Package name mozilla-firefox Date September 26th, 2005 Advisory ID MDKSA-2005:169 Affected versions 10.2

Problem Description

A number of vulnerabilities have been discovered in Mozilla Firefox
that have been corrected in version 1.0.7:

A bug in the way Firefox processes XBM images could be used to execute
arbitrary code via a specially crafted XBM image file (CAN-2005-2701).

A bug in the way Firefox handles certain Unicode sequences could be
used to execute arbitrary code via viewing a specially crafted Unicode
sequence (CAN-2005-2702).

A bug in the way Firefox makes XMLHttp requests could be abused by a
malicious web page to exploit other proxy or server flaws from the
victim's machine; however, the default behaviour of the browser is to
disallow this (CAN-2005-2703).

A bug in the way Firefox implemented its XBL interface could be abused
by a malicious web page to create an XBL binding in such a way as to
allow arbitrary JavaScript execution with chrome permissions
(CAN-2005-2704).

An integer overflow in Firefox's JavaScript engine could be manipulated
in certain conditions to allow a malicious web page to execute
arbitrary code (CAN-2005-2705).

A bug in the way Firefox displays about: pages could be used to execute
JavaScript with chrome privileges (CAN-2005-2706).

A bug in the way Firefox opens new windows could be used by a malicious
web page to construct a new window without any user interface elements
(such as address bar and status bar) that could be used to potentially
mislead the user (CAN-2005-2707).

A bug in the way Firefox proceesed URLs on the command line could be
used to execute arbitary commands as the user running Firefox; this
could be abused by clicking on a supplied link, such as from an instant
messaging client (CAN-2005-2968).

Tom Ferris reported that Firefox would crash when processing a domain
name consisting solely of soft-hyphen characters due to a heap overflow
when IDN processing results in an empty string after removing non-
wrapping chracters, such as soft-hyphens. This could be exploited to
run or or install malware on the user's computer (CAN-2005-2871).

The updated packages have been patched to address these issues and all
users are urged to upgrade immediately.

Updated Packages

Mandriva Linux LE2005

 aa128125581323ada6917cf71d73af73  10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm
c91875aae8fbfb23c684443111ab2bfb  10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm
09d4afd21b17bc091c9087f8669d439b  10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm
f287c600ffa5bef0a7865b8942f82223  10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm
78491507510c36caa971c5667a0b39eb  10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.i586.rpm
37a3d3d39c3f29a8a20c062e56ade3eb  10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.i586.rpm
d78f74a900992ad5e0904da8b17ba78b  10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 895038bb470beda14c6de3fa5f3fc5ce  x86_64/10.2/RPMS/lib64nspr4-1.0.2-9.1.102mdk.x86_64.rpm
d0a573b27841bcb358b7a5bf99867fda  x86_64/10.2/RPMS/lib64nspr4-devel-1.0.2-9.1.102mdk.x86_64.rpm
aa128125581323ada6917cf71d73af73  x86_64/10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm
c91875aae8fbfb23c684443111ab2bfb  x86_64/10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm
b86a14e377368e647a408218871924c7  x86_64/10.2/RPMS/lib64nss3-1.0.2-9.1.102mdk.x86_64.rpm
4bdabb56ef5f8eb4058fcfeca56aba79  x86_64/10.2/RPMS/lib64nss3-devel-1.0.2-9.1.102mdk.x86_64.rpm
09d4afd21b17bc091c9087f8669d439b  x86_64/10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm
f287c600ffa5bef0a7865b8942f82223  x86_64/10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm
1988da499fd2b06805d6aea3deb0ed72  x86_64/10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.x86_64.rpm
c7e70731b9873ebbe6eab2046ecdfe68  x86_64/10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.x86_64.rpm
d78f74a900992ad5e0904da8b17ba78b  x86_64/10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2702
http://www.mozilla.org/security/announce/mfsa2005-57.html
http://www.mozilla.org/security/announce/mfsa2005-58.html

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm
		

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.