It is currently Sat May 25, 2013 6:55 pm

View unanswered posts | View active topics


Board index » Zenwalk Linux » Security and Monitoring

All times are UTC




Post new topic Reply to topic  Page 1 of 1
  [ 5 posts ] 
  Print view Previous topic | Next topic 
Author Message
infwonder
 Post subject: [CVE-2007-5947,5959,5960] xulrunner < 1.8.1.10, multiple vulnerabilities
PostPosted: Fri Jan 11, 2008 1:54 am 
Master of the known universe
Master of the known universe
User avatar

Joined: Thu Mar 29, 2007 2:34 am
Posts: 1253
Location: Taiwan
The three vulnerabilities found in mozilla firefox and seamonkey, also effect xulrunner

CVE-2007-5947
Quote:
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.


CVE-2007-5959
Quote:
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corrupti


CVE-2007-5960
Quote:
Mozilla Firefox before 2.0.0.10 and SeaMonkey 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.


Both the CURRENT and SNAPSHOT repo has only version 1.8.1.7pre, maybe we should update the package along with 5.0 release.

!8! !8! !8!

_________________
Wisdom begins in wonder. -- Socrates

Last edited by infwonder on Tue Jan 29, 2008 12:57 am, edited 1 time in total.

 Profile Send private message  
 
toothandnail
 Post subject: Re: [CVE-2007-5947,5959,5960] xulrunner < 1.8.1.10, multiple vulnerabilities
PostPosted: Fri Jan 11, 2008 2:30 am 
Zenwalk Packager
Zenwalk Packager

Joined: Wed Mar 29, 2006 7:33 am
Posts: 1580
Location: Bicester, Oxfordshire, UK
I'm confused  ;D

IceWeasel is at 2.0.0.11, and Seamonkey is at 1.1.7, both of which are the most recent non-beta versions....

paul.

_________________
ThinkZen member #001
Proud Thinkpad Zenwalker

 Profile Send private message  
 
infwonder
 Post subject: Re: [CVE-2007-5947,5959,5960] xulrunner < 1.8.1.10, multiple vulnerabilities
PostPosted: Sat Jan 12, 2008 2:22 am 
Master of the known universe
Master of the known universe
User avatar

Joined: Thu Mar 29, 2007 2:34 am
Posts: 1253
Location: Taiwan
I believe it means the versions before firefox 2.0.0.11 and Seamonkey 1.1.7 are vulnerable. But this alert is really about xulrunner...

l!!!

_________________
Wisdom begins in wonder. -- Socrates

Last edited by infwonder on Mon Jan 14, 2008 12:15 am, edited 1 time in total.

 Profile Send private message  
 
fushark
 Post subject: Re: [CVE-2007-5947,5959,5960] xulrunner < 1.8.1.10, multiple vulnerabilities
PostPosted: Fri Jan 25, 2008 1:30 am 
Master of the known universe
Master of the known universe
User avatar

Joined: Fri Mar 30, 2007 5:51 am
Posts: 1677
This would mean it will affect several of the gnome packages as they also depend on xulrunner.

_________________
If you make the time for it, you can do it.
My Asus M3N spec

 Profile Send private message  
 
infwonder
 Post subject: Re: [CVE-2007-5947,5959,5960] xulrunner < 1.8.1.10, multiple vulnerabilities
PostPosted: Sat Jan 26, 2008 3:48 am 
Master of the known universe
Master of the known universe
User avatar

Joined: Thu Mar 29, 2007 2:34 am
Posts: 1253
Location: Taiwan
Thanks to _PN_boy with the new 1.8.1.12 build!!! Please help us test it:

http://support.zenwalk.org/index.php?topic=13981.0

\!D/

_________________
Wisdom begins in wonder. -- Socrates

 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 5 posts ] 

Board index » Zenwalk Linux » Security and Monitoring

All times are UTC


 Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
 

Copyright © 2005-2009 Zenwalk.org. http://www.zenwalk.org/ • The information on this website may not be reproduced, republished or mirrored on another webpage or website without explicit permission of the Zenwalk project.