User: Password:
|
|
Subscribe / Log in / New account

Security

A trojan in a Firefox security add-on

By Jake Edge
July 21, 2010

There is an impressive list of Firefox security add-ons that makes up the Web Application Security Penetration Testing collection. It contains many of the most well-known addons (Firebug, Greasemonkey, etc.) along with a whole raft of lesser-known, but still useful add-ons—83 add-ons in all. Folks who install from the collection probably weren't expecting that it might also contain a trojan horse in the form of a password logger, but that's just what the "Mozilla Sniffer" add-on did, as Netcraft recently reported.

The add-on in question was marked as "experimental", which means that it had not undergone the code review that add-ons get before turning off the experimental flag. That flag should make users more wary about installing those add-ons, but since it came from the Mozilla web site, and was listed in the collection, it's not hard to see how users, even seemingly security-conscious ones, might get fooled into installing it. The malware author did try to misdirect users by stating that "the addon was validated by MOZILLA validation", but the download page clearly indicated that it had not been reviewed. In any case, some 1800 users downloaded it, and it was in daily use by 334 at the time it was discovered to be a trojan.

So, what did Mozilla Sniffer do? It didn't only "view and modify HTTP/HTTPS headers" as it claimed, but also checked each form that was submitted to see if there were password fields in the form. If so, it sent the form data, which would include the username and password, and the form destination URL off to a server that was presumably under the malware author's control. Essentially all credentials that were used while the add-on was installed were logged for whatever, undoubtedly nefarious, plan the attacker had.

Mozilla Sniffer was uploaded to addons.mozilla.org on June 6, but its trojan nature was not discovered until July 12. Johann-Peter Hartmann had installed some add-ons from the collection to do some security testing of an online game when he noticed a strange HTTP request being made when he logged into the game. Noticing that it sent the credentials and URL to some IP address he didn't recognize, he started to dig deeper.

Hartmann realized that one of the recently installed add-ons was likely to blame, so he started poking around in the source code for those, looking for the destination URL for the unexpected HTTP request. He found it in the popular (and reviewed by Mozilla) Tamper Data add-on, which was rather surprising. It turns out that Mozilla Sniffer had used Tamper Data's universally unique identifier (UUID) so it was able to overwrite the data in the Tamper Data directory—in effect masquerading as that add-on.

The add-on was quickly removed once Hartmann reported it to security@mozilla.org. Mozilla also put out a security announcement on the add-ons blog, but for a substantial number of users, the damage was already done. Mozilla Sniffer was added to Mozilla's add-on blocklist, which will cause users to be prompted to uninstall the add-on. That should remove the problem going forward, but it is likely that some credentials were sent off to the author's site so affected users should probably change any passwords they used after installing Mozilla Sniffer.

Mozilla is currently working on a proposal to change the add-on review process so that unreviewed add-ons are not available from addons.mozilla.org:

Having unreviewed add-ons exposed to the public, even with low visibility, has been previously identified as an attack vector for hackers. For this reason, we're already working on implementing a new security model for addons.mozilla.org that will require all add-ons to be code-reviewed before they are discoverable in the site.

The new review process would essentially require all add-ons to get at least a preliminary, cursory code review for malicious code before it could appear on the site. Add-ons that had not passed that initial review would not appear when users searched or browsed add-ons. That would remove the implicit—though clearly disclaimed—Mozilla "stamp of approval" for unreviewed add-ons. Even those that pass the preliminary review will still be marked as "unverified" and be subject to a number of limitations (lowered search ranking, click-through warning on install, etc.).

The preliminary review is meant to get the add-on out in front of users fairly quickly so that developers can get feedback before requesting a full review. The full review will take longer, but passing it will give the add-on full privileges at the Mozilla add-on site.

While it is rather ugly for the users affected, the effects of the attack were not all bad. It should help lead to better procedures for reviewing add-ons as well as making it clearer what the limitations of the current review process are. The attack itself wasn't terribly sophisticated, so it would presumably have been detected immediately if a review had been requested. A more subtle attack, that might remain undetected even with a full review, would be much more dangerous.

