Opened 2 years ago
Closed 2 years ago
#15753 closed enhancement (fixed)
seamonkey-2.53.10.1
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (6)
comment:1 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 2 years ago
comment:3 by , 2 years ago
| Priority: | normal → elevated |
|---|
Looking at the release notes for these last night, it's obvious these two contain some pretty significant security fixes. I may promote them to High after more research (which will happen after Java).
comment:4 by , 2 years ago
| Summary: | seamonkey-2.53.10 → seamonkey-2.53.10.1 |
|---|
2.53.10
What's New in SeaMonkey 2.53.10
SeaMonkey 2.53.10 contains (among other changes) the following major changes relative to SeaMonkey 2.53.9.1:
Minor fixes for testdisplay command in ChatZilla bug 1727976.
Show CTCP requests (excluding ACTION and DCC) bug 1722156.
IRCv3: Add support for server-time bug 1724586.
Add localization note for network editor dialog width in ChatZilla bug 1727977.
IRCv3: Add support for extended-join and account-notify bug 1722159.
Add ability to collapse message groups in ChatZilla bug 1724588.
Fix JS strict warnings in unescapeTagValue in ChatZilla bug 1727989.
IRCv3: Add support for invite-notify bug 1722161.
IRCv3: Add support for batch bug 1724589.
Fix JS strict warning in addHistory in cZ static.js bug 1727992.
IRCv3: Add support for cap-notify bug 1722162.
Stop using canonical name as collection keys in ChatZilla bug 1728025.
IRCv3: Add support for TLS and STS bug 1722166.
Helper function for renaming irc server properties in ChatZilla bug 1728027.
IRCv3: Add support for MONITOR bug 1722174.
Remove use of msg.commasp in ChatZilla bug 1726965.
Allow shiftKey to modify behaviour of link clicking in cZ bug 1713458.
IRCv3: Add support for echo-message bug 1722211.
In ChatZilla make /commands return all matches starting with pattern bug 1726966.
Use SeaMonkey prefs to determine how links behave in cZ bug 1713467.
Allow parameters to be localised in ChatZilla bug 1724105.
Add identify command to cZ and hook into password management bug 1713470.
IRCv3.1: Implement SASL with PLAIN mechanism bug 1717545.
IRCv3: Add support for message tags bug 1724584.
Add last read message divider to ChatZilla bug 1729159.
IRCv3: Add support for account-tag bug 1724585.
Missing option "text encoding Unicode/UTF-8" in preferences - Mailnews bug 1679260.
Detect Crashreporter using AppConstants in SeaMonkey bug 1735236.
Link about LEGACY extensions in Add-ons Manager is broken bug 1656797.
Update help for clear private data preferences and dialog bug 1728911.
Fix typo in cs_nav_prefs_appearance bug 1737473.
Drop leftover "Edit Menu" comment from messageWindow.xul and addressbook.xul bug 1725121.
Add dummy tab routines to SeaMonkey mailnews tab browser bug 1735243.
Folder pane and tab/window title not updated correctly when opening in new tab bug 1726940.
Allow mail tab bar to be controlled separately to browser tab bar bug 1724515.
Copy any user set values for new mail.tabs prefs bug 1729165.
Merge Master Passwords and Passwords pref panes into a single pref pane bug 1728099.
Move warning about redirection pref from Content to Privacy & Security pane bug 1728185.
Move website icons prefs from content pref pane to browser pref pane bug 1727425.
Move browser / mailnews system integration prefs into advanced pane bug 1727659.
Have separate opentabfor.middleclick for mailnews bug 1727948.
Add removeBrowser helper for tabbrowser bug 1730391.
Put <browser> in a <stack> so it's easy to overlay bug 1730392.
Allow browser focus to be avoided bug 1720003.
SeaMonkey 32x32 default icon has light stripe at the bottom bug 1729153.
Support <input type=time> and <input type=date> in SeaMonkey bug 1730408.
Middleclick on browser tab handled twice (closes tab and loads URL from primary or clipboard) bug 1734407.
Unable to create a new "Saved Search Folder" using "Save View as a Folder..." bug 1738669.
The following bugs were fixed in our branch of the Gecko source code only:
Enable compression for standard http connections bug 1728996.
Support VS2022 for compiling under Windows bug 1728988.
