Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Mozilla vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL. The following CVEIDs are addressed: CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565, CVE-2006-4568, CVE-2006-4571, CVE-2006-3808, CVE-2006-4340, CVE-2006-4570
Ubuntu Security Notice USN-361-1           October 10, 2006
mozilla vulnerabilities
CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807,
CVE-2006-3808, CVE-2006-3809, CVE-2006-3811, CVE-2006-4340,
CVE-2006-4565, CVE-2006-4568, CVE-2006-4570, CVE-2006-4571

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libnspr4                                 2:1.7.13-0ubuntu05.04.2
  libnss3                                  2:1.7.13-0ubuntu05.04.2
  mozilla-browser                          2:1.7.13-0ubuntu05.04.2
  mozilla-mailnews                         2:1.7.13-0ubuntu05.04.2
  mozilla-psm                              2:1.7.13-0ubuntu05.04.2

Ubuntu 5.10:
  libnspr4                                 2:1.7.13-0ubuntu5.10.2
  libnss3                                  2:1.7.13-0ubuntu5.10.2
  mozilla-browser                          2:1.7.13-0ubuntu5.10.2
  mozilla-mailnews                         2:1.7.13-0ubuntu5.10.2
  mozilla-psm                              2:1.7.13-0ubuntu5.10.2

After a standard system upgrade you need to restart Mozilla to effect
the necessary changes.

Details follow:

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious URL. (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806,
CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565,
CVE-2006-4568, CVE-2006-4571)

A bug was found in the script handler for automatic proxy
configuration. A malicious proxy could send scripts which could
execute arbitrary code with the user's privileges. (CVE-2006-3808)

The NSS library did not sufficiently check the padding of PKCS #1 v1.5
signatures if the exponent of the public key is 3 (which is widely
used for CAs). This could be exploited to forge valid signatures
without the need of the secret key. (CVE-2006-4340)

Georgi Guninski discovered that even with JavaScript disabled, a
malicous email could still execute JavaScript when the message is
viewed, replied to, or forwarded by putting the script in a remote XBL
file loaded by the message. (CVE-2006-4570)

Updated packages for Ubuntu 5.04:

  Source archives:
      Size/MD5:   403767 ad89e14a1a7063ffd40c7966f66f63e6
      Size/MD5:     1140 62f9aae0950ae23ab127ed0c608a6cd0
      Size/MD5: 38788839 db906560b5abe488286ad1edc21d52b6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   168066 099a54a14163f7ffe0308530d7f513e8
      Size/MD5:   142106 f8c747f219197d2fc62c7be7532dd09e
      Size/MD5:   184956 80462134e344661ebcdb10668703c8cf
      Size/MD5:   711066 2b27ce520e6e2c519145592da529d67c
      Size/MD5: 10618640 187ac84d04bad5af52788263ce85516f
      Size/MD5:   403276 72d272889c297249f811744536aece56
      Size/MD5:   158328 1f81850675d5eb5df3c925b5b1b597ba
      Size/MD5:  3352872 63a790924643bed33c08e1a461978462
      Size/MD5:   121184 1cd6cd71393fad002ac4835bd4d77bc9
      Size/MD5:   204162 87a317642b4ecce9677cd0ed24efab5a
      Size/MD5:  1935960 adb803a894fa3a15852d0733afc74d4c
      Size/MD5:   204574 b3469c0df25b7aab832b7980141c5d37
      Size/MD5:     1036 7e85f8a2bb24b7b598af457fa837a5d9

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   168072 c7690f437e4bd147259cda6352735c39
      Size/MD5:   128792 e6b46d8085bb71e0a02bf4df562d5304
      Size/MD5:   184958 e577ec3493ceece312868c1b1525a15f
      Size/MD5:   640944 58e1b7fa33efd64fc7e76882644d4043
      Size/MD5:  9633508 d1e37ae68a659971781656f6538990a5
      Size/MD5:   403276 e50f3bbac2e41bb104eb5cc295faaa6a
      Size/MD5:   158324 80ee24d10d7096535ca385c31e6c3e15
      Size/MD5:  3345344 6fabf6cc2e004b1198e020955dd8ae8d
      Size/MD5:   115828 914b74534f1f1acc7ef824213e183207
      Size/MD5:   204166 ef89a748349c8b6d8d34669299826c72
      Size/MD5:  1780872 46d444ebdc9275f2f6af5e44386fda3a
      Size/MD5:   188690 fccd761b19b934c65b85692f48c1762f
      Size/MD5:     1040 7e8d5ad979310554776283e3214e3fca

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   168068 df3bd44e30b8879676bc16add8f8f8d7
      Size/MD5:   127516 7581cd6555ad4361a5c71712ef033a3b
      Size/MD5:   184962 f4acb756cb1e06d318dd47fa116ceb95
      Size/MD5:   715266 eba1496eaefd0d5518fbf760f2ab797d
      Size/MD5:  9185774 7ffeea84795d0e04d0c8f322986a93bc
      Size/MD5:   403266 1a4b5095e6189487f92759c56538a249
      Size/MD5:   158326 f451a11b17886ab40ffc5a6318a1c3ed
      Size/MD5:  3340928 84ad67e980f33f3851be557e3925d117
      Size/MD5:   114572 f0b66f845fa37fb4fe8446390a9febe2
      Size/MD5:   204162 dbc4ea2f92922d2c4e971f93c0654a8b
      Size/MD5:  1643070 50861039ddbc58e3af7ea190a3741bc2
      Size/MD5:   175956 c2ee0dd5fe36227e6ba889f536572404
      Size/MD5:     1042 294f7978e129035d0ddd01d5c80a28b7