In the end, installing an add-on requires some level of trust in the author. Reviewers can make mistakes, as can automated review tools. Since Mozilla does not do any vetting of the add-on authors, it would seem possible, likely even, that some day a determined attacker will slip something through Mozilla's review process. That will be a really bad day.

Comments (7 posted)

Brief items

Quote of the week

Presumably if you are submitting to talk at a hacker con, you're familiar with how this goes - talk about something awesome, do live demos, pop shells, drop zero day and you'll be sweet. No vendor shillin', no whitehat illin', and we're all sick of hearing about google hacking and PCI compliance. No extra points for unix beards, apple ][ era tattoos or other ostentatious nerd-uppery.
-- Kiwicon IV CFP

Comments (1 posted)

Adamski: Contextual Identity

Mozilla's Director of Security Engineering, Lucas Adamski, looks at privacy, identity, and security on his blog. "So maybe its not a surprise that many social networks have ended up with privacy egg in their face. Part of the problem is that by presuming that users should have only a single, canonical identity on their network (and indeed, often the entire web), they lack the flexibility for individuals to express their various identities appropriately in different contexts."

Comments (none posted)

Refresh of the Mozilla Security Bug Bounty Program

The Mozilla Security Blog has announced a refresh of the Mozilla security bug bounty. The amount awarded for bugs has gone from $500 to $3000, and bugs for Firefox Mobile and Mozilla services are explicitly included, along with other changes. "In concert with those changes, we are also updating the eligibility language to make it clear that Mozilla reserves the right to disqualify bugs from the bounty payment if the reporter has been deemed to have acted against the best interests of our users. To be very clear, we are not modifying our position regarding payment for publicly disclosed bugs; Mozilla bounty payments are not contingent upon confidential disclosure. While Mozilla strongly encourages researchers to disclose bugs to us privately (and most researchers have), we also believe that researchers should ultimately retain control over when and how the details of their research are disclosed."

Comments (2 posted)

Google: Rebooting responsible disclosure

The Google security blog is carrying a manifesto of sorts on how disclosure of security holes should be handled. "So, is the current take on responsible disclosure working to best protect end users in 2010? Not in all cases, no. The emotionally loaded name suggests that it is the most responsible way to conduct vulnerability research - but if we define being responsible as doing whatever it best takes to make end users safer, we will find a disconnect. We’ve seen an increase in vendors invoking the principles of 'responsible' disclosure to delay fixing vulnerabilities indefinitely, sometimes for years; in that timeframe, these flaws are often rediscovered and used by rogue parties using the same tools and methodologies used by ethical researchers. The important implication of referring to this process as 'responsible' is that researchers who do not comply are seen as behaving improperly. However, the inverse situation is often true: it can be irresponsible to permit a flaw to remain live for such an extended period of time."

Comments (18 posted)

