Bug 194511 (CVE-2006-2894)

Summary: CVE-2006-2894 arbitrary file read vulnerability
Product: [Fedora] Fedora Reporter: Ville Skyttä <scop>
Component: seamonkeyAssignee: Kai Engert (:kaie) (inactive account) <kengert>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: extras-qa, fedora-security-list, lkundrak, mcepl, mcepl
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: seamonkey-1.1.6-1.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-09 12:19:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 187071    

Description Ville Skyttä 2006-06-08 16:53:32 UTC 
Arbitrary file read vulnerability in <= 1.0.2:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2894
Comment 1 Kai Engert (:kaie) (inactive account) 2006-06-16 18:03:59 UTC 
update to seamonkey 1.0.2 has been made available
Comment 2 Ville Skyttä 2006-06-17 10:57:15 UTC 
See initial comment, this is reportedly a vulnerability in 1.0.2 and earlier.
Comment 3 Ville Skyttä 2006-08-07 19:56:04 UTC 
I did not find a reference to this CVE in Mozilla advisories, assuming still
vulnerable in 1.0.4.  Kai, could you investigate?
Comment 5 Kai Engert (:kaie) (inactive account) 2006-08-10 19:05:42 UTC 
I believe this issue is still open.
Comment 6 Jason Tibbitts 2006-12-24 02:41:33 UTC 
Does anyone know if this has been fixed in the interim?
Comment 7 Andrew Schultz 2007-01-22 02:05:37 UTC 
A fix for this is in Mozilla trunk (SeaMonkey 1.5) in bug 258875, but never made
it to the 1.8 branch
Comment 8 Kai Engert (:kaie) (inactive account) 2007-02-02 19:26:14 UTC 
Adding reference to Mozilla bug.

Looks like nobody is working on backporting the fix to the branch.
Comment 9 Matěj Cepl 2007-07-18 17:28:20 UTC 
Fedora Core 5 is no longer supported, could you please reproduce this with the
updated version of the currently supported distribution (Fedora Core 6, or
Fedora 7, or Rawhide)? If this issue turns out to still be reproducible, please
let us know in this bug report.  If after a month's time we have not heard back
from you, we will have to close this bug as CANTFIX.

Setting status to NEEDINFO, and awaiting information from the reporter.

Thanks in advance.
Comment 10 Matěj Cepl 2007-08-28 14:36:30 UTC 
We haven't got any reply to the last question about reproducability of the bug
with Fedora Core 6, Fedora 7, or Fedora devel. Mass closing this bug, so if you
have new information that would help us fix this bug, please reopen it with the
additional information.
Comment 11 Lubomir Kundrak 2007-11-02 17:31:52 UTC 
Matej: Please never close bugs with "Security" keyword unless you are condfident
they are fixed.

The sample exploit from https://bugzilla.mozilla.org/show_bug.cgi?id=258875
works with seamonkey-1.1.3-8.fc8, though the upstream bug was recently closed.
Comment 12 Lubomir Kundrak 2007-11-09 12:19:36 UTC 
Fixed with seamonkey-1.1.6-1.fc8