---

Home Security

Advisories: May 16, 2005

By

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200505-11

http://security.gentoo.org/

Severity: Normal
Title: Mozilla Suite, Mozilla Firefox: Remote compromise
Date: May 15, 2005
Bugs: #91859, #92393, #92394
ID: 200505-11

Synopsis

Several vulnerabilities in the Mozilla Suite and Firefox allow
an attacker to conduct cross-site scripting attacks or to execute
arbitrary code.

Background

The Mozilla Suite is a popular all-in-one web browser that
includes a mail and news reader. Mozilla Firefox is the
next-generation browser from the Mozilla project.

Affected packages

     Package                         /  Vulnerable  /       Unaffected



  1  www-client/mozilla-firefox           < 1.0.4             >= 1.0.4
  2  www-client/mozilla-firefox-bin       < 1.0.4             >= 1.0.4
  3  www-client/mozilla                   < 1.7.8             >= 1.7.8
  4  www-client/mozilla-bin               < 1.7.8             >= 1.7.8
    -------------------------------------------------------------------
     4 affected packages on all of their supported architectures.

Description

The Mozilla Suite and Firefox do not properly protect “IFRAME”
JavaScript URLs from being executed in context of another URL in
the history list (CAN-2005-1476). The Mozilla Suite and Firefox
also fail to verify the “IconURL” parameter of the
“InstallTrigger.install()” function (CAN-2005-1477). Michael Krax
and Georgi Guninski discovered that it is possible to bypass
JavaScript-injection security checks by wrapping the javascript:
URL within the view-source: or jar: pseudo-protocols
(MFSA2005-43).

Impact

A malicious remote attacker could use the “IFRAME” issue to
execute arbitrary JavaScript code within the context of another
website, allowing to steal cookies or other sensitive data. By
supplying a javascript: URL as the “IconURL” parameter of the
“InstallTrigger.Install()” function, a remote attacker could also
execute arbitrary JavaScript code. Combining both vulnerabilities
with a website which is allowed to install software or wrapping
javascript: URLs within the view-source: or jar: pseudo-protocols
could possibly lead to the execution of arbitrary code with user
privileges.

Workaround

Affected systems can be protected by disabling JavaScript.
However, we encourage Mozilla Suite or Mozilla Firefox users to
upgrade to the latest available version.

Resolution

All Mozilla Firefox users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.4"

All Mozilla Firefox binary users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose=">=www-client/mozilla-firefox-bin-1.0.4"

All Mozilla Suite users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.8"

All Mozilla Suite binary users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.8"

References

[ 1 ] CAN-2005-1476

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1476

[ 2 ] CAN-2005-1477

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1477

[ 3 ] Mozilla Foundation Security Advisory 2005-43

http://www.mozilla.org/security/announce/mfsa2005-43.html

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200505-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200505-12

http://security.gentoo.org/

Severity: Normal
Title: PostgreSQL: Multiple vulnerabilities
Date: May 15, 2005
Bugs: #91231
ID: 200505-12

Synopsis

PostgreSQL is vulnerable to Denial of Service attacks and
possibly allows unprivileged users to gain administrator
rights.

Background

PostgreSQL is a SQL compliant, open source object-relational
database management system.

Affected packages

     Package            /  Vulnerable  /                    Unaffected

  1  dev-db/postgresql     < 8.0.2-r1                     *>= 7.4.7-r2
                                                          *>= 8.0.1-r3
                                                           >= 8.0.2-r1

Description

PostgreSQL gives public EXECUTE access to a number of character
conversion routines, but doesn’t validate the given arguments
(CAN-2005-1409). It has also been reported that the
contrib/tsearch2 module of PostgreSQL misdeclares the return value
of some functions as “internal” (CAN-2005-1410).

Impact

An attacker could call the character conversion routines with
specially setup arguments to crash the backend process of
PostgreSQL or to potentially gain administrator rights. A malicious
user could also call the misdeclared functions of the
contrib/tsearch2 module, resulting in a Denial of Service or other,
yet uninvestigated, impacts.

Workaround

There is no known workaround at this time.

Resolution

All PostgreSQL users should update to the latest available
version and follow the guide at http://www.postgresql.org/about/news.315

    # emerge --sync
    # emerge --ask --oneshot --verbose dev-db/postgresql

References

[ 1 ] CAN-2005-1409

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1409

[ 2 ] CAN-2005-1410

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1410

[ 3 ] PostgreSQL Announcement

http://www.postgresql.org/about/news.315

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200505-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Slackware Linux

[slackware-security] Mozilla/Firefox (SSA:2005-135-01)

New Mozilla packages are available for Slackware 10.0, 10.1, and
-current to fix various security issues and bugs. See the Mozilla
site for a complete list of the issues patched:


http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla

Also updated is Firefox in Slackware -current.

New versions of the mozilla-plugins symlink creation package are
also out for Slackware 10.0 and 10.1, and a new version of the
jre-symlink package for Slackware -current.

Here are the details from the Slackware 10.1 ChangeLog:
+————————–+
patches/packages/mozilla-plugins-1.7.8-noarch-1.tgz: Upgraded
Java(TM) symlink for Mozilla.
patches/packages/mozilla-1.7.8-i486-1.tgz: Upgraded to
mozilla-1.7.8. Two vulnerabilities found in Mozilla Firefox 1.0.3
when combined allow an attacker to run arbitrary code. The Mozilla
Suite version 1.7.7 is only partially vulnerable. For more details,
see:
http://www.mozilla.org/security/announce/mfsa2005-42.html

(* Security fix *)
+————————–+

Where to find the new packages:

Updated packages for Slackware 10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-1.7.8-i486-1.tgz


ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-plugins-1.7.8-noarch-1.tgz

Updated packages for Slackware 10.1:

ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-1.7.8-i486-1.tgz


ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-plugins-1.7.8-noarch-1.tgz

Updated packages for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/jre-symlink-1.0.4-noarch-1.tgz


ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-1.7.8-i486-1.tgz


ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-1.0.4-i686-1.tgz

MD5 signatures:

Slackware 10.0 packages:
fa412bdee8c1f1971f710c87e9a6fc94 mozilla-1.7.8-i486-1.tgz
a70a4e7e5c0e7e3bf916eebfb25a4e99
mozilla-plugins-1.7.8-noarch-1.tgz

Slackware 10.1 packages:
e3c9c5acdd01db0cda3f73e7bea1e4ad mozilla-1.7.8-i486-1.tgz
12df49ed6bab71e4ad8ec27781477609
mozilla-plugins-1.7.8-noarch-1.tgz

Slackware -current packages:
40f9f9f2c048dede809698042b801784 jre-symlink-1.0.4-noarch-1.tgz
e510ab3d049bc31877e49efa7dcb668c mozilla-1.7.8-i486-1.tgz
e62f390e7f4fdc1d46352fbb90a7580c
mozilla-firefox-1.0.4-i686-1.tgz

Installation instructions:

Upgrade the packages as root:
# upgradepkg mozilla-1.7.8-i486-1.tgz
mozilla-plugins-1.7.8-noarch-1.tgz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.