[GLSA-200712-21] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities
Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Seamonkey.
Background
Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey
is a free, cross-platform Internet suite.
Description
Jesse Ruderman and Petko D. Petkov reported that the jar protocol
handler in Mozilla Firefox and Seamonkey does not properly check MIME
types (CVE-2007-5947). Gregory Fleischer reported that the
window.location property can be used to generate a fake HTTP Referer
(CVE-2007-5960). Multiple memory errors have also been reported
(CVE-2007-5959).
Impact
A remote attacker could possibly exploit these vulnerabilities to
execute arbitrary code in the context of the browser and conduct
Cross-Site-Scripting or Cross-Site Request Forgery attacks.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.11"
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.11"
All SeaMonkey users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.7"
All SeaMonkey binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.7"
Package | Affected Version |
---|---|
pkg:ebuild/www-client/seamonkey?distro=gentoo | < 1.1.7 |
pkg:ebuild/www-client/seamonkey-bin?distro=gentoo | < 1.1.7 |
pkg:ebuild/www-client/mozilla-firefox?distro=gentoo | < 2.0.0.11 |
pkg:ebuild/www-client/mozilla-firefox-bin?distro=gentoo | < 2.0.0.11 |
Package | Unaffected Version |
---|---|
pkg:ebuild/www-client/seamonkey?distro=gentoo | >= 1.1.7 |
pkg:ebuild/www-client/seamonkey-bin?distro=gentoo | >= 1.1.7 |
pkg:ebuild/www-client/mozilla-firefox?distro=gentoo | >= 2.0.0.11 |
pkg:ebuild/www-client/mozilla-firefox-bin?distro=gentoo | >= 2.0.0.11 |
- ID
- GLSA-200712-21
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/200712-21
- Published
-
2007-12-29T00:00:00
(16 years ago) - Modified
-
2007-12-29T00:00:00
(16 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2007-5947 | CVE-2007-5947 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5947 |
CVE | CVE-2007-5959 | CVE-2007-5959 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5959 |
CVE | CVE-2007-5960 | CVE-2007-5960 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5960 |
Bugzilla | 198965 | Bugzilla #198965 | https://bugs.gentoo.org/show_bug.cgi?id=198965 |
Bugzilla | 200909 | Bugzilla #200909 | https://bugs.gentoo.org/show_bug.cgi?id=200909 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:ebuild/www-client/seamonkey?distro=gentoo | www-client | seamonkey | < 1.1.7 | gentoo | ||
Unaffected | pkg:ebuild/www-client/seamonkey?distro=gentoo | www-client | seamonkey | >= 1.1.7 | gentoo | ||
Affected | pkg:ebuild/www-client/seamonkey-bin?distro=gentoo | www-client | seamonkey-bin | < 1.1.7 | gentoo | ||
Unaffected | pkg:ebuild/www-client/seamonkey-bin?distro=gentoo | www-client | seamonkey-bin | >= 1.1.7 | gentoo | ||
Affected | pkg:ebuild/www-client/mozilla-firefox?distro=gentoo | www-client | mozilla-firefox | < 2.0.0.11 | gentoo | ||
Unaffected | pkg:ebuild/www-client/mozilla-firefox?distro=gentoo | www-client | mozilla-firefox | >= 2.0.0.11 | gentoo | ||
Affected | pkg:ebuild/www-client/mozilla-firefox-bin?distro=gentoo | www-client | mozilla-firefox-bin | < 2.0.0.11 | gentoo | ||
Unaffected | pkg:ebuild/www-client/mozilla-firefox-bin?distro=gentoo | www-client | mozilla-firefox-bin | >= 2.0.0.11 | gentoo |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |