Bug 333991

Summary: Mozilla products security update (CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340)
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: caillon, kreilly, kseifried, security-response-team, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-29 20:43:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 334001, 334011, 334021, 334031, 334041, 334051, 334061, 334071, 334081, 334091, 334101, 334111    
Bug Blocks:    

Comment 4 Josh Bressers 2007-10-17 21:17:00 UTC 
Here is a rough breakdown of the flaws grouped by type.  The official
definition of these issues can be found on the upstream security page here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html

Leveraging browser flaws, fooling users into possibly surrendering sensitive
information (Moderate):
CVE-2007-1095, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334

Malformed web content could result in the execution of arbitrary commands
(Critical):
CVE-2007-5336, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340

Digest Authentication requests can be used to conduct a response splitting
attack (Moderate):
CVE-2007-2292

The sftp protocol handler could be used to view the contents of arbitrary
local files (Moderate):
CVE-2007-5337
Comment 5 Josh Bressers 2007-10-17 21:18:19 UTC 
It should be noted that the sftp flaw does not affect Red Hat Enterprise Linux
2.1 or 3.  The sftp protocol handler is not supported on those platforms.
Comment 6 Josh Bressers 2007-10-18 14:13:05 UTC 
CVE-2007-5336 should not be used.  That bug is really part of the CVE-2007-5339
CVE id.