From security@mandriva.com Mon Sep 26 23:55:55 2005 From: Mandriva Security Team To: full-disclosure@lists.grok.org.uk Date: Mon, 26 Sep 2005 21:53:43 -0600 Subject: [Full-disclosure] MDKSA-2005:169 - Updated mozilla-firefox packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: mozilla-firefox Advisory ID: MDKSA-2005:169 Date: September 26th, 2005 Affected versions: 10.2 ______________________________________________________________________ Problem Description: A number of vulnerabilities have been discovered in Mozilla Firefox that have been corrected in version 1.0.7: A bug in the way Firefox processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CAN-2005-2701). A bug in the way Firefox handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CAN-2005-2702). A bug in the way Firefox makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine; however, the default behaviour of the browser is to disallow this (CAN-2005-2703). A bug in the way Firefox implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CAN-2005-2704). An integer overflow in Firefox's JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CAN-2005-2705). A bug in the way Firefox displays about: pages could be used to execute JavaScript with chrome privileges (CAN-2005-2706). A bug in the way Firefox opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CAN-2005-2707). A bug in the way Firefox proceesed URLs on the command line could be used to execute arbitary commands as the user running Firefox; this could be abused by clicking on a supplied link, such as from an instant messaging client (CAN-2005-2968). The updated packages have been patched to address these issues and all users are urged to upgrade immediately. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2706 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2968 http://www.mozilla.org/security/announce/mfsa2005-58.html ______________________________________________________________________ Updated Packages: Mandrakelinux 10.2: aa128125581323ada6917cf71d73af73 10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm c91875aae8fbfb23c684443111ab2bfb 10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm 09d4afd21b17bc091c9087f8669d439b 10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm f287c600ffa5bef0a7865b8942f82223 10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm 78491507510c36caa971c5667a0b39eb 10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.i586.rpm 37a3d3d39c3f29a8a20c062e56ade3eb 10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.i586.rpm d78f74a900992ad5e0904da8b17ba78b 10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 895038bb470beda14c6de3fa5f3fc5ce x86_64/10.2/RPMS/lib64nspr4-1.0.2-9.1.102mdk.x86_64.rpm d0a573b27841bcb358b7a5bf99867fda x86_64/10.2/RPMS/lib64nspr4-devel-1.0.2-9.1.102mdk.x86_64.rpm aa128125581323ada6917cf71d73af73 x86_64/10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm c91875aae8fbfb23c684443111ab2bfb x86_64/10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm b86a14e377368e647a408218871924c7 x86_64/10.2/RPMS/lib64nss3-1.0.2-9.1.102mdk.x86_64.rpm 4bdabb56ef5f8eb4058fcfeca56aba79 x86_64/10.2/RPMS/lib64nss3-devel-1.0.2-9.1.102mdk.x86_64.rpm 09d4afd21b17bc091c9087f8669d439b x86_64/10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm f287c600ffa5bef0a7865b8942f82223 x86_64/10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm 1988da499fd2b06805d6aea3deb0ed72 x86_64/10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.x86_64.rpm c7e70731b9873ebbe6eab2046ecdfe68 x86_64/10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.x86_64.rpm d78f74a900992ad5e0904da8b17ba78b x86_64/10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDOMJHmqjQ0CJFipgRAoBtAKDSjceCU6aIIjgQRD6Ihojew6RB2gCdGoHp ayU11aK6Xq6oIbophmTk96U= =MQPT -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/