reinit the tree, so we can have metadata

1 files changed, 96 insertions, 0 deletions

diff --git a/metadata/glsa/glsa-200503-31.xml b/metadata/glsa/glsa-200503-31.xml
new file mode 100644
index 000000000000..3240cb836a4c
--- /dev/null
+++ b/metadata/glsa/glsa-200503-31.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200503-31">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>
+    Mozilla Firefox 1.0.2 fixes new security vulnerabilities, including the
+    remote execution of arbitrary code through malicious GIF images or
+    sidebars.
+  </synopsis>
+  <product type="ebuild">Firefox</product>
+  <announced>2005-03-25</announced>
+  <revised>2005-03-25: 01</revised>
+  <bug>86148</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/mozilla-firefox" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2</unaffected>
+      <vulnerable range="lt">1.0.2</vulnerable>
+    </package>
+    <package name="www-client/mozilla-firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2</unaffected>
+      <vulnerable range="lt">1.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Mozilla Firefox is the popular next-generation browser from the
+    Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>
+    The following vulnerabilities were found and fixed in Mozilla
+    Firefox:
+    </p>
+    <ul>
+    <li>Mark Dowd from ISS X-Force reported an
+    exploitable heap overrun in the GIF processing of obsolete Netscape
+    extension 2 (CAN-2005-0399)</li>
+    <li>Kohei Yoshino discovered that a
+    page bookmarked as a sidebar could bypass privileges control
+    (CAN-2005-0402)</li>
+    <li>Michael Krax reported a new way to bypass XUL
+    security restrictions through drag-and-drop of items like scrollbars
+    (CAN-2005-0401)</li>
+    </ul>
+  </description>
+  <impact type="normal">
+    <ul>
+    <li>The GIF heap overflow could be triggered by a malicious GIF
+    image that would end up executing arbitrary code with the rights of the
+    user running Firefox</li>
+    <li>By tricking the user into bookmarking a
+    malicious page as a Sidebar, a remote attacker could potentially
+    execute arbitrary code with the rights of the user running the
+    browser</li>
+    <li>By setting up a malicious website and convincing users
+    to obey very specific drag-and-drop instructions, attackers may
+    leverage drag-and-drop features to bypass XUL security restrictions,
+    which could be used as a stepping stone to exploit other
+    vulnerabilities</li>
+    </ul>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Mozilla Firefox users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-1.0.2"</code>
+    <p>
+    All Mozilla Firefox binary users should upgrade to the latest
+    version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=www-client/mozilla-firefox-bin-1.0.2"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399">CAN-2005-0399</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401">CAN-2005-0401</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0402">CAN-2005-0402</uri>
+    <uri link="https://www.mozilla.org/projects/security/known-vulnerabilities.html">Mozilla Security Advisories</uri>
+  </references>
+  <metadata tag="submitter" timestamp="2005-03-22T09:29:52Z">
+    koon
+  </metadata>
+  <metadata tag="bugReady" timestamp="2005-03-25T12:27:17Z">
+    koon
+  </metadata>
+</glsa>