New vulnerabilities

firefox et al: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2010-0654 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1212 CVE-2010-1213 CVE-2010-1215 CVE-2010-2752
Created:July 21, 2010 Updated:November 2, 2010
Description: The firefox browser has been updated to fix yet another long list of scary-looking vulnerabilities.
Alerts:
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
Gentoo 201301-01 firefox 2013-01-07
Debian DSA-2124-1 xulrunner 2010-11-01
Mandriva MDVSA-2010:169 mozilla-thunderbird 2010-09-02
MeeGo MeeGo-SA-10:12 Firefox 2010-08-03
openSUSE openSUSE-SU-2010:0430-4 MozillaThunderbird 2010-08-23
SUSE SUSE-SA:2010:032 MozillaFirefox,MozillaThunderbird,seamonkey 2010-07-30
openSUSE openSUSE-SU-2010:0430-3 MozillaFirefox 2010-07-29
Debian DSA-2075-1 xulrunner 2010-07-27
openSUSE openSUSE-SU-2010:0430-2 MozillaThunderbird 2010-07-27
Ubuntu USN-958-1 thunderbird 2010-07-26
openSUSE openSUSE-SU-2010:0430-1 seamonkey 2010-07-26
Ubuntu USN-930-5 ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp 2010-07-23
Ubuntu USN-930-4 firefox-3.0, firefox-3.5, xulrunner-1.9.2 2010-07-23
Ubuntu USN-957-1 firefox, firefox-3.0, xulrunner-1.9.2 2010-07-23
Fedora FEDORA-2010-11361 sunbird 2010-07-23
Fedora FEDORA-2010-11379 sunbird 2010-07-23
Fedora FEDORA-2010-11361 thunderbird 2010-07-23
Fedora FEDORA-2010-11379 thunderbird 2010-07-23
Fedora FEDORA-2010-11375 galeon 2010-07-23
Fedora FEDORA-2010-11345 galeon 2010-07-23
Fedora FEDORA-2010-11375 perl-Gtk2-MozEmbed 2010-07-23
Fedora FEDORA-2010-11345 perl-Gtk2-MozEmbed 2010-07-23
Fedora FEDORA-2010-11375 gnome-python2-extras 2010-07-23
Fedora FEDORA-2010-11345 gnome-python2-extras 2010-07-23
Fedora FEDORA-2010-11375 gnome-web-photo 2010-07-23
Fedora FEDORA-2010-11345 gnome-web-photo 2010-07-23
Fedora FEDORA-2010-11375 mozvoikko 2010-07-23
Fedora FEDORA-2010-11345 mozvoikko 2010-07-23
Fedora FEDORA-2010-11375 xulrunner 2010-07-23
Fedora FEDORA-2010-11345 xulrunner 2010-07-23
Fedora FEDORA-2010-11363 seamonkey 2010-07-23
Fedora FEDORA-2010-11327 seamonkey 2010-07-23
Fedora FEDORA-2010-11375 firefox 2010-07-23
Red Hat RHSA-2010:0547-01 firefox 2010-07-20
Fedora FEDORA-2010-11345 firefox 2010-07-23
Slackware SSA:2010-202-01 firefox 2010-07-22
CentOS CESA-2010:0547 firefox 2010-07-22

Comments (none posted)

freetype: multiple vulnerabilities

Package(s):freetype CVE #(s):CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527
Created:July 15, 2010 Updated:January 20, 2011
Description:

From the Debian advisory:

Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed.

Alerts:
SUSE SUSE-SU-2012:0553-1 freetype2 2012-04-23
Gentoo 201201-09 freetype 2012-01-23
MeeGo MeeGo-SA-10:34 libtiff 2010-10-09
MeeGo MeeGo-SA-10:33 libsocialweb 2010-10-09
MeeGo MeeGo-SA-10:32 dbus-glib 2010-10-09
MeeGo MeeGo-SA-10:31 freetype 2010-10-09
SUSE SUSE-SR:2010:016 yast2-webclient-patch_updates, perl, openldap2, opera, freetype2/libfreetype6, java-1_6_0-openjdk 2010-08-26
openSUSE openSUSE-SU-2010:0549-1 freetype2 2010-08-25
Fedora FEDORA-2010-15705 freetype 2010-10-05
CentOS CESA-2010:0577 freetype 2010-08-16
CentOS CESA-2010:0578 freetype 2010-08-03
Pardus 2010-100 freetype 2010-08-02
Red Hat RHSA-2010:0578-01 freetype 2010-07-30
Red Hat RHSA-2010:0577-01 freetype 2010-07-30
Mandriva MDVSA-2010:137 freetype2 2010-07-18
Debian DSA-2070-1 freetype 2010-07-14
Ubuntu USN-963-1 freetype 2010-07-20

Comments (none posted)

mlmmj: directory traversal

Package(s):mlmmj CVE #(s):CVE-2009-4896
Created:July 21, 2010 Updated:July 21, 2010
Description: The mlmmj mailing list manager suffers from a directory traversal vulnerability exploitable by remote, authenticated attackers.
Alerts:
Gentoo 201412-08 insight, perl-tk, sourcenav, tk, partimage, bitdefender-console, mlmmj, acl, xinit, gzip, ncompress, liblzw, splashutils, m4, kdm, gtk+, kget, dvipng, beanstalkd, pmount, pam_krb5, gv, lftp, uzbl, slim, iputils, dvbstreamer 2014-12-11
Debian DSA-2073-1 mlmmj 2010-07-20

