=========================================================== 
Ubuntu Security Notice USN-428-2             March 02, 2007
firefox regression
https://launchpad.net/bugs/88990
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                                  1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2
  libnspr4                                 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2
  libnss3                                  1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2

After a standard system upgrade you need to restart Firefox to effect 
the necessary changes.

Details follow:

USN-428-1 fixed vulnerabilities in Firefox 1.5.  However, changes to 
library paths caused applications depending on libnss3 to fail to start 
up.  This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Several flaws have been found that could be used to perform Cross-site
 scripting attacks. A malicious web site could exploit these to modify
 the contents or steal confidential data (such as passwords) from other
 opened web pages. (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800,
 CVE-2007-0981, CVE-2007-0995, CVE-2007-0996)
 
 The SSLv2 protocol support in the NSS library did not sufficiently
 check the validity of public keys presented with a SSL certificate. A
 malicious SSL web site using SSLv2 could potentially exploit this to
 execute arbitrary code with the user's privileges.  (CVE-2007-0008)
 
 The SSLv2 protocol support in the NSS library did not sufficiently
 verify the validity of client master keys presented in an SSL client
 certificate. A remote attacker could exploit this to execute arbitrary
 code in a server application that uses the NSS library.
 (CVE-2007-0009)
 
 Various flaws have been reported that could allow an attacker to
 execute arbitrary code with user privileges by tricking the user into
 opening a malicious web page. (CVE-2007-0775, CVE-2007-0776,
 CVE-2007-0777, CVE-2007-1092) 
 
 Two web pages could collide in the disk cache with the result that
 depending on order loaded the end of the longer document could be
 appended to the shorter when the shorter one was reloaded from the
 cache. It is possible a determined hacker could construct a targeted
 attack to steal some sensitive data from a particular web page. The
 potential victim would have to be already logged into the targeted
 service (or be fooled into doing so) and then visit the malicious
 site. (CVE-2007-0778)
 
 David Eckel reported that browser UI elements--such as the host name
 and security indicators--could be spoofed by using custom cursor
 images and a specially crafted style sheet. (CVE-2007-0779)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   177681 367677dfb9fcdea096afe508f510507a
          Size/MD5:     1120 e96bcad4e4a2fdff5e90047442a854e3
          Size/MD5: 44679183 d55d439c238064ddcedb8fabb6089ff2

  Architecture independent packages:

          Size/MD5:    50480 0a9654e29b1e7b315fe7bcde85fe0a82
          Size/MD5:    51368 f7d7e7df86459c24fa3184da5e723ca3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5: 47443244 3322fcd458dbfe789ae53e21b86df8be
          Size/MD5:  2804584 ee33eecb089c532d74c33e544cd5b520
          Size/MD5:   217432 4ecfe5ce1cd0d9164a2efbb99196f813
          Size/MD5:    83680 7b22ca5bf3a188e54c2f4d3270cbd0d3
          Size/MD5:  9439946 eb8e96f2526f59a96713b4d80653062c
          Size/MD5:   220236 b0ce1880afb5c1ee300a1e5c6bbf897c
          Size/MD5:   163584 9cce73f59d74b1a6921ef8004f02cda2
          Size/MD5:   245562 3681ed65b9380ece582bdcceb2379d8c
          Size/MD5:   823220 54fd6d513754541a455041537876bad8

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5: 44006406 98c9c7360e6aaa7eea4ed2c41f273aae
          Size/MD5:  2804456 b2ddd97204d33fdc5b29971e9aa41630
          Size/MD5:   210834 6a1438cbef0a71363d360777bbd3214c
          Size/MD5:    76068 e757d313cda5de879e948b42006bcdeb
          Size/MD5:  7948176 735483f66d8c09cdbed8833073456681
          Size/MD5:   220242 baf029d97f703130e0089659614cd2c4
          Size/MD5:   148142 7c80067d158d37c8df818fd0e3cb4a50
          Size/MD5:   245558 ef61b1f010f5e30f9e3a2a33f5c3b091
          Size/MD5:   714774 1065d82a9d13e98b060e8a60821aaa37

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5: 48834962 4b279b424dc69b2c92098565bc2f0e1e
          Size/MD5:  2804560 51e13ae6b8e853b5a9a4f4a19e6a4c14
          Size/MD5:   214292 1de8eb20071f34ffb73ea7bbb3b6b871
          Size/MD5:    79184 16dccd3a9ba2ed7c296c45e3dff1ab23
          Size/MD5:  9056418 341caadcba7c536c098e8681b7d7231e
          Size/MD5:   220234 f714ff5289e79c24207280050a3b4789
          Size/MD5:   160792 b22e2fb7cbd6a0f31cb88f6439377450
          Size/MD5:   245554 03de410c16cd2c55d8e96f3ec85c1e5c
          Size/MD5:   813842 480783e72a753672776826165d343f15

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5: 45406734 13357d5f6bfaca2a9f7805e9d2374229
          Size/MD5:  2804586 82083b797e91c7169135ecd5b56b4a8e
          Size/MD5:   211778 a97cf3939728dd25381a0d8dd01136c1
          Size/MD5:    77622 2a41ddbdecba4d40777039b393dcb449
          Size/MD5:  8445612 8029b90d13fa8d3f2042c0881afbe7d1
          Size/MD5:   220242 3af481ef99ecb57a525c7585390958ef
          Size/MD5:   150638 1383f7c03bf481b21d309ae32867969a
          Size/MD5:   245538 767e66d0dca9b83daab8bc64a8ba2cb8
          Size/MD5:   725272 dc459aad615df84f3dab766757491c25

Ubuntu: Firefox regression

March 2, 2007
USN-428-1 fixed vulnerabilities in Firefox 1.5

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-428-2 March 02, 2007

Package Information

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved