[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [FLSA-2004:2089] Updated mozilla packages fix security vulnerabilities
From: Dominic Hargreaves <dom () earth ! li>
Date: 2004-10-27 9:17:53
Message-ID: 20041027091751.GA28216 () home ! thedom ! org
[Download RAW message or body]
-----------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated mozilla resolves security vulnerabilities
Advisory ID: FLSA:2089
Issue date: 2004-10-27
Product: Red Hat Linux
Product: Fedora Core
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2089
CVE Names: CAN-2003-0564, CAN-2004-0191, CAN-2003-0594,
CAN-2004-0722, CAN-2004-0597, CAN-2004-0599,
CAN-2004-0757, CAN-2004-0758, CAN-2004-0759,
CAN-2004-0760, CAN-2004-0718, CAN-2004-0761,
CAN-2004-0762, CAN-2004-0763, CAN-2004-0764,
CAN-2004-0765, CAN-2004-0905, CAN-2004-0904,
CAN-2004-0903, CAN-2004-0908, CAN-2004-0902
-----------------------------------------------------------------------
-----------------------------------------------------------------------
1. Topic:
Updated mozilla, galeon and epiphany packages that fix multiple
vulnerabilities are now available.
Mozilla is an open-source Web browser, designed for standards
compliance, performance, and portability.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
3. Problem description:
Note that some of these issues have already been fixed in Redhat 9 and
Fedora Core 1. Please refer to previous advisories for details.
NISCC testing of implementations of the S/MIME protocol uncovered a number
of bugs in NSS versions prior to 3.9. The parsing of unexpected ASN.1
constructs within S/MIME data could cause Mozilla to crash or consume large
amounts of memory. A remote attacker could potentially trigger these bugs
by sending a carefully-crafted S/MIME message to a victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0564 to this issue.
Andreas Sandblad discovered a cross-site scripting issue that affects
various versions of Mozilla. When linking to a new page it is still
possible to interact with the old page before the new page has been
successfully loaded. Any Javascript events will be invoked in the context
of the new page, making cross-site scripting possible if the different
pages belong to different domains. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0191 to
this issue.
Flaws have been found in the cookie path handling between a number of Web
browsers and servers. The HTTP cookie standard allows a Web server
supplying a cookie to a client to specify a subset of URLs on the origin
server to which the cookie applies. Web servers such as Apache do not
filter returned cookies and assume that the client will only send back
cookies for requests that fall within the server-supplied subset of URLs.
However, by supplying URLs that use path traversal (/../) and character
encoding, it is possible to fool many browsers into sending a cookie to a
path outside of the originally-specified subset. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0594 to this issue.
Zen Parse reported improper input validation to the SOAPParameter object
constructor leading to an integer overflow and controllable heap
corruption. Malicious JavaScript could be written to utilize this flaw and
could allow arbitrary code execution. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0722 to
this issue.
During a source code audit, Chris Evans discovered a buffer overflow and
integer overflows which affect the libpng code inside Mozilla. An attacker
could create a carefully crafted PNG file in such a way that it would cause
Mozilla to crash or execute arbitrary code when the image was viewed.
