Debian Bug report logs -
#364810
[CVE-2006-1993] Firefox Remote Code Execution and DoS
Reported by: Daniel Leidert <daniel.leidert@wgdd.de>
Date: Tue, 25 Apr 2006 20:48:03 UTC
Severity: grave
Tags: security
Found in version firefox/1.5.dfsg+1.5.0.2-3
Fixed in version firefox/1.5.dfsg+1.5.0.3-1
Done: Eric Dorland <eric@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>
:
Bug#364810
; Package firefox
.
(full text, mbox, link).
Acknowledgement sent to Daniel Leidert <daniel.leidert.spam@gmx.net>
:
New Bug report received and forwarded. Copy sent to Eric Dorland <eric@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: firefox
Version: 1.5.dfsg+1.5.0.2-3
Severity: grave
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The following advisory was published recently:
http://www.securident.com/vuln/ff.txt
[..]
Result:
Firefox Remote Code Execution and Denial of Service - Vendor contacted,
no patch yet.
Problem:
A handling issue exists in how Firefox handles certain Javascript in
js320.dll and xpcom_core.dll
regarding iframe.contentWindow.focus(). By manipulating this feature
a buffer overflow will occur.
[..]
I initally set this report to grave.
Regards, Daniel
- -- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (110, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15.08060320
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Versions of packages firefox depends on:
ii debianutils 2.15.7 Miscellaneous utilities specific t
ii fontconfig 2.3.2-5.1 generic font configuration library
ii libatk1.0-0 1.11.4-1 The ATK accessibility toolkit
ii libc6 2.3.6-7 GNU C Library: Shared libraries
ii libcairo2 1.0.4-1+b1 The Cairo 2D vector graphics libra
ii libfontconfig1 2.3.2-5.1 generic font configuration library
ii libfreetype6 2.1.10-3 FreeType 2 font engine, shared lib
ii libgcc1 1:4.1.0-1+b1 GCC support library
ii libglib2.0-0 2.10.2-1 The GLib library of C routines
ii libgtk2.0-0 2.8.17-1 The GTK+ graphical user interface
ii libidl0 0.8.6-1 library for parsing CORBA IDL file
ii libjpeg62 6b-12 The Independent JPEG Group's JPEG
ii libpango1.0-0 1.12.1-2 Layout and rendering of internatio
ii libpng12-0 1.2.8rel-5.1 PNG library - runtime
ii libstdc++6 4.1.0-1+b1 The GNU Standard C++ Library v3
ii libx11-6 2:1.0.0-6 X11 client-side library
ii libxcursor1 1.1.5.2-5 X cursor management library
ii libxext6 1:1.0.0-4 X11 miscellaneous extension librar
ii libxfixes3 1:3.0.1.2-4 X11 miscellaneous 'fixes' extensio
ii libxft2 2.1.8.2-6 FreeType-based font drawing librar
ii libxi6 1:1.0.0-5 X11 Input extension library
ii libxinerama1 1:1.0.1-4 X11 Xinerama extension library
ii libxrandr2 2:1.1.0.2-4 X11 RandR extension library
ii libxrender1 1:0.9.0.2-4 X Rendering Extension client libra
ii libxt6 1:1.0.0-4 X11 toolkit intrinsics library
ii psmisc 22.2-1 Utilities that use the proc filesy
ii zlib1g 1:1.2.3-11 compression library - runtime
firefox recommends no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFETobcdg0kG0+YFBERAmWjAJ4qLn54eEqo1M7KTyO/xUbsFoc6mACfQ/cM
KmgZleZqoM3hqv6dXkY0xxI=
=Zqis
-----END PGP SIGNATURE-----
Tags added: security
Request was from Filipus Klutiero <chealer@vif.com>
to control@bugs.debian.org
.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org
:
Bug#364810
; Package firefox
.
(full text, mbox, link).
Acknowledgement sent to Eric Dorland <eric@debian.org>
:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #12 received at 364810@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 364810 security
thanks
* Daniel Leidert (daniel.leidert.spam@gmx.net) wrote:
> Package: firefox
> Version: 1.5.dfsg+1.5.0.2-3
> Severity: grave
>
> The following advisory was published recently:
> http://www.securident.com/vuln/ff.txt
>
> [..]