Updated packages for Ubuntu 5.10:

  Source archives:
      Size/MD5:   405485 13b07818d2a9c3a822a3ca8401a7bae1
      Size/MD5:     1080 0a4ccbdb5a99be291f96831b89518c40
      Size/MD5: 38788839 db906560b5abe488286ad1edc21d52b6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   168034 7519d27e8092bb5580b1247f2fc5b5d2
      Size/MD5:   144144 a6dc385f53c79685e2b279cb9e36b5d9
      Size/MD5:   184944 7bf1d7cc91284ea519b7b12294ba06f6
      Size/MD5:   719760 d8ad4ba840f6228d44721c4d6659bf03
      Size/MD5: 10677284 95caf43274622ca4d152b69e41794768
      Size/MD5:   403240 36bd0aa4b881b5b5ab233398b94c4b6c
      Size/MD5:   158304 fdb8c415490ed55058213509bef937a4
      Size/MD5:  3348658 b9a541dee238a3ae69187d3fc2f86a99
      Size/MD5:   122354 3bccc7529278385f8a08218911cb4941
      Size/MD5:   204136 604e32b34b597cae8e6f5bb467adf760
      Size/MD5:  1962890 9f389ecdb51eae26a216239cc41f7472
      Size/MD5:   204424 8eb5609b154d3316f93c885869d256af
      Size/MD5:     1030 3a99313ff3bda75788f3c53a98703568

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   168032 0ac1e3dcf83ed167c4dd5b753fc3f86e
      Size/MD5:   129510 288838a25b84ab3ef0ce8abb78826a70
      Size/MD5:   184926 3739546c136ef47131c0c56f215f13b8
      Size/MD5:   635804 f3a85be693448a98f32ade7ccf0d572a
      Size/MD5:  9192548 87ce9472ff327ee15c061ca894f4c502
      Size/MD5:   403242 e10c7357c9abe4ff1c65b98ef04d8cca
      Size/MD5:   158306 da45278e8bbb9df31482e44355bb3022
      Size/MD5:  3338184 2dc446ab7c26e4e16c06f39e4181b2d6
      Size/MD5:   115300 969aeb4a686fe1706d62cac1a55c88ee
      Size/MD5:   204136 5c6604b2af81921b94dee9d6ab25fef4
      Size/MD5:  1691542 a26eea78868e8b914fdeb244e0a5ce99
      Size/MD5:   179006 478f4d4935d60cf5b540bbf2b9584015
      Size/MD5:     1032 b0690b4026428358310227b62e86a201

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   168044 4b49416501a5cf3dde11c85bca9d4003
      Size/MD5:   131208 8ae16b24d772df785f7ac7b45994bf81
      Size/MD5:   184944 c605f3e46e6eec714c52bdca024bf5cd
      Size/MD5:   697346 57c40323da49beb71ee92e628c513412
      Size/MD5:  9271350 ab423ec59fdc70062f5475abdf224450
      Size/MD5:   403248 638114d07b0e92e0dbf53889a93db2e9
      Size/MD5:   158316 82cf9eec804814c40b80743cfaa40c0c
      Size/MD5:  3337212 c77a728d100e4a814292c1ebf058b206
      Size/MD5:   115338 ee431929c1d42fea57deed6af5821222
      Size/MD5:   204132 d320df4c82bec0dbea9e23eac86e0c52
      Size/MD5:  1671452 6cfcd9843412b61bb38cc8b6e6347d36
      Size/MD5:   175960 445a0a66e665dd7fa1e19b17ebbc68e7
      Size/MD5:     1030 2f1b913bfec084dce97507bcb316184c

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   168044 b0283b659cac7e9fda0a52903183cc1a
      Size/MD5:   127776 dc6a2efef62c01494a86ce8d1db0cf0d
      Size/MD5:   184934 216d6c3730e6814bb553319b2c38a4a5
      Size/MD5:   631150 18932e443011e4d18ab953eab47fb9b9
      Size/MD5:  9017638 35b2c93ab3e9f139971fc78230d8caf6
      Size/MD5:   403236 89978443b4a64d64da69b7d771baa4b1
      Size/MD5:   158310 f8a4927cb65d95afa9a700214d98cf6d
      Size/MD5:  3336676 0d0b547f174249216f06176b06e6ca1b
      Size/MD5:   113838 a676537e1727286d1cdbe93072d120d2
      Size/MD5:   204134 678ada2642462d3267403d1459e77b54
      Size/MD5:  1629864 ee75fea2ad24654db58d59a72a4a0086
      Size/MD5:   170498 95c70a127d1b1c63e8530d1804e71cf2
      Size/MD5:     1038 0e2e0a04322e4f24d7982cd10e16669d

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.