Bug 198934

Summary: CVE-2006-2777 Seamonkey Privilege escalation using addSelectionListener
Product: Red Hat Enterprise Linux 4 Reporter: Josh Bressers <bressers>
Component: seamonkeyAssignee: Christopher Aillon <caillon>
Status: CLOSED CURRENTRELEASE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: s390x   
OS: Linux   
Whiteboard: massRequestForReproduction
Fixed In Version: seamonkey-1.0.9-9.el4.s390x Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-19 21:33:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2006-07-14 19:53:57 UTC 
http://www.mozilla.org/security/announce/2006/mfsa2006-43.html

The upstream advisory describes a way to execute javascript at a privileged level.

This bug exists because while this fix exists upstream and should be fixed via
Firefox 1.5.0.4 and Seamonkey 1.0.2, it is not on s390x.

This bug is the placeholder so we can figure out what's wrong.
Comment 1 Martin Stransky 2006-12-08 13:24:34 UTC 
Hm, still looks like a problem on s390x, but there're the latest packages there:

.qa.[root@s390x-4as ~]# rpm -q firefox
firefox-1.5.0.8-0.1.el4.s390x
.qa.[root@s390x-4as ~]# rpm -q seamonkey
seamonkey-1.0.6-0.1.el4.s390x
Comment 2 Josh Bressers 2007-08-21 19:02:19 UTC 
This still isn't fixed

# rpm -q seamonkey
seamonkey-1.0.9-0.3.el3.s390x
Comment 3 Josh Bressers 2007-08-21 19:03:27 UTC 
Chris,

Can we get someone to look at this?  I fear it's the result of something bigger
we're not understanding.
Comment 4 Matěj Cepl 2008-02-08 20:42:16 UTC 
Since this bugzilla report was filed, we have seriously upgraded Gecko-related
packages, which may have resolved this issue. Users who have experienced this
problem are encouraged to upgrade their system to the latest version of their
distribution available.

Please, confirm to us that this bug is reproducible on the latest upgrade of the
supported distribution (that's RHEL, or Fedora 7, 8, and Rawhide).

Setting the bug to NEEDINFO. If I won't get confirmation of reproducability in
30 days, the bug will be closed as INSUFFICIENT_DATA.

[This is mass-changing of bugs which seem to be too old and irrelevant anymore;
we are sorry, if this bug should not be incldued.]
Comment 5 Matěj Cepl 2008-03-19 20:23:38 UTC 
Cannot reproduce with this seamonkey-1.0.9-9.el4.i386. Unfortuantely, I have no
access to s390 computer.
Comment 6 Matěj Cepl 2008-03-19 21:19:17 UTC 
OK, tried with s390x and I wasn't able to reproduce it either. The version was
seamonkey-1.0.9-9.el4.s390x