Bug#308620: pair of security holes

Joey Hess Wed, 11 May 2005 07:08:17 -0700

Package: mozilla-firefox
Version: 1.0.3-2
Severity: grave
Tags: security

I'm sure you already know of these, but for the record, firefox is
vulnerale to a pair of new security holes:


CAN-2005-1477

The install function in Firefox 1.0.3 allows remote web sites on the browser's
whitelist, such as update.mozilla.org or addon.mozilla.org, to execute
arbitrary Javascript with chrome privileges, leading to arbitrary code
execution on the system when combined with vulnerabilities such as
CAN-2005-1476, as demonstrated using a javascript: URL as the package icon and
a cross-site scripting (XSS) attack on a vulnerable whitelist site.

CAN-2005-1476

Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other
domains by using an IFRAME and causing the browser to navigate to a previous
javascript: URL, which can lead to arbitrary code execution when combined with
CAN-2005-1477.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages mozilla-firefox depends on:
ii  debianutils          2.13.2              Miscellaneous utilities specific t
ii  fontconfig           2.3.2-1             generic font configuration library
ii  libatk1.0-0          1.8.0-4             The ATK accessibility toolkit
ii  libc6                2.3.2.ds1-21        GNU C Library: Shared libraries an
ii  libfontconfig1       2.3.2-1             generic font configuration library
ii  libfreetype6         2.1.7-2.4           FreeType 2 font engine, shared lib
ii  libgcc1              1:3.4.3-13          GCC support library
ii  libglib2.0-0         2.6.4-1             The GLib library of C routines
ii  libgtk2.0-0          2.6.4-1             The GTK+ graphical user interface 
ii  libidl0              0.8.5-1             library for parsing CORBA IDL file
ii  libjpeg62            6b-10               The Independent JPEG Group's JPEG 
ii  libkrb53             1.3.6-3             MIT Kerberos runtime libraries
ii  libpango1.0-0        1.8.1-1             Layout and rendering of internatio
ii  libpng12-0           1.2.8rel-1          PNG library - runtime
ii  libstdc++5           1:3.3.6-3.0.1       The GNU Standard C++ Library v3
ii  libx11-6             4.3.0.dfsg.1-12.0.1 X Window System protocol client li
ii  libxext6             4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte
ii  libxft2              2.1.7-1             FreeType-based font drawing librar
ii  libxp6               4.3.0.dfsg.1-12.0.1 X Window System printing extension
ii  libxt6               4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics
ii  psmisc               21.6-1              Utilities that use the proc filesy
ii  xlibs                4.3.0.dfsg.1-12     X Keyboard Extension (XKB) configu
ii  zlib1g               1:1.2.2-4           compression library - runtime

-- no debconf information

-- 
see shy jo

signature.asc
Description: Digital signature

Bug#308620: pair of security holes

Reply via email to