Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Firefox vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2007-3734,
Ubuntu Security Notice USN-490-1              July 19, 2007
firefox vulnerabilities
CVE-2007-3089, CVE-2007-3285, CVE-2007-3656, CVE-2007-3734,
CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                       1.5.dfsg+

Ubuntu 6.10:

Ubuntu 7.04:

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Details follow:

Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-3734,

Flaws were discovered in the JavaScript methods addEventListener and
setTimeout which could be used to inject script into another site in
violation of the browser's same-origin policy.  A malicious web site
could exploit this to modify the contents, or steal confidential data
(such as passwords), of other web pages. (CVE-2007-3736)

Ronen Zilberman and Michal Zalewski discovered timing attacks in the
JavaScript engine's use of about:blank frames.  A malicious web site
could exploit this to modify the contents, or steal confidential data
(such as passwords), of other web pages. (CVE-2007-3089)

A flaw was discovered in the JavaScript event handling code.  By tricking
a user into opening a malicious web page, an attacker could execute
arbitrary code with the user's privileges. (CVE-2007-3737)

Ronald van den Heetkamp discovered that filename URLs including an encoded
null byte could confuse the extension matching code.  By tricking a user
into opening a malicious web page, an attacker could execute arbitrary
helper programs. (CVE-2007-3285)

Michal Zalewski discovered flaws in the same-origin handling of cached
"wyciwyg://" documents.  A malicious web site could exploit this to
modify the contents, or steal confidential data (such as passwords),
of other web pages. (CVE-2007-3656)

Various flaws were discovered in the XPCNativeWrapper method. By tricking
a user into opening a malicious web page, an attacker could execute
arbitrary code with the user's privileges. (CVE-2007-3738).

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   176482 585a1724008ab588acd527ff00bd48eb
      Size/MD5:     1791 4f8c8171fd899e4634352f67c751b8be
      Size/MD5: 45308190 fff06e9b9d0b560adfc702a7ee812eb9

  Architecture independent packages:
      Size/MD5:    50860 ed0cfa5afdae5e26943ee43c41775026
      Size/MD5:    51750 df983f138cdf6d7defa9d64bc977c3a3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 47541112 2d61afba766cdc4251a8b63c5474bd94
      Size/MD5:  2850274 6b196684cf62be0cc5ccba8c0e35912a
      Size/MD5:   216658 cad73219aaf95388aab6c18acf404123
      Size/MD5:    84242 0c3f6f133a22d123c764d99ed75c3736
      Size/MD5:  9463036 1afcd742ae2f8635ea6712e62b6bd70c
      Size/MD5:   220352 2baf827a6ae0fb670bff1e749d567e53
      Size/MD5:   163920 efa23a70f57841384ff76c64534033da
      Size/MD5:   245954 27b85855edfc73e8fc67e46d6f9d48e5
      Size/MD5:   823598 0b85e1a459afc38cc4af8889444b53d5

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 44100198 c68b5d6ab9a2fb9984e0baf8413d8a95
      Size/MD5:  2850326 4e33d2d8647c6362bd92df4deefe0752
      Size/MD5:   209846 1f48857d2195df9733e75bd9885f4bca
      Size/MD5:    76580 211b37482b8a7413db15011e54df1c72
      Size/MD5:  7969208 1f3536f950a5f24265a58b9736b74e0f
      Size/MD5:   220342 e07237b637147a254ddfd9fea09d085d
      Size/MD5:   148478 af3172bdbc4de6e9bcda6d842e4dba12
      Size/MD5:   245924 0de71eb0201d3cb69197d9407d2a9c8f
      Size/MD5:   715162 2fdcb62302d21214e0df89b06dabecc4

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 48929312 299f7e24493b8613630048acae269352
      Size/MD5:  2850304 3eee41aeaf057015e7849bfeee29c0aa
      Size/MD5:   213350 8593ec1460efa81dd75725200c1404c9
      Size/MD5:    79684 67ee2bc60c7810a66451feefdd894926
      Size/MD5:  9079674 5d0ac3b894928ecdc0c674e195dcffda
      Size/MD5:   220352 790ada5a498d747cc6e8b621b3a3715d
      Size/MD5:   161160 81eb81f387d3086db12f2633326164fa
      Size/MD5:   245930 6e9ef714de71584c3ae3d0923ac2852c
      Size/MD5:   814224 332cea3562bb0babc0facb8582e3b857

