04.42.18 CVE: Not Available Platform: Cross Platform Title: Mozilla Multiple Memory Corruption Vulnerabilities Description: Multiple memory corruption vulnerabilities have been reported in Mozilla. These issues are related to malformed HTML involving the TEXTAREA, INPUT, FRAMESET, and IMG tags. Mozilla versions 1.0 through 1.8 are affected. Ref: http://www.securityfocus.com/archive/1/378632 ------- Additional Comments From jpdalbec 2004-12-08 10:14:11 ---- RHL 7.3: gallery/mozilla_die1.html produces: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1024 (LWP 31881)] 0x40c813f1 in RuleProcessorData::RuleProcessorData () from /usr/lib/mozilla-1.4.3/components/libgklayout.so gallery/mozilla_die2.html does not crash mozilla. ------- Additional Comments From jpdalbec 2004-12-08 10:27:24 ---- backtrace: #0 0x40c813f1 in RuleProcessorData::RuleProcessorData () from /usr/lib/mozilla-1.4.3/components/libgklayout.so #1 0x40b56409 in StyleSetImpl::ResolveStyleFor () from /usr/lib/mozilla-1.4.3/components/libgklayout.so #2 0x40add204 in nsPresContext::ResolveStyleContextFor () from /usr/lib/mozilla-1.4.3/components/libgklayout.so #3 0x40a4a91e in nsCSSFrameConstructor::ResolveStyleContext () from /usr/lib/mozilla-1.4.3/components/libgklayout.so #4 0x40a4b315 in nsCSSFrameConstructor::ConstructFrame () from /usr/lib/mozilla-1.4.3/components/libgklayout.so #5 0x40a4e3ee in nsCSSFrameConstructor::ContentAppended () from /usr/lib/mozilla-1.4.3/components/libgklayout.so #6 0x40b572ad in StyleSetImpl::ContentAppended () from /usr/lib/mozilla-1.4.3/components/libgklayout.so #7 0x409fcc7a in PresShell::ContentAppended () from /usr/lib/mozilla-1.4.3/components/libgklayout.so #8 0x40affca5 in nsDocument::ContentAppended () from /usr/lib/mozilla-1.4.3/components/libgklayout.so #9 0x40c2e166 in nsHTMLDocument::ContentAppended () from /usr/lib/mozilla-1.4.3/components/libgklayout.so #10 0x40c26d2d in HTMLContentSink::NotifyAppend () from /usr/lib/mozilla-1.4.3/components/libgklayout.so #11 0x40c1f3f3 in SinkContext::FlushTags () from /usr/lib/mozilla-1.4.3/components/libgklayout.so #12 0x40c21858 in HTMLContentSink::CloseBody () from /usr/lib/mozilla-1.4.3/components/libgklayout.so #13 0x4131f855 in CNavDTD::CloseBody () from /usr/lib/mozilla-1.4.3/components/libhtmlpars.so #14 0x4131fee1 in CNavDTD::CloseContainer () from /usr/lib/mozilla-1.4.3/components/libhtmlpars.so #15 0x4131ffc8 in CNavDTD::CloseContainersTo () from /usr/lib/mozilla-1.4.3/components/libhtmlpars.so #16 0x413203b9 in CNavDTD::CloseContainersTo () from /usr/lib/mozilla-1.4.3/components/libhtmlpars.so #17 0x4131b542 in CNavDTD::DidBuildModel () from /usr/lib/mozilla-1.4.3/components/libhtmlpars.so #18 0x4132ecea in nsParser::DidBuildModel () from /usr/lib/mozilla-1.4.3/components/libhtmlpars.so #19 0x4132f9c0 in nsParser::ResumeParse () from /usr/lib/mozilla-1.4.3/components/libhtmlpars.so #20 0x41331813 in nsParser::OnStopRequest () from /usr/lib/mozilla-1.4.3/components/libhtmlpars.so #21 0x41461e79 in nsDocumentOpenInfo::OnStopRequest () from /usr/lib/mozilla-1.4.3/components/libdocshell.so #22 0x408872f5 in nsStreamListenerTee::OnStopRequest () from /usr/lib/mozilla-1.4.3/components/libnecko.so #23 0x408ebf8f in nsHttpChannel::OnStopRequest () from /usr/lib/mozilla-1.4.3/components/libnecko.so #24 0x4086f8a9 in