Bug#489961: iceweasel: Iceweasel crash in Gmail chat with pop-out window

Package: iceweasel
Version: 2.0.0.14-0etch1
Severity: grave
Tags: security
Justification: user security hole

The following steps are necessary to reproduce this problem:
1. Log-in on your Gmail account
2. Open Gmail chat with any other user
3. Press the "pop-out" button
4. Close the pop-out window
Doing so, you should see Iceweasel (Forefox) crash

While it is possible that Google relies on some non-standard feature,
the crash itself indicates the secutiry problem inside of Iceweasel.
I have tried with Firefox 2.10.15 with the same result. Also, I have
heard from a friend of mine that the problem exists with Firefox 2.0
on Windows XP. So, the problem is not Debian specific, yet the problem
indicates the present a potential security hold inside of the browser,
which should be addressed.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-k7
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)

Versions of packages iceweasel depends on:
ii  debianutils            2.17              Miscellaneous utilities specific t
ii  fontconfig             2.4.2-1.2         generic font configuration library
ii  libatk1.0-0            1.12.4-3          The ATK accessibility toolkit
ii  libc6                  2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii  libcairo2              1.2.4-4.1+etch1   The Cairo 2D vector graphics libra
ii  libfontconfig1         2.4.2-1.2         generic font configuration library
ii  libfreetype6           2.2.1-5+etch2     FreeType 2 font engine, shared lib
ii  libgcc1                1:4.1.1-21        GCC support library
ii  libglib2.0-0           2.12.4-2          The GLib library of C routines
ii  libgtk2.0-0            2.8.20-7          The GTK+ graphical user interface
ii  libjpeg62              6b-13             The Independent JPEG Group's JPEG
ii  libmyspell3c2          1:3.1-18          MySpell spellchecking library
ii  libpango1.0-0          1.14.8-5          Layout and rendering of internatio
ii  libpng12-0             1.2.15~beta5-1    PNG library - runtime
ii  libstdc++6             4.1.1-21          The GNU Standard C++ Library v3
ii  libx11-6               2:1.0.3-7         X11 client-side library
ii  libxft2                2.1.8.2-8         FreeType-based font drawing librar
ii  libxinerama1           1:1.0.1-4.1       X11 Xinerama extension library
ii  libxp6                 1:1.0.0.xsf1-1    X Printing Extension (Xprint) clie
ii  libxrender1            1:0.9.1-3         X Rendering Extension client libra
ii  libxt6                 1:1.0.2-2         X11 toolkit intrinsics library
ii  psmisc                 22.3-1            Utilities that use the proc filesy
ii  zlib1g                 1:1.2.3-13        compression library - runtime

iceweasel recommends no packages.

-- no debconf information



--
To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...

On Wed, Jul 09, 2008 at 02:42:45AM +0400, Dmitry Potapov wrote:
Browser crashes induced by web sites are not treated as security issues
by the Debian Security Team, unless there's evidence of memory corruption
leading to code injection.

Did you file a bug in Mozilla Bugzilla on this?

Cheers,
        Moritz



--
To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...

Hello Moritz,

Installing the security upgrade (Iceweasel 2.0.0.15-0etch1) fixed this
problem. So, the bug can be considered closed.

Thanks,
Dmitry



--
To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...

Your message dated Fri, 11 Jul 2008 23:17:25 +0200
with message-id <20080711211725.GI3206@...>
and subject line Re: Bug#489961: iceweasel: Iceweasel crash in Gmail chat with pop-out window
has caused the Debian Bug report #489961,
regarding iceweasel: Iceweasel crash in Gmail chat with pop-out window
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@...
immediately.)


--
489961: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489961
Debian Bug Tracking System
Contact owner@... with problems

Package: iceweasel
Version: 2.0.0.14-0etch1
Severity: grave
Tags: security
Justification: user security hole

The following steps are necessary to reproduce this problem:
1. Log-in on your Gmail account
2. Open Gmail chat with any other user
3. Press the "pop-out" button
4. Close the pop-out window
Doing so, you should see Iceweasel (Forefox) crash

While it is possible that Google relies on some non-standard feature,
the crash itself indicates the secutiry problem inside of Iceweasel.
I have tried with Firefox 2.10.15 with the same result. Also, I have
heard from a friend of mine that the problem exists with Firefox 2.0
on Windows XP. So, the problem is not Debian specific, yet the problem
indicates the present a potential security hold inside of the browser,
which should be addressed.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-k7
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)

Versions of packages iceweasel depends on:
ii  debianutils            2.17              Miscellaneous utilities specific t
ii  fontconfig             2.4.2-1.2         generic font configuration library
ii  libatk1.0-0            1.12.4-3          The ATK accessibility toolkit
ii  libc6                  2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii  libcairo2              1.2.4-4.1+etch1   The Cairo 2D vector graphics libra
ii  libfontconfig1         2.4.2-1.2         generic font configuration library
ii  libfreetype6           2.2.1-5+etch2     FreeType 2 font engine, shared lib
ii  libgcc1                1:4.1.1-21        GCC support library
ii  libglib2.0-0           2.12.4-2          The GLib library of C routines
ii  libgtk2.0-0            2.8.20-7          The GTK+ graphical user interface
ii  libjpeg62              6b-13             The Independent JPEG Group's JPEG
ii  libmyspell3c2          1:3.1-18          MySpell spellchecking library
ii  libpango1.0-0          1.14.8-5          Layout and rendering of internatio
ii  libpng12-0             1.2.15~beta5-1    PNG library - runtime
ii  libstdc++6             4.1.1-21          The GNU Standard C++ Library v3
ii  libx11-6               2:1.0.3-7         X11 client-side library
ii  libxft2                2.1.8.2-8         FreeType-based font drawing librar
ii  libxinerama1           1:1.0.1-4.1       X11 Xinerama extension library
ii  libxp6                 1:1.0.0.xsf1-1    X Printing Extension (Xprint) clie
ii  libxrender1            1:0.9.1-3         X Rendering Extension client libra
ii  libxt6                 1:1.0.2-2         X11 toolkit intrinsics library
ii  psmisc                 22.3-1            Utilities that use the proc filesy
ii  zlib1g                 1:1.2.3-13        compression library - runtime

iceweasel recommends no packages.

-- no debconf information



Version: 2.0.0.15-0etch1

Dmitry Potapov wrote:
> Hello Moritz,
>
> Installing the security upgrade (Iceweasel 2.0.0.15-0etch1) fixed this
> problem. So, the bug can be considered closed.

Thanks for your feedback, closing.

Cheers,
        Moritz