Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Firefox vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Several flaws have been found in Firefox that could be used to perform Cross-site scripting attacks.

Ubuntu Security Notice USN-428-1          February 26, 2007
firefox vulnerabilities
CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775,
CVE-2007-0776, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779,
CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995,
CVE-2007-0996, CVE-2007-1092

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  firefox                                  1.5.dfsg+

Ubuntu 6.06 LTS:
  firefox                                  1.5.dfsg+
  libnspr4                                 1.5.dfsg+
  libnss3                                  1.5.dfsg+

Ubuntu 6.10:

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Details follow:

Several flaws have been found that could be used to perform Cross-site
scripting attacks. A malicious web site could exploit these to modify
the contents or steal confidential data (such as passwords) from other
opened web pages. (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800,
CVE-2007-0981, CVE-2007-0995, CVE-2007-0996)

The SSLv2 protocol support in the NSS library did not sufficiently
check the validity of public keys presented with a SSL certificate. A
malicious SSL web site using SSLv2 could potentially exploit this to
execute arbitrary code with the user's privileges.  (CVE-2007-0008)

The SSLv2 protocol support in the NSS library did not sufficiently
verify the validity of client master keys presented in an SSL client
certificate. A remote attacker could exploit this to execute arbitrary
code in a server application that uses the NSS library.

Various flaws have been reported that could allow an attacker to
execute arbitrary code with user privileges by tricking the user into
opening a malicious web page. (CVE-2007-0775, CVE-2007-0776,
CVE-2007-0777, CVE-2007-1092)

Two web pages could collide in the disk cache with the result that
depending on order loaded the end of the longer document could be
appended to the shorter when the shorter one was reloaded from the
cache. It is possible a determined hacker could construct a targeted
attack to steal some sensitive data from a particular web page. The
potential victim would have to be already logged into the targeted
service (or be fooled into doing so) and then visit the malicious
site. (CVE-2007-0778)

David Eckel reported that browser UI elements--such as the host name
and security indicators--could be spoofed by using custom cursor
images and a specially crafted style sheet. (CVE-2007-0779)

Updated packages for Ubuntu 5.10:

  Source archives:
      Size/MD5:   176831 76744cf2123e13143408e37deb2311c0
      Size/MD5:     1063 eac4c86acb16ad4cf85604e5cc9f441c
      Size/MD5: 44679183 d55d439c238064ddcedb8fabb6089ff2

  Architecture independent packages:
      Size/MD5:    50314 d17e00b536378e1710c918f2b834e513
      Size/MD5:    51208 abdc905b5e3c31c05a427defdc9035bc

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  3167242 01f67e394a7b569df52fd02513712811
      Size/MD5:   217230 bc5d29d293abc4665c052c0fc76aef79
      Size/MD5:    83544 d7978eba50c0e82d4e3606240e38e3fa
      Size/MD5: 10311286 4ea4f615c24ecceae90e7b432ddb5e4a

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  3167298 571b158ab384827e881ab52d05c7afcb
      Size/MD5:   210744 0092218d208b41e1a72b1303a77b3238
      Size/MD5:    75946 21eda2226572b3c3143f8e4ab8145ba6
      Size/MD5:  8712048 66138335623748c529c3050084ceadaa

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  3167330 7cdba77a564720cf82ea475eace3aef5
      Size/MD5:   214166 630d44a2240aa9d8790de3db3e9b05ff
      Size/MD5:    79138 f4b3d39d326f77acde26161d1d66c84b
      Size/MD5:  9899346 9066e6747aa0337985a1f29f4e64cffd

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:  3167284 e6726b6ed59b5c083796ae93c6eedc64
      Size/MD5:   211730 b1f127d2df48b09c7b404f09754c71be
      Size/MD5:    77516 8b430af0eadfa18b180f2637fafa7a5e
      Size/MD5:  9227232 727146f6c93a565f8aabda0a1bbfc80b

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   177547 396588ea856af87e8137682342648d1d
      Size/MD5:     1120 1625dcf8053738851d0a2978b6f0e315
      Size/MD5: 44679183 d55d439c238064ddcedb8fabb6089ff2

  Architecture independent packages:
      Size/MD5:    50410 66f8a212fb4dbf22b9c8abbb21650d2c
      Size/MD5:    51296 8dc3631d49303156f74ba2e0ad72c744

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 47439362 0e8e0cc7f0385fc74a953610f7f41c11
      Size/MD5:  2804532 a9c1cd1a790a715b6ad58785cb0eea01
      Size/MD5:   217360 f217f66f7563f80f309e065a44a08cfb
      Size/MD5:    83620 0b3738208c8069b8a5449a59ae604293
      Size/MD5:  9553646 c66621583e808b88663b200ad3238f7a
      Size/MD5:   220158 e4f1cc5b0c2edc41cf1e4c6aa3051a33
      Size/MD5:   163484 e1c0ab1f05132b717751783ccc0c22c1
      Size/MD5:   245468 10d43347432618aaa140c081c20ed10f
      Size/MD5:   710556 53cb8cc7e3a7d346630184980df34ff5

