Bug 195241 - CVE-2006-2779 Multiple Mozilla issues (CVE-2006-2781, CVE-2006-2788)
CVE-2006-2779 Multiple Mozilla issues (CVE-2006-2781, CVE-2006-2788)
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
5
All Linux
urgent Severity medium
: ---
: ---
Assigned To: Christopher Aillon
impact=critical,source=mozilla,report...
: Security
: 195315 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-14 11:56 EDT by David Eisenstein
Modified: 2007-11-30 17:11 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-06-16 14:02:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Eisenstein 2006-06-14 11:56:27 EDT
This was originally bug 194617, until Bugzilla barfed yesterday.  Entering
it again...

           Summary: CVE-2006-2779 Multiple Mozilla issues (CVE-2006-2781,
                    CVE-2006-2788)
           Product: Fedora Core
           Version: fc5
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: urgent
          Priority: normal
         Component: firefox
        AssignedTo: caillon@redhat.com
        ReportedBy: mattdm@mattdm.org
                CC: deisenst@gtw.net,wtogami@redhat.com

This issue also affects Fedora Core 5. A lot of the problems fixed in 1.5.0.4
don't seem that severe, but a few of these are serious enough to at least turn
some heads. And it's been public for a quite a while now.

+++ This bug was initially created as a clone of Bug #193906 +++

Text stolen from MITRE:

CVE-2006-2781
Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and
SeaMonkey before 1.0.2 allows remote attackers to cause a denial of
service (hang) and possibly execute arbitrary code via a VCard that
contains invalid base64 characters.

CVE-2006-2779
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via (1) nested <option> tags in a select tag, (2) a
DOMNodeRemoved mutation event, (3) "Content-implemented tree views,"
(4) BoxObjects, (5) the XBL implementation, (6) an iframe that
attempts to remove itself, which leads to memory corruption.

-- Additional comment from bressers@redhat.com on 2006-06-02 16:22 EST --
These issues also affect RHEL2.1 and RHEL3

-- Additional comment from bressers@redhat.com on 2006-06-02 16:34 EST --
Also this issue:

CVE-2006-2788
Double-free vulnerability in the getRawDER function for nsIX509Cert in
Firefox allows remote attackers to cause a denial of service (hang)
and possibly execute arbitrary code via certain Javascript code.
Comment 1 David Eisenstein 2006-06-14 11:59:54 EDT
------- Additional Comments From mattdm@mattdm.org  2006-06-12 10:39 EST -------
Removing dependency on bug #193906, since that's really a separate issue since
it requires backports.

I still don't see an update for this even in the testing tree.

Comment 2 David Eisenstein 2006-06-14 12:07:25 EDT
Kai, Dennis -- I understand you were working on rolling firefox &/or thunderbird
packages yesterday for 1.5.0.4.   How is that coming along?
Comment 3 Kai Engert (:kaie) 2006-06-14 18:03:48 EDT
some trouble with build system, hope to have it done by tomorrow.
tb is already out on rawhide
Comment 4 David Juran 2006-06-15 14:29:38 EDT
*** Bug 195315 has been marked as a duplicate of this bug. ***
Comment 5 Kai Engert (:kaie) 2006-06-16 14:02:40 EDT
ff and tb 1.5.0.4 have been released on fc5 and rawhide
Comment 6 Matthew Miller 2006-06-16 14:07:27 EDT
thanks!

Note You need to log in before you can comment on or make changes to this bug.