Bug 1166041 (CVE-2010-5312) - CVE-2010-5312 jquery-ui: XSS vulnerability in jQuery.ui.dialog title option
Summary: CVE-2010-5312 jquery-ui: XSS vulnerability in jQuery.ui.dialog title option
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2010-5312
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1166099 1166103 1166111 1166229 1166241 1166242 1166758 1166759 1166760 1166761 1166762 1166764 1166765 1166766 1166767 1166768 1166769 1166770 1166771 1166772 1166773 1166774 1166775 1166776 1166777 1166778 1166779 1166780 1166781 1166782 1166784 1166785 1166786 1166787 1166788 1166789 1166790 1166791 1166792 1166793 1166794 1166795 1166796 1166797 1166798 1166799 1166800 1166801 1166802 1166803 1166804 1166805 1166806 1166807 1166809 1166810 1166812 1166813 1166814 1166815 1166816 1166817 1166818 1166819 1166820 1166821 1166822 1166823 1166824 1166825 1166826 1166827 1166828 1166829
Blocks: 1162456 2014197
TreeView+ depends on / blocked
 
Reported: 2014-11-20 10:30 UTC by Vasyl Kaigorodov
Modified: 2021-10-20 14:27 UTC (History)
138 users (show)

Fixed In Version: jQuery UI 1.10.0
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-10-06 05:56:02 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0442 0 normal SHIPPED_LIVE Moderate: ipa security, bug fix, and enhancement update 2015-03-05 14:50:39 UTC
Red Hat Product Errata RHSA-2015:1462 0 normal SHIPPED_LIVE Moderate: ipa security and bug fix update 2015-07-21 14:14:52 UTC

Description Vasyl Kaigorodov 2014-11-20 10:30:32 UTC
jQuery UI 1.10.0 release fixes XSS issue [1] in jQuery.ui.dialog title option.
From [1]:
...
WIDGETS
Dialog
Fixed: Title XSS Vulnerability. (#6016, 7e9060c)
...

Upstream commit that fixes this: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
More info can be found in the upstream bugtracker [2].

[1]: http://jqueryui.com/changelog/1.10.0/
[2]: http://bugs.jqueryui.com/ticket/6016

--
Note: whiteboard lists quite some packages, which are known to have jQuery embedded.

Comment 1 leigh scott 2014-11-20 11:55:44 UTC
I fail to see how this affects cinnamon as it doesn't use jQuery.ui.dialog

$ repoquery -q --whatprovides */jquery.ui.dialog.js 
mediawiki-0:1.23.6-1.fc20.noarch
sagemath-notebook-0:5.12-1.fc20.x86_64
mediawiki-0:1.21.2-2.fc20.noarch
python-XStatic-jquery-ui-0:1.10.4.1-1.fc20.noarch
sagemath-notebook-0:6.1.1-5.fc20.x86_64
drupal7-jquery_update-0:2.3-2.fc20.noarch
drupal7-jquery_update-0:2.4-1.fc20.noarch

Comment 2 Vasyl Kaigorodov 2014-11-20 12:12:38 UTC
(In reply to leigh scott from comment #1)
> I fail to see how this affects cinnamon as it doesn't use jQuery.ui.dialog
> 
> $ repoquery -q --whatprovides */jquery.ui.dialog.js 
> mediawiki-0:1.23.6-1.fc20.noarch
> sagemath-notebook-0:5.12-1.fc20.x86_64
> mediawiki-0:1.21.2-2.fc20.noarch
> python-XStatic-jquery-ui-0:1.10.4.1-1.fc20.noarch
> sagemath-notebook-0:6.1.1-5.fc20.x86_64
> drupal7-jquery_update-0:2.3-2.fc20.noarch
> drupal7-jquery_update-0:2.4-1.fc20.noarch

You're right, the "affected" list contains all the packages that have "jquery.js" embedded.
I'd not rely on repoquery too much here, since jQuery.ui.dialog.js might be renamed, or embedded in jquery.js.
Anyways - files/usr/lib/cinnamon-settings/data/spices/jquery.js in cinnamon does not contain vulnerable code, marked as "notaffected".

Comment 3 Vincent Danen 2014-11-20 15:25:48 UTC
Created freeipa tracking bugs for this issue:

Affects: fedora-all [bug 1166229]

Comment 6 Othman Madjoudj 2014-11-20 16:09:43 UTC
Does this affected only packages with bundled jquery ui, or jquery in general.

