Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Firefox vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges.
Ubuntu Security Notice USN-468-1              June 01, 2007
firefox vulnerabilities
CVE-2007-1362, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869,
CVE-2007-2870, CVE-2007-2871

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                                  1.5.dfsg+

Ubuntu 6.10:

Ubuntu 7.04:

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Details follow:

Various flaws were discovered in the layout and JavaScript engines.
By tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-2867,

A flaw was discovered in the form autocomplete feature.  By tricking
a user into opening a malicious web page, an attacker could cause a
persistent denial of service. (CVE-2007-2869)

Nicolas Derouet discovered flaws in cookie handling.  By tricking a user
into opening a malicious web page, an attacker could force the browser to
consume large quantities of disk or memory while processing long cookie
paths. (CVE-2007-1362)

A flaw was discovered in the same-origin policy handling of the
addEventListener JavaScript method.  A malicious web site could exploit
this to modify the contents, or steal confidential data (such as
passwords), of other web pages.  (CVE-2007-2870)

Chris Thomas discovered a flaw in XUL popups.  A malicious web site
could exploit this to spoof or obscure portions of the browser UI,
such as the location bar. (CVE-2007-2871)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   177865 66cd69457a47dd365dcc471357eda3ca
      Size/MD5:     1760 8ef755041bc77e27ea0a7e8659644462
      Size/MD5: 44750890 896c1ca3f27c09c6698a2074bbd5bd41

  Architecture independent packages:
      Size/MD5:    50668 8b8507aa080a14a56d5920318951b5ad
      Size/MD5:    51554 69b38159095a014335251f54b590c2af

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 47467870 d350cb99c830f7664088949655088bff
      Size/MD5:  2806098 1071c56d689bf1557b21fde9d4245821
      Size/MD5:   217610 eca00aa45b0a9c0e3f42a0c296c93bcd
      Size/MD5:    83978 56b65aafc0c8d999ea9391cb41937507
      Size/MD5:  9443722 8c131ecc806c6558c1e65d3071dcbd4f
      Size/MD5:   220668 4f1ecfe4705df1c32ab525806a40c932
      Size/MD5:   163734 d70d287eb51d24f3faa20ea89fa6077b
      Size/MD5:   245764 3b66eaf34da7ac7fba992600814e6ea4
      Size/MD5:   823402 a0c3a13065617636dfb55ad9707ce25d

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 44032500 f7ed2076958f3368abed368b404b00ac
      Size/MD5:  2806090 63905992293569aa8007858cf0eb392e
      Size/MD5:   211016 938d59e4f9119076bc5a9c4f86dfc6d2
      Size/MD5:    76360 56cb5360d18836b7d26caefb0777d980
      Size/MD5:  7951260 0ea991cac8bd862c8cc5e395ff0cd257
      Size/MD5:   220666 babaa89307690d608e1e09401164ba8d
      Size/MD5:   148274 f721e39bf6fd17b9071132f7fd907eff
      Size/MD5:   245764 423da752a848362c0adb43a46f1dc4f0
      Size/MD5:   714984 a3ad4cbb948feb8112bc8b665240135a

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 48863760 94582481df5050ea443086a83ca1edff
      Size/MD5:  2806042 97400d1422275d21049e976eaa1ca092
      Size/MD5:   214470 33a9e8ff47f3f0625c25d33bbd32d508
      Size/MD5:    79466 361068291d223debd83440da1bd91e2e
      Size/MD5:  9059024 db6c126df3c4e8d4bdee3948ed6c25db
      Size/MD5:   220680 7a9b2f8b7eae232dd37c79f5604dfdfd
      Size/MD5:   160956 d21a09edc3e250109b1616e1503e5691
      Size/MD5:   245768 719f5145d667f1b95491a650aa1bfa5b
      Size/MD5:   814042 773d8eea707467fe2837b1a7b957bb1a

