[Bug 218534] Re: [Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14

Launchpad Bug Tracker 218534 at bugs.launchpad.net
Mon Oct 6 22:03:26 UTC 2008


This bug was fixed in the package seamonkey - 1.1.12+nobinonly-
0ubuntu0.8.04.1

---------------
seamonkey (1.1.12+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low

  * New security upstream release: 1.1.12 (LP: #276437)
    - CVE-2008-4070: Heap overflow when canceling newsgroup message
    - CVE-2008-4069: XBM image uninitialized memory reading
    - CVE-2008-4067..4068: resource: traversal vulnerabilities
    - CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution
    - CVE-2008-4061..4064: Crashes with evidence of memory corruption
    - CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
    - CVE-2008-3837: Forced mouse drag
    - CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
    - CVE-2008-0016: UTF-8 URL stack buffer overflow
  * Also includes security fixes from 1.1.11 and 1.1.10 (LP: #218534)
    - CVE-2008-2785: Remote code execution by overflowing CSS reference counter
    - CVE-2008-2811: Crash and remote code execution in block reflow
    - CVE-2008-2810: Remote site run as local file via Windows URL shortcut
    - CVE-2008-2809: Peer-trusted certs can use alt names to spoof
    - CVE-2008-2808: File location URL in directory listings not escaped properly
    - CVE-2008-2807: Faulty .properties file results in uninitialized memory being used
    - CVE-2008-2806: Arbitrary socket connections with Java LiveConnect on Mac OS X
    - CVE-2008-2805: Arbitrary file upload via originalTarget and DOM Range
    - MFSA 2008-26 (follow-up of CVE-2008-0304): Buffer length checks in MIME processing
    - CVE-2008-2803: Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
    - CVE-2008-2802: Chrome script loading from fastload file
    - CVE-2008-2801: Signed JAR tampering
    - CVE-2008-2800: XSS through JavaScript same-origin violation
    - CVE-2008-2798..2799: Crashes with evidence of memory corruption
    - CVE-2008-1380: Crash in JavaScript garbage collector
  * Refresh diverged patch:
    - update debian/patches/80_security_build.patch
  * Fix FTBFS with missing -lfontconfig
    - add debian/patches/11_fix_ftbfs_with_fontconfig.patch
    - update debian/patches/series

 -- Fabien Tassin <fta at ubuntu.com>   Tue, 30 Sep 2008 22:44:30 +0200

** Changed in: seamonkey (Ubuntu Hardy)
       Status: Triaged => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0016

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0304

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2785

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2798

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2800

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2801

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2802

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2803

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2805

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2806

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2807

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2808

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2809

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2810

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2811

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3835

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3837

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4058

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4061

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4065

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4067

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4069

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4070

-- 
[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14
https://bugs.launchpad.net/bugs/218534
You received this bug notification because you are a member of Mozilla
Bugs, which is a bug assignee.




More information about the Ubuntu-mozillateam-bugs mailing list