> Result:
> Firefox Remote Code Execution and Denial of Service - Vendor contacted,
> no patch yet.
> Problem:
> A handling issue exists in how Firefox handles certain Javascript in
> js320.dll and xpcom_core.dll
> regarding iframe.contentWindow.focus(). By manipulating this feature
> a buffer overflow will occur.
> [..]
>
> I initally set this report to grave.
Does this have a CVE # yet?
--
Eric Dorland <eric@kuroneko.ca>
ICQ: #61138586, Jabber: hooty@jabber.com
1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+
G e h! r- y+
------END GEEK CODE BLOCK------
[signature.asc (application/pgp-signature, inline)]
Tags added: security
Request was from Eric Dorland <eric@debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>
:
Bug#364810
; Package firefox
.
(full text, mbox, link).
Acknowledgement sent to Daniel Leidert <daniel.leidert.spam@gmx.net>
:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>
.
(full text, mbox, link).
Message #19 received at 364810@bugs.debian.org (full text, mbox, reply):
retitle 364810 [CVE-2006-1993] Firefox Remote Code Execution and DoS
thanks
Am Freitag, den 28.04.2006, 10:34 -0400 schrieb Eric Dorland:
> Does this have a CVE # yet?
Seems, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1993 is
the related CVE entry.
Regards, Daniel
Changed Bug title.
Request was from Daniel Leidert <daniel.leidert.spam@gmx.net>
to control@bugs.debian.org
.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>
:
Bug#364810
; Package firefox
.
(full text, mbox, link).
Acknowledgement sent to Uwe Hermann <uwe@hermann-uwe.de>
:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>
.
(full text, mbox, link).
Message #26 received at 364810@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Looks like this is fixed in Firefox 1.5.0.3, please update the package
ASAP, as it's a critical and publically known security issue.
http://www.mozilla.com/firefox/releases/1.5.0.3.html
Uwe.
--
Uwe Hermann
http://www.hermann-uwe.de
http://www.it-services-uh.de | http://www.crazy-hacks.org
http://www.holsham-traders.de | http://www.unmaintained-free-software.org
[signature.asc (application/pgp-signature, inline)]
Reply sent to Eric Dorland <eric@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Daniel Leidert <daniel.leidert.spam@gmx.net>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #31 received at 364810-close@bugs.debian.org (full text, mbox, reply):
Source: firefox
Source-Version: 1.5.dfsg+1.5.0.3-1
We believe that the bug you reported is fixed in the latest version of
firefox, which is due to be installed in the Debian FTP archive:
firefox-dbg_1.5.dfsg+1.5.0.3-1_i386.deb
to pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.3-1_i386.deb
firefox-dom-inspector_1.5.dfsg+1.5.0.3-1_i386.deb
to pool/main/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.3-1_i386.deb
firefox-gnome-support_1.5.dfsg+1.5.0.3-1_i386.deb
to pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.3-1_i386.deb
firefox_1.5.dfsg+1.5.0.3-1.diff.gz
to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.3-1.diff.gz
firefox_1.5.dfsg+1.5.0.3-1.dsc
to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.3-1.dsc
firefox_1.5.dfsg+1.5.0.3-1_i386.deb
to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.3-1_i386.deb
firefox_1.5.dfsg+1.5.0.3.orig.tar.gz
to pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.3.orig.tar.gz
mozilla-firefox-dom-inspector_1.5.dfsg+1.5.0.3-1_all.deb
to pool/main/f/firefox/mozilla-firefox-dom-inspector_1.5.dfsg+1.5.0.3-1_all.deb
mozilla-firefox-gnome-support_1.5.dfsg+1.5.0.3-1_all.deb
to pool/main/f/firefox/mozilla-firefox-gnome-support_1.5.dfsg+1.5.0.3-1_all.deb
mozilla-firefox_1.5.dfsg+1.5.0.3-1_all.deb
to pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.3-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 364810@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <eric@debian.org> (supplier of updated firefox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 3 May 2006 00:32:49 -0400
Source: firefox
Binary: firefox-dbg firefox-gnome-support firefox-dom-inspector mozilla-firefox mozilla-firefox-gnome-support mozilla-firefox-dom-inspector firefox
Architecture: source all i386
Version: 1.5.dfsg+1.5.0.3-1
Distribution: unstable
Urgency: critical
Maintainer: Eric Dorland <eric@debian.org>
Changed-By: Eric Dorland <eric@debian.org>
Description:
firefox - lightweight web browser based on Mozilla
firefox-dbg - debugging symbols for firefox
firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox
firefox-gnome-support - Support for Gnome in Mozilla Firefox
mozilla-firefox - Transition package for firefox rename
mozilla-firefox-dom-inspector - Transition package for firefox rename
mozilla-firefox-gnome-support - Transition package for firefox rename
Closes: 364566 364640 364810 365099 365738
Changes:
firefox (1.5.dfsg+1.5.0.3-1) unstable; urgency=critical
.