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5: 45499210 779df0d2c8aec9ca7958811df9f55207
      Size/MD5:  2850298 55c603c8f2abc1cf1de68b982ed2642e
      Size/MD5:   210800 4099869f9db29ef16979239562b46f82
      Size/MD5:    78182 f4dc689c5b92f33a69e49ab1b2bb7a87
      Size/MD5:  8467856 4c7c5e7a2c980f9ea893d61c694da3c1
      Size/MD5:   220356 ce2bfe470e531b41063da792b07e4d9f
      Size/MD5:   151060 bde06407ab5c0bc359c2eeb84eb6d1d0
      Size/MD5:   245950 75f9fb08c48b2020fb979e48693dbf2e
      Size/MD5:   725678 2b7b6aeffad553907d79eb17ed527d35

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   320967 da60bd2eb0dd6dc6d20d66dcd1cab670
      Size/MD5:     1856 9df40d557a1493af1e375e4dc24c84a8
      Size/MD5: 46824450 d2134acbe260d9bfc7e1e9993fa9eb8b

  Architecture independent packages:
      Size/MD5:   237358 16ee6d610d47491ae233aba1484f5266
      Size/MD5:    56152 88e9ed225edf7c8514f061574f4649c1
      Size/MD5:    56250 cb7caeaca0090fc913b166ec4d8bae58
      Size/MD5:    56260 0a259bba41162633d717d396af6ea4ae
      Size/MD5:    57060 d229ec678969e27df2f04dd40effbb2c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 50485542 1c73ea44de92154adec804a90e2f18af
      Size/MD5:  3176034 40003f622453c7647ae4c6df36b56905
      Size/MD5:    90662 96fb23440a2f83273be65da904684bc4
      Size/MD5: 10438854 3ddb7e97713580345ffd8a3c493f1d34
      Size/MD5:   226236 3b14369752924f8b34f38be921dd8f48
      Size/MD5:   168622 ce9288b25f07a4b2ec4ae5b6846f6aaa
      Size/MD5:   251256 09507566d2af73c402daedb42febbde0
      Size/MD5:   872488 f15a7663f72d378feb62e81e9b3e6b56

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 49630262 311591b730585de63ab6281f157b36ec
      Size/MD5:  3164538 d8b92e7e41541ec98de40cd4842134b0
      Size/MD5:    84376 e5cb9d691113510b9cf18b5fb3439384
      Size/MD5:  9258940 67083bad9970d5734aefcc6bba3afdd1
      Size/MD5:   226240 28a55f23ff5c10c1490b1bdc3b56d504
      Size/MD5:   158212 c4284c4ba74d68a152ba474ef7e73997
      Size/MD5:   251228 e0e7b4e7df99ef4bfc5c305c59914742
      Size/MD5:   794592 f62045b9594297a4e170fef381baf845

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 52163778 f134ae65b860d2cec054a8befc2129a6
      Size/MD5:  3172150 d2436b4e2a73d0aa500321ec8983ddcb
      Size/MD5:    86286 b6382903d4dd8407477f44d700d7bd8c
      Size/MD5: 10104742 343797cdff1bc37a669fd4f5f5584d8d
      Size/MD5:   226238 42ea73f8cd1bb4d50561d350e27e1742
      Size/MD5:   167294 409ca4133fa214f7deee99eaba4b129d
      Size/MD5:   251234 a0092a3a9761a0b50e3d29938ae0edc4
      Size/MD5:   870196 5d31a2ff70cad50c819cfbe3e92a497a

