Bug 196969

Summary: CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
Product: Red Hat Enterprise Linux 4 Reporter: Josh Bressers <bressers>
Component: seamonkeyAssignee: Christopher Aillon <caillon>
Status: CLOSED ERRATA QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,source=mozilla,reported=20060531,public=20060601
Fixed In Version: RHSA-2006-0609 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-08-02 18:31:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 181411    

Description Josh Bressers 2006-06-27 21:13:45 UTC 
CVE-2006-2777 MFSA 2006-43
CVE-2006-2776 MFSA 2006-37
CVE-2006-2784 MFSA 2006-36
CVE-2006-2785 MFSA 2006-34
CVE-2006-2787 MFSA 2006-31
Several flaws were found in the way Mozilla processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of "chrome", allowing the page to steal
sensitive information or install browser malware.

CVE-2006-2783 MFSA 2006-42
A cross site scripting flaw was found in the way Mozilla processes Unicode
Byte-order-Mark (BOM) markers in UTF-8 web pages. A malicious web page
could execute a script within the browser that a web input sanitizer could
miss due to a malformed "script" tag.

CVE-2006-2782 MFSA 2006-41
A form file upload flaw was found in the way Mozilla handles javascript
input object mutation. A malicious web page could upload an arbitrary local
file at form submission time without user interaction.

CVE-2006-2778 MFSA 2006-38
A denial of service flaw was found in the way Mozilla calls the
crypto.signText() javascript function. A malicious web page could crash the
browser if the victim had a client certificate loaded.

These issues will remain unfixed in Mozilla until Seamonkey is released.  They
are not additional issues, simply problems which are fixed as part of the upgrade.


CVE-2006-2786 MFSA 2006-33
Two HTTP response smuggling flaws were found in the way Mozilla processes
certain invalid HTTP response headers. A malicious web site could return
specially crafted HTTP response headers which may bypass HTTP proxy
restrictions.

CVE-2006-2788
A double free flaw was found in the way the nsIX509::getRawDER method is
called. If a victim visits a carefully crafted web page it is possible to
execute arbitrary code as the user running Mozilla. (CVE-2006-2788)
Comment 1 Josh Bressers 2006-06-27 21:16:11 UTC 
These issues will remain unfixed in Mozilla until Seamonkey is released.  They
are not additional issues, simply problems which are fixed as part of the upgrade.


That statement ended up in the middle of the above block due to my inability to
understand how scrollbars work.  It should be at the top to describe this bug.
Comment 2 Xiaohong Wang 2006-07-07 02:36:29 UTC 
We're relying on upstream for verification because we have no test code.
Comment 4 Josh Bressers 2006-07-14 19:59:44 UTC 
CVE-2006-2777 is being tracked via bug 198934
Comment 5 Red Hat Bugzilla 2006-08-02 18:31:09 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0609.html