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5: 45428276 ed30861aa68e67c43aa82f21560a8476
      Size/MD5:  2806192 ce47e4c12ab01f500d89a333e098fd71
      Size/MD5:   211958 d5b2b493b36c86a9be0221e472f535df
      Size/MD5:    77950 f2beb2f1c5be5eab81b34d6c9fbbafc1
      Size/MD5:  8448656 607dba9f2a034ef10ce21d210f16ec75
      Size/MD5:   220668 c733d5841059eba97434ac2d9d14ae3b
      Size/MD5:   150860 52a94f74d10525c855e9a66f2759745f
      Size/MD5:   245762 51bb63256627cbc295215f5fa89c76f3
      Size/MD5:   725474 456ac9970549096ef3738f3f0f5fc900

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   320879 be400ccb6d77dc2ea59a56f94c3ce469
      Size/MD5:     1856 4a48aaf8d25965c4ae6652be499b1fa3
      Size/MD5: 46775295 4c090f3d24222acf7201ca46819f0ad8

  Architecture independent packages:
      Size/MD5:   237232 60e594edd9a23161bc42a62ec67cf52b
      Size/MD5:    56054 16935d6a6041326587cd752def55664b
      Size/MD5:    56146 8a635c27c4efc4c31f86f1c0fc3012f9
      Size/MD5:    56162 39871177288baaaeeb909fd78693b1d9
      Size/MD5:    56960 07a5f1e48bec6c45d491ef3194766ec7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 50383850 63f8e952e1af97e395b4af2fb1317d20
      Size/MD5:  3123186 2a4be563aa81e1f10ac1fc73a3de13d4
      Size/MD5:    90542 c4c6605d51555dd401818cdd73fe24d8
      Size/MD5: 10405658 66ea051522cd171ad55907031abf8519
      Size/MD5:   226140 976546c5d93db6490d12ce9f406ff128
      Size/MD5:   168508 eb7528f74d5bf609abd405701af30690
      Size/MD5:   251184 cc33e7da81347b766681892186fbb9a1
      Size/MD5:   862468 3c01f9de6c4028b16f69aded7007e811

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 49550588 a96b2fc47e6e7b6a23c12603752d263f
      Size/MD5:  3114268 10ec50f560e888f9703bd75156b6fee4
      Size/MD5:    84236 b8898fc67e19fa6baa45203ea8586ee2
      Size/MD5:  9229344 312be6ca5d3fc115b3daad60c32a8851
      Size/MD5:   226134 defe99fc5f84d9d3ff699e584fb9e230
      Size/MD5:   158112 cd18c5cd4a889331fc3cdd2c790f2f65
      Size/MD5:   251156 85212783e2485ada218c51c5a47fe74b
      Size/MD5:   786318 3add01c2e8b787717630dd0273f67876

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 52069432 08f2b3bd01bfe599b9ca17bd7e0b50fe
      Size/MD5:  3120094 44223bafde87f08730a03db985dfbd09
      Size/MD5:    86132 86886f53c4d9c2b03b14abc18e78b34e
      Size/MD5: 10070334 e6f7bb5e124a9e9f76417182c919fdf2
      Size/MD5:   226144 c626912ad23f5d26938c3e6c76b428c6
      Size/MD5:   167214 47d2b8d0ec609ddf08bcb96a6816a55a
      Size/MD5:   251184 aa55e3a53d20693b0b2545a37352df0e
      Size/MD5:   861184 990b5fbaac27061ca02548f576059bb5

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5: 49596020 1b7384d74a17cc437b853c588b883648
      Size/MD5:  3110952 556b56f1daadd38975dae7a94c9b161c
      Size/MD5:    83990 1d69cfd5daa61fb84eaa50c45dce319f
      Size/MD5:  9497864 5539d661906e8d005f2e2ee19424035a
      Size/MD5:   226146 bb920addaf5ad5483988629afb71707f
      Size/MD5:   156102 6c09188800743724360a8078141b004c
      Size/MD5:   251154 32627bfd22e65009f50c211455ee8c42
      Size/MD5:   766992 fe5c59ffeff0561d3d0daa738ce04e69

