Bug 194440 - CVE-2006-2779 Multiple Mozilla, Firefox issues (CVE-2006-2781, CVE-2006-2788)
CVE-2006-2779 Multiple Mozilla, Firefox issues (CVE-2006-2781, CVE-2006-2788)
Status: CLOSED CANTFIX
Product: Fedora Legacy
Classification: Retired
Component: mozilla (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Fedora Legacy Bugs
Ben Levenson
impact=critical, LEGACY, rh73, rh90, ...
: Security
Depends On: 193906
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-08 02:57 EDT by David Eisenstein
Modified: 2007-06-01 00:40 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-01 00:40:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description David Eisenstein 2006-06-08 02:57:34 EDT
+++ This bug was initially created as a clone of Bug #193906 +++

Text stolen from MITRE:

CVE-2006-2781
Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and
SeaMonkey before 1.0.2 allows remote attackers to cause a denial of
service (hang) and possibly execute arbitrary code via a VCard that
contains invalid base64 characters.

CVE-2006-2779
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via (1) nested <option> tags in a select tag, (2) a
DOMNodeRemoved mutation event, (3) "Content-implemented tree views,"
(4) BoxObjects, (5) the XBL implementation, (6) an iframe that
attempts to remove itself, which leads to memory corruption.

-- Additional comment from bressers@redhat.com on 2006-06-02 16:22 EST --
These issues also affect RHEL2.1 and RHEL3

-- Additional comment from bressers@redhat.com on 2006-06-02 16:34 EST --
Also this issue:

CVE-2006-2788
Double-free vulnerability in the getRawDER function for nsIX509Cert in
Firefox allows remote attackers to cause a denial of service (hang)
and possibly execute arbitrary code via certain Javascript code.
Comment 1 David Eisenstein 2006-06-14 12:12:11 EDT
------- Additional Comments From deisenst@gtw.net  2006-06-09 11:13 EST -------
These  also affects Firefox and Thunderbird, though in Thunderbird these bugs 
are likely not critical.  Normally javascript is turned off in Thunderbird, and
these vulnerabilities seem to be tied to having javascript turned on.

Comment 2 John Dalbec 2006-08-09 13:56:53 EDT
06.30.29 CVE:
CVE-2006-3812,CVE-2006-3811,CVE-2006-3810,CVE-2006-3809,CVE-2006-3808,
CVE-2006-3807,CVE-2006-3806,CVE-2006-3805,CVE-2006-3804,CVE-2006-3803,
CVE-2006-3802,CVE-2006-3801,CVE-2006-3113,CVE-2006-3677
Platform: Cross Platform
Title: Mozilla Firefox Javascript Navigator Object Remote Code
Execution
Description: Mozilla Firefox is prone to a remote code execution
vulnerability. The application fails to properly sanitize
user-supplied input  before using it to create a new Javascript
object. The vulnerability exists when assigning unspecified parameters
to the "window.navigator" object. An attacker may replace the
navigator object before Java starts to trigger this vulnerability.
Mozilla Firefox versions 1.5.0 to 1.5.0.4 are vulnerable to this
issue.
Ref: http://www.mozilla.org/security/announce/2006
______________________________________________________________________

06.30.30 CVE: CVE-2006-3113
Platform: Cross Platform
Title: Mozilla Foundation Products XPCOM Memory Corruption
Description: Mozilla Foundation products Firefox, Thunderbird and
SeaMonkey are vulnerable to a memory corruption issue due to
insufficient handling of simultaneous XPCOM events. See the referenced
advisory for further details.
Ref: http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
Comment 3 David Eisenstein 2006-10-07 09:01:44 EDT
Please see Bug #209167 for further discussion related to this bug.
Comment 4 Matěj Cepl 2007-05-30 19:19:05 EDT
Reporter, could you close this bug please now when Fedora Legacy was shutdown?
Or do you have any other idea what to do with it?
Comment 5 David Eisenstein 2007-06-01 00:40:19 EDT
Matej, you are right.  This bug should be closed.

Closing CANTFIX.  -David

Note You need to log in before you can comment on or make changes to this bug.