Bug 200357
Summary: | major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Gilbert Sebenste <sebenste> |
Component: | firefox | Assignee: | Christopher Aillon <caillon> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | medium | ||
Version: | 5 | CC: | djuran, fedora-security-list, gilboad, icon, kengert, mattdm, morioka, wtogami |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | FC5 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-08-10 14:41:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 200530 |
Description
Gilbert Sebenste
2006-07-27 04:27:46 UTC
Adding CVE numbers from http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.5 CVE-2006-3113 : memory corruption resulting in crash or potential arbitrary code execution CVE-2006-3677 : ditto CVE-2006-3801 : allows native code to be executed. bad. CVE-2006-3802 : DOM/XSS attack CVE-2006-3803 : race condition allows execution of arbitrary binary code. bad! CVE-2006-3805 : remote code execution via javascript. CVE-2006-3806 : ditto. CVE-2006-3807 : looks like a very serious privledge escalation bug for javascript CVE-2006-3808 : malicious proxy can execute code with privs it shouldn't have; note that a malicious proxy can do all sorts of bad things anyway. CVE-2006-3809 : privilege escalation of scripts; I don't understand the script security model enough personally to fully evaluate the impact of this without looking into it. sounds potentially serious. CVE-2006-3810 : XSS attack via javascript CVE-2006-3811 : "several" crashes with memory corruption; potential arbitrary code execution CVE-2006-3812 : scripts in chrome run with full privledge. no known automatic exploit, but may make tricking users easier. Oh, apparently also CVE-2006-3804, but that's apparently just a denial of service. Christopher Aillon -- there was some trouble releasing a timely update to Firefox 1.5.0.4. Do you anticipate needing some extra help for this as well? Could you at least take a few seconds to let us know the status? Thanks! Can we have an update on this, please? Why are we still on 1.5.0.4? Unaddressed security problems in a major network applications generate lots of bad publicity for the project. (In reply to comment #4) > Why are we still on 1.5.0.4? We still are AFAICS -- 1.5.0.5 was commited to CVS some days ago (thx Kai!) afaics, but not published yet. That's why I made noise on f-a-b today. See: https://www.redhat.com/archives/fedora-advisory-board/2006-August/msg00051.html It had failed to build on s390, an arch I thought I had disabled for FC5 updates building. I've fixed the glitch and attempting to build the update now for publishing later today. firefox-1.5.0.6-2.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report. So I guess this issue can (finally) be closed. Thanks for your hard work! |