| ||||||||||||||||
MeeGo alert MeeGo-SA-10:12 (Firefox)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== == MeeGo-SA-10:12.Firefox Security Advisory MeeGo Project Topic: Multiple Vulnerabilities in Firefox Category: Browser Module: firefox Announced: August 3, 2010 Affects: MeeGo 1.0 Corrected: August 3, 2010 MeeGo BID: 2568, 3601, 3607, 3608, 3609, 3610, 3611, 3614 & 3616 CVE: CVE-2010-1990, CVE-2010-1206, CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203, CVE-2010-1199, CVE-2010-1198, CVE-2010-1197, CVE-2010-1196, CVE-2010-1125, CVE-2008-5913 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://www.MeeGo.com/>. I. Background Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. II. Problem Description CVE-2010-1990: Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. CVSS v2 Base: 5.0 (MEDIUM) Access Vector: Network exploitable CVE-2010-1206: The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network explitable; Victim must voluntarily interact with attack mechanism CVE-2010-1199: Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network explitable; Victim must voluntarily interact with attack mechanism CVE-2010-1198: Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network explitable; Victim must voluntarily interact with attack mechanism CVE-2010-1197: Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network explitable; Victim must voluntarily interact with attack mechanism CVE-2010-1196: Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network explitable; Victim must voluntarily interact with attack mechanism CVE-2010-1125: The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. CVSS v2 Base: 5.8 (MEDIUM) Access Vector: Network explitable; Victim must voluntarily interact with attack mechanism CVE-2008-5913: The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." CVSS v2 Base: 2.1 (LOW) Access Vector: Network exploitable III. Impact CVE-2010-1990: Denial of service due to resource management errors (CWE-399) CVE-2010-1206: Spoofing attack due to incorrect permissions, privileges and access controls (CWE-264) CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203: Denial of service or arbitrary code execution. CVE-2010-1199: Arbitrary code execution due to numeric error (CWE-189) CVE-2010-1198: Arbitrary code execution due to resource management errors (CWE-399) CVE-2010-1197: Cross-site scripting attacks (CWE-79) CVE-2010-1196: Arbitrary code execution via DOM node due to numeric errors (CWE-189) CVE-2010-1125: Sending of selected keystrokes via an information leak (CWE-200) CVE-2008-5913: Information disclosure IV. Workaround None V. Solution Update to package firefox-3.6.7-4.1 or later. VI. References http://bugs.meego.com/show_bug.cgi?id=2568 http://bugs.meego.com/show_bug.cgi?id=3601 http://bugs.meego.com/show_bug.cgi?id=3607 http://bugs.meego.com/show_bug.cgi?id=3608 http://bugs.meego.com/show_bug.cgi?id=3609 http://bugs.meego.com/show_bug.cgi?id=3610 http://bugs.meego.com/show_bug.cgi?id=3611 http://bugs.meego.com/show_bug.cgi?id=3614 http://bugs.meego.com/show_bug.cgi?id=3616 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-... http://cwe.mitre.org/data/definitions/399.html http://cwe.mitre.org/data/definitions/264.html http://cwe.mitre.org/data/definitions/189.html http://cwe.mitre.org/data/definitions/79.html http://cwe.mitre.org/data/definitions/200.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (Darwin) iQEcBAEBAgAGBQJMeEOMAAoJECxjfBlj7RcKHIUH/ibJE8Dows2qglh86CmN7lx7 3Bw33n/XWqra7ENyO7WkqNPYFmlNXU1alF2un1Ja2fuyg7jVHWfI6JenNEQUpAbS YcsrdbbGSe+58kbAn0LmaFgpEffpPBdZ0EYKkaSl00nx8dzzppThQgw3LwqDP7ck Z23/eV1ZLvNXmudHTuavy7WIZ3h/nK1JJMOK6iBEu/Ws4dC2KeXT3G2R3B77SHol MeZyJxxIRGaSkcjw5mqNjiowRr9qvpLH65RviwjHGvGFB2QuGIYMaOZpAOGXVKDQ 84Vx4HCuWZ2R5hXOUnocb2oPyJD6rWyX3l3v094kN6grtAQTW4ZFjhSUb8Q3MtA= =PWOp -----END PGP SIGNATURE----- _______________________________________________ MeeGo-security mailing list MeeGo-security@meego.com http://lists.meego.com/listinfo/meego-security (Log in to post comments)
|
||||||||||||||||