nsInputStreamPump::OnStateStop () from /usr/lib/mozilla-1.4.3/components/libnecko.so #25 0x4086f5c1 in nsInputStreamPump::OnInputStreamReady () from /usr/lib/mozilla-1.4.3/components/libnecko.so #26 0x4073164a in nsInputStreamReadyEvent::EventHandler () from /usr/lib/mozilla-1.4.3/libxpcom.so #27 0x40749873 in PL_HandleEvent () from /usr/lib/mozilla-1.4.3/libxpcom.so #28 0x40749c75 in PL_ProcessEventsBeforeID () from /usr/lib/mozilla-1.4.3/libxpcom.so #29 0x4149318b in processQueue () from /usr/lib/mozilla-1.4.3/components/libwidget_gtk.so #30 0x4071b09b in nsVoidArray::EnumerateForwards () from /usr/lib/mozilla-1.4.3/libxpcom.so #31 0x414931c8 in nsAppShell::ProcessBeforeID () from /usr/lib/mozilla-1.4.3/components/libwidget_gtk.so #32 0x4149bd2f in handle_gdk_event () from /usr/lib/mozilla-1.4.3/components/libwidget_gtk.so #33 0x40225d6f in gdk_event_dispatch () from /usr/lib/libgdk-1.2.so.0 #34 0x40257773 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0 #35 0x40257d39 in g_main_iterate () from /usr/lib/libglib-1.2.so.0 #36 0x40257eec in g_main_run () from /usr/lib/libglib-1.2.so.0 #37 0x401732e3 in gtk_main () from /usr/lib/libgtk-1.2.so.0 #38 0x41492f0d in nsAppShell::Run () from /usr/lib/mozilla-1.4.3/components/libwidget_gtk.so #39 0x412d6aaa in nsAppShellService::Run () from /usr/lib/mozilla-1.4.3/components/libnsappshell.so #40 0x08059415 in main1 () #41 0x08059c2b in main () #42 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6 ------- Additional Comments From jpdalbec 2004-12-13 12:31:52 ---- 04.49.17 CVE: Not Available Platform: Cross Platform Title: Multiple Browsers JavaScript IFRAME Rendering Denial of Service Description: Mozilla/Netscape and Firefox browsers are reported to be vulnerable to a denial of service issue. The issue presents itself when a javascript function attempts to print an IFRAME that is embedded in the page. Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=272381 ------- Additional Comments From jpdalbec 2004-12-13 12:33:09 ---- 04.49.22 CVE: CAN-2004-1156 Platform: Cross Platform Title: Remote Window Hijacking Vulnerability Affecting Multiple Browsers Description: Multiple browsers are affected by a remote window hijacking issue. A website can inject content into another site's window if the target name of the window is known. This can be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website. All current versions of Opera, Netscape, Internet Explorer, Apple Safari, Mozilla and Firefox are affected. Ref: http://secunia.com/secunia_research/2004-13/advisory/ ------- Additional Comments From pekkas 2004-12-20 11:23:56 ---- Two other CANs I found, which are probably relevant for the next update.. CAN-2004-0909 Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages. -- this is http://bugzilla.mozilla.org/show_bug.cgi?id=253942 CAN-2004-1200 Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. ------- Additional Comments From pekkas 2005-03-01 06:01:56 ---- I'll close this as a duplicate of #2380, so we can track the mozilla issues in just one bug number. *** This bug has been marked as a duplicate of 2380 *** ------- Bug moved to this database by dkl 2005-03-30 18:28 ------- This bug previously known as bug 2214 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2214 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.