Giuseppe Iuculano
2008-Nov-13 14:26 UTC
[Secure-testing-team] Bug#505557: Mozilla Firefox 3 Multiple Vulnerabilities
Package: iceweasel Version: 3.0.3-3 Severity: critical Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The following SA (Secunia Advisory) id was published for Firefox 3. SA32713[1] Description: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user''s system. 1) An error when processing "file:" URIs can be exploited to execute arbitrary JavaScript code with chrome privileges by tricking a user into opening a malicious local file in a tab previously opened for a "chrome:" document or a privileged "about:" URI. 2) Various errors in the layout engine can be exploited to cause memory corruptions and potentially execute arbitrary code. 3) An error in the browser engine can be exploited to cause a crash. For more information see vulnerability #5 in: SA32693 4) An error in the JavaScript engine can be exploited to cause a memory corruption and potentially execute arbitrary code. 5) An error in the browser''s restore feature can be exploited to violate the same-origin policy. For more information see vulnerability #7 in: SA32693 6) An error in the processing of the "http-index-format" MIME type can be exploited to execute arbitrary code. For more information see vulnerability #8 in: SA32693 7) An error in the DOM constructing code can be exploited to dereference uninitialized memory and potentially execute arbitrary code: For more information see vulnerability #9 in: SA32693 8) An error in "nsXMLHttpRequest::NotifyEventListeners()" can be exploited to bypass certain security restrictions. For more information see vulnerability #10 in: SA32693 9) An error can be exploited to manipulate signed JAR files and execute arbitrary JavaScript code in the context of another site. For more information see vulnerability #11 in: SA32693 10) An error exists when parsing E4X documents can be exploited to inject arbitrary XML code. For more information see vulnerability #12 in: SA32693 The vulnerabilities are reported in versions prior to 3.0.4. Solution: Update to version 3.0.4. CVE reference: CVE-2008-0017 CVE-2008-5015 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5019 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 If you fix the vulnerability please also make sure to include the the CVE id in the changelog entry. [1]http://secunia.com/advisories/32713/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkcOQkACgkQNxpp46476arZ+QCfZ9MG8NFbSAMAXKBnB/Lx5BWn 6woAoJ99q6HGzMo1XWDCrNh9swljrkO3 =U3tk -----END PGP SIGNATURE-----