Bug 129123 - Numerous security issues fixed in Mozilla 1.4.3
Numerous security issues fixed in Mozilla 1.4.3
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: mozilla (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Blizzard
Ben Levenson
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-08-04 04:19 EDT by Mark J. Cox
Modified: 2012-10-15 09:46 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-08-04 17:49:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox 2004-08-04 04:19:54 EDT
In addition to bugs 127338 and 127186, the following security issues
were also fixed in Mozilla 1.4.3 (most of these had been previously
fixed in 1.7.*)

        * "During a source code audit, Chris Evans discovered a buffer
        overflow which affects the libpng code inside Mozilla. An
        attacker could create a carefully crafted PNG file in such a
        way that it would cause Mozilla to crash or execute arbitrary
        code when the image was viewed."  CAN-2004-0597 CAN-2004-0599

        * Zen Parse reported improper input validation to the
        SOAPParameter object constructor leading to an integer
        overflow and controllable heap corruption.  Malicious
        JavaScript could be written to utilise this flaw and could
        allow arbitrary code execution.  CAN-2004-0722


        * "Zen Parse reported a flaw in the POP3 capability.  A
        malicious pop3 server could send a carefully crafted response
        that would cause a heap overflow and potentially allow
        execution of arbitrary code as the user running Mozilla."


        * "Marcel Boesch found a flaw that allows a CA certificate to
        be imported with a DN the same as that of the built-in CA
        root certificates, which can cause a denial of
        service to SSL pages because the malicious certificate is
treated as
        invalid." CAN-2004-0758


        * "Met - Martin Hassman reported a flaw in Mozilla that could
        allow malicious Javascript code to upload local files from a
        users machine without requiring confirmation." CAN-2004-0759


       * "Mindlock Security reported a flaw in ftp URI handling.  By
        using a NULL character (%00) in a ftp URI, Mozilla can be
        confused into opening a resource as a different MIME type"


        Spoofing issues:

        * "Mozilla does not properly prevent a frame in one domain
        from injecting content into a frame that belongs to another
        domain, which facilitates web site spoofing and other attacks,
        aka the frame injection vulnerability."  CAN-2004-0718


       * Tolga Tarhan reported a flaw that can allow a malicious web
        page to use a redirect sequence to spoof the security lock
        icon that makes a web page appear to be encrypted."


        * "Jesse Ruderman reported a security issue that affects a
        number of browsers including Mozilla that could allow
        malicious websites to install arbitrary extensions by using
        interactive events to manipulate the XPInstall Security dialog
        box." CAN-2004-0762


        * "Emmanouel Kellinis discovered a caching flaw in Mozilla
        which allows malicious web sites to spoof certificates of
        trusted web sites via redirects and Javascript that uses the
        "onunload" method." CAN-2004-0763


        * "Mozilla allowed malicious websites to hijack the user
        interface via the "chrome" flag and XML User Interface
        Language (XUL) files."  CAN-2004-0764


        * "The cert_TestHostName function in Mozilla only checks the
        hostname portion of a certificate when the hostname portion of
        the URI is not a fully qualified domain name (FQDN).  This
        flaw could be used for spoofing if an attacker had control of
        machines on a default DNS search path." CAN-2004-0765

Comment 1 Mark J. Cox 2004-08-04 07:55:52 EDT
Aug 04 1200UTC - removing embargo
Comment 2 Mark J. Cox 2004-08-04 17:49:26 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.