This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 129123 - Numerous security issues fixed in Mozilla 1.4.3
Numerous security issues fixed in Mozilla 1.4.3
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: mozilla (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Blizzard
Ben Levenson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-04 04:19 EDT by Mark J. Cox (Product Security)
Modified: 2012-10-15 09:46 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-04 17:49:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2004-08-04 04:19:54 EDT
In addition to bugs 127338 and 127186, the following security issues
were also fixed in Mozilla 1.4.3 (most of these had been previously
fixed in 1.7.*)

        * "During a source code audit, Chris Evans discovered a buffer
        overflow which affects the libpng code inside Mozilla. An
        attacker could create a carefully crafted PNG file in such a
        way that it would cause Mozilla to crash or execute arbitrary
        code when the image was viewed."  CAN-2004-0597 CAN-2004-0599

        * Zen Parse reported improper input validation to the
        SOAPParameter object constructor leading to an integer
        overflow and controllable heap corruption.  Malicious
        JavaScript could be written to utilise this flaw and could
        allow arbitrary code execution.  CAN-2004-0722

        http://bugzilla.mozilla.org/show_bug.cgi?id=236618

        * "Zen Parse reported a flaw in the POP3 capability.  A
        malicious pop3 server could send a carefully crafted response
        that would cause a heap overflow and potentially allow
        execution of arbitrary code as the user running Mozilla."
        CAN-2004-0757

        http://bugzilla.mozilla.org/show_bug.cgi?id=229374

        * "Marcel Boesch found a flaw that allows a CA certificate to
        be imported with a DN the same as that of the built-in CA
        root certificates, which can cause a denial of
        service to SSL pages because the malicious certificate is
treated as
        invalid." CAN-2004-0758

        http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186
        http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257559
        http://bugzilla.mozilla.org/show_bug.cgi?id=249004

        * "Met - Martin Hassman reported a flaw in Mozilla that could
        allow malicious Javascript code to upload local files from a
        users machine without requiring confirmation." CAN-2004-0759

        http://bugzilla.mozilla.org/show_bug.cgi?id=241924

       * "Mindlock Security reported a flaw in ftp URI handling.  By
        using a NULL character (%00) in a ftp URI, Mozilla can be
        confused into opening a resource as a different MIME type"
        CAN-2004-0760

        http://bugzilla.mozilla.org/show_bug.cgi?id=250906

        Spoofing issues:

        * "Mozilla does not properly prevent a frame in one domain
        from injecting content into a frame that belongs to another
        domain, which facilitates web site spoofing and other attacks,
        aka the frame injection vulnerability."  CAN-2004-0718

        http://bugzilla.mozilla.org/show_bug.cgi?id=246448
        http://secunia.com/advisories/11978

       * Tolga Tarhan reported a flaw that can allow a malicious web
        page to use a redirect sequence to spoof the security lock
        icon that makes a web page appear to be encrypted."
        CAN-2004-0761

        http://bugzilla.mozilla.org/show_bug.cgi?id=240053

        * "Jesse Ruderman reported a security issue that affects a
        number of browsers including Mozilla that could allow
        malicious websites to install arbitrary extensions by using
        interactive events to manipulate the XPInstall Security dialog
        box." CAN-2004-0762

        http://bugzilla.mozilla.org/show_bug.cgi?id=162020
        http://secunia.com/advisories/11999/

        * "Emmanouel Kellinis discovered a caching flaw in Mozilla
        which allows malicious web sites to spoof certificates of
        trusted web sites via redirects and Javascript that uses the
        "onunload" method." CAN-2004-0763

        http://marc.theaimsgroup.com/?l=bugtraq&m=109087067730938&w=2
        http://bugzilla.mozilla.org/show_bug.cgi?id=253121
        http://secunia.com/advisories/12160/

        * "Mozilla allowed malicious websites to hijack the user
        interface via the "chrome" flag and XML User Interface
        Language (XUL) files."  CAN-2004-0764

        http://bugzilla.mozilla.org/show_bug.cgi?id=244965
        http://secunia.com/advisories/12188/

        * "The cert_TestHostName function in Mozilla only checks the
        hostname portion of a certificate when the hostname portion of
        the URI is not a fully qualified domain name (FQDN).  This
        flaw could be used for spoofing if an attacker had control of
        machines on a default DNS search path." CAN-2004-0765

        http://bugzilla.mozilla.org/show_bug.cgi?id=234058
Comment 1 Mark J. Cox (Product Security) 2004-08-04 07:55:52 EDT
Aug 04 1200UTC - removing embargo
Comment 2 Mark J. Cox (Product Security) 2004-08-04 17:49:26 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-421.html

Note You need to log in before you can comment on or make changes to this bug.