[Frugalware-darcs] homepage-ng: FSA124-firefox
voroskoi
voroskoi at frugalware.org
Mon Feb 26 22:05:19 CET 2007
Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20070226210647-dd049-13c2d2c7e3ec51523d97fd04bd782cba5068ec4d.gz;
[FSA124-firefox
voroskoi <voroskoi at frugalware.org>**20070226210647] {
hunk ./frugalware/xml/security.xml 29
+ <fsa>
+ <id>124</id>
+ <date>2007-02-26</date>
+ <author>voroskoi</author>
+ <package>firefox</package>
+ <vulnerable>1.5.0.9-1siwenna1</vulnerable>
+ <unaffected>1.5.0.10-1siwenna1</unaffected>
+ <bts>http://bugs.frugalware.org/task/1486
+ http://bugs.frugalware.org/task/1692
+ http://bugs.frugalware.org/task/1713
+ http://bugs.frugalware.org/task/1756</bts>
+ <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0801
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995</cve>
+ <desc>Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a user's system.
+ 1) An error in the handling of the "locations.hostname" DOM property can be exploited to bypass certain security restrictions.
+ 2) It is possible to conduct cross-site scripting attacks against sites containing a frame with a "data:" URI as source. Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup.
+ 3) It is possible to open windows containing local files thereby stealing the contents when the full path of a locally saved file containing malicious script code is known. This can be exploited in combination with a flaw in the seeding of the pseudo-random number generator causing downloaded files to be saved to temporary files with a somewhat predictable name. Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup.
+ 4) Browser UI elements like the host name and security indicators can be spoofed using a specially crafted custom cursor and manipulating the CSS3 hotspot property.
+ 5) It may be possible to gain knowledge of sensitive information from a website due to an error resulting in two web pages colliding in the disk cache thereby potentially appending part of one document to the other. Successful exploitation requires that a user is tricked into visiting a malicious website while visiting the target website.
+ 6) Various errors in the Mozilla parser when handling invalid trailing characters in HTML tag attribute names and during processing of UTF-7 content when child frames inherit the character set of its parent window can be exploited to conduct cross-site scripting attacks.
+ 7) A vulnerability in the Password Manager may be exploited to conduct phishing attacks.
+ 8) Multiple memory corruption errors exist in the layout engine, JavaScript engine, and in SVG. Some of these may be exploited to execute arbitrary code on a user's system.
+ 9) An error within the handling of the onUnload event handler and self-modifying document.write() calls can be exploited to corrupt memory and potentially execute arbitrary code.</desc>
+ </fsa>
}
More information about the Frugalware-darcs
mailing list