Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 14 Dec 2017, 15:24
All times are UTC - 4
 Forum index » House Training » Users ( For the regulars )
Mozilla 1.0.6 critical vulnerability
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [5 Posts]  
Author Message
russ

Joined: 08 May 2007
Posts: 48

PostPosted: Mon 27 Aug 2007, 10:15    Post subject:  Mozilla 1.0.6 critical vulnerability  

The below critical advisory is found here:
http://www.frsirt.com/english/advisories/2005/1794

Advisory ID : FrSIRT/ADV-2005-1794
CVE ID : CVE-2005-2968
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-09-20

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

A vulnerability was identified in Mozilla Suite and Mozilla Firefox for Linux, which may be exploited by attackers to execute arbitrary commands. This flaw is due to an input validation error when processing, via the shell script used by Firefox to parse URLs supplied by external programs, a specially crafted URL containing malicious shell commands enclosed within backquote characters, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to click on a malicious link via an external program (e.g. Thunderbird or Evolution).

Example : # firefox http://local\`find\`host (will execute the command "find").

Affected Products

Mozilla Firefox version 1.0.6 (Linux) and prior
Mozilla Suite version 1.7.11 (Linux) and prior
Mozilla Thunderbird version 1.0.6 (Linux) and prior

Solution

Upgrade to Mozilla Firefox 1.0.7 or Mozilla Suite 1.7.12 :
http://www.mozilla.org/products/
Upgrade to Mozilla Thunderbird 1.0.7 :
http://www.mozilla.org/products/thunderbird/

References

http://www.frsirt.com/english/advisories/2005/1794
https://bugzilla.mozilla.org/show_bug.cgi?id=307185

Credits

Vulnerability reported by Peter Zelezny

ChangeLog

2005-09-20 : Initial release
2005-09-21 : Updated affected products and solution
2005-09-22 : Updated affected products and solution
2005-10-01 : Updated solution (Thunderbird)

Vulnerability Management

Receive up-to-the-minute alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available. Subscribe to FrSIRT VNS.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Click here to find out more!


Latest Security Advisories and Vulnerabilities :

Asterisk IMAP Backend Storage for Voicemail Denial of Service Vulnerability
Bugzilla Multiple Parameter Cross Site Scripting and Command Injection Issues
Alpha Centauri Software SIDVault Login Mechanism Buffer Overflow Vulnerability
Live for Speed Packets Handling Buffer Overflow and Denial of Service Issues
MapServer Buffer Overflow and Multiple Cross Site Scripting Vulnerabilities
Polipo POST Request Processing Remote Denial of Service Vulnerability
Sophos Anti-Virus UPX and BZIP Processing Denial of Service Vulnerabilities
Sylpheed and Sylpheed-Claws POP3 "inc_put_error()" Format String Vulnerability
Grandstream GXV3000 Remote Eavesdropping and Denial of Service Vulnerability
Skulltag Huffman Decompression Packet Handling Heap Overflow Vulnerability
2532|Gigs "language" Parameter Processing Local File Inclusion Vulnerability
Ipswitch WS_FTP Server FTP Command Logging Script Insertion Vulnerability
Ubuntu Security Update Fixes Mozilla Thunderbird Code Execution Vulnerabilities
Back to top
View user's profile Send private message 
russ

Joined: 08 May 2007
Posts: 48

PostPosted: Mon 27 Aug 2007, 10:17    Post subject: Seamonkey  

I would guess that the above would apply to Seamonkey too.
Back to top
View user's profile Send private message 
trapster


Joined: 28 Nov 2005
Posts: 2098
Location: Maine, USA

PostPosted: Mon 27 Aug 2007, 12:23    Post subject:  

What's with the 2 yr old notices???
_________________
trapster
Maine, USA

Asus eeepc 1005HA PU1X-BK
Frugal install: Slacko
Currently using full install: DebianDog
Back to top
View user's profile Send private message Visit poster's website 
russ

Joined: 08 May 2007
Posts: 48

PostPosted: Sat 15 Sep 2007, 17:20    Post subject:  

so SEamonkey 1.0.6 is not the same as Mozilla 1.0.6?
Back to top
View user's profile Send private message 
Bruce B

Joined: 18 May 2005
Posts: 11488
Location: The Peoples Republic of California

PostPosted: Sat 15 Sep 2007, 23:46    Post subject:  

russ wrote:
so SEamonkey 1.0.6 is not the same as Mozilla 1.0.6?


True.

But that doesn't necessarily mean that Puppy's default SeaMonkey is equal to the newest SeaMonkey in terms of unfixed vulnerabilities.

Known vulnerabilities


To each his own, but I run the newest version of SeaMonkey.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [5 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Users ( For the regulars )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0672s ][ Queries: 13 (0.0144s) ][ GZIP on ]