Bug 200357 - major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812
major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-20...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
5
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Christopher Aillon
: Security
Depends On:
Blocks: 200530
  Show dependency treegraph
 
Reported: 2006-07-27 00:27 EDT by Gilbert Sebenste
Modified: 2007-11-30 17:11 EST (History)
8 users (show)

See Also:
Fixed In Version: FC5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-10 10:41:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Gilbert Sebenste 2006-07-27 00:27:46 EDT
Description of problem: Firefox 1.5.0.4 and earlier has serious security
flaws, patched in 1.5.0.5


Version-Release number of selected component (if applicable): 1.5.0.4 and earlier


How reproducible: always


Steps to Reproduce:
1. Just use Firefox!
2.
3.
  
Actual results: Security flaws.


Expected results: No security flaws.


Additional info: See: http://www.mozilla.org/security/announce/
for the dozen or so security announcements from Mozilla, namely,
MFSA 2006-44 through 56.

I left this open for everyone to see since the disclosure is public information
on the Mozilla and isc.sans.org Web sites.
Comment 1 Matthew Miller 2006-07-28 00:05:22 EDT
Adding CVE numbers from

http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.5

CVE-2006-3113 : memory corruption resulting in crash or potential arbitrary
                code execution
CVE-2006-3677 : ditto
CVE-2006-3801 : allows native code to be executed. bad.
CVE-2006-3802 : DOM/XSS attack
CVE-2006-3803 : race condition allows execution of arbitrary binary code. bad!
CVE-2006-3805 : remote code execution via javascript.
CVE-2006-3806 : ditto.
CVE-2006-3807 : looks like a very serious privledge escalation bug for 
                javascript
CVE-2006-3808 : malicious proxy can execute code with privs it shouldn't have;
                note that a malicious proxy can do all sorts of bad things
                anyway.
CVE-2006-3809 : privilege escalation of scripts; I don't understand the script
                security model enough personally to fully evaluate the impact
                of this without looking into it. sounds potentially serious.
CVE-2006-3810 : XSS attack via javascript
CVE-2006-3811 : "several" crashes with memory corruption; potential arbitrary
                code execution
CVE-2006-3812 : scripts in chrome run with full privledge. no known automatic
                exploit, but may make tricking users easier.
Comment 2 Matthew Miller 2006-07-28 00:07:53 EDT
Oh, apparently also CVE-2006-3804, but that's apparently just a denial of service.

Christopher Aillon -- there was some trouble releasing a timely update to
Firefox 1.5.0.4. Do you anticipate needing some extra help for this as well?
Could you at least take a few seconds to let us know the status? Thanks!
Comment 3 Matthew Miller 2006-08-07 13:03:30 EDT
Can we have an update on this, please?
Comment 4 Konstantin Ryabitsev 2006-08-08 12:31:18 EDT
Why are we still on 1.5.0.4? Unaddressed security problems in a major network
applications generate lots of bad publicity for the project.
Comment 5 Thorsten Leemhuis 2006-08-08 13:32:33 EDT
(In reply to comment #4)
> Why are we still on 1.5.0.4? 

We still are AFAICS -- 1.5.0.5 was commited to CVS some days ago (thx Kai!)
afaics, but not published yet. That's why I made noise on f-a-b today. See:
https://www.redhat.com/archives/fedora-advisory-board/2006-August/msg00051.html
Comment 6 Jesse Keating 2006-08-08 13:50:33 EDT
It had failed to build on s390, an arch I thought I had disabled for FC5 updates
building.  I've fixed the glitch and attempting to build the update now for
publishing later today.
Comment 7 Fedora Update System 2006-08-08 18:27:55 EDT
firefox-1.5.0.6-2.fc5 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 8 David Juran 2006-08-10 10:41:24 EDT
So I guess this issue can (finally) be closed.
Comment 9 Konstantin Ryabitsev 2006-08-10 11:21:22 EDT
Thanks for your hard work!

Note You need to log in before you can comment on or make changes to this bug.