[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] multiple flaws in mozilla
- To: linux-security@sfu.ca
- Subject: [linux-security] multiple flaws in mozilla
- From: Martin Siegert <siegert@sfu.ca>
- Date: Mon, 5 Apr 2004 15:10:13 -0700
- User-Agent: Mutt/1.4.1i
Topic
=====
multiple vulnerabilities in mozilla
Probelm Description
===================
A number of vulnerabilities were discovered in Mozilla:
Implementations of the S/MIME protocol contain a number of bugs in NSS
(Network Security Services) versions prior to 3.9. The parsing of
unexpected ASN.1 constructs within S/MIME data could cause Mozilla to crash
or consume large amounts of memory. A remote attacker could potentially
trigger these bugs by sending a carefully-crafted S/MIME message to a victim
[CVE CAN-2003-0564].
A cross-site scripting issue affects various versions of Mozilla. When
linking to a new page it is still possible to interact with the old page
before the new page has been successfully loaded. Any Javascript events
will be invoked in the context of the new page, making cross-site scripting
possible if the different pages belong to different domains
[CVE CAN-2004-0191].
Flaws have been found in the cookie path handling between a number of Web
browsers and servers. The HTTP cookie standard allows a Web server
supplying a cookie to a client to specify a subset of URLs on the origin
server to which the cookie applies. Web servers such as Apache do not
filter returned cookies and assume that the client will only send back
cookies for requests that fall within the server-supplied subset of URLs.
However, by supplying URLs that use path traversal (/../) and character
encoding, it is possible to fool many browsers into sending a cookie to a
path outside of the originally-specified subset [CVE CAN-2003-0594].
Affected Versions
=================
Mozilla versions 1.4.1 and earlier
(it is not absolutely clear whether mozilla-1.5 is affected as well;
I recommend to upgrade to 1.6 or 1.4.2 to be safe).
Solution
========
upgrade to version 1.4.2 or 1.6 or later (or patched version for your
distribution)
RedHat 9
--------
rpm -Fvh mozilla-1.4.2-0.9.0.i386.rpm \
mozilla-chat-1.4.2-0.9.0.i386.rpm \
mozilla-devel-1.4.2-0.9.0.i386.rpm \
mozilla-dom-inspector-1.4.2-0.9.0.i386.rpm \
mozilla-js-debugger-1.4.2-0.9.0.i386.rpm \
mozilla-mail-1.4.2-0.9.0.i386.rpm \
mozilla-nspr-1.4.2-0.9.0.i386.rpm \
mozilla-nspr-devel-1.4.2-0.9.0.i386.rpm \
mozilla-nss-1.4.2-0.9.0.i386.rpm \
mozilla-nss-devel-1.4.2-0.9.0.i386.rpm \
galeon-1.2.13-0.9.0.i386.rpm
SFU-1.0 (RedHat 7.3)
--------------------
[packages available from ftp://ftp.sfu.ca/pub/linux/1.0/RPMS/]
rpm -Fvh mozilla-1.4.2-0.7.3.i386.rpm \
mozilla-chat-1.4.2-0.7.3.i386.rpm \
mozilla-devel-1.4.2-0.7.3.i386.rpm \
mozilla-dom-inspector-1.4.2-0.7.3.i386.rpm \
mozilla-js-debugger-1.4.2-0.7.3.i386.rpm \
mozilla-mail-1.4.2-0.7.3.i386.rpm \
mozilla-nspr-1.4.2-0.7.3.i386.rpm \
mozilla-nspr-devel-1.4.2-0.7.3.i386.rpm \
mozilla-nss-1.4.2-0.7.3.i386.rpm \
mozilla-nss-devel-1.4.2-0.7.3.i386.rpm \
galeon-1.2.13-0.7.3.i386.rpm
Note that RedHat 7.3 included an old version of the netscape browser -
version 4.8 was the latest update. This version is unsupported, but it
is likely that it is affected by the bugs listed above. I recommend to
uninstall this old netscape version.
Mandrake 9.2
------------
rpm -Fvh mozilla-1.4-13.2.92mdk.i586.rpm \
mozilla-devel-1.4-13.2.92mdk.i586.rpm \
mozilla-dom-inspector-1.4-13.2.92mdk.i586.rpm \
mozilla-enigmail-1.4-13.2.92mdk.i586.rpm \
mozilla-enigmime-1.4-13.2.92mdk.i586.rpm \
mozilla-irc-1.4-13.2.92mdk.i586.rpm \
mozilla-js-debugger-1.4-13.2.92mdk.i586.rpm \
mozilla-mail-1.4-13.2.92mdk.i586.rpm \
mozilla-spellchecker-1.4-13.2.92mdk.i586.rpm \
libnspr4-1.4-13.2.92mdk.i586.rpm \
libnspr4-devel-1.4-13.2.92mdk.i586.rpm \
libnss3-1.4-13.2.92mdk.i586.rpm \
libnss3-devel-1.4-13.2.92mdk.i586.rpm