Description of problem: CVE-2011-3640 Untrusted search path vulnerability in Mozilla Network Security Services (NSS) might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. CVE-2011-3648 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. CVE-2011-3650 Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. CVE-2011-3651 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2011-3652 The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. CVE-2011-3654 The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. CVE-2011-3655 Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. ------------------------------------------------------------------------------ http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/ http://www.entrust.net/advisories/malaysia.htm 22 weak 512-bit certificates were issued by the DigiCert Sdn. Bhd certificate authority, due to this, DigiCert Sdn. Bhd has been revoked from the root CA storage. DigiCert Sdn. Bhd is a Malaysian subordinate CA under Entrust and Verizon (GTE CyberTrust). It bears no affiliation whatsoever with the US-based corporation DigiCert, Inc., which is a member of Mozilla's root program.
This is already being worked on by dmorgan and me, not sure who to assign it to as it covers at least 3 different src.rpms ...
CC: (none) => doktor5000
Thunderbird 3.1.15 on mga 1 is susceptible to at least CVE-2011-3640, where mozilla provides a patch that fixes this, which i've applied, awaiting review. CVE-2011-3648 and CVE-2011-3650 are fixed by updating to 3.1.6. And according to upstream developers 3.1 series is not susceptible to anything mentioned in http://www.mozilla.org/security/announce/2011/mfsa2011-48.html which references: CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 (All the relevant bug reports to these are not public.) CVE-2011-3655 is only relevant for Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0.
Add the three most committers if no maintainers for the packages.
CC: (none) => dmorganec, fundawang, jani.valimaa, mageia, pterjan
Well, maybe not, thunderbird has already been submitted for mga1 and i saw dmorgan already updated to firefox 8 in SVN for mga1. I'll assign it to dmorgan as he also wanted to do the rootcerts update.
Status: NEW => ASSIGNEDCC: fundawang, jani.valimaa, mageia, pterjan => (none)Assignee: bugsquad => dmorganec
There is now mozilla-thunderbird-3.1.16-1.mga1 in core/updates_testing to validate ------------------------------------------------------- Suggested advisory: ------------------- This update addresses the following CVEs: - CVE-2011-2722 An untrusted search path vulnerability which might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory Other fixes in this release: - http://www.mozilla.org/security/announce/2011/mfsa2011-46.html (loadSubScript unwraps XPCNativeWrapper scope parameter, a malicious page could potentially exploit a Thunderbird user who had installed an add-on that used loadSubscript in vulnerable ways) - http://www.mozilla.org/security/announce/2011/mfsa2011-47.html (Potential cross-site-scripting against sites using Shift-JIS encoding, CVE-2011-3648) - http://www.mozilla.org/security/announce/2011/mfsa2011-49.html (memory corruption while profiling using Firebug, CVE-2011-3650) ------------------------------------------------------- Steps to reproduce: - install/update to update candidate
And for nss and rootcerts ?
(ok read to fast, but I think it's better to have one bug/package)
OK, i'll open another one tomorrow for firefox, nss and rootcerts as they belong together. This one can be validated now for thunderbird with above advisory.
Assignee: dmorganec => qa-bugs
Testing on i586 complete for the srpm mozilla-thunderbird-3.1.16-1.mga1.src.rpm Testing used an email account, and an nntp account.
CC: (none) => davidwhodgins
Testing on x86_64 using email and nntp accounts with out any problem.
CC: (none) => pham182b
Validating the update. Could someone from the sysadmin team push the srpm mozilla-thunderbird-3.1.16-1.mga1.src.rpm from Core Updates Testing to Core Updates. Advisory: This mozilla-thunderbird update addresses the following CVEs: - CVE-2011-2722 An untrusted search path vulnerability which might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory Other fixes in this release: - http://www.mozilla.org/security/announce/2011/mfsa2011-46.html (loadSubScript unwraps XPCNativeWrapper scope parameter, a malicious page could potentially exploit a Thunderbird user who had installed an add-on that used loadSubscript in vulnerable ways) - http://www.mozilla.org/security/announce/2011/mfsa2011-47.html (Potential cross-site-scripting against sites using Shift-JIS encoding, CVE-2011-3648) - http://www.mozilla.org/security/announce/2011/mfsa2011-49.html (memory corruption while profiling using Firebug, CVE-2011-3650) https://bugs.mageia.org/show_bug.cgi?id=3308
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
(In reply to comment #11) > Validating the update. > > Could someone from the sysadmin team push the srpm > mozilla-thunderbird-3.1.16-1.mga1.src.rpm > from Core Updates Testing to Core Updates. Uhmm, please don't forget the language packs from mozilla-thunderbird-l10n-3.1.16-1.mga1.src.rpm
Update pushed.
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
Blocks: (none) => 3335