"But wait, there's more!" - the version is now 2.53.10.1
This one also includes the fixes from Firefox-78.15 ESR:
Security Vulnerabilities fixed in Firefox ESR 78.15
Announced
October 5, 2021
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 78.15
#CVE-2021-38496: Use-after-free in MessageTask
Reporter
Yangkang of 360 ATA Team
Impact
high
Description
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.
References
Bug 1725335
#CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
Reporter
Mozilla developers
Impact
high
Description
Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
comment:5 by , 2 years ago
2.53.10.1
SeaMonkey 2.53.10.1 contains (among other changes) the following major changes relative to SeaMonkey 2.53.10:
Security fix for NSS code bug 1737470.
Only use networks and servers in lower case in ChatZilla bug 1742502.
Change classic form icon in SeaMonkey composer bug 1710915.
Addition fixes for SeaMonkey 32x32 default icons on Windows and macOS bug 1729153.
Also includes fixes up to 91.4esr, so that would be:
Security Vulnerabilities fixed in Firefox ESR 91.3
Announced
November 2, 2021
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 91.3
#CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
Reporter
Armin Ebert
Impact
high
Description
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.
References
Bug 1729517
#CVE-2021-38504: Use-after-free in file picker dialog
Reporter
Irvan Kurniawan
Impact
high
Description
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash.
References
Bug 1730156
#CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data
Reporter
Sergey Galich
Impact
high
Description
Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account.
This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.
References
Bug 1730194
#CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning
Reporter
Irvan Kurniawan
Impact
high
Description
Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing.
References
Bug 1730750
#CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
Reporter
Takeshi Terada
Impact
high
Description
The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage.
References
Bug 1730935
#CVE-2021-43535: Use-after-free in HTTP2 Session object
Reporter
Julien Cristau
Impact
high
Description
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash.
References
Bug 1667102
#CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
Reporter
Raphael
Impact
moderate
Description
By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission.
References
Bug 1366818
#CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain
Reporter
Ademar Nowasky Junior
Impact
moderate
Description
Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing.
References
Bug 1718571
#CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
Reporter
Hou JingYi
Impact
moderate
Description
The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.
Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.
References
Bug 1731779
#CVE-2021-43534: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Reporter
Mozilla developers
Impact
high
Description
Mozilla developers and community members Christian Holler, Valentin Gosu, and Andrew McCreight reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
and
Security Vulnerabilities fixed in Firefox ESR 91.4.0
Announced
December 7, 2021
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 91.4
#CVE-2021-43536: URL leakage when navigating while executing asynchronous function
Reporter
Sunwoo Kim and Youngmin Kim of SNU CompSec Lab
Impact
high
Description
Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL.
References
Bug 1730120
#CVE-2021-43537: Heap buffer overflow when using structured clone
Reporter
bo13oy of Cyber Kunlun Lab
Impact
high
Description
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash.
References
Bug 1738237
#CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both
Reporter
Irvan Kurniawan (@sourc7)
Impact
high
Description
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks.
References
Bug 1739091
#CVE-2021-43539: GC rooting failure when calling wasm instance methods
Reporter
Asumu Takikawa and Ioanna Dimitriou
Impact
high
Description
Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash.
References
Bug 1739683
#CVE-2021-43541: External protocol handler parameters were unescaped
Reporter
chriscla
Impact
moderate
Description
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped.
References
Bug 1696685
#CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler
Reporter
Raphael Smolik
Impact
moderate
Description
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols.
References
Bug 1723281
#CVE-2021-43543: Bypass of CSP sandbox directive when embedding
Reporter
Armin Ebert
Impact
moderate
Description
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content.
References
Bug 1738418
#CVE-2021-43545: Denial of Service when using the Location API in a loop
Reporter
Paul Zühlcke
Impact
low
Description
Using the Location API in a loop could have caused severe application hangs and crashes.
References
Bug 1720926
#CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed
Reporter
Daniel Veditz
Impact
low
Description
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.
References
Bug 1737751
#CVE-2021-4129: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
Reporter
Mozilla developers and community
Impact
high
Description
Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94 and Firefox ESR 91.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
comment:6 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
I see that fedora have a patch for building with rustc>=1.56.0, https://src.fedoraproject.org/rpms/seamonkey/raw/rawhide/f/seamonkey-2.53.10-rust156.patch