN-2005-0230</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231">CAN-2005-0231</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232">CAN-2005-0232</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233">CAN-2005-0233</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255">CAN-2005-0255</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527">CAN-2005-0527</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578">CAN-2005-0578</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584">CAN-2005-0584</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585">CAN-2005-0585</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586">CAN-2005-0586</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588">CAN-2005-0588</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0589">CAN-2005-0589</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590">CAN-2005-0590</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591">CAN-2005-0591</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0592">CAN-2005-0592</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593">CAN-2005-0593</uri> + <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html">Mozilla Security Advisories</uri> + </references> + <metadata tag="submitter" timestamp="2005-03-04T10:53:24Z"> + koon + </metadata> + <metadata tag="bugReady" timestamp="2005-03-04T12:44:33Z"> + koon + </metadata> +</glsa> |