Bug 488273 (CVE-2009-0772) - CVE-2009-0772 Firefox 2 and 3 - Layout engine crashes
Summary: CVE-2009-0772 Firefox 2 and 3 - Layout engine crashes
Status: CLOSED ERRATA
Alias: CVE-2009-0772
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
(Show other bugs)
Version: unspecified
Hardware: All Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=critical,source=mozilla,report...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-03-03 16:16 UTC by Josh Bressers
Modified: 2011-10-25 19:45 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-10-25 19:45:13 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:0258 normal SHIPPED_LIVE Moderate: thunderbird security update 2009-03-24 12:03:01 UTC
Red Hat Product Errata RHSA-2009:0315 normal SHIPPED_LIVE Critical: firefox security update 2009-03-05 00:20:38 UTC
Red Hat Product Errata RHSA-2009:0325 normal SHIPPED_LIVE Critical: seamonkey security update 2009-03-05 01:00:08 UTC

Description Josh Bressers 2009-03-03 16:16:01 UTC
Mozilla developers identified and fixed several stability bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of
these crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some of these
could be exploited to run arbitrary code.

Jesse Ruderman reported a crash in the layout engine which affected Firefox
2 and Firefox 3.

Comment 1 Tomas Hoger 2009-03-05 08:07:57 UTC
Public now via:
  http://www.mozilla.org/security/announce/2009/mfsa2009-07.html

Comment 2 Tru Huynh 2009-03-05 08:11:05 UTC
    https://rhn.redhat.com/errata/RHSA-2009-0325.html is listing
    ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.34.el3.src.rpm
    which is NOT GPG signed...

    [tru@sillage fasttrack]$ rpm -K  seamonkey-1.0.9-0.34.el3.src.rpm
    seamonkey-1.0.9-0.34.el3.src.rpm: sha1 md5 OK
    [tru@sillage fasttrack]$ md5sum seamonkey-1.0.9-0.34.el3.src.rpm
    ad8235da96b7a04d446c4cf0422e5cc2  seamonkey-1.0.9-0.34.el3.src.rpm
    [tru@sillage fasttrack]$ rpm -qip seamonkey-1.0.9-0.34.el3.src.rpm
    Name        : seamonkey                    Relocations: (not relocatable)
    Version     : 1.0.9                             Vendor: Red Hat, Inc.
    Release     : 0.34.el3                      Build Date: Wed 25 Feb 2009
    07:45:23 PM CET
    Install Date: (not installed)               Build Host:
    js20-bc2-10.build.redhat.com
    Group       : Applications/Internet         Source RPM: (none)
    Size        : 35061546                         License: MPL/NPL/GPL/LGPL
    Signature   : (none)
    Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
    Summary     : Web browser and mail reader
    Description :
    Mozilla Seamonkey is an open-source web browser, designed for standards
    compliance, performance and portability.

Comment 3 Mark J. Cox 2009-03-05 08:47:55 UTC
Hello Tru, thanks for letting us know about this issue.  It looks like a bug in our tool which caused the unsigned rpms for this errata to be pushed to the FTP site.  We've confirmed that the rpms (including srpm) pushed to Red Hat Network were signed (there are several layers of checks to ensure this), and so far this looks to have only affected the SeaMonkey errata RHSA-2009:0325 from last night.

We've repushed the signed rpms and I've verified they have replaced the unsigned ones on the live ftp site, so please try again.

We will also look at our tool to ensure that unsigned rpms can not be pushed to the FTP site in the future.

Comment 4 Tru Huynh 2009-03-05 09:20:14 UTC
thanks :)

[tru@sillage todo]$ rpm -K seamonkey-1.0.9-0.34.el3.src.rpm 
seamonkey-1.0.9-0.34.el3.src.rpm: (sha1) dsa sha1 md5 gpg OK
[tru@sillage todo]$ md5sum seamonkey-1.0.9-0.34.el3.src.rpm
e46112fbf4da7569e6ed020b4563dc5e  seamonkey-1.0.9-0.34.el3.src.rpm

Comment 5 Fedora Update System 2009-03-08 19:34:11 UTC
firefox-3.0.7-1.fc9, xulrunner-1.9.0.7-1.fc9, epiphany-2.22.2-8.fc9, epiphany-extensions-2.22.1-8.fc9, blam-1.8.5-6.fc9.1, chmsee-1.0.1-9.fc9, devhelp-0.19.1-9.fc9, galeon-2.0.7-7.fc9, gnome-python2-extras-2.19.1-24.fc9, gnome-web-photo-0.3-18.fc9, google-gadgets-0.10.5-3.fc9, gtkmozembedmm-1.4.2.cvs20060817-26.fc9, kazehakase-0.5.6-1.fc9.4, Miro-1.2.7-5.fc9, mozvoikko-0.9.5-7.fc9, mugshot-1.2.2-6.fc9, ruby-gnome2-0.17.0-6.fc9, totem-2.23.2-12.fc9, yelp-2.22.1-9.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2009-03-08 19:35:32 UTC
firefox-3.0.7-1.fc10, xulrunner-1.9.0.7-1.fc10, epiphany-2.24.3-3.fc10, epiphany-extensions-2.24.0-5.fc10, blam-1.8.5-7.fc10, devhelp-0.22-5.fc10, evolution-rss-0.1.2-5.fc10, galeon-2.0.7-7.fc10, gecko-sharp2-0.13-5.fc10, gnome-python2-extras-2.19.1-27.fc10, gnome-web-photo-0.3-15.fc10, google-gadgets-0.10.5-3.fc10, kazehakase-0.5.6-1.fc10.4, Miro-2.0-4.fc10, mozvoikko-0.9.5-7.fc10, mugshot-1.2.2-6.fc10, pcmanx-gtk2-0.3.8-6.fc10, ruby-gnome2-0.18.1-4.fc10, yelp-2.24.0-6.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2009-03-21 01:26:32 UTC
thunderbird-2.0.0.21-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2009-03-21 01:27:35 UTC
thunderbird-2.0.0.21-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 errata-xmlrpc 2009-03-24 12:02:52 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:0258 https://rhn.redhat.com/errata/RHSA-2009-0258.html

Comment 11 Fedora Update System 2009-03-30 17:23:51 UTC
seamonkey-1.1.15-3.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2009-03-31 20:29:53 UTC
seamonkey-1.1.15-3.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2009-03-31 20:38:20 UTC
seamonkey-1.1.15-3.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Kurt Seifried 2011-10-25 19:45:13 UTC
This issue has been addressed in the following RHSAs:

Red Hat Enterprise Linux version 4, Desktop version 5 and Optional Productivity Applications version 5 (thunderbird) RHSA-2009:0258 
Red Hat Enterprise Linux version 4 and 5 (firefox) RHSA-2009:0315
Red Hat Enterprise Linux version 2.1, 3 and 4 (seamonkey) RHSA-2009:0325


Note You need to log in before you can comment on or make changes to this bug.