firefox security patches attached
Noah Meyerhans
noahm at debian.org
Fri Sep 23 21:30:30 UTC 2005
On Fri, Sep 23, 2005 at 03:10:54PM +0200, Alexander Sack wrote:
> So what to do: Please give me feedback on the mfsa_*_short.txt files.
> They are thought to be included in the changelog Any suggestions on
> the content and layout of such changelog entries is welcome.
OK, I've connected CVE references to the bugs fixed by your patch.
Here's an initial attempt at a changelog entry for 1.0.4-2sarge4:
mozilla-firefox (1.0.4-2sarge4) stable-security; urgency=critical
* MFSA-2005-57 - IDN heap overrun CAN-2005-2871
Tom Ferris reported a Firefox crash when processing a domain name
consisting solely of soft-hyphen characters.
* MFSA-2005-58 - Accumulated vendor advisory for multiple
Fixes for multiple vulnerabilities with an overall severity of
"critical" have been released in Mozilla Firefox 1.0.7 and the
Mozilla Suite 1.7.12
The patchset aggregates patches that fix issues disclosed by the
advisory. Issues patched are:
- Heap overrun in XBM image processing (CAN-2005-2701)
- Crash on "zero-width non-joiner" sequence (CAN-2005-2702)
- XMLHttpRequest header spoofing (CAN-2005-2703)
- Object spoofing using XBL <implements> (CAN-2005-2704)
- JavaScript integer overflow (CAN-2005-2705)
- Privilege escalation using about: scheme (CAN-2005-2706)
- Chrome window spoofing (CAN-2005-2707)
- Regression fixes
* MFSA-2005-59 - Command-line handling on Linux allows shell execution
CAN-2005-2968
URLs passed to Linux versions of Firefox on the command-line are
not correctly protected against interpretation by the shell. As a
result a malicious URL can result in the execution of shell
commands with the privileges of the user. If Firefox is set as
the default handler for web URLs then opening a URL in another
program (for example, links in a mail or chat client) can result
in shell command execution.
-- Noah Meyerhans <noahm at debian.org> Fri, 23 Sep 2005 14:16:01 -0400
Packages to test are building right now. I'll be away for the weekend
and thus won't be able to follow up on this until Monday at the
earliest. If Joey or somebody else wants to take over processing of
these packages for the security team, please do.
noah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20050923/a270af7f/attachment.pgp
More information about the pkg-mozilla-maintainers
mailing list