Comments (none posted)

mozilla products: server spoofing

Package(s):seamonkey firefox CVE #(s):CVE-2010-2751
Created:July 21, 2010 Updated:August 17, 2010
Description: The seamonkey and firefox browsers contain a flaw in the location bar display which could be exploited to make it seem that arbitrary data originates from a secure server.
Alerts:
Gentoo 201301-01 firefox 2013-01-07
CentOS CESA-2010:0546 seamonkey 2010-08-16
SUSE SUSE-SA:2010:032 MozillaFirefox,MozillaThunderbird,seamonkey 2010-07-30
openSUSE openSUSE-SU-2010:0430-3 MozillaFirefox 2010-07-29
Debian DSA-2075-1 xulrunner 2010-07-27
openSUSE openSUSE-SU-2010:0430-1 seamonkey 2010-07-26
Ubuntu USN-930-5 ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp 2010-07-23
Ubuntu USN-930-4 firefox-3.0, firefox-3.5, xulrunner-1.9.2 2010-07-23
Ubuntu USN-957-1 firefox, firefox-3.0, xulrunner-1.9.2 2010-07-23
Fedora FEDORA-2010-11375 galeon 2010-07-23
Fedora FEDORA-2010-11345 galeon 2010-07-23
Fedora FEDORA-2010-11375 perl-Gtk2-MozEmbed 2010-07-23
Fedora FEDORA-2010-11345 perl-Gtk2-MozEmbed 2010-07-23
Fedora FEDORA-2010-11375 gnome-python2-extras 2010-07-23
Fedora FEDORA-2010-11345 gnome-python2-extras 2010-07-23
Fedora FEDORA-2010-11375 gnome-web-photo 2010-07-23
Fedora FEDORA-2010-11345 gnome-web-photo 2010-07-23
Fedora FEDORA-2010-11375 mozvoikko 2010-07-23
Fedora FEDORA-2010-11345 mozvoikko 2010-07-23
Fedora FEDORA-2010-11375 xulrunner 2010-07-23
Fedora FEDORA-2010-11345 xulrunner 2010-07-23
Fedora FEDORA-2010-11363 seamonkey 2010-07-23
Fedora FEDORA-2010-11327 seamonkey 2010-07-23
Fedora FEDORA-2010-11375 firefox 2010-07-23
Fedora FEDORA-2010-11345 firefox 2010-07-23
Red Hat RHSA-2010:0547-01 firefox 2010-07-20
Red Hat RHSA-2010:0546-01 seamonkey 2010-07-20
CentOS CESA-2010:0547 firefox 2010-07-22

Comments (none posted)

openldap: denial of service

Package(s):openldap CVE #(s):CVE-2010-0211 CVE-2010-0212
Created:July 20, 2010 Updated:November 1, 2010
Description: From the Red Hat advisory:

Multiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially-crafted modrdn requests. (CVE-2010-0211, CVE-2010-0212)

Alerts:
Gentoo 201406-36 openldap 2014-06-30
Fedora FEDORA-2010-11319 openldap 2010-07-23
SUSE SUSE-SR:2010:016 yast2-webclient-patch_updates, perl, openldap2, opera, freetype2/libfreetype6, java-1_6_0-openjdk 2010-08-26
openSUSE openSUSE-SU-2010:0546-1 openldap2 2010-08-25
openSUSE openSUSE-SU-2010:0547-1 openldap2 2010-08-25
Fedora FEDORA-2010-11343 openldap 2010-07-23
Ubuntu USN-965-1 openldap, openldap2.2, openldap2.3 2010-08-09
SUSE SUSE-SR:2010:014 OpenOffice_org, apache2-slms, aria2, bogofilter, cifs-mount/samba, clamav, exim, ghostscript-devel, gnutls, krb5, kvirc, lftp, libpython2_6-1_0, libtiff, libvorbis, lxsession, mono-addon-bytefx-data-mysql/bytefx-data-mysql, moodle, openldap2, opera, otrs, popt, postgresql, python-mako, squidGuard, vte, w3m, xmlrpc-c, XFree86/xorg-x11, yast2-webclient 2010-08-02
Debian DSA-2077-1 openldap 2010-07-29
Mandriva MDVSA-2010:142 openldap 2010-07-28
openSUSE openSUSE-SU-2010:0427-1 openldap 2010-07-26
CentOS CESA-2010:0542 openldap 2010-07-21
CentOS CESA-2010:0543 openldap 2010-07-21
Red Hat RHSA-2010:0543-01 openldap 2010-07-20
Red Hat RHSA-2010:0542-01 openldap 2010-07-20