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 44003676 a53682ff42f56d8dd494c96d2e3817d5
      Size/MD5:  2804534 281bc91e92c6224df7c77b4ce2840e1b
      Size/MD5:   210766 0d2d6ecfaa6ad0b629fc78159a8ba0f3
      Size/MD5:    75992 fc370791f6533f01409d3b369505766a
      Size/MD5:  8044874 cbda163790d814d785831358cb53cabc
      Size/MD5:   220160 2067d9432ff164e7344bd8142bb026ff
      Size/MD5:   148072 274cd0206aafa1a5ad02dbe279a37216
      Size/MD5:   245474 ed709e80de120a795d79df237b6dd421
      Size/MD5:   616162 766f3224ad0924ae1d47c6970a2bfd16

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 48831230 a594a826614ab062cb8e12a5e67a7115
      Size/MD5:  2804524 01b3f645267c4b3b166a6dcdebe099cf
      Size/MD5:   214208 d5563084e7a175423a1a27d98270c5a7
      Size/MD5:    79110 fa20295177cf290ee980127c3ed1ff33
      Size/MD5:  9215262 f641d7657a284bd049c75d5119512013
      Size/MD5:   220160 b684d9f82943b8698b9f369737cd318a
      Size/MD5:   160684 0919604b7e446d0a7923968ee1d0357b
      Size/MD5:   245472 d9e5620a0672e46e89a90123430e78ae
      Size/MD5:   655490 5c4225025b12a75900899859c6b616d1

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5: 45406824 2ade39640c714000138eec2c5b8691f9
      Size/MD5:  2804570 0f0d35704d9f00e41c3ccce5535cb9ce
      Size/MD5:   211712 f88704bb8c6671debcfae882f408c607
      Size/MD5:    77564 d5b89bc054fb2c6cf0089b04c727d0a7
      Size/MD5:  8571602 6eb03eae7ffb19c3afc766a016d2e723
      Size/MD5:   220156 a92bbd2e0e9a936355abeaae9376264c
      Size/MD5:   150554 85be23282c348b3de7bf3786aa56a5a6
      Size/MD5:   245474 dd03340bae55531e40a887ad5204c774
      Size/MD5:   599816 04b5ea1db1aa17f292481d913eddecb5

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   322293 4d8894d022833e46c25d5e6ce269ee5b
      Size/MD5:     1218 c6708c7c771a995e0ec709cc022ce61a
      Size/MD5: 46466665 f6dad051f9995ebba310e8cd6497ae9f

  Architecture independent packages:
      Size/MD5:   236878 52d4d42a0881949da47a5f7946d2edec
      Size/MD5:    55668 a379aaf8d4f67465c0e71aaa852a3b8a
      Size/MD5:    55762 aea5774743b8e3bc90c8349099e9c423
      Size/MD5:    55776 85b1c150c432f3fc2038a5ff3a5804ed
      Size/MD5:    56574 91e46691914551281676003e3b6589bb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 50341952 381fc5626f047660d2bdd680824db54d
      Size/MD5:  3120906 263ed42e4bdbcc4ba3010744cb900160
      Size/MD5:    90062 198b64dcde3d7e1eb9bed2aeb32ce808
      Size/MD5: 10399974 e3adef875d5fefa75c56fdf614183bdc
      Size/MD5:   225444 9a1465fcc7386edba0fb81d00079066e
      Size/MD5:   168168 1ccb3b97ed970c07bbdf6fb769f2e4b5
      Size/MD5:   250820 df7c647e48cb8941a0421d5f1a5c4661
      Size/MD5:   862110 87c01e4266d1c06d1097e5f8a58806d2

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 49498816 4c61ffe25628585a91e1d90180997343
      Size/MD5:  3111488 1ec3b0bbe8564828421f381ed8b0d5fb
      Size/MD5:    83792 91c2b8d2410921fd6e19c742e9552550
      Size/MD5:  9225462 4c0d2cb608ee830bdc38b7f8d89f9a33
      Size/MD5:   225434 5293ae8d41c018d4a956555c189fd7f6
      Size/MD5:   157774 cc2c474e306b1d80db79cdba936c2ee6
      Size/MD5:   250794 42e6e643fb73ae668e569ec3d5052ea9
      Size/MD5:   785948 fefc874278ea69ba2a8b518d6826e158

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 52033226 d7ddf5236086638446d6ea4775c833ee
      Size/MD5:  3117424 0a5038c00b1997b6c7b72f16e1ca85e7
      Size/MD5:    85668 25e4f56d5311cc9e3a0ecaf28d6189ff
      Size/MD5: 10067834 1758c9d69c571c0d7bf9ec20b74e2a33
      Size/MD5:   225432 241089d26f31cb5e0816debe7b09a55d
      Size/MD5:   166830 dd932812a920701677df9b3bf9970023
      Size/MD5:   250798 65cddc61ad6f809004d342dcdf07c2cc
      Size/MD5:   860802 217ffcce7a3a99cabd9b4cff500281a8

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5: 49550142 e432529be2a2c6b7b327ede81d2cc1c3
      Size/MD5:  3108058 4a2bc97252c385fe323b56b7fb03c64f
      Size/MD5:    83484 8d24e2420d7d2188a620674aa566956d
      Size/MD5:  9493984 e311cd75fa46ed1a47958f6883ea65aa
      Size/MD5:   225444 fdcd4bf5450574bcbe7d3aca89dbc403
      Size/MD5:   155678 a99e5fc7bef8c29e0e89c48288144fc6
      Size/MD5:   250800 dd3473d37b593e55c82f5dce245bebe0
      Size/MD5:   766616 ba23d67757ddc39888e92f6af56ec67d

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.