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5: 49678594 e55527fdfbd33b236da76e7af4894b5c
      Size/MD5:  3163082 3a8d9dfcd47af6e9903d2ef3d73c5d23
      Size/MD5:    84160 5582bc098bbd342f1d13598ea578ec2e
      Size/MD5:  9531594 563f438e93e97f494488fdd72e1d281f
      Size/MD5:   226250 a83b2bd27f610b4bb40d8777052639fd
      Size/MD5:   156200 cd2209c797a4165e6d33c34e10acf58e
      Size/MD5:   251224 708416acf23846dcad9f8b0b73de000c
      Size/MD5:   776344 b616654db487b6d62f708832efafd37e

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   314429 4c2b1b5f37cfd74c9db3ff518c00213a
      Size/MD5:     1822 75ef5e1aa1c4b12e9acfc2c7e1b81b12
      Size/MD5: 47542900 4f60b3e7c3a177d42769b91b40deee20

  Architecture independent packages:
      Size/MD5:   242670 0b08cd08e59b7065b76ecac577176a6e
      Size/MD5:    58076 22e37ce2c594e59ad92a42bcde9acfb2
      Size/MD5:    58176 7fb62d62dd9f81815d8246aca822d57f
      Size/MD5:    58188 79d01a00bf890af1cd4c60730f6b26ae
      Size/MD5:    58990 7b476c83e21b4532608192a9ae1e41c7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 50487660 27e7ad68b96c18d9d61b54c553013244
      Size/MD5:  3179228 7817eede334025dc6f31fdcaa5289790
      Size/MD5:    92608 4d896458f102abd01553bb2595677d6b
      Size/MD5:    61878 30f8dcef423a7adca3056befa7f2cb79
      Size/MD5: 10458882 e933f78e3113ed8a373f91cf6ebd3d1b
      Size/MD5:   228018 3a9a0943daaa083081a1b82950251c19
      Size/MD5:   173566 4772d01d3adc69c55a41109f92033db4
      Size/MD5:   253210 71dce3ce5b7b590411f1d384814b6c1c
      Size/MD5:   880184 13dd0a1b2d911039d70b0731e2920b1f

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 49625922 ed02cd3fbfd722cb92c0e78f142625c6
      Size/MD5:  3168076 ba70aaede411846660ce3445e8bd42a5
      Size/MD5:    86214 dba6c280de5ade0719a336acc5563476
      Size/MD5:    61280 87fad56b4a9d58a19814e2f69f665343
      Size/MD5:  9261802 76a1dd67ed985ac46dd85fa3fe0b5d25
      Size/MD5:   228012 28bd883f4874d535cc04a7f1549becf1
      Size/MD5:   162488 65f931d129e29c5fc7d7ec28951ad871
      Size/MD5:   253208 b964bcc55bf7194af80d73e897b64582
      Size/MD5:   801582 4a9b28be9ef2b234e6e855dbd470c8a7

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 52142590 0be63bb4b01f64e73ccd80c7db581037
      Size/MD5:  3181940 a8b833418e053b10e6fd47cc122d321d
      Size/MD5:    90112 2824817df963f121868e36726f800588
      Size/MD5:    62120 4ec2d484a3275092050ecd8a344488ed
      Size/MD5: 10335034 00b2ecbc9642805a72bd787be755d8a4
      Size/MD5:   228012 3bdc13616deedff227c7c8ea49e5aea5
      Size/MD5:   179210 ceef2949474ea884cd9deddbbc26340b
      Size/MD5:   253218 c0df96d5b759d23b9c6e72fb9299ae15
      Size/MD5:   889778 cbbee45bb0f365f1572b0672b1f2ff1f

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5: 49667204 5b98fbb242d366332fea0e79dfed8bed
      Size/MD5:  3166592 96c496e14946abcd08f3faed98b8dfb2
      Size/MD5:    86032 2b0d502d377c90fe15fc79b9737521a3
      Size/MD5:    61350 680d6847abd94ab41ea4d5fa93b60a60
      Size/MD5:  9540120 3b89a12c94be3deb217de6ec37919ca3
      Size/MD5:   228034 a9d7effd6cf79fda580aafdfba4ef955
      Size/MD5:   161282 c3d57b23b9d7b8f08c5357477e0b2234
      Size/MD5:   253230 55116d227c6352eefde1c51888a6d64c
      Size/MD5:   795360 bcc537652e589bb4efaa40ef1aeb1aba

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.