Comments (none posted)

openoffice.org: Python macro security bypass

Package(s):OpenOffice CVE #(s):CVE-2010-0395
Created:July 16, 2010 Updated:November 8, 2010
Description:

From the CVE entry:

OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.

Alerts:
Gentoo 201408-19 openoffice-bin 2014-08-31
Mandriva MDVSA-2010:221 openoffice.org 2010-11-05
SUSE SUSE-SR:2010:014 OpenOffice_org, apache2-slms, aria2, bogofilter, cifs-mount/samba, clamav, exim, ghostscript-devel, gnutls, krb5, kvirc, lftp, libpython2_6-1_0, libtiff, libvorbis, lxsession, mono-addon-bytefx-data-mysql/bytefx-data-mysql, moodle, openldap2, opera, otrs, popt, postgresql, python-mako, squidGuard, vte, w3m, xmlrpc-c, XFree86/xorg-x11, yast2-webclient 2010-08-02
openSUSE openSUSE-SU-2010:0386-1 OpenOffice 2010-07-16

Comments (none posted)

pcsc-lite: privilege escalation

Package(s):pcsc-lite CVE #(s):CVE-2009-4901 CVE-2009-4902
Created:July 15, 2010 Updated:September 24, 2010
Description:

From the Red Hat bugzilla entry:

CVE-2009-4901: The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.

CVE-2009-4902: Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407.

Alerts:
Mandriva MDVSA-2010:189-1 pcsc-lite 2010-09-24
Mandriva MDVSA-2010:189 pcsc-lite 2010-09-24
SUSE SUSE-SR:2010:015 gpg2, krb5, kvirc, libpcsclite1/pcsc-lite, libpython2_6-1_0, libvorbis, libwebkit, squidGuard, strongswan 2010-08-17
openSUSE openSUSE-SU-2010:0500-1 pcsc-lite 2010-08-12
Ubuntu USN-969-1 pcsc-lite 2010-08-05
Red Hat RHSA-2010:0533-01 pcsc-lite 2010-07-14
CentOS CESA-2010:0533 pcsc-lite 2010-07-15

Comments (none posted)

