Related Vulnerabilities: CVE-2010-0654 CVE-2010-0648

Source

Debian Bug report logs - #570743
xulrunner: CVE-2010-0654 cross-origin CSS data theft

Package: xulrunner; Maintainer for xulrunner is (unknown);

Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Sun, 21 Feb 2010 07:21:01 UTC

Severity: important

Tags: fixed-upstream, security

Found in versions 1.9.2.3-1, 1.9.1-1, 1.9.0.19-1, 1.9.1.8-2

Fixed in versions 1.9.0.19-3, 1.9.1.11-1, 1.9.2.5-1

Done: Mike Hommey <mh@glandium.org>

Bug is archived. No further changes may be made.

Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=524223

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>:
Bug#570743; Package xulrunner. (Sun, 21 Feb 2010 07:21:04 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>. (Sun, 21 Feb 2010 07:21:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

package: xulrunner
version: 1.9.1.8-2
severity: important
tags: security

Hi, the following CVE (Common Vulnerabilities & Exposures) ids were
published for xulrunner.

CVE-2010-0654[0]:
| Mozilla Firefox permits cross-origin loading of CSS stylesheets even
| when the stylesheet download has an incorrect MIME type and the
| stylesheet document is malformed, which allows remote HTTP servers to
| obtain sensitive information via a crafted document.

CVE-2010-0648[1]:
| Mozilla Firefox, possibly before 3.6, allows remote attackers to
| discover a redirect's target URL, for the session of a specific user
| of a web site, by placing the site's URL in the HREF attribute of a
| stylesheet LINK element, and then reading the
| document.styleSheets[0].href property value, related to an IFRAME
| element.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654
    http://security-tracker.debian.org/tracker/CVE-2010-0654
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0648
    http://security-tracker.debian.org/tracker/CVE-2010-0648

Bug 570743 cloned as bug 577406. Request was from Delirium <delirium@hackish.org> to control@bugs.debian.org. (Sun, 11 Apr 2010 11:39:05 GMT) (full text, mbox, link).

Changed Bug title to 'xulrunner: CVE-2010-0654 cross-origin CSS data theft' from 'xulrunner: info disclosures' Request was from Delirium <delirium@hackish.org> to control@bugs.debian.org. (Sun, 11 Apr 2010 11:39:08 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://bugzilla.mozilla.org/show_bug.cgi?id=524223'. Request was from Delirium <delirium@hackish.org> to control@bugs.debian.org. (Sun, 11 Apr 2010 11:39:09 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>:
Bug#570743; Package xulrunner. (Sun, 11 Apr 2010 12:09:05 GMT) (full text, mbox, link).

Acknowledgement sent to Delirium <delirium@hackish.org>:
Extra info received and forwarded to list. Copy sent to Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>. (Sun, 11 Apr 2010 12:09:05 GMT) (full text, mbox, link).

Message #16 received at 570743@bugs.debian.org (full text, mbox, reply):

clone 570743 -1
retitle 570743 xulrunner: CVE-2010-0654 cross-origin CSS data theft
retitle -1 xulrunner: CVE-2010-0648 redirect target leak
forwarded 570743 https://bugzilla.mozilla.org/show_bug.cgi?id=524223
thanks

The first of these, CVE-2010-0654, is fixed in upstream trunk (future 
1.9.3.x). A more hackish fix looks like it'll appear in one of the next 
releases of 1.9.2.x, possibly 1.9.2.4.

Splitting off CVE-2010-0648 into a separate bug, which I don't know 
anything about.

-Mark

Added tag(s) fixed-upstream. Request was from bts-link-upstream@lists.alioth.debian.org to control@bugs.debian.org. (Thu, 15 Apr 2010 19:48:51 GMT) (full text, mbox, link).

Reply sent to Mike Hommey <mh@glandium.org>:
You have taken responsibility. (Fri, 29 Oct 2010 17:36:10 GMT) (full text, mbox, link).

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Fri, 29 Oct 2010 17:36:10 GMT) (full text, mbox, link).

Message #23 received at 570743-done@bugs.debian.org (full text, mbox, reply):

Version: 1.9.1.11-1, 1.9.2.5-1, 1.9.0.19-3

On Sun, Apr 11, 2010 at 04:36:45AM -0700, Delirium wrote:
> clone 570743 -1
> retitle 570743 xulrunner: CVE-2010-0654 cross-origin CSS data theft
> retitle -1 xulrunner: CVE-2010-0648 redirect target leak
> forwarded 570743 https://bugzilla.mozilla.org/show_bug.cgi?id=524223
> thanks
> 
> The first of these, CVE-2010-0654, is fixed in upstream trunk
> (future 1.9.3.x). A more hackish fix looks like it'll appear in one
> of the next releases of 1.9.2.x, possibly 1.9.2.4.

It was fixed in version 1.9.1.11, 1.9.2.5 and, for lenny, 1.9.0.19-3

Mike

Bug Marked as found in versions 1.9.0.19-1 and reopened. Request was from Mike Hommey <glandium@debian.org> to control@bugs.debian.org. (Fri, 29 Oct 2010 18:06:03 GMT) (full text, mbox, link).

Bug Marked as found in versions 1.9.1-1. Request was from Mike Hommey <glandium@debian.org> to control@bugs.debian.org. (Fri, 29 Oct 2010 18:06:04 GMT) (full text, mbox, link).

Bug Marked as found in versions 1.9.2.3-1. Request was from Mike Hommey <glandium@debian.org> to control@bugs.debian.org. (Fri, 29 Oct 2010 18:06:04 GMT) (full text, mbox, link).

Bug Marked as fixed in versions 1.9.1.11-1. Request was from Mike Hommey <glandium@debian.org> to control@bugs.debian.org. (Fri, 29 Oct 2010 18:06:05 GMT) (full text, mbox, link).

Bug Marked as fixed in versions 1.9.2.5-1. Request was from Mike Hommey <glandium@debian.org> to control@bugs.debian.org. (Fri, 29 Oct 2010 18:06:05 GMT) (full text, mbox, link).

Bug Marked as fixed in versions 1.9.0.19-3. Request was from Mike Hommey <glandium@debian.org> to control@bugs.debian.org. (Fri, 29 Oct 2010 18:06:06 GMT) (full text, mbox, link).

Reply sent to Mike Hommey <mh@glandium.org>:
You have taken responsibility. (Fri, 29 Oct 2010 18:09:05 GMT) (full text, mbox, link).

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Fri, 29 Oct 2010 18:09:05 GMT) (full text, mbox, link).

Message #40 received at 570743-done@bugs.debian.org (full text, mbox, reply):

... and close now.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 27 Nov 2010 07:33:22 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:05:22 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

xulrunner: CVE-2010-0654 cross-origin CSS data theft

Debian Bug report logs - #570743
xulrunner: CVE-2010-0654 cross-origin CSS data theft

Vulmon Search

About

Products

Connect

xulrunner: CVE-2010-0654 cross-origin CSS data theft

Debian Bug report logs - #570743 xulrunner: CVE-2010-0654 cross-origin CSS data theft

Vulmon Search

About

Products

Connect

Debian Bug report logs - #570743
xulrunner: CVE-2010-0654 cross-origin CSS data theft