Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Firefox vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges.
Ubuntu Security Notice USN-493-1              July 31, 2007
firefox vulnerabilities
CVE-2007-3844, CVE-2007-3845

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                        1.5.dfsg+

Ubuntu 6.10:

Ubuntu 7.04:

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Details follow:

A flaw was discovered in handling of "about:blank" windows used by
addons.  A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.

Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs.  In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges.  (CVE-2007-3845)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   176676 605716b6ee30c64a3358fad3d2a6d90c
      Size/MD5:     1791 7883be65fde934a623bb617f2b5b2590
      Size/MD5: 45422310 c011af0658ff41fcb9b042ba80060c7e

  Architecture independent packages:
      Size/MD5:    50902 2bae940aa01ceb04bb99937e58d076fe
      Size/MD5:    51788 f96a622cdc03fc665d5e15d4e3c97239

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 47541488 6a450957b686e4ce7e6f679053b475cf
      Size/MD5:  2850640 ed2f2ba77df8dd927da79f8ce96963ea
      Size/MD5:   216794 3b654afcdaa8d65c10151e07bfb4ff45
      Size/MD5:    84268 9ad591d7d347639b5a687e8bc0516089
      Size/MD5:  9463732 1a7f4ac8613ed846b738d94e06fb651a
      Size/MD5:   220374 aa86ed4974252bcc2399fe0efcf22991
      Size/MD5:   163954 f34061867a445241e5d86ec1544b4308
      Size/MD5:   245980 ea3df13591f386c33a13a54171037351
      Size/MD5:   823634 0d2e9233877a1840652bcd2e2a55a4ff

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 44100732 c65c852c0d60a60b467a19c39aca6622
      Size/MD5:  2850614 bc712912c644bf081901843b71c424a0
      Size/MD5:   210036 9297df409f55836d2b122c71f442b581
      Size/MD5:    76624 57eb3e2801e9649d8925414a5d43c30e
      Size/MD5:  7969960 2f0d5b508799a333d796fe3bf30743f9
      Size/MD5:   220372 a8b50cccccc7ca8fe02c72f29a54bb3b
      Size/MD5:   148518 f38fc5cd7fcfb9185218ad2153912e98
      Size/MD5:   245980 c8d0642d2893f08975dfb84c426e55b1
      Size/MD5:   715212 c89666d86b8c341c67e05674c6444104

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 48930224 dc4a6389dc0f46d606f716d2152a8023
      Size/MD5:  2850756 9418a8538075ee263269b62ab7143d65
      Size/MD5:   213510 6cfb97eb698241f0d32994212d85362d
      Size/MD5:    79718 3e2e76451abc04792eb32e169667a01e
      Size/MD5:  9080096 e0dbb0656023d38cf89726c91e17bf26
      Size/MD5:   220378 ac98529aeb1c5ef3aef3bc67639b5521
      Size/MD5:   161190 70014b3aa0c1c09b2ebbf6393ad7c21b
      Size/MD5:   245996 e2d05a0a83d3e56512e43232d935c175
      Size/MD5:   814272 ffc78b76af39aa743b93e9415a972569

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5: 45499088 7ab946e2158679832aa029292c10f9f5
      Size/MD5:  2850700 96be8bb7befa3f6d985959a2c4e9690f
      Size/MD5:   210970 360a3689107a62fe5ee4a6b9510d43c6
      Size/MD5:    78222 c23d26fc3adeb46198e029f0c9823833
      Size/MD5:  8468320 90f489d7ed7d45c598791560b424949b
      Size/MD5:   220366 60c67869a65a5dc7d7c303fa4a489e99
      Size/MD5:   151092 e6e3b4ec7920aee6ba0ac40cc889442b
      Size/MD5:   245996 35f1c0b82e2dae876bfb0b609321f674
      Size/MD5:   725712 cffb62f142c18da21ea36a55fe5d65da

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   320987 78209cf5c868a537d92e1fd2538c9e0f
      Size/MD5:     1856 e742c954405ca1e1293cce7a34261a66
      Size/MD5: 46849854 93bb23cff12e9be8f1ddd6e49dc6d17f

  Architecture independent packages:
      Size/MD5:   237390 1222f7cfa8b8b90415f7de9f67f57ebe
      Size/MD5:    56176 aee7c1dc277cf9c91dd5b7c6362f644a
      Size/MD5:    56270 1e4fc29446ce218ae5590673460e29a8
      Size/MD5:    56286 5c623f866f632df25f4ff629b87cfd65
      Size/MD5:    57084 e85335a72eb28de63365c6325e51e222

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 50486050 a6a5b11f8921da42ea2bc353b6c1ce74
      Size/MD5:  3176164 ce748181040c8f66b897210dd466b63b
      Size/MD5:    90688 e1895ff229bea5f51d45648011bce4e3
      Size/MD5: 10439292 3b155dbd52f17e26c32955344d66783b
      Size/MD5:   226286 834aa246ad8a395422f6781bbe1c43b1
      Size/MD5:   168640 7810d0264cc7e946283db4a022e114ac
      Size/MD5:   251312 688ebfa0a54c22b98857e23ff1e4bb7a
      Size/MD5:   872526 dbac55beda09b0d659be96f0614fc47f

