From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200509-11.xml | 131 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 metadata/glsa/glsa-200509-11.xml (limited to 'metadata/glsa/glsa-200509-11.xml') diff --git a/metadata/glsa/glsa-200509-11.xml b/metadata/glsa/glsa-200509-11.xml new file mode 100644 index 000000000000..c7248b601b3f --- /dev/null +++ b/metadata/glsa/glsa-200509-11.xml @@ -0,0 +1,131 @@ + + + + Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities + + Mozilla Suite and Firefox are vulnerable to multiple issues, including some + that might be exploited to execute arbitrary code. + + mozilla + 2005-09-18 + 2005-09-29: 02 + 105396 + remote + + + 1.0.7-r2 + 1.0.7-r2 + + + 1.7.12-r2 + 1.7.12-r2 + + + 1.0.7 + 1.0.7 + + + 1.7.12 + 1.7.12 + + + 1.7.12 + 1.7.12 + + + +

+ The Mozilla Suite is a popular all-in-one web browser that includes a + mail and news reader. Mozilla Firefox is the next-generation browser + from the Mozilla project. Gecko is the layout engine used in both + products. +

+ + +

+ The Mozilla Suite and Firefox are both vulnerable to the following + issues: +

+
    +
  • Tom Ferris reported a heap overflow in IDN-enabled browsers with + malicious Host: headers (CAN-2005-2871).
    • +
  • "jackerror" discovered a heap overrun in XBM image processing + (CAN-2005-2701).
    • +
  • Mats Palmgren reported a potentially exploitable stack corruption + using specific Unicode sequences (CAN-2005-2702).
    • +
  • Georgi Guninski discovered an integer overflow in the JavaScript + engine (CAN-2005-2705)
    • +
  • Other issues ranging from DOM object spoofing to request header + spoofing were also found and fixed in the latest versions + (CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707).
    • +
+

+ The Gecko engine in itself is also affected by some of these issues and + has been updated as well. +

+ + +

+ A remote attacker could setup a malicious site and entice a victim to + visit it, potentially resulting in arbitrary code execution with the + victim's privileges or facilitated spoofing of known websites. +

+ + +

+ There is no known workaround for all the issues. +

+ + +

+ All Mozilla Firefox users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.7-r2" +

+ All Mozilla Suite users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.12-r2" +

+ All Mozilla Firefox binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.7" +

+ All Mozilla Suite binary users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.12" +

+ All Gecko library users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/gecko-sdk-1.7.12" +

+ +

+ + + CAN-2005-2701 + CAN-2005-2702 + CAN-2005-2703 + CAN-2005-2704 + CAN-2005-2705 + CAN-2005-2706 + CAN-2005-2707 + CAN-2005-2871 + Mozilla Foundation Security Advisories + + + koon + + + koon + + -- cgit v1.2.3