summaryrefslogtreecommitdiffstats
path: root/security/vuxml/vuln.xml
diff options
context:
space:
mode:
Diffstat (limited to 'security/vuxml/vuln.xml')
-rw-r--r--security/vuxml/vuln.xml303
1 files changed, 303 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 5db59bf..be92933 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,309 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="f650d5b8-ae62-11d9-a788-0001020eed82">
+ <topic>mozilla -- privilege escalation via DOM property overrides</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>1.0.3,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>1.0.3</lt></range>
+ </package>
+ <package>
+ <name>mozilla</name>
+ <range><lt>1.7.7,2</lt></range>
+ <range><ge>1.8.*,2</ge></range>
+ </package>
+ <package>
+ <name>linux-mozilla</name>
+ <name>linux-mozilla-devel</name>
+ <range><lt>1.7.7</lt></range>
+ <range><ge>1.8.*</ge></range>
+ </package>
+ <package>
+ <name>netscape7</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <!-- These ports are obsolete. -->
+ <name>de-linux-mozillafirebird</name>
+ <name>el-linux-mozillafirebird</name>
+ <name>ja-linux-mozillafirebird-gtk1</name>
+ <name>ja-mozillafirebird-gtk2</name>
+ <name>linux-mozillafirebird</name>
+ <name>ru-linux-mozillafirebird</name>
+ <name>zhCN-linux-mozillafirebird</name>
+ <name>zhTW-linux-mozillafirebird</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <!-- These package names are obsolete. -->
+ <name>de-linux-netscape</name>
+ <name>de-netscape7</name>
+ <name>fr-linux-netscape</name>
+ <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name>
+ <name>ja-netscape7</name>
+ <name>linux-netscape</name>
+ <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name>
+ <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name>
+ <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name>
+ <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name>
+ <name>phoenix</name>
+ <name>pt_BR-netscape7</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A Mozilla Foundation Security Advisory reports:</p>
+ <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-41.html">
+ <p>moz_bug_r_a4 reported several exploits giving an attacker
+ the ability to install malicious code or steal data,
+ requiring only that the user do commonplace actions like
+ click on a link or open the context menu. The common cause
+ in each case was privileged UI code ("chrome") being
+ overly trusting of DOM nodes from the content
+ window. Scripts in the web page can override properties
+ and methods of DOM nodes and shadow the native values,
+ unless steps are taken to get the true underlying values.</p>
+ <p>We found that most extensions also interacted with
+ content DOM in a natural, but unsafe, manner. Changes were
+ made so that chrome code using this natural DOM coding
+ style will now automatically use the native DOM value if
+ it exists without having to use cumbersome wrapper
+ objects.</p>
+ <p>Most of the specific exploits involved tricking the
+ privileged code into calling eval() on an
+ attacker-supplied script string, or the equivalent using
+ the Script() object. Checks were added in the security
+ manager to make sure eval and Script objects are run with
+ the privileges of the context that created them, not the
+ potentially elevated privileges of the context calling
+ them.</p>
+ <p><strong>Workaround</strong>: Disable Javascript</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.mozilla.org/security/announce/mfsa2005-41.html</url>
+ </references>
+ <dates>
+ <discovery>2005-04-15</discovery>
+ <entry>2005-04-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1989b511-ae62-11d9-a788-0001020eed82">
+ <topic>mozilla -- code execution through javascript: favicons</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>1.0.3,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>1.0.3</lt></range>
+ </package>
+ <package>
+ <name>mozilla</name>
+ <range><lt>1.7.7,2</lt></range>
+ <range><ge>1.8.*,2</ge></range>
+ </package>
+ <package>
+ <name>linux-mozilla</name>
+ <name>linux-mozilla-devel</name>
+ <range><lt>1.7.7</lt></range>
+ <range><ge>1.8.*</ge></range>
+ </package>
+ <package>
+ <name>netscape7</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <!-- These ports are obsolete. -->
+ <name>de-linux-mozillafirebird</name>
+ <name>el-linux-mozillafirebird</name>
+ <name>ja-linux-mozillafirebird-gtk1</name>
+ <name>ja-mozillafirebird-gtk2</name>
+ <name>linux-mozillafirebird</name>
+ <name>ru-linux-mozillafirebird</name>
+ <name>zhCN-linux-mozillafirebird</name>
+ <name>zhTW-linux-mozillafirebird</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <!-- These package names are obsolete. -->
+ <name>de-linux-netscape</name>
+ <name>de-netscape7</name>
+ <name>fr-linux-netscape</name>
+ <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name>
+ <name>ja-netscape7</name>
+ <name>linux-netscape</name>
+ <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name>
+ <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name>
+ <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name>
+ <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name>
+ <name>phoenix</name>
+ <name>pt_BR-netscape7</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A Mozilla Foundation Security Advisory reports:</p>
+ <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-37.html">
+ <p>Firefox and the Mozilla Suite support custom "favicons"
+ through the &lt;LINK rel="icon"&gt; tag. If a link tag is added
+ to the page programmatically and a javascript: url is
+ used, then script will run with elevated privileges and
+ could run or install malicious software.</p>
+ <p><strong>Workaround</strong>: Disable Javascript</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.mozilla.org/security/announce/mfsa2005-37.html</url>
+ </references>
+ <dates>
+ <discovery>2005-04-12</discovery>
+ <entry>2005-04-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="45b75152-ae5f-11d9-a788-0001020eed82">
+ <topic>mozilla -- javascript "lambda" replace exposes memory
+ contents</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>1.0.3,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>1.0.3</lt></range>
+ </package>
+ <package>
+ <name>mozilla</name>
+ <range><lt>1.7.7,2</lt></range>
+ <range><ge>1.8.*,2</ge></range>
+ </package>
+ <package>
+ <name>linux-mozilla</name>
+ <name>linux-mozilla-devel</name>
+ <range><lt>1.7.7</lt></range>
+ <range><ge>1.8.*</ge></range>
+ </package>
+ <package>
+ <name>netscape7</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <!-- These ports are obsolete. -->
+ <name>de-linux-mozillafirebird</name>
+ <name>el-linux-mozillafirebird</name>
+ <name>ja-linux-mozillafirebird-gtk1</name>
+ <name>ja-mozillafirebird-gtk2</name>
+ <name>linux-mozillafirebird</name>
+ <name>ru-linux-mozillafirebird</name>
+ <name>zhCN-linux-mozillafirebird</name>
+ <name>zhTW-linux-mozillafirebird</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <!-- These package names are obsolete. -->
+ <name>de-linux-netscape</name>
+ <name>de-netscape7</name>
+ <name>fr-linux-netscape</name>
+ <name>fr-netscape7</name>
+ <name>ja-linux-netscape</name>
+ <name>ja-netscape7</name>
+ <name>linux-netscape</name>
+ <name>linux-phoenix</name>
+ <name>mozilla+ipv6</name>
+ <name>mozilla-embedded</name>
+ <name>mozilla-firebird</name>
+ <name>mozilla-gtk1</name>
+ <name>mozilla-gtk2</name>
+ <name>mozilla-gtk</name>
+ <name>mozilla-thunderbird</name>
+ <name>phoenix</name>
+ <name>pt_BR-netscape7</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A Mozilla Foundation Security Advisory reports:</p>
+ <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-33.html">
+ <p>A bug in javascript's regular expression string
+ replacement when using an anonymous function as the
+ replacement argument allows a malicious script to capture
+ blocks of memory allocated to the browser. A web site
+ could capture data and transmit it to a server without
+ user interaction or knowledge.</p>
+ <p><strong>Workaround</strong>: Disable Javascript</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2005-0989</cvename>
+ <url>http://www.mozilla.org/security/announce/mfsa2005-33.html</url>
+ <url>https://bugzilla.mozilla.org/show_bug.cgi?id=288688</url>
+ </references>
+ <dates>
+ <discovery>2005-04-01</discovery>
+ <entry>2005-04-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1f2fdcff-ae60-11d9-a788-0001020eed82">
+ <topic>firefox -- arbitrary code execution in sidebar panel</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>1.0.3,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>1.0.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A Mozilla Foundation Security Advisory reports:</p>
+ <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-39.html">
+ <p>Sites can use the _search target to open links in the
+ Firefox sidebar. Two missing security checks allow
+ malicious scripts to first open a privileged page (such as
+ about:config) and then inject script using a javascript:
+ url. This could be used to install malicious code or steal
+ data without user interaction.</p>
+ <p><strong>Workaround</strong>: Disable Javascript</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.mozilla.org/security/announce/mfsa2005-39.html</url>
+ </references>
+ <dates>
+ <discovery>2005-04-12</discovery>
+ <entry>2005-04-16</entry>
+ </dates>
+ </vuln>
+
<vuln vid="b206dd82-ac67-11d9-a788-0001020eed82">
<topic>openoffice -- DOC document heap overflow vulnerability</topic>
<affects>
OpenPOWER on IntegriCloud