For example: sticky-notes has jquery (min) and jquery.cookie but not jquery ui (or code from it), does that make it vulnerable to this issue.

Comment 7 Orion Poplawski 2014-11-20 16:24:04 UTC
What version of jquery was this issue introduced in?  cobbler bundles jquery ui 1.8.18 and I'm not seeing the patched code in it, although it's hard for me to search in the minimized js.

Comment 8 Wolfgang Ulbrich 2014-11-20 16:54:27 UTC
Why did you add my email address again?
I do not maintain or co-maintain any package which use jquery ui.
And cinnamon isn't affected.

Comment 9 Vasyl Kaigorodov 2014-11-20 17:03:11 UTC
(In reply to Wolfgang Ulbrich from comment #8)
> Why did you add my email address again?
> I do not maintain or co-maintain any package which use jquery ui.
> And cinnamon isn't affected.

Sorry for the noise, Wolfgang. It's another issue, and another bug which is treated separately - I'm marking cinnamon as "notaffected" here as well.

Comment 10 Vasyl Kaigorodov 2014-11-21 09:42:41 UTC
(In reply to Orion Poplawski from comment #7)
> What version of jquery was this issue introduced in?  cobbler bundles jquery
> ui 1.8.18 and I'm not seeing the patched code in it, although it's hard for
> me to search in the minimized js.

All versions of jQUery UI prior to 1.10.0 are affected.

(In reply to Athmane Madjoudj from comment #6)
> Does this affected only packages with bundled jquery ui, or jquery in
> general.
> 
> For example: sticky-notes has jquery (min) and jquery.cookie but not jquery
> ui (or code from it), does that make it vulnerable to this issue.

It affects packages which are using bundled jQuery UI version < 1.10.0
If a package is not using jQuery UI - it's not affected.

Comment 12 Vasyl Kaigorodov 2014-11-21 16:29:22 UTC
Created nodejs-should tracking bugs for this issue:

Affects: fedora-all [bug 1166784]

Comment 13 Vasyl Kaigorodov 2014-11-21 16:29:34 UTC
Created openslides tracking bugs for this issue:

Affects: fedora-all [bug 1166785]

Comment 14 Vasyl Kaigorodov 2014-11-21 16:29:43 UTC
Created python-django-debug-toolbar tracking bugs for this issue:

Affects: fedora-all [bug 1166792]

Comment 15 Vasyl Kaigorodov 2014-11-21 16:29:55 UTC
Created dokuwiki tracking bugs for this issue:

Affects: fedora-all [bug 1166770]

Comment 16 Vasyl Kaigorodov 2014-11-21 16:30:05 UTC
Created fish tracking bugs for this issue:

Affects: fedora-all [bug 1166774]

Comment 17 Vasyl Kaigorodov 2014-11-21 16:30:16 UTC
Created global tracking bugs for this issue:

Affects: fedora-all [bug 1166776]

Comment 18 Vasyl Kaigorodov 2014-11-21 16:30:26 UTC
Created yelp-xsl tracking bugs for this issue:

Affects: fedora-all [bug 1166822]

Comment 19 Vasyl Kaigorodov 2014-11-21 16:30:36 UTC
Created why3 tracking bugs for this issue:

Affects: fedora-all [bug 1166820]

Comment 20 Vasyl Kaigorodov 2014-11-21 16:30:47 UTC
Created mojomojo tracking bugs for this issue:

Affects: fedora-all [bug 1166782]

Comment 21 Vasyl Kaigorodov 2014-11-21 16:30:55 UTC
Created mediawiki tracking bugs for this issue:

Affects: fedora-all [bug 1166781]

Comment 22 Vasyl Kaigorodov 2014-11-21 16:31:03 UTC
Created python-pebl tracking bugs for this issue:

Affects: fedora-all [bug 1166797]

Comment 23 Vasyl Kaigorodov 2014-11-21 16:31:14 UTC
Created cobbler tracking bugs for this issue:

Affects: fedora-all [bug 1166766]

Comment 24 Vasyl Kaigorodov 2014-11-21 16:31:24 UTC
Created python-XStatic-jquery-ui tracking bugs for this issue:

Affects: epel-all [bug 1166827]

