Bug#565521: xulrunner: multiple security issues
Michael Gilbert
michael.s.gilbert at gmail.com
Sat Jan 16 17:08:06 UTC 2010
Package: xulrunner
Version: 1.9.1.6-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for xulrunner.
CVE-2009-1597[0]:
| Mozilla Firefox executes DOM calls in response to a javascript: URI in
| the target attribute of a submit element within a form contained in an
| inline PDF file, which might allow remote attackers to bypass intended
| Adobe Acrobat JavaScript restrictions on accessing the document
| object, as demonstrated by a web site that permits PDF uploads by
| untrusted users, and therefore has a shared document.domain between
| the web site and this javascript: URI. NOTE: the researcher reports
| that Adobe's position is "a PDF file is active content."
CVE-2009-2061[1]:
| Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response
| before a successful SSL handshake, which allows man-in-the-middle
| attackers to execute arbitrary web script, in an https site's context,
| by modifying this CONNECT response to specify a 302 redirect to an
| arbitrary https web site.
CVE-2009-2065[2]:
| Mozilla Firefox 3.0.10, and possibly other versions, detects http
| content in https web pages only when the top-level frame uses https,
| which allows man-in-the-middle attackers to execute arbitrary web
| script, in an https site's context, by modifying an http page to
| include an https iframe that references a script file on an http site,
| related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
CVE-2009-4129[3]:
| Race condition in Mozilla Firefox allows remote attackers to produce a
| JavaScript message with a spoofed domain association by writing the
| message in between the document request and document load for a web
| page in a different domain.
CVE-2009-4129[4]:
| Race condition in Mozilla Firefox allows remote attackers to produce a
| JavaScript message with a spoofed domain association by writing the
| message in between the document request and document load for a web
| page in a different domain.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1597
http://security-tracker.debian.org/tracker/CVE-2009-1597
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2061
http://security-tracker.debian.org/tracker/CVE-2009-2061
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2065
http://security-tracker.debian.org/tracker/CVE-2009-2065
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4129
http://security-tracker.debian.org/tracker/CVE-2009-4129
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4129
http://security-tracker.debian.org/tracker/CVE-2009-4129
More information about the pkg-mozilla-maintainers
mailing list