Bug 200357

Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812
Product: [Fedora] Fedora Reporter: Gilbert Sebenste <sebenste>
Component: firefoxAssignee: Christopher Aillon <caillon>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: urgent Docs Contact:
Priority: medium    
Version: 5CC: djuran, fedora-security-list, gilboad, icon, kengert, mattdm, morioka, wtogami
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: FC5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-08-10 14:41:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 200530    

Description Gilbert Sebenste 2006-07-27 04:27:46 UTC
Description of problem: Firefox 1.5.0.4 and earlier has serious security
flaws, patched in 1.5.0.5


Version-Release number of selected component (if applicable): 1.5.0.4 and earlier


How reproducible: always


Steps to Reproduce:
1. Just use Firefox!
2.
3.
  
Actual results: Security flaws.


Expected results: No security flaws.


Additional info: See: http://www.mozilla.org/security/announce/
for the dozen or so security announcements from Mozilla, namely,
MFSA 2006-44 through 56.

I left this open for everyone to see since the disclosure is public information
on the Mozilla and isc.sans.org Web sites.

Comment 1 Matthew Miller 2006-07-28 04:05:22 UTC
Adding CVE numbers from

http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.5

CVE-2006-3113 : memory corruption resulting in crash or potential arbitrary
                code execution
CVE-2006-3677 : ditto
CVE-2006-3801 : allows native code to be executed. bad.
CVE-2006-3802 : DOM/XSS attack
CVE-2006-3803 : race condition allows execution of arbitrary binary code. bad!
CVE-2006-3805 : remote code execution via javascript.
CVE-2006-3806 : ditto.
CVE-2006-3807 : looks like a very serious privledge escalation bug for 
                javascript
CVE-2006-3808 : malicious proxy can execute code with privs it shouldn't have;
                note that a malicious proxy can do all sorts of bad things
                anyway.
CVE-2006-3809 : privilege escalation of scripts; I don't understand the script
                security model enough personally to fully evaluate the impact
                of this without looking into it. sounds potentially serious.
CVE-2006-3810 : XSS attack via javascript
CVE-2006-3811 : "several" crashes with memory corruption; potential arbitrary
                code execution
CVE-2006-3812 : scripts in chrome run with full privledge. no known automatic
                exploit, but may make tricking users easier.

Comment 2 Matthew Miller 2006-07-28 04:07:53 UTC
Oh, apparently also CVE-2006-3804, but that's apparently just a denial of service.

Christopher Aillon -- there was some trouble releasing a timely update to
Firefox 1.5.0.4. Do you anticipate needing some extra help for this as well?
Could you at least take a few seconds to let us know the status? Thanks!

Comment 3 Matthew Miller 2006-08-07 17:03:30 UTC
Can we have an update on this, please?

Comment 4 Konstantin Ryabitsev 2006-08-08 16:31:18 UTC
Why are we still on 1.5.0.4? Unaddressed security problems in a major network
applications generate lots of bad publicity for the project.

Comment 5 Thorsten Leemhuis 2006-08-08 17:32:33 UTC
(In reply to comment #4)
> Why are we still on 1.5.0.4? 

We still are AFAICS -- 1.5.0.5 was commited to CVS some days ago (thx Kai!)
afaics, but not published yet. That's why I made noise on f-a-b today. See:
https://www.redhat.com/archives/fedora-advisory-board/2006-August/msg00051.html

Comment 6 Jesse Keating 2006-08-08 17:50:33 UTC
It had failed to build on s390, an arch I thought I had disabled for FC5 updates
building.  I've fixed the glitch and attempting to build the update now for
publishing later today.

Comment 7 Fedora Update System 2006-08-08 22:27:55 UTC
firefox-1.5.0.6-2.fc5 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 8 David Juran 2006-08-10 14:41:24 UTC
So I guess this issue can (finally) be closed.

Comment 9 Konstantin Ryabitsev 2006-08-10 15:21:22 UTC
Thanks for your hard work!