thunderbird: code execution

Package(s):thunderbird CVE #(s):CVE-2010-1211 CVE-2010-1214 CVE-2010-2753
Created:July 21, 2010 Updated:January 21, 2011
Description: Thunderbird suffers from a number of vulnerabilities associated with the processing of malformed HTML content; these could be exploited via a properly-crafted email message to execute arbitrary code.
Alerts:
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
Gentoo 201301-01 firefox 2013-01-07
MeeGo MeeGo-SA-10:24 firefox 2010-09-03
MeeGo MeeGo-SA-10:39 firefox 2010-10-09
SUSE SUSE-SA:2010:056 MozillaFirefox,seamonkey,MozillaThunderbird 2010-11-08
openSUSE openSUSE-SU-2010:0906-1 seamonkey thunderbird 2010-10-28
openSUSE openSUSE-SU-2010:0632-3 mozilla-xulrunner191 2010-10-11
openSUSE openSUSE-SU-2010:0632-2 seamonkey 2010-09-20
openSUSE openSUSE-SU-2010:0632-1 MozillaFirefox 2010-09-17
Mandriva MDVSA-2010:173 firefox 2010-09-11
Mandriva MDVSA-2010:169 mozilla-thunderbird 2010-09-02
openSUSE openSUSE-SU-2010:0430-4 MozillaThunderbird 2010-08-23
CentOS CESA-2010:0546 seamonkey 2010-08-16
Mandriva MDVSA-2010:147 firefox 2010-08-10
CentOS CESA-2010:0544 thunderbird 2010-08-06
Pardus 2010-102 thunderbird 2010-08-02
SUSE SUSE-SA:2010:032 MozillaFirefox,MozillaThunderbird,seamonkey 2010-07-30
openSUSE openSUSE-SU-2010:0430-3 MozillaFirefox 2010-07-29
Debian DSA-2075-1 xulrunner 2010-07-27
openSUSE openSUSE-SU-2010:0430-2 MozillaThunderbird 2010-07-27
Ubuntu USN-958-1 thunderbird 2010-07-26
openSUSE openSUSE-SU-2010:0430-1 seamonkey 2010-07-26
Ubuntu USN-930-5 ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp 2010-07-23
Ubuntu USN-930-4 firefox-3.0, firefox-3.5, xulrunner-1.9.2 2010-07-23
Ubuntu USN-957-1 firefox, firefox-3.0, xulrunner-1.9.2 2010-07-23
Fedora FEDORA-2010-11361 sunbird 2010-07-23
Fedora FEDORA-2010-11379 sunbird 2010-07-23
Fedora FEDORA-2010-11361 thunderbird 2010-07-23
Fedora FEDORA-2010-11379 thunderbird 2010-07-23
Fedora FEDORA-2010-11375 galeon 2010-07-23
Fedora FEDORA-2010-11345 galeon 2010-07-23
Fedora FEDORA-2010-11375 perl-Gtk2-MozEmbed 2010-07-23
Fedora FEDORA-2010-11345 perl-Gtk2-MozEmbed 2010-07-23
Fedora FEDORA-2010-11375 gnome-python2-extras 2010-07-23
Fedora FEDORA-2010-11345 gnome-python2-extras 2010-07-23
Fedora FEDORA-2010-11375 gnome-web-photo 2010-07-23
Fedora FEDORA-2010-11345 gnome-web-photo 2010-07-23
Fedora FEDORA-2010-11375 mozvoikko 2010-07-23
Fedora FEDORA-2010-11345 mozvoikko 2010-07-23
Fedora FEDORA-2010-11375 xulrunner 2010-07-23
Fedora FEDORA-2010-11345 xulrunner 2010-07-23
Fedora FEDORA-2010-11363 seamonkey 2010-07-23
Fedora FEDORA-2010-11327 seamonkey 2010-07-23
SUSE SUSE-SA:2010:049 MozillaFirefox,MozillaThunderbird,seamonkey 2010-10-12
Fedora FEDORA-2010-11375 firefox 2010-07-23
Fedora FEDORA-2010-11345 firefox 2010-07-23
Red Hat RHSA-2010:0547-01 firefox 2010-07-20
Red Hat RHSA-2010:0546-01 seamonkey 2010-07-20
Red Hat RHSA-2010:0545-01 thunderbird 2010-07-20
CentOS CESA-2010:0547 firefox 2010-07-22
CentOS CESA-2010:0545 thunderbird 2010-07-22
Red Hat RHSA-2010:0544-01 thunderbird 2010-07-20

Comments (none posted)