(CAN-2004-0597, CAN-2004-0599)
Zen Parse reported a flaw in the POP3 capability. A malicious POP3 server
could send a carefully crafted response that would cause a heap overflow
and potentially allow execution of arbitrary code as the user running
Mozilla. (CAN-2004-0757)
Marcel Boesch found a flaw that allows a CA certificate to be imported with
a DN the same as that of the built-in CA root certificates, which can cause
a denial of service to SSL pages, as the malicious certificate is treated
as invalid. (CAN-2004-0758)
Met - Martin Hassman reported a flaw in Mozilla that could allow malicious
Javascript code to upload local files from a users machine without
requiring confirmation. (CAN-2004-0759)
Mindlock Security reported a flaw in ftp URI handling. By using a NULL
character (%00) in a ftp URI, Mozilla can be confused into opening a
resource as a different MIME type. (CAN-2004-0760)
Mozilla does not properly prevent a frame in one domain from injecting
content into a frame that belongs to another domain, which facilitates
website spoofing and other attacks, also known as the frame injection
vulnerability. (CAN-2004-0718)
Tolga Tarhan reported a flaw that can allow a malicious webpage to use a
redirect sequence to spoof the security lock icon that makes a webpage
appear to be encrypted. (CAN-2004-0761)
Jesse Ruderman reported a security issue that affects a number of browsers
including Mozilla that could allow malicious websites to install arbitrary
extensions by using interactive events to manipulate the XPInstall Security
dialog box. (CAN-2004-0762)
Emmanouel Kellinis discovered a caching flaw in Mozilla which allows
malicious websites to spoof certificates of trusted websites via
redirects and Javascript that uses the "onunload" method. (CAN-2004-0763)
Mozilla allowed malicious websites to hijack the user interface via the
"chrome" flag and XML User Interface Language (XUL) files. (CAN-2004-0764)
The cert_TestHostName function in Mozilla only checks the hostname portion
of a certificate when the hostname portion of the URI is not a fully
qualified domain name (FQDN). This flaw could be used for spoofing if an
attacker had control of machines on a default DNS search path. (CAN-2004-0765)
Jesse Ruderman discovered a cross-domain scripting bug in Mozilla. If
a user is tricked into dragging a javascript link into another frame or
page, it becomes possible for an attacker to steal or modify sensitive
information from that site. Additionally, if a user is tricked into
dragging two links in sequence to another window (not frame), it is
possible for the attacker to execute arbitrary commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0905 to this issue.
Gael Delalleau discovered an integer overflow which affects the BMP
handling code inside Mozilla. An attacker could create a carefully crafted
BMP file in such a way that it would cause Mozilla to crash or execute
arbitrary code when the image is viewed. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0904 to
this issue.
Georgi Guninski discovered a stack-based buffer overflow in the vCard
display routines. An attacker could create a carefully crafted vCard file
in such a way that it would cause Mozilla to crash or execute arbitrary
code when viewed. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0903 to this issue.
Wladimir Palant discovered a flaw in the way javascript interacts with
the clipboard. It is possible that an attacker could use malicious
javascript code to steal sensitive data which has been copied into the
clipboard. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0908 to this issue.
Georgi Guninski discovered a heap based buffer overflow in the "Send
Page" feature. It is possible that an attacker could construct a link in
such a way that a user attempting to forward it could result in a crash or
arbitrary code execution. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0902 to this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. This assumes that you have yum or
apt-get configured for obtaining Fedora Legacy content. Please visit
http://www.fedoralegacy.org/docs/ for directions on how to configure yum
and apt-get.
5. Bug IDs fixed:
http://bugzilla.fedora.us - 1532 - Mozilla 1.4.2 fixes various vulns
http://bugzilla.fedora.us - 1834 - Mozilla < 1.4.3 multiple flaws
http://bugzilla.fedora.us - 2089 - Mozilla < 1.7.3 multiple flaws
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.4.3-0.7.1.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/galeon-1.2.13-0.7.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.4.3-0.7.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-1.4.3-0.7.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel-1.4.3-0.7.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-inspector-1.4.3-0.7.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-debugger-1.4.3-0.7.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-1.4.3-0.7.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-1.4.3-0.7.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-devel-1.4.3-0.7.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1.4.3-0.7.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-devel-1.4.3-0.7.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/galeon-1.2.13-0.7.1.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.4.3-0.9.1.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/galeon-1.2.13-0.9.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.4.3-0.9.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.4.3-0.9.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1.4.3-0.9.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-inspector-1.4.3-0.9.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debugger-1.4.3-0.9.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.4.3-0.9.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1.4.3-0.9.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-devel-1.4.3-0.9.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.4.3-0.9.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-devel-1.4.3-0.9.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/galeon-1.2.13-0.9.2.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.4.3-1.fc1.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/epiphany-1.0.4-2.4.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.4.3-1.fc1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1.4.3-1.fc1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1.4.3-1.fc1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-inspector-1.4.3-1.fc1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debugger-1.4.3-1.fc1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1.4.3-1.fc1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1.4.3-1.fc1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-devel-1.4.3-1.fc1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.4.3-1.fc1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-devel-1.4.3-1.fc1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/epiphany-1.0.4-2.4.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
---------------------------------------------------------------------------
8b26049e02b8ba752151edbbda3a7ac13550f419 \
redhat/7.3/updates/SRPMS/mozilla-1.4.3-0.7.1.legacy.src.rpm \
d21e84f5b3d17317424b521fe5bb6a1771187532 \
redhat/7.3/updates/SRPMS/galeon-1.2.13-0.7.1.legacy.src.rpm \
367a2c8360f0e8f984a63da7e3e6ccadc692341c \
redhat/7.3/updates/i386/mozilla-1.4.3-0.7.1.legacy.i386.rpm \
3675dc6ec08f513dca4a56b5c26b2632d1d9081e \
redhat/7.3/updates/i386/mozilla-chat-1.4.3-0.7.1.legacy.i386.rpm \
7765e5bf8d219a2337396b65e6983c79a44c9d7b \
redhat/7.3/updates/i386/mozilla-devel-1.4.3-0.7.1.legacy.i386.rpm \
5e363fe99cbad7745de8e93b2420e7281a08c038 \
redhat/7.3/updates/i386/mozilla-dom-inspector-1.4.3-0.7.1.legacy.i386.rpm \
cffefef5b6b67d5e40a4f988503982af9a4cb49b \
