Bug 530168 (CVE-2009-3376)

Summary: CVE-2009-3376 Firefox download filename spoofing with RTL override
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: mjc, security-response-team, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-11-17 23:33:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2009-10-21 18:43:24 UTC 
Mozilla security researchers Jesse Ruderman and Sid Stamm reported that
when downloading a file containing a right-to-left override character (RTL)
in the filename, the name displayed in the dialog title bar conflicts with
the name of the file shown in the dialog body. An attacker could use this
vulnerability to obfuscate the name and file extension of a file to be
downloaded and opened, potentially causing a user to run an executable file
when they expected to open a non-executable file.
Comment 1 errata-xmlrpc 2009-10-27 22:59:31 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:1530 https://rhn.redhat.com/errata/RHSA-2009-1530.html
Comment 2 errata-xmlrpc 2009-10-27 23:57:56 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4

Via RHSA-2009:1531 https://rhn.redhat.com/errata/RHSA-2009-1531.html
Comment 3 Fedora Update System 2009-10-29 02:57:29 UTC 
blam-1.8.5-15.fc11, chmsee-1.0.1-12.fc11, epiphany-2.26.3-5.fc11, epiphany-extensions-2.26.1-7.fc11, evolution-rss-0.1.4-5.fc11, firefox-3.5.4-1.fc11, galeon-2.0.7-17.fc11, gnome-python2-extras-2.25.3-8.fc11, gnome-web-photo-0.7-7.fc11, google-gadgets-0.11.1-2.fc11, hulahop-0.4.9-9.fc11, kazehakase-0.5.8-2.fc11.1, Miro-2.5.2-5.fc11, monodevelop-2.0-6.fc11, mozvoikko-0.9.7-0.8.rc1.fc11, pcmanx-gtk2-0.3.8-9.fc11, ruby-gnome2-0.19.3-3.fc11, seahorse-plugins-2.26.2-7.fc11, xulrunner-1.9.1.4-1.fc11, yelp-2.26.0-8.fc11, eclipse-3.4.2-17.fc11, perl-Gtk2-MozEmbed-0.08-6.fc11.6 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2009-11-04 12:29:21 UTC 
blam-1.8.5-15.fc10, epiphany-2.24.3-11.fc10, epiphany-extensions-2.24.3-6.fc10, evolution-rss-0.1.4-5.fc10, firefox-3.0.15-1.fc10, galeon-2.0.7-15.fc10, gecko-sharp2-0.13-13.fc10, gnome-python2-extras-2.19.1-35.fc10, gnome-web-photo-0.3-23.fc10, google-gadgets-0.10.5-11.fc10, kazehakase-0.5.6-4.fc10.7, Miro-2.0.5-5.fc10, mozvoikko-0.9.5-15.fc10, mugshot-1.2.2-14.fc10, pcmanx-gtk2-0.3.8-14.fc10, perl-Gtk2-MozEmbed-0.08-6.fc10.6, ruby-gnome2-0.19.3-3.fc10, xulrunner-1.9.0.15-1.fc10, yelp-2.24.0-14.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 errata-xmlrpc 2010-03-17 12:39:31 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0153 https://rhn.redhat.com/errata/RHSA-2010-0153.html
Comment 6 errata-xmlrpc 2010-03-17 13:25:48 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2010:0154 https://rhn.redhat.com/errata/RHSA-2010-0154.html