thunderbird: information disclosure

Package(s):thunderbird CVE #(s):CVE-2010-2754
Created:July 21, 2010 Updated:September 2, 2010
Description: Thunderbird contains a "same origin bypass flaw" which could be used by remote HTML content to steal data from other HTML content.
Alerts:
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
Gentoo 201301-01 firefox 2013-01-07
Mandriva MDVSA-2010:169 mozilla-thunderbird 2010-09-02
openSUSE openSUSE-SU-2010:0430-4 MozillaThunderbird 2010-08-23
CentOS CESA-2010:0546 seamonkey 2010-08-16
CentOS CESA-2010:0544 thunderbird 2010-08-06
Pardus 2010-102 thunderbird 2010-08-02
SUSE SUSE-SA:2010:032 MozillaFirefox,MozillaThunderbird,seamonkey 2010-07-30
openSUSE openSUSE-SU-2010:0430-3 MozillaFirefox 2010-07-29
Debian DSA-2075-1 xulrunner 2010-07-27
openSUSE openSUSE-SU-2010:0430-2 MozillaThunderbird 2010-07-27
Ubuntu USN-958-1 thunderbird 2010-07-26
openSUSE openSUSE-SU-2010:0430-1 seamonkey 2010-07-26
Ubuntu USN-930-5 ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp 2010-07-23
Ubuntu USN-930-4 firefox-3.0, firefox-3.5, xulrunner-1.9.2 2010-07-23
Ubuntu USN-957-1 firefox, firefox-3.0, xulrunner-1.9.2 2010-07-23
Fedora FEDORA-2010-11361 sunbird 2010-07-23
Fedora FEDORA-2010-11379 sunbird 2010-07-23
Fedora FEDORA-2010-11361 thunderbird 2010-07-23
Fedora FEDORA-2010-11379 thunderbird 2010-07-23
Fedora FEDORA-2010-11375 galeon 2010-07-23
Fedora FEDORA-2010-11345 galeon 2010-07-23
Fedora FEDORA-2010-11375 perl-Gtk2-MozEmbed 2010-07-23
Fedora FEDORA-2010-11345 perl-Gtk2-MozEmbed 2010-07-23
Fedora FEDORA-2010-11375 gnome-python2-extras 2010-07-23
Fedora FEDORA-2010-11345 gnome-python2-extras 2010-07-23
Fedora FEDORA-2010-11375 gnome-web-photo 2010-07-23
Fedora FEDORA-2010-11345 gnome-web-photo 2010-07-23
Fedora FEDORA-2010-11375 mozvoikko 2010-07-23
Fedora FEDORA-2010-11345 mozvoikko 2010-07-23
Fedora FEDORA-2010-11375 xulrunner 2010-07-23
Fedora FEDORA-2010-11345 xulrunner 2010-07-23
Fedora FEDORA-2010-11363 seamonkey 2010-07-23
Fedora FEDORA-2010-11327 seamonkey 2010-07-23
Fedora FEDORA-2010-11375 firefox 2010-07-23
Red Hat RHSA-2010:0547-01 firefox 2010-07-20
Red Hat RHSA-2010:0546-01 seamonkey 2010-07-20
Red Hat RHSA-2010:0545-01 thunderbird 2010-07-20
Red Hat RHSA-2010:0544-01 thunderbird 2010-07-20
Fedora FEDORA-2010-11345 firefox 2010-07-23
Slackware SSA:2010-202-02 thunderbird 2010-07-22
CentOS CESA-2010:0547 firefox 2010-07-22
CentOS CESA-2010:0545 thunderbird 2010-07-22

Comments (none posted)

vte: arbitrary code execution

Package(s):vte CVE #(s):CVE-2010-2713
Created:July 16, 2010 Updated:January 19, 2011
Description:

From the Ubuntu advisory:

Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.

Alerts:
Gentoo 201412-10 egroupware, vte, lft, suhosin, slock, ganglia, gg-transport 2014-12-11
MeeGo MeeGo-SA-10:25 vte 2010-09-03
Mandriva MDVSA-2010:161 vte 2010-08-24
Pardus 2010-111 vte 2010-08-11
SUSE SUSE-SR:2010:014 OpenOffice_org, apache2-slms, aria2, bogofilter, cifs-mount/samba, clamav, exim, ghostscript-devel, gnutls, krb5, kvirc, lftp, libpython2_6-1_0, libtiff, libvorbis, lxsession, mono-addon-bytefx-data-mysql/bytefx-data-mysql, moodle, openldap2, opera, otrs, popt, postgresql, python-mako, squidGuard, vte, w3m, xmlrpc-c, XFree86/xorg-x11, yast2-webclient 2010-08-02
openSUSE openSUSE-SU-2010:0423-1 vte 2010-07-22
Ubuntu USN-962-1 vte 2010-07-15
openSUSE openSUSE-SU-2010:0404-1 vte 2010-07-20

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>


Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds