Bug 163065 – CAN-2005-1937 multiple mozilla issues (CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270)

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 163065 - CAN-2005-1937 multiple mozilla issues (CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270)

Summary:	CAN-2005-1937 multiple mozilla issues (CAN-2005-2260 CAN-2005-2261 CAN-2005-2...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	mozilla (Show other bugs)
Sub Component:
Version:	4.0
Hardware:	All Linux

Priority	medium Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Christopher Aillon
QA Contact:	Ben Levenson
Docs Contact:

URL:
Whiteboard:	impact=important,source=mozilla,publi...
Keywords:	Security

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2005-07-12 14:45 EDT by Josh Bressers
Modified:	2007-11-30 17:07 EST (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2005-07-22 06:58:03 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2005:587	normal	SHIPPED_LIVE	Important: mozilla security update	2005-07-22 00:00:00 EDT

Groups: None (edit)

Description Josh Bressers 2005-07-12 14:45:25 EDT

MFSA 2005-45    Fixed in: Firefox 1.0.5 Mozilla Suite 1.7.9
        impact=moderate,source=mozilla,public=20050712
            In several places the browser UI did not correctly distinguish
            between true user events, such as mouse clicks or keystrokes, and
            synthetic events genenerated by web content. The problems ranged
            from minor annoyances like switching tabs or entering full-screen
            mode, to a variant on MFSA 2005-34

            https://bugzilla.mozilla.org/show_bug.cgi?id=289940

        MFSA 2005-46     Firefox 1.0.5 Thunderbird 1.0.5 Mozilla Suite 1.7.9
        impact=low,source=mozilla,public=20050712
            Scripts in XBL controls from web content continued to be run even
            when Javascript was disabled. By itself this causes no harm, but
            it could be combined with most script-based exploits to attack
            people running vulnerable versions who thought disabling
            javascript would protect them.

            https://bugzilla.mozilla.org/show_bug.cgi?id=292591
            https://bugzilla.mozilla.org/show_bug.cgi?id=292589

        MFSA 2005-48     Firefox 1.0.5 Mozilla Suite 1.7.9
        impact=moderate,source=mozilla,public=20050712
            The InstallTrigger.install() method for launching an install
            accepts a callback function that will be called with the final
            success or error status. By forcing a page navigation immediately
            after calling the install method this callback function can end up
            running in the context of the new page selected by the attacker.
            This is true even if the user cancels the unwanted install dialog:
            cancel is an error status. This callback script can steal data
            from the new page such as cookies or passwords, or perform actions
            on the user's behalf such as make a purchase if the user is
            already logged into the target site.

            https://bugzilla.mozilla.org/show_bug.cgi?id=293331

        MFSA 2005-50     Firefox 1.0.5 Mozilla Suite 1.7.9
        impact=moderate,source=mozilla,public=20050712
            When InstallVersion.compareTo() is passed an object rather than a
            string it assumed the object was another InstallVersion without
            verifying it. When passed a different kind of object the browser
            would generally crash with an access violation.

        MFSA 2005-51  Firefox 1.0.5 Mozilla Suite 1.7.9
        CAN-2005-1937
        impact=important,source=mozilla,public=20050606
            The original frame-injection spoofing bug was fixed in the Mozilla
            Suite 1.7 and Firefox 0.9 releases. This protection was
            accidentally disabled by one of the fixes in the Firefox 1.0.3 and
            Mozilla Suite 1.7.7 releases.

            http://secunia.com/advisories/15601/
            https://bugzilla.mozilla.org/show_bug.cgi?id=296850

        MFSA 2005-52    Firefox 1.0.5 Mozilla Suite 1.7.9
        impact=moderate,source=mozilla,public=20050712
            A child frame can call top.focus() even if the framing page comes
            from a different origin and has overridden the focus() routine.
            The call is made in the context of the child frame. The attacker
            would look for a target site with a framed page that makes this
            call but doesn't verify that its parent comes from the same site.
            By framing this page the attacker could steal cookies and
            passwords, or take actions on the site on behalf of a signed-in
            user.

            http://secunia.com/advisories/15549/
            https://bugzilla.mozilla.org/show_bug.cgi?id=296830

        MFSA 2005-53    Firefox 1.0.5 Mozilla Suite 1.7.9
        impact=moderate,source=mozilla,public=20050712
            Several media players, for example Flash and QuickTime, support
            scripted content with the ability to open URLs in the default
            browser. The default behavior for Firefox and the Mozilla Suite
            was to replace the currently open browser window's content with
            the externally opened content.  If the external URL was a
            javascript: url it would run as if it came from the site that
            served the previous content, which could be used to steal
            sensitive information such as login cookies or passwords. If the
            media player content first caused a privileged chrome: url to load
            then the subsequent javascript: url could execute arbitrary code.

            https://bugzilla.mozilla.org/show_bug.cgi?id=298255

        MFSA 2005-54     Firefox 1.0.5 Mozilla Suite 1.7.9
        impact=low,source=mozilla,public=20050607
            Alerts and prompts created by scripts in web pages are presented
            with the generic title [JavaScript Application] which sometimes
            makes it difficult to know which site created them. A malicious
            page could attempt to cause a prompt to appear in front of a
            trusted site in an attempt to extract information such as
            passwords from the user.

            https://secunia.com/advisories/15489/
            https://bugzilla.mozilla.org/show_bug.cgi?id=298934

        MFSA 2005-55     Firefox 1.0.5 Mozilla Suite 1.7.9
        impact=moderate,source=mozilla,public=20050712
            Parts of the browser UI relied too much on DOM node names without
            taking different namespaces into account and verifying that the
            node was really of the expected type. An XHTML document could be
            used, for example, to create fake <IMG> elements with
            content-defined properties that will be accessed as if they were
            the trusted built-in properties of the expected HTML elements.

            https://bugzilla.mozilla.org/show_bug.cgi?id=298892

        MFSA 2005-56     Firefox 1.0.5 Mozilla Suite 1.7.9
        impact=important,source=mozilla,public=20050712
            Improper cloning of base objects allowed web content scripts to
            get to a privileged object by walking up the prototype chain. This
            could be used to execute code with enhanced privileges.

            https://bugzilla.mozilla.org/show_bug.cgi?id=294795
            https://bugzilla.mozilla.org/show_bug.cgi?id=294799
            https://bugzilla.mozilla.org/show_bug.cgi?id=295011
            https://bugzilla.mozilla.org/show_bug.cgi?id=296397

Comment 1 Josh Bressers 2005-07-12 14:46:25 EDT

These issues also affect RHEL2.1 and RHEL3

Comment 2 Josh Bressers 2005-07-13 17:25:35 EDT

MFSA 2005-45  CAN-2005-2260
MFSA 2005-46  CAN-2005-2261
MFSA 2005-48  CAN-2005-2263
MFSA 2005-50  CAN-2005-2265
MFSA 2005-51  CAN-2005-1937
MFSA 2005-52  CAN-2005-2266
MFSA 2005-53  CAN-2005-2267
MFSA 2005-54  CAN-2005-2268
MFSA 2005-55  CAN-2005-2269
MFSA 2005-56  CAN-2005-2270

Comment 3 Josh Bressers 2005-07-13 17:29:07 EDT

Lifting embargo, this is all public now.

Comment 4 Mark J. Cox 2005-07-22 06:58:03 EDT

RHSA-2005:587

Note You need to log in before you can comment on or make changes to this bug.