Comment 25 Vasyl Kaigorodov 2014-11-21 16:31:35 UTC
Created drupal7-jquery_update tracking bugs for this issue:

Affects: fedora-all [bug 1166773]
Affects: epel-all [bug 1166824]

Comment 26 Vasyl Kaigorodov 2014-11-21 16:31:44 UTC
Created python-tw2-jqplugins-flot tracking bugs for this issue:

Affects: fedora-all [bug 1166800]

Comment 27 Vasyl Kaigorodov 2014-11-21 16:31:54 UTC
Created python-sphinx tracking bugs for this issue:

Affects: fedora-all [bug 1166798]
Affects: fedora-all [bug 1166806]

Comment 28 Vasyl Kaigorodov 2014-11-21 16:32:04 UTC
Created couchdb tracking bugs for this issue:

Affects: fedora-all [bug 1166767]

Comment 29 Vasyl Kaigorodov 2014-11-21 16:32:14 UTC
Created calibre tracking bugs for this issue:

Affects: fedora-all [bug 1166764]

Comment 30 Vasyl Kaigorodov 2014-11-21 16:32:24 UTC
Created phpPgAdmin tracking bugs for this issue:

Affects: fedora-all [bug 1166789]

Comment 31 Vasyl Kaigorodov 2014-11-21 16:32:33 UTC
Created StarCluster tracking bugs for this issue:

Affects: fedora-all [bug 1166815]

Comment 32 Vasyl Kaigorodov 2014-11-21 16:32:43 UTC
Created sugar-help tracking bugs for this issue:

Affects: fedora-all [bug 1166816]

Comment 33 Vasyl Kaigorodov 2014-11-21 16:32:53 UTC
Created python-werkzeug tracking bugs for this issue:

Affects: fedora-all [bug 1166802]
Affects: fedora-all [bug 1166807]

Comment 34 Vasyl Kaigorodov 2014-11-21 16:33:02 UTC
Created orbited tracking bugs for this issue:

Affects: fedora-all [bug 1166787]

Comment 35 Vasyl Kaigorodov 2014-11-21 16:33:11 UTC
Created gallery3 tracking bugs for this issue:

Affects: fedora-all [bug 1166775]

Comment 36 Vasyl Kaigorodov 2014-11-21 16:33:20 UTC
Created python-django14 tracking bugs for this issue:

Affects: fedora-all [bug 1166794]

Comment 37 Vasyl Kaigorodov 2014-11-21 16:33:30 UTC
Created python-django15 tracking bugs for this issue:

Affects: fedora-all [bug 1166795]

Comment 38 Vasyl Kaigorodov 2014-11-21 16:33:39 UTC
Created python-tw2-jquery tracking bugs for this issue:

Affects: fedora-all [bug 1166801]
Affects: epel-all [bug 1166826]

Comment 39 Vasyl Kaigorodov 2014-11-21 16:33:49 UTC
Created wordpress tracking bugs for this issue:

Affects: fedora-all [bug 1166821]

Comment 40 Vasyl Kaigorodov 2014-11-21 16:33:58 UTC
Created varnish-agent tracking bugs for this issue:

Affects: fedora-all [bug 1166817]

Comment 41 Vasyl Kaigorodov 2014-11-21 16:34:09 UTC
Created hotot tracking bugs for this issue:

Affects: fedora-all [bug 1166778]

Comment 42 Vasyl Kaigorodov 2014-11-21 16:34:19 UTC
Created python-django tracking bugs for this issue:

Affects: fedora-all [bug 1166791]
Affects: fedora-all [bug 1166805]

Comment 43 Vasyl Kaigorodov 2014-11-21 16:34:29 UTC
Created sagemath tracking bugs for this issue:

Affects: fedora-all [bug 1166812]

Comment 44 Vasyl Kaigorodov 2014-11-21 16:34:39 UTC
Created python-XStatic-jQuery tracking bugs for this issue:

Affects: fedora-all [bug 1166803]

Comment 45 Vasyl Kaigorodov 2014-11-21 16:34:48 UTC
Created sparkleshare tracking bugs for this issue:

Affects: fedora-all [bug 1166813]

Comment 46 Vasyl Kaigorodov 2014-11-21 16:34:58 UTC
Created wesnoth tracking bugs for this issue:

Affects: fedora-all [bug 1166819]

Comment 47 Vasyl Kaigorodov 2014-11-21 16:35:06 UTC
Created webacula tracking bugs for this issue:

