+++ This bug was initially created as a clone of Bug #193906 +++ Text stolen from MITRE: CVE-2006-2781 Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters. CVE-2006-2779 Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. -- Additional comment from bressers on 2006-06-02 16:22 EST -- These issues also affect RHEL2.1 and RHEL3 -- Additional comment from bressers on 2006-06-02 16:34 EST -- Also this issue: CVE-2006-2788 Double-free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.
------- Additional Comments From deisenst 2006-06-09 11:13 EST ------- These also affects Firefox and Thunderbird, though in Thunderbird these bugs are likely not critical. Normally javascript is turned off in Thunderbird, and these vulnerabilities seem to be tied to having javascript turned on.
06.30.29 CVE: CVE-2006-3812,CVE-2006-3811,CVE-2006-3810,CVE-2006-3809,CVE-2006-3808, CVE-2006-3807,CVE-2006-3806,CVE-2006-3805,CVE-2006-3804,CVE-2006-3803, CVE-2006-3802,CVE-2006-3801,CVE-2006-3113,CVE-2006-3677 Platform: Cross Platform Title: Mozilla Firefox Javascript Navigator Object Remote Code Execution Description: Mozilla Firefox is prone to a remote code execution vulnerability. The application fails to properly sanitize user-supplied input before using it to create a new Javascript object. The vulnerability exists when assigning unspecified parameters to the "window.navigator" object. An attacker may replace the navigator object before Java starts to trigger this vulnerability. Mozilla Firefox versions 1.5.0 to 1.5.0.4 are vulnerable to this issue. Ref: http://www.mozilla.org/security/announce/2006 ______________________________________________________________________ 06.30.30 CVE: CVE-2006-3113 Platform: Cross Platform Title: Mozilla Foundation Products XPCOM Memory Corruption Description: Mozilla Foundation products Firefox, Thunderbird and SeaMonkey are vulnerable to a memory corruption issue due to insufficient handling of simultaneous XPCOM events. See the referenced advisory for further details. Ref: http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
Please see Bug #209167 for further discussion related to this bug.
Reporter, could you close this bug please now when Fedora Legacy was shutdown? Or do you have any other idea what to do with it?
Matej, you are right. This bug should be closed. Closing CANTFIX. -David