| <?xml version="1.0" encoding="utf-8"?> |
| <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> |
| |
| <glsa id="200507-24"> |
| <title>Mozilla Suite: Multiple vulnerabilities</title> |
| <synopsis> |
| Several vulnerabilities in the Mozilla Suite allow attacks ranging from the |
| execution of javascript code with elevated privileges to information |
| leakage. |
| </synopsis> |
| <product type="ebuild">mozilla</product> |
| <announced>July 26, 2005</announced> |
| <revised>July 26, 2005: 01</revised> |
| <bug>98846</bug> |
| <access>remote</access> |
| <affected> |
| <package name="www-client/mozilla" auto="yes" arch="*"> |
| <unaffected range="ge">1.7.10</unaffected> |
| <vulnerable range="lt">1.7.10</vulnerable> |
| </package> |
| <package name="www-client/mozilla-bin" auto="yes" arch="*"> |
| <unaffected range="ge">1.7.10</unaffected> |
| <vulnerable range="lt">1.7.10</vulnerable> |
| </package> |
| </affected> |
| <background> |
| <p> |
| The Mozilla Suite is an all-in-one Internet application suite |
| including a web browser, an advanced e-mail and newsgroup client, IRC |
| client and HTML editor. |
| </p> |
| </background> |
| <description> |
| <p> |
| The following vulnerabilities were found and fixed in the Mozilla |
| Suite: |
| </p> |
| <ul> |
| <li>"moz_bug_r_a4" and "shutdown" discovered that the |
| Mozilla Suite was improperly cloning base objects (MFSA 2005-56).</li> |
| <li>"moz_bug_r_a4" reported that the suite failed to validate XHTML DOM |
| nodes properly (MFSA 2005-55).</li> |
| <li>Secunia reported that alerts |
| and prompts scripts are presented with the generic title [JavaScript |
| Application] which could lead to tricking a user (MFSA 2005-54).</li> |
| <li>Andreas Sandblad of Secunia reported that top.focus() can be called |
| in the context of a child frame even if the framing page comes from a |
| different origin and has overridden the focus() routine (MFSA |
| 2005-52).</li> |
| <li>Secunia reported that a frame-injection spoofing bug |
| which was fixed in earlier versions, was accidently bypassed in Mozilla |
| Suite 1.7.7 (MFSA 2005-51).</li> |
| <li>"shutdown" reported that |
| InstallVersion.compareTo() might be exploitable. When it gets an object |
| rather than a string, the browser would generally crash with an access |
| violation (MFSA 2005-50).</li> |
| <li>Matthew Mastracci reported that by |
| forcing a page navigation immediately after calling the install method |
| can end up running in the context of the new page selected by the |
| attacker (MFSA 2005-48).</li> |
| <li>"moz_bug_r_a4" reported that XBL |
| scripts run even when Javascript is disabled (MFSA 2005-46).</li> |
| <li> |
| Omar Khan, Jochen, "shutdown" and Matthew Mastracci reported that the |
| Mozilla Suite incorrectly distinguished between true events like mouse |
| clicks or keystrokes and synthetic events generated by a web content |
| (MFSA 2005-45).</li> |
| </ul> |
| </description> |
| <impact type="normal"> |
| <p> |
| A remote attacker could craft malicious web pages that would |
| leverage these issues to inject and execute arbitrary javascript code |
| with elevated privileges, steal cookies or other information from web |
| pages, or spoof content. |
| </p> |
| </impact> |
| <workaround> |
| <p> |
| There is no known workaround at this time. |
| </p> |
| </workaround> |
| <resolution> |
| <p> |
| All Mozilla Suite users should upgrade to the latest version: |
| </p> |
| <code> |
| # emerge --sync |
| # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.10"</code> |
| <p> |
| All Mozilla Suite binary users should upgrade to the latest |
| version: |
| </p> |
| <code> |
| # emerge --sync |
| # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.10"</code> |
| </resolution> |
| <references> |
| <uri link="http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla">Mozilla Foundation Security Advisories</uri> |
| </references> |
| <metadata tag="requester" timestamp="Sat, 23 Jul 2005 18:08:05 +0000"> |
| DerCorny |
| </metadata> |
| <metadata tag="bugReady" timestamp="Sat, 23 Jul 2005 18:09:18 +0000"> |
| DerCorny |
| </metadata> |
| <metadata tag="submitter" timestamp="Sun, 24 Jul 2005 07:24:03 +0000"> |
| adir |
| </metadata> |
| </glsa> |