firefox security patches attached

Noah Meyerhans noahm at debian.org
Fri Sep 23 21:30:30 UTC 2005 

On Fri, Sep 23, 2005 at 03:10:54PM +0200, Alexander Sack wrote:
> So what to do: Please give me feedback on the mfsa_*_short.txt files. 
> They are thought to be included in the changelog  Any suggestions on 
> the content and layout of such changelog entries is welcome.

OK, I've connected CVE references to the bugs fixed by your patch.
Here's an initial attempt at a changelog entry for 1.0.4-2sarge4:

mozilla-firefox (1.0.4-2sarge4) stable-security; urgency=critical

  * MFSA-2005-57 - IDN heap overrun CAN-2005-2871
    Tom Ferris reported a Firefox crash when processing a domain name
    consisting solely of soft-hyphen characters.
  * MFSA-2005-58 - Accumulated vendor advisory for multiple
          Fixes for multiple vulnerabilities with an overall severity of
          "critical" have been released in Mozilla Firefox 1.0.7 and the
          Mozilla Suite 1.7.12

    The patchset aggregates patches that fix issues disclosed by the
    advisory. Issues patched are:
      - Heap overrun in XBM image processing (CAN-2005-2701)
      - Crash on "zero-width non-joiner" sequence (CAN-2005-2702)
      - XMLHttpRequest header spoofing (CAN-2005-2703)
      - Object spoofing using XBL <implements> (CAN-2005-2704)
      - JavaScript integer overflow (CAN-2005-2705)
      - Privilege escalation using about: scheme (CAN-2005-2706)
      - Chrome window spoofing (CAN-2005-2707)
      - Regression fixes
  * MFSA-2005-59 - Command-line handling on Linux allows shell execution
      CAN-2005-2968
          URLs passed to Linux versions of Firefox on the command-line are
          not correctly protected against interpretation by the shell. As a
          result a malicious URL can result in the execution of shell
          commands with the privileges of the user. If Firefox is set as
          the default handler for web URLs then opening a URL in another
          program (for example, links in a mail or chat client) can result
          in shell command execution.


 -- Noah Meyerhans <noahm at debian.org>  Fri, 23 Sep 2005 14:16:01 -0400

Packages to test are building right now.  I'll be away for the weekend
and thus won't be able to follow up on this until Monday at the
earliest.  If Joey or somebody else wants to take over processing of
these packages for the security team, please do.

noah


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20050923/a270af7f/attachment.pgp

More information about the pkg-mozilla-maintainers mailing list