Bugzilla – Bug 75692
VUL-0: CVE-2005-1160: severe security bugs in mozilla/firefox
Last modified: 2021-11-08 10:29:56 UTC
https://bugzilla.mozilla.org/show_bug.cgi?id=288688 https://bugzilla.mozilla.org/show_bug.cgi?id=288608 allows reading arbitrary chunks of memory. Not much control over what you get, but snippets of urls and page contents (including gmail, for example) that might prove valuable. chrome urls and property files have shown up, too, presumably a password would end up in there sooner or later. https://bugzilla.mozilla.org/show_bug.cgi?id=288556 A "manual" plugin install can run javascript w/chrome privs.
more description: A) Bug #288556: "Manual plug-in install, javascript vulnerability" Description: Manual plug-in install can run JavaScript w/ chrome priveleges (e.g. change user's homepage). Assessment: dveditz. Highly Critical. Warrants respin. Reporter: Omar Khan; mromarkhan@gmail.com security B) Bug #288688: "Access memory vulnerability" Description: Reading of arbitrary chunks of memory. Not much control over what you get, but snippets of urls and page contents (including gmail, for example) can be recorded that might prove valuable. chrome urls and property files have shown up, too, presumably a password would end up in there sooner or later. Assessment: dveditz. tbd. Does not warrant respin Reporter: http://cubic.xfo.org.ru/firefox-bug/index.html; Vladimir V. Perepelista, inthrax@list.ru Public
mozilla.org will release a firefox 1.0.3 version and mozilla 1.7.7. For mozilla we should leave our version numbers IMHO but I expect that NLD team will want anyway for Firefox the version 1.0.3. Version change approved for SUSE Linux?
firefox 1.0.3 only has 4 bugs fixed (the two above, 1 only for MacOS X and one in the installer (which we don't use)). So no more changes which could break anything.
swampid: 809
i am using this patchinfo text: This update contains the security fixes done for Mozilla Firefox 1.0.3 release, including: - A flaw in the JavaScript regular expression handling of Mozilla based browser can lead to disclosure of browser memory, potentially exposing private data from webpages viewed or passwords or similar data sent to other webpages. This flaw could also crash the browser. - With manual plugin install it was possible for the plugin to execute javascript code with the installing users privileges. DESCRIPTION_DE: Dieses Update beinhaltet die Sicherheitsfixes für die Mozilla Firefox 1.0.3 Version, insbesondere: - Ein Fehler in der JavaScript Regular Expressions Implementierung von Mozilla erlaubt es Speicher des Browsers zu lesen, was potentiell entfernten Angreifern mittels spezieller Webpages erlaubt private Daten aus anderen Mozilla Fenstern / Webseiten des Benutzers zu lesen. Auch kann der Browser durch diesen Fehler abstürzen. - Mit manueller Plugin Installation war es dem Plugin möglich JavaScript Code mit Benutzerrechten auszuführen.
we will get more security fixes within the update: For now: https://bugzilla.mozilla.org/show_bug.cgi?id=244177 "nsScanner::Append() can overwrite the storage in the buffer it allocates." current CVE mapping: CAN-2005-0751 Mozilla bug 244177 CAN-2005-0752 Mozilla bug 288556 Firefox 1.0.3 and 1.1 has been postponed because of 7 new bugreports concerning security bugs.
CAN-2005-0989 Mozilla bug 288688
OK, here is a list of the security bugs fixed in firefox 1.0.3 and mozilla 1.7.7: MFSA 2005-33 Javascript "lambda" replace exposes memory contents CAN-2005-0989 MFSA 2005-34 javascript: PLUGINSPAGE code execution CAN-2005-0752 MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context MFSA 2005-36 Cross-site scripting through global scope pollution MFSA 2005-37 Code execution through javascript: favicons MFSA 2005-38 Search plugin cross-site scripting MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II MFSA 2005-40 Missing Install object instance checks MFSA 2005-41 Privilege escalation via DOM property overrides
I still don't know if I am allowed to make a version upgrade for 9.0-9.3. Andreas? Then we would have two more possibilities: 1. just exchange the source archive for older version 2. move all previous packages to current (read 9.3) package with all improvements we made
Kelli, we have the fixed version already checked in for NLD SP2. How to proceed in terms of the security fix before SP2? We could just release the current SP2 package before SP2 or we could just take the 1.0.3 sources but without all our improvements around the package for SP2.
Regarding #9 and SUSE Linux: You're allowed to do the upgrade and I propose to use 2.
andreas, can we upgrade the mozilla suite packages too where possible?
Let's just not do more than *one* version update every 6 months. So, if you think it's needed now to make your life easier for the next 6 months, then go ahead.
thanks Andreas. The point here is that we would like to update the 9.1 version from 1.6 to 1.7.7. If we do this, it might be good to have the later versions on 1.7.7 in addition. In fact it doesn't make much difference code-wise. If we would take all security fixes between 1.7.2 or 1.7.5 we shipped we have almost 1.7.7 anyway. It's only a matter of testing the dependencies.
the 9.1/sles9 version upgrade was already approved by both rf and aj. I think we can leave mozilla of the other products at their current version for now and save the upgrade option for some later time.
will use this patchinfo description: This update contains the security fixes done for Mozilla Firefox 1.0.3 release, including: - MFSA 2005-33,CAN-2005-0989: A flaw in the JavaScript regular expression handling of Mozilla based browser can lead to disclosure of browser memory, potentially exposing private data from webpages viewed or passwords or similar data sent to other webpages. This flaw could also crash the browser. - MFSA 2005-34,CAN-2005-0752: With manual plugin install it was possible for the plugin to execute javascript code with the installing users privileges. - MFSA 2005-35,CAN-2005-1153: Showing blocked javascript: popup uses wrong privilege context, this could be used for a privilege escalation (installing malicious plugins). - MFSA 2005-36,CAN-2005-1154: Cross-site scripting through global scope pollution, this could lead to an attacker being able to run code in foreign websites context, potentially sniffing information or performing actions in that context. - MFSA 2005-37,CAN-2005-1155,"firelinking": Code execution through javascript: favicons, which could be used for a privilege escalation. - MFSA 2005-38,CAN-2005-1157,CAN-2005-1156,"firesearching": Search plugin cross-site scripting. - MFSA 2005-39,CAN-2005-1158: Arbitrary code execution from Firefox sidebar panel II. - MFSA 2005-40,CAN-2005-1159: Missing Install object instance checks. - MFSA 2005-41,CAN-2005-1160: Privilege escalation via DOM property overrides.
*** Bug 79005 has been marked as a duplicate of this bug. ***
most mozillas fixed, rest is mentioned in tracking bug
CVE-2005-1160: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)