security [ARCHIVED] June 2006

security@lists.fedoraproject.org

12 participants
23 discussions

[CVENEW] New CVE CANs: 2006/06/02 15:00 ; count=7
by coley＠mitre.org 02 Jun '06

02 Jun '06

====================================================== Name: CVE-2006-2779 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-32.html Reference: CERT-VN:VU#466673 Reference: URL:http://www.kb.cert.org/vuls/id/466673 Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. ====================================================== Name: CVE-2006-2780 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2780 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-32.html Reference: CERT-VN:VU#466673 Reference: URL:http://www.kb.cert.org/vuls/id/466673 Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption. ====================================================== Name: CVE-2006-2781 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2781 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-40.html Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters. ====================================================== Name: CVE-2006-2782 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-41.html Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control. ====================================================== Name: CVE-2006-2783 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-42.html Mozilla Firefox and Thunderbird before 1.5.0.4 strips the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT. ====================================================== Name: CVE-2006-2784 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2784 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-36.html The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-complicit attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site. ====================================================== Name: CVE-2006-2785 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-34.html Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-complicit remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.

1 0

[CVENEW] New CVE CANs: 2006/06/02 14:00 ; count=4
by coley＠mitre.org 02 Jun '06

02 Jun '06

====================================================== Name: CVE-2006-2775 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-35.html Reference: CERT-VN:VU#243153 Reference: URL:http://www.kb.cert.org/vuls/id/243153 Mozilla Firefox and Thunderbird before 1.5.0.4 associates XZUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. ====================================================== Name: CVE-2006-2776 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-37.html Reference: CERT-VN:VU#575969 Reference: URL:http://www.kb.cert.org/vuls/id/575969 Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. ====================================================== Name: CVE-2006-2777 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2777 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-43.html Reference: CERT-VN:VU#237257 Reference: URL:http://www.kb.cert.org/vuls/id/237257 Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. ====================================================== Name: CVE-2006-2778 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-38.html Reference: CERT-VN:VU#421529 Reference: URL:http://www.kb.cert.org/vuls/id/421529 The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

1 0

[Legacy] Mentoring for vulnerability bug tracking -- kernel, and general
by David Eisenstein 02 Jun '06

02 Jun '06

Hi, (Please forgive me for cross-posting, but I thought I'd post this question to all the relevant groups I could think of. Please let me know if I am committing a cross-posting felony here. :) ) I am in the process of mentoring someone to help them learn how to do vulnerability tracking for Fedora Legacy. This evening, we were looking at doing that for the kernels. We quickly got confused, though, because we weren't sure how to go about making sure we only report issues into Bugzilla that would be relevant kernel issues for Fedora Legacy at this time. One complicating factor here is that we in Legacy don't necessarily release kernels in any kind of lock-step with what either Fedora Core or Red Hat Enterprise Linux does, so the issues we have to fix are a different subset of issues than what is reported in any given RHSA or FEDORA release announcement. And even if we did release kernels in lockstep, no doubt there would still be differing CVE's per distro. (For those of you not familiar with Legacy processes: we normally put multiple CVE issues [maybe as many as dozens of CVE's] into a single bugzilla report for a given .src.rpm component; and we also put multiple distros in a given bugzilla ticket as well, using a "Version" tag of "unspecified" and tracking what distros are being worked on and their statuses via the use of Status Whiteboard entries. For more information about this, you can refer to <http://fedoraproject.org/wiki/Legacy/StatusWhiteboard>, and the most recent completed Legacy kernel bug is here in case you're interested: <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157459>.) I started to suggest to my mentee this method: Have a look at the latest release announcements from Fedora Legacy for the kernels that we maintain, and then look for issues in the usual places (e.g., those resources listed in <http://fedoraproject.org/wiki/Legacy/VulnerabilityTracking>) that have come up since we released our latest security-fixed kernels. That would provide a list of CVE's to then put in a new Bugzilla ticket or add to an already-existing ticket that would likely be relevant. But is this enough? Does this method sound workable to you? Are we missing something? Do you have you have some better ideas how to track kernel vulnerabilities to get those vulnerabilities properly listed in a Bugzilla ticket to be worked on? A more general question is this: How do we in Fedora Legacy track vulnerabilities and make sure that we are aware of all the relevant vulnerabilities for the packages that we maintain, and haven't missed something? The fedora-security-list and Josh Bressers are using audit files to track all relevant security vulnerabilities for their sets of packages, which are kept in CVS here, <http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/?root=fedora> but we here in Fedora Legacy haven't started using this kind of tool yet. Is it time for us to start doing so? If so, are any of you interested in forming some kind of vulnerability tracking team and getting started on such list(s) for the products we maintain? Thanks much in advance! Regards, David Eisenstein

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] June 2006