Have been running 11.0 since yesterday. Following install, the number
of updates was very large. All went smoothly. This evening, however,
the following Mozilla update fails repeatedly (after running install, it
just comes back):
Name: mozilla-xulrunner181
Summary: mozilla-xulrunner181: Add latest security fixes
Type: security
New Version: 239
Restart: No
Details:
This update backports security fixes to the Mozilla XULRunner engine. It
fixes following security issues: CVE-2008-0017 / MFSA 2008-54: The
http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x
before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before
1.1.13 does not check for an allocation failure, which allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via an HTTP index response with a crafted 200 header,
which triggers memory corruption and a buffer overflow. CVE-2008-5012 /
MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x
before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change
the source URI when processing a canvas element and an HTTP redirect,
which allows remote attackers to bypass the same origin policy and
access arbitrary images that are not directly accessible to the
attacker. NOTE: this issue can be leveraged to enumerate software on the
client by performing redirections related to moz-icon. CVE-2008-5013 /
MFSA 2008-49: Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x
before 1.1.13 do not properly check when the Flash module has been
dynamically unloaded properly, which allows remote attackers to execute
arbitrary code via a crafted SWF file that “dynamically unloads itself
from an outside JavaScript function,” which triggers an access of an
expired memory address. CVE-2008-5014 / MFSA 2008-50: jslock.cpp in
Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18,
Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code by modifying the window.proto.proto
object in a way that causes a lock on a non-native object, which
triggers an assertion failure related to the OBJ_IS_NATIVE function.
CVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3.x
before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before
1.1.13 allows remote attackers to cause a denial of service (crash) via
multiple vectors that trigger an assertion failure or other
consequences. CVE-2008-5017 / MFSA 2008-52: Integer overflow in
xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x
before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before
2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to
cause a denial of service (crash) via unknown vectors. CVE-2008-5018 /
MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4,
Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and
SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of
service (crash) via vectors related to “insufficient class checking” in
the Date class. CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox
3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before
2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code by
modifying properties of a file input element while it is still being
initialized, then using the blur method to access uninitialized memory.
CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners
method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,
Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows
remote attackers to bypass the same-origin policy and execute arbitrary
script via multiple listeners, which bypass the inner window check.
CVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x
before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers
to bypass the protection mechanism for codebase principals and execute
arbitrary script via the -moz-binding CSS property in a signed JAR file.
CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4, Firefox
2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x
before 1.1.13 do not properly escape quote characters used for XML
processing, allows remote attackers to conduct XML injection attacks via
the default namespace in an E4X document. CVE-2008-5052 / MFSA 2008-52:
The AppendAttributeValue function in the JavaScript engine in Mozilla
Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and
SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of
service (crash) via unknown vectors that trigger memory corruption, as
demonstrated by e4x/extensions/regress-410192.js.