Package name
mozilla-firefox
Date
2005-09-26
Advisory ID
MDKSA-2005:169
Affected versions
10.2 i586 , 10.2 x86_64

Problem description

A number of vulnerabilities have been discovered in Mozilla Firefox that have been corrected in version 1.0.7: A bug in the way Firefox processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CAN-2005-2701). A bug in the way Firefox handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CAN-2005-2702). A bug in the way Firefox makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine; however, the default behaviour of the browser is to disallow this (CAN-2005-2703). A bug in the way Firefox implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CAN-2005-2704). An integer overflow in Firefox's JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CAN-2005-2705). A bug in the way Firefox displays about: pages could be used to execute JavaScript with chrome privileges (CAN-2005-2706). A bug in the way Firefox opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CAN-2005-2707). A bug in the way Firefox proceesed URLs on the command line could be used to execute arbitary commands as the user running Firefox; this could be abused by clicking on a supplied link, such as from an instant messaging client (CAN-2005-2968). Tom Ferris reported that Firefox would crash when processing a domain name consisting solely of soft-hyphen characters due to a heap overflow when IDN processing results in an empty string after removing non- wrapping chracters, such as soft-hyphens. This could be exploited to run or or install malware on the user's computer (CAN-2005-2871). The updated packages have been patched to address these issues and all users are urged to upgrade immediately.

Updated packages

10.2 i586

 aa128125581323ada6917cf71d73af73  10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm
c91875aae8fbfb23c684443111ab2bfb  10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm
09d4afd21b17bc091c9087f8669d439b  10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm
f287c600ffa5bef0a7865b8942f82223  10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm
78491507510c36caa971c5667a0b39eb  10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.i586.rpm
37a3d3d39c3f29a8a20c062e56ade3eb  10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.i586.rpm
d78f74a900992ad5e0904da8b17ba78b  10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm

10.2 x86_64

 895038bb470beda14c6de3fa5f3fc5ce  x86_64/10.2/RPMS/lib64nspr4-1.0.2-9.1.102mdk.x86_64.rpm
d0a573b27841bcb358b7a5bf99867fda  x86_64/10.2/RPMS/lib64nspr4-devel-1.0.2-9.1.102mdk.x86_64.rpm
aa128125581323ada6917cf71d73af73  x86_64/10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm
c91875aae8fbfb23c684443111ab2bfb  x86_64/10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm
b86a14e377368e647a408218871924c7  x86_64/10.2/RPMS/lib64nss3-1.0.2-9.1.102mdk.x86_64.rpm
4bdabb56ef5f8eb4058fcfeca56aba79  x86_64/10.2/RPMS/lib64nss3-devel-1.0.2-9.1.102mdk.x86_64.rpm
09d4afd21b17bc091c9087f8669d439b  x86_64/10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm
f287c600ffa5bef0a7865b8942f82223  x86_64/10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm
1988da499fd2b06805d6aea3deb0ed72  x86_64/10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.x86_64.rpm
c7e70731b9873ebbe6eab2046ecdfe68  x86_64/10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.x86_64.rpm
d78f74a900992ad5e0904da8b17ba78b  x86_64/10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm

References