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 49631292 4c9f803771395246fe93a753fc288553
      Size/MD5:  3164666 5d4459416b74ecaeecffb45388d5f28d
      Size/MD5:    84400 82e076d1ec88832d01fa7e517122187e
      Size/MD5:  9258654 84626896ae4fd0be35bf711e4fe56252
      Size/MD5:   226284 2a0f68328be648101f18edec7929c2c9
      Size/MD5:   158236 3c27ede111ba00bb7b08b633696a5075
      Size/MD5:   251306 54a64334dff6067a636484f87eace17e
      Size/MD5:   794606 d16920422e81d8e239e1f6dd18e77588

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 52164606 859920f2a8e7710f4defedd539e25468
      Size/MD5:  3172214 acd91d52ac3f95881543c5d97a7b32c5
      Size/MD5:    86320 dfd2df4061d32a42204c002a05ce127d
      Size/MD5: 10105018 ca23b08ed55b21430a06fe547480e983
      Size/MD5:   226288 cfdf6dea00c4269393afd4da1ac8b953
      Size/MD5:   167332 751e8812d5c79dcc913201f3a22244f1
      Size/MD5:   251304 f9021021b4b537f320b5f3854165f114
      Size/MD5:   870246 5e7d51cdf124f438b09041c732b2f59c

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5: 49679010 1e7ca9855e58d7bd43984347a6f61577
      Size/MD5:  3163098 50a4a2400c9f60782af3dddccfae3ece
      Size/MD5:    84184 ba69741a98b40d4f79cbe5a20678481a
      Size/MD5:  9532574 9127f4b9af0188a7f2b9049739dc31e1
      Size/MD5:   226276 95af2379dcc6705c039976b4fcaf56aa
      Size/MD5:   156224 695b10634198a01b83e6e4c475fae639
      Size/MD5:   251318 8f6be18e408ab8c2eb86de575ea591f2
      Size/MD5:   776426 7338878818a73767ef50313f6b64a7a1

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   314453 b3fb29ca9264b419b6e45f7f08ba253f
      Size/MD5:     1822 2ee69c817b3d24f809a32d8f554c801e
      Size/MD5: 47558021 4c6b879f90d458c910fbe6157581eba4

  Architecture independent packages:
      Size/MD5:   242726 c41eb6e4e78fd542a5cdbfaedf878fb0
      Size/MD5:    58134 89f8013127009d284465a83fa9dd897c
      Size/MD5:    58228 ba9acff2cb03e0c1d24394fecd9a9b8c
      Size/MD5:    58244 ea8c302643a9d50ca24ba70ba1f0de0d
      Size/MD5:    59042 4d7cfc249e1f07e392bc10d12aef8e55

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 50490242 c7008e3f2626db82c29af9ab28d37dc3
      Size/MD5:  3179224 a9c7ecaaef2afb567dd1715d296d1f64
      Size/MD5:    92634 08d4ecd71b33561d3c94dbe52a7de250
      Size/MD5:    61928 9c32fdb2fe24f9706d819e64525412cc
      Size/MD5: 10459298 4e392ff3a9725a6d9385e54a8b76cc03
      Size/MD5:   228076 29a45219af2defe63b881daf236c8238
      Size/MD5:   173620 aa69920306cc07a8dd3954f001b77f81
      Size/MD5:   253266 2ee400770ba29d820fd426ac8d14ad6a
      Size/MD5:   880244 9da1cde178e13c0483e02a71224e0f41

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 49633936 deb2db134f776c9cf0fb490d2b8bed86
      Size/MD5:  3168268 35845eff8132cffdeb2328481177ec77
      Size/MD5:    86252 ec05c606dcb938a2ea07ed4d09b057ed
      Size/MD5:    61334 f5317950ee40f285b93bf1415aa9436e
      Size/MD5:  9262840 9c5830b23b6ab7584aaf295667d1b53c
      Size/MD5:   228076 b15a44caa0625f8ef2e84a9d09190a0e
      Size/MD5:   162528 4f85c0c25a5db618ecef35654514d28b
      Size/MD5:   253258 408854c52814d80a7aa31bfae7e04194
      Size/MD5:   801638 1f903d7afc6bfc0d90aba2fdae6d6e22

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 52143822 2b94877c603775b08235fdbaac1a0de7
      Size/MD5:  3182062 bde0860d657071224a669fb46514fb2c
      Size/MD5:    90160 8c3d0e200c87f826cb89c5c586f8ea9b
      Size/MD5:    62166 c8fa17c4a2837193acd23a831e50d22c
      Size/MD5: 10335364 808d8ecbbf1cecea44ca1b786a5a1e1a
      Size/MD5:   228076 42a26158d057884c4784938c37e103db
      Size/MD5:   179258 ee807a10a1c3b000d1ad200c45646df6
      Size/MD5:   253250 cad978e3825a488f5d623dde9c56229a
      Size/MD5:   889834 228dbe7f4dcb758087baa3e085ae645a

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5: 49672394 e51745c2b45ee6957f87cd88953c8fe5
      Size/MD5:  3166766 d8f736b53f4316932099ebcd71c85de0
      Size/MD5:    86078 0a4ffa512d083b50495ada16799cc051
      Size/MD5:    61380 471c4b2be4c33597c33a7505b081b363
      Size/MD5:  9540612 06457240dc20779ced90e2480b3ec1b8
      Size/MD5:   228074 b6f7cd04fd5b377e6102624801b0277c
      Size/MD5:   161316 5aa1d19fc8884c042920548787cc3da4
      Size/MD5:   253260 5f2d404f82372119dd93b2c45c45f030
      Size/MD5:   795410 56094e1282e466c07407b8899d880275

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.