* The "secure enough for ya!" release.
* New upstream release. Contains security fixes, hence severity
critical.
- Fixes CVE-2006-1993 aka MFSA 2006-30. (Closes: #364810)
.
[ Mike Hommey ]
* security/manager/Makefile.in, debian/firefox.install: Build and
install the .chk file again. That will make the FIPS mode work again.
* debian/control: Bumped Standards-Version to 3.7.0.0. No changes.
* debian/rules: Fix the navigator.ProductSub value for dumb scripts.
Closes: #364640, #365099. We now use the date of the client.mk file,
which is likely to be the closest value to the release date, instead of
useless build date.
Add the debian version after the firefox version string.
* debian/rules: Use dpkg-architecture to find out the host and build that
we want to pass to the configure script. (Closes: #365738)
.
[ Eric Dorland ]
* debian/firefox-runner:
- Quote the APPLICATION_ID variable to handle profiles with a space
in the name. Inspired by Morita Sho's patch. (Closes: #364566)
- echo MOZ_DISABLE_PANGO on verbose.
* debian/rules: It's baaaackkk. Reenable xprint.
Files:
2a707c2af7d2092558ffe06e44194ed2 1079 web optional firefox_1.5.dfsg+1.5.0.3-1.dsc
a99d2d930f7c83852e677c1005c94318 42869074 web optional firefox_1.5.dfsg+1.5.0.3.orig.tar.gz
37c390fbecc12363dab9d999e8cec77d 136819 web optional firefox_1.5.dfsg+1.5.0.3-1.diff.gz
8c8c674d99e36f6d2e0ec5a888c64369 46956 web optional mozilla-firefox_1.5.dfsg+1.5.0.3-1_all.deb
5fc10df35c6a71088c45694321ac0989 46152 web optional mozilla-firefox-dom-inspector_1.5.dfsg+1.5.0.3-1_all.deb
e301b4151730723589e03c5e1ef66d7e 46152 gnome optional mozilla-firefox-gnome-support_1.5.dfsg+1.5.0.3-1_all.deb
44da48e65f0aab5a37b352352ecfa55b 8075456 web optional firefox_1.5.dfsg+1.5.0.3-1_i386.deb
8c83bc03a47c5efd05ec2439fe16372c 246112 web optional firefox-dom-inspector_1.5.dfsg+1.5.0.3-1_i386.deb
c639b94e82bd99e4b72f6bc1be7463ad 72908 gnome optional firefox-gnome-support_1.5.dfsg+1.5.0.3-1_i386.deb
ac45ed934fea2b5835ab5b0e94c8d356 44442258 web optional firefox-dbg_1.5.dfsg+1.5.0.3-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEWFQJYemOzxbZcMYRAhIFAJ9C4srCP+7m7C1rI0qQNV4yDj0VDgCgxy9V
KNntuUQc9qUJDetS8ngCRtY=
=PRf+
-----END PGP SIGNATURE-----
Changed Bug submitter from Daniel Leidert <daniel.leidert.spam@gmx.net> to Daniel Leidert <daniel.leidert@wgdd.de>.
Request was from Daniel Leidert <daniel.leidert@wgdd.de>
to control@bugs.debian.org
.
(Sat, 24 Mar 2007 23:51:59 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 24 Jun 2007 14:04:13 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:41:19 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.