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   321365 0b1238ff489f2930bdbfc881a7231752
      Size/MD5:     1822 5c371353afb0c3350ceb8382598418f6
      Size/MD5: 47491520 d6ed447e737cbb052f166513e156a8ae

  Architecture independent packages:
      Size/MD5:   242608 05565ed9c74bda7b4f41ce128acf9bf0
      Size/MD5:    58010 1a24dcef7dc9cc4d822950d221dcd7c4
      Size/MD5:    58104 f432e15d5aa015431625a9441cc78294
      Size/MD5:    58114 b767adff28aa5122cb323c5fdaa84bad
      Size/MD5:    58916 d0bb411339d0a2d41c5a70ab39f6408a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 50392344 137bcf1e922a9efe68a372aefa423e7e
      Size/MD5:  3126078 f4503c85765cce9b24fc94b577ca2f83
      Size/MD5:    92506 986e1863081e668472093ae011c220ed
      Size/MD5:    61802 3b8c36461fb77a3e26f6690d0395ebe4
      Size/MD5: 10423124 6ff93cdeb9b83313e2fb1f0d169d9b12
      Size/MD5:   227928 9ec92d7049825f891508bf897b846288
      Size/MD5:   173498 81a4287d647baca18182b5c3ea2a7b52
      Size/MD5:   253138 66162c3ec394e2d69ef509d5d3dadef9
      Size/MD5:   871550 e39e905df4f9baab11e9d5a6f7a3b565

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 49548394 ef9649f02bd881b87a90001715739673
      Size/MD5:  3116646 83aebb511cf991cb4654f8fe0ccaaf54
      Size/MD5:    86122 b835b81677eb81107990de2d3cf359a4
      Size/MD5:    61208 972228d0f8c6ad4018d07f9fdcfa83ad
      Size/MD5:  9229254 1dc5977f11f4edee93acd533bf534a11
      Size/MD5:   227922 96e979d0e88abbf9d686fb53d172007e
      Size/MD5:   162402 37027cb3034de814789448a4a21f411b
      Size/MD5:   253114 be9f781ec25930a782870fc6eb5aa538
      Size/MD5:   795090 750860731b186e1edfe65cb4de0658a8

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 52047388 f3546427d9db1135e45be79894343a49
      Size/MD5:  3128766 e0eb209394a0e712ee5d1966dc7916bc
      Size/MD5:    90012 b94b9a09108120f270517da76ec6f389
      Size/MD5:    62046 d36becc33de4045c2f2dbeb6c64289d1
      Size/MD5: 10300368 cc67e097f8e48deed1eaa440756015d8
      Size/MD5:   227928 8b80d9af30911ed28695a5588889b3f1
      Size/MD5:   179146 8acfc78103e2564dae308249f1c13bf4
      Size/MD5:   253134 5430ca8ed9b673502ddd785839c958d2
      Size/MD5:   880076 12176deddf234d06abeae6f70619beed

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5: 49581610 b95bd1d3ae9b24adbcb33cb178ebeedc
      Size/MD5:  3116042 13c8042824328d7532c1b6c001816cb4
      Size/MD5:    85894 501ad76450f235ff737b04aa4a338075
      Size/MD5:    61276 f08660c4ab2e519dc20906b5f9e0262e
      Size/MD5:  9508164 8912a5edd8eb95f01de39d84d32bf008
      Size/MD5:   227930 e7a4ea59029a82024b8a44b075c5c2ad
      Size/MD5:   161202 48756164c8a0005e5f606d2c3f99f121
      Size/MD5:   253134 bc7ad012e4520853ba30247887e3a73d
      Size/MD5:   785742 f7bce0cd084b04fe505701ec97d17303

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.