Affects: fedora-all [bug 1166818]

Comment 48 Vasyl Kaigorodov 2014-11-21 16:35:15 UTC
Created libgda tracking bugs for this issue:

Affects: fedora-all [bug 1166780]

Comment 49 Vasyl Kaigorodov 2014-11-21 16:35:24 UTC
Created python-tw-jquery tracking bugs for this issue:

Affects: fedora-all [bug 1166799]
Affects: epel-all [bug 1166825]

Comment 50 Vasyl Kaigorodov 2014-11-21 16:35:33 UTC
Created openteacher tracking bugs for this issue:

Affects: fedora-all [bug 1166786]

Comment 51 Vasyl Kaigorodov 2014-11-21 16:35:42 UTC
Created ikiwiki tracking bugs for this issue:

Affects: fedora-all [bug 1166779]

Comment 52 Vasyl Kaigorodov 2014-11-21 16:35:51 UTC
Created graphite-web tracking bugs for this issue:

Affects: fedora-all [bug 1166777]

Comment 53 Vasyl Kaigorodov 2014-11-21 16:36:00 UTC
Created roundup tracking bugs for this issue:

Affects: fedora-all [bug 1166809]

Comment 54 Vasyl Kaigorodov 2014-11-21 16:36:10 UTC
Created python-backlash tracking bugs for this issue:

Affects: fedora-all [bug 1166790]
Affects: fedora-all [bug 1166804]

Comment 55 Vasyl Kaigorodov 2014-11-21 16:36:20 UTC
Created perl-Mojolicious tracking bugs for this issue:

Affects: fedora-all [bug 1166788]

Comment 56 Vasyl Kaigorodov 2014-11-21 16:36:31 UTC
Created ckeditor tracking bugs for this issue:

Affects: fedora-all [bug 1166765]

Comment 57 Vasyl Kaigorodov 2014-11-21 16:36:41 UTC
Created python-django-typepadapp tracking bugs for this issue:

Affects: fedora-all [bug 1166793]

Comment 58 Vasyl Kaigorodov 2014-11-21 16:36:50 UTC
Created cumin tracking bugs for this issue:

Affects: fedora-all [bug 1166768]

Comment 59 Vasyl Kaigorodov 2014-11-21 16:36:59 UTC
Created zabbix tracking bugs for this issue:

Affects: fedora-all [bug 1166823]

Comment 60 Vasyl Kaigorodov 2014-11-21 16:37:08 UTC
Created rubygem-jquery-rails tracking bugs for this issue:

Affects: fedora-all [bug 1166810]

Comment 61 Vasyl Kaigorodov 2014-11-21 16:37:19 UTC
Created drupal7 tracking bugs for this issue:

Affects: fedora-all [bug 1166772]

Comment 62 Vasyl Kaigorodov 2014-11-21 16:37:27 UTC
Created drupal6 tracking bugs for this issue:

Affects: fedora-all [bug 1166771]

Comment 63 Vasyl Kaigorodov 2014-11-21 16:37:37 UTC
Created spyder tracking bugs for this issue:

Affects: fedora-all [bug 1166814]

Comment 64 Vasyl Kaigorodov 2014-11-21 16:37:46 UTC
Created python-flask-debugtoolbar tracking bugs for this issue:

Affects: fedora-all [bug 1166796]

Comment 65 Vasyl Kaigorodov 2014-11-21 16:37:55 UTC
Created django-typepad tracking bugs for this issue:

Affects: fedora-all [bug 1166769]

Comment 66 Fedora Update System 2014-12-12 04:03:25 UTC
couchdb-1.6.1-4.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 67 Fedora Update System 2014-12-12 04:13:01 UTC
couchdb-1.6.1-4.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 68 Ján Rusnačko 2015-03-03 16:22:58 UTC
Deleting duplicate fedora-all/python-werkzeug=, fedora-all/python-sphinx=, fedora-all/python-django= from whiteboard.

Comment 69 errata-xmlrpc 2015-03-05 10:15:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:0442 https://rhn.redhat.com/errata/RHSA-2015-0442.html

Comment 70 errata-xmlrpc 2015-07-22 07:38:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:1462 https://rhn.redhat.com/errata/RHSA-2015-1462.html


Note You need to log in before you can comment on or make changes to this bug.