redhat/7.3/updates/i386/mozilla-js-debugger-1.4.3-0.7.1.legacy.i386.rpm \
e6d7563bf90f5f6bd4246e2b07097d37ac18e256 \
redhat/7.3/updates/i386/mozilla-mail-1.4.3-0.7.1.legacy.i386.rpm \
e04ab6de0904386e881541234a8604e6283fbd00 \
redhat/7.3/updates/i386/mozilla-nspr-1.4.3-0.7.1.legacy.i386.rpm \
a333e23e084b9d59488db7451b991b3775d3c774 \
redhat/7.3/updates/i386/mozilla-nspr-devel-1.4.3-0.7.1.legacy.i386.rpm \
0611c836e192bed899e30c261e17736c4a5a1b78 \
redhat/7.3/updates/i386/mozilla-nss-1.4.3-0.7.1.legacy.i386.rpm \
04789c2b7516018e0fdbae8c0c24edba98a373b7 \
redhat/7.3/updates/i386/mozilla-nss-devel-1.4.3-0.7.1.legacy.i386.rpm \
14287024fbe57fc555c5e8fa2736d2a708ae2dc6 \
redhat/7.3/updates/i386/galeon-1.2.13-0.7.1.legacy.i386.rpm
4cba85b2190de4bbd96505a0433cad388e3a2e26 \
redhat/9/updates/SRPMS/mozilla-1.4.3-0.9.1.legacy.src.rpm \
f5cf30105dbec5d0f24270e418141ba556df7db0 \
redhat/9/updates/SRPMS/galeon-1.2.13-0.9.2.legacy.src.rpm \
5623fba5418718a38eb47a334866833d5705f809 \
redhat/9/updates/i386/mozilla-1.4.3-0.9.1.legacy.i386.rpm \
17a567dc4151929cd998fa145631a939edb658ea \
redhat/9/updates/i386/mozilla-chat-1.4.3-0.9.1.legacy.i386.rpm \
c94427f671fc72f3198c3947feb1a55e14cb285f \
redhat/9/updates/i386/mozilla-devel-1.4.3-0.9.1.legacy.i386.rpm \
a11eecf474c891edcc64dcb07e85ffef0af17b42 \
redhat/9/updates/i386/mozilla-dom-inspector-1.4.3-0.9.1.legacy.i386.rpm \
eff086a513ad6a62c64e0f5875c8407e706360ed \
redhat/9/updates/i386/mozilla-js-debugger-1.4.3-0.9.1.legacy.i386.rpm \
f11ac30cfc4ef65c0670c381f47b69a342e4db22 \
redhat/9/updates/i386/mozilla-mail-1.4.3-0.9.1.legacy.i386.rpm \
1b69070ca96ef10c60ce7fdb115b730bdf17a5ca \
redhat/9/updates/i386/mozilla-nspr-1.4.3-0.9.1.legacy.i386.rpm \
aa8c04f0b2d3cefed5222c2940240ecfc3780315 \
redhat/9/updates/i386/mozilla-nspr-devel-1.4.3-0.9.1.legacy.i386.rpm \
5cf1c268091e7b88732e8efa58d48cf225e70800 \
redhat/9/updates/i386/mozilla-nss-1.4.3-0.9.1.legacy.i386.rpm \
6911b2dc76ef48c309c425bd2b8d620941b5c023 \
redhat/9/updates/i386/mozilla-nss-devel-1.4.3-0.9.1.legacy.i386.rpm \
d99fb9b15188b9d58ad67051cd3e3468ac02681c \
redhat/9/updates/i386/galeon-1.2.13-0.9.2.legacy.i386.rpm
861196199b25fe56d2f2d990c4eb74fad537a643 \
fedora/1/updates/SRPMS/mozilla-1.4.3-1.fc1.1.legacy.src.rpm \
8dd0c2479974060a9b4c64e7fb7bb7bfe08bfca0 \
fedora/1/updates/SRPMS/epiphany-1.0.4-2.4.legacy.src.rpm \
346049a0d8835253ee9f97249b0ac834cb664bfc \
fedora/1/updates/i386/mozilla-1.4.3-1.fc1.1.legacy.i386.rpm \
4898da95488b5fbb6962613c383f42faaf5ff4ba \
fedora/1/updates/i386/mozilla-chat-1.4.3-1.fc1.1.legacy.i386.rpm \
edc0eeeaf12cc95c4838375c61140c0a12df423b \
fedora/1/updates/i386/mozilla-devel-1.4.3-1.fc1.1.legacy.i386.rpm \
871e5ea09920d2844acd74188202c5f99b177bc9 \
fedora/1/updates/i386/mozilla-dom-inspector-1.4.3-1.fc1.1.legacy.i386.rpm \
75d8796d1e902fa56fc8665850a7027d189bd809 \
fedora/1/updates/i386/mozilla-js-debugger-1.4.3-1.fc1.1.legacy.i386.rpm \
08a55541cc0062892b4ae7e11f12ea041dfdc5c2 \
fedora/1/updates/i386/mozilla-mail-1.4.3-1.fc1.1.legacy.i386.rpm \
a00c8f63b2ac924794e533582adecd979ca5aebb \
fedora/1/updates/i386/mozilla-nspr-1.4.3-1.fc1.1.legacy.i386.rpm \
a3e31f50a30ce3bb9d280bbcd0a941c2910534bd \
fedora/1/updates/i386/mozilla-nspr-devel-1.4.3-1.fc1.1.legacy.i386.rpm \
df50478720c9430b1e9edbcd96323db6bf15c48b \
fedora/1/updates/i386/mozilla-nss-1.4.3-1.fc1.1.legacy.i386.rpm \
ebefb845a937bca2c0655f5dd6d43bdf9759a871 \
fedora/1/updates/i386/mozilla-nss-devel-1.4.3-1.fc1.1.legacy.i386.rpm \
5885ec55134e6bffe7be6e0ec527b668e1f8b262 \
fedora/1/updates/i386/epiphany-1.0.4-2.4.legacy.i386.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
https://rhn.redhat.com/errata/RHSA-2004-110.html
https://rhn.redhat.com/errata/RHSA-2004-383.html
https://rhn.redhat.com/errata/RHSA-2004-486.html
9. Contact:
The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org
---------------------------------------------------------------------
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic