Welcome to Gaia! ::

exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or to compromise a vulnerable system.


--==============85278275=Content-Type: multipart/alternative; boundary�1636c5a9bfa0c177046d1779d6

--001636c5a9bfa0c177046d1779d6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-94 security@pardus.org.tr
------------------------------------------------------------------------

Date: 2009-06-24
Severity: 4
Type: Remote
------------------------------------------------------------------------

Summary
======
Some vulnerabilities have been reported in Mozilla Firefox, which can be

exploited by malicious people to disclose sensitive information, bypass
certain security restrictions, or to compromise a vulnerable system.


Description
==========
1) A race condition exists when accessing the private data of an

NPObject JS wrapper class object if navigating away from a web page
while loading a Java applet. This can be exploited via a specially
crafted web page to use already freed memory.

Successful exploitation may allow execution of arbitrary code.

2) Multiple errors in the browser engine can be exploited to corrupt
memory and potentially execute arbitrary code.

3) An unspecified error can be exploited to trigger double frame
constructions, which could corrupt memory. This can potentially be

exploited to execute arbitrary code.

4) Multiple errors in the JavaScript engine can be exploited to corrupt
memory and potentially execute arbitrary code.

5) An error in the handling of certain invalid unicode characters, when

used as part of an IDN (internationalized domain name), can be exploited
to spoof the location bar.

6) An error in the handling of "file:" URIs can be exploited to access
any domain's cookies saved on the local machine.

Successful exploitation requires that a user downloads and opens a
specially crafted HTML file.

7) An error in the handling of non-200 responses after a CONNECT request
to a proxy can be exploited to execute arbitrary HTML and script code in

the requested SSL-protected domain.

Successful exploitation requires a MitM (Man-in-the-Middle) attack and
that the victim uses a proxy.

cool The owner document of an element can become null after garbage

collection. This can be exploited via event handlers to execute
arbitrary Javascript code with chrome privileges.

9) An error when loading a "file:" resource via the location bar can
potentially be exploited to access the content of other local files,

which would normally be protected.

Successful exploitation requires that a victim downloads a specially
crafted document, and opens a local file before opening the malicious
document in the same browser window.

10) A security issue exists due to improper checks of content-loading
policies before loading external script files into XUL documents.

11) A vulnerability exists due to an error when a chrome privileged

object (e.g. the browser sidebar or the FeedWriter) interacts with web
content. This can be exploited to execute arbitrary code with an
object's chrome privileges.



Affected packages:

Pardus 2008:
firefox, all before 3.0.11-106-28
firefox-devel, all before 3.0.11-106-28



Resolution
=========
There are update(s) for firefox, firefox-devel. You can update them via

Package Manager or with a single command from console:

pisi up firefox firefox-devel

References
=========
* http://bugs.pardus.org.tr/show_bug.cgi?id011

* http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
* http://www.mozilla.org/security/announce/2009/mfsa2009-25.html

* http://www.mozilla.org/security/announce/2009/mfsa2009-26.html
* http://www.mozilla.org/security/announce/2009/mfsa2009-27.html

* http://www.mozilla.org/security/announce/2009/mfsa2009-28.html
* http://www.mozilla.org/security/announce/2009/mfsa2009-29.html

* http://www.mozilla.org/security/announce/2009/mfsa2009-30.html
* http://www.mozilla.org/security/announce/2009/mfsa2009-31.html

* http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1392

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1832
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1833

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1834
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1835

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1836
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1837

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1838
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1839

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1840
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1841

* http://secunia.com/advisories/35331