Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Firefox vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2007-5336, CVE-2007-5339, CVE-2007-5340)
Ubuntu Security Notice USN-535-1           October 23, 2007
firefox vulnerabilities
CVE-2006-2894, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511,
CVE-2007-5334, CVE-2007-5335, CVE-2007-5336, CVE-2007-5337,
CVE-2007-5338, CVE-2007-5339, CVE-2007-5340

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                         1.5.dfsg+

Ubuntu 6.10:

Ubuntu 7.04:

Ubuntu 7.10:

After a standard system upgrade you need to restart Firefox to affect
the necessary changes.

Details follow:

Various flaws were discovered in the layout and JavaScript engines.
By tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-5336,
CVE-2007-5339, CVE-2007-5340)

Michal Zalewski discovered that the onUnload event handlers were
incorrectly able to access information outside the old page content.
A malicious web site could exploit this to modify the contents, or steal
confidential data (such as passwords), of the next loaded web page.

Stefano Di Paola discovered that Firefox did not correctly request
Digest Authentications.  A malicious web site could exploit this to
inject arbitrary HTTP headers or perform session splitting attacks
against proxies. (CVE-2007-2292)

Flaws were discovered in the file upload form control.  By tricking
a user into opening a malicious web page, an attacker could force
arbitrary files from the user's computer to be uploaded without their
consent. (CVE-2006-2894, CVE-2007-3511)

Eli Friedman discovered that XUL could be used to hide a window's
titlebar.  A malicious web site could exploit this to enhance their
attempts at creating phishing web sites. (CVE-2007-5334)

Georgi Guninski discovered that Firefox would allow file-system based
web pages to access additional files.  By tricking a user into opening
a malicious web page from a gnome-vfs location, an attacker could steal
arbitrary files from the user's computer. (CVE-2007-5337)

It was discovered that the XPCNativeWrappers were not safe in
certain situations.  By tricking a user into opening a malicious
web page, an attacker could run arbitrary JavaScript with the user's
privileges. (CVE-2007-5338)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   177650 1e6b9ea70815fd61ca0981e00ba6b4bf
      Size/MD5:     1794 9a5194822dd56d0cd88291bb8fdd5147
      Size/MD5: 46787289 8f9aaa57f7e5998681424fbb27e7dc49

  Architecture independent packages:
      Size/MD5:    52166 16046be210967e1a3a8f5dc01ee7c282
      Size/MD5:    51278 5075fc23be00315cce8aeb03b728f687

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 47557374 c649d9aeb451d19e3234a8a3d5a0f699
      Size/MD5:  2859822 016d600e478e4f9f4be767bb1ebe0420
      Size/MD5:    84528 c4153c2a0eff1c405d122deb84336e1d
      Size/MD5:  9475608 c5d7d46933320861a6c41c091fc20456
      Size/MD5:   221326 2217fa5656fc5960ebddc6d604a09336
      Size/MD5:   164326 f94b649cd56e030035d47b22faaf749a
      Size/MD5:   246340 3dc7ccad080c82b3cf8278d0e37860a9
      Size/MD5:   823996 74bf29a983642c410d4e4b0779f23895
      Size/MD5:   218338 aacf8b8111e25d5234e8d719f59a81fd

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 44107124 34d05437090031b89e4628c0f64f4d23
      Size/MD5:  2859844 577053aae7cb3c6fe2fb2d3417b2c2fa
      Size/MD5:    76868 93e9cadc69ba35041f7d78bdb2b8b129
      Size/MD5:  7978966 512b67586ec9df6e641b0b1b88047d2f
      Size/MD5:   221326 9c8db2ff4f2d72fa004a8c1f2751cccc
      Size/MD5:   148886 d313fcee381237f8cb3550fc988fb17d
      Size/MD5:   246340 28e59794078a9c8d5a4d3173be329d7e
      Size/MD5:   715562 35cc2293c67d56765699b0f2ec61d653
      Size/MD5:   211736 54a2bd438d87f1917e53ea60a4b5fdd4

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 48953720 afb0a9182f8463edc7f37d4476bf46f4
      Size/MD5:  2859828 2d7350f3c4447362216bf75930b0a232
      Size/MD5:    79972 e29c58c76922a415e6643b94b6393947
      Size/MD5:  9089830 067e7c304ba21df6ec668d323a518f2e
      Size/MD5:   221334 670aae10cb48dc6118c73314c8fe8a47
      Size/MD5:   161546 6df51b9203ba228bcdc2af66c4aecd11
      Size/MD5:   246354 38e6f9a191e7b2e9cddf1622e84daeca
      Size/MD5:   814630 9dba8412055da9d5d314ca9460efb082
      Size/MD5:   215180 1c369bf00c65e59f9b91d3398c50a172

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 45511488 a1cad37035da7907edc05a619ed7a8b3
      Size/MD5:  2859850 11041b48c34f12c50a7b8ca7b93d4509
      Size/MD5:    78442 cbb74ad28c44cc76608210eb4275a4ac
      Size/MD5:  8477324 eb63bf829f8dc37c0d0cb379277f880d
      Size/MD5:   221324 d8973b4be6ee9bc886244ceb90b02bb6
      Size/MD5:   151456 dcd1c93bb6f864b7a64539085fd66ded
      Size/MD5:   246324 031ea79f3e19b0356a96c961c7087541
      Size/MD5:   726064 8349b0ab4730f55896f31948524a8f2c
      Size/MD5:   212692 6fdffdf2c7bb0effecd8b50944a94de3

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   321229 a4f5b5535d696d6859a862f2f0a8fb8d
      Size/MD5:     1856 c349e26d7447eafab04205f6deaa26a4
      Size/MD5: 44176971 0d68d04792b33fd57b6a723ba0fe709a

  Architecture independent packages:
      Size/MD5:   237482 aed34a90e2326b3f049f181e0673e285
      Size/MD5:    56292 36277e7881af239384933fc06f49de99
      Size/MD5:    56392 8af65a81181939bf0e7d368c215056fb
      Size/MD5:    56404 c0aca0dc5d9d0bd42b9159bc8e8ef53c
      Size/MD5:    57204 3c2b9b2c95172cad21e082dc1ede5599

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 50508334 ae35a013a047b62f91fad34453d9f03c
      Size/MD5:  3176912 325cbfcc4f3deddbbbbd1cd4cb34082c
      Size/MD5:    90760 d5ccb3bf82e0380dd85b793d02ed3033
      Size/MD5: 10445288 044b20d39c2ea7962ff9a8a3e44aa141
      Size/MD5:   226382 a12c577d6cbb4e5b7b589c872ae2e7f5
      Size/MD5:   168756 b89eefdbebb10f4b0dfb1477be5b2fe4
      Size/MD5:   251370 6bee72fc440c6311d0c86d4534ff117c
      Size/MD5:   872650 9b8af45e135e01aaafca567c4fde0121

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 49656564 bdf1af25855b966f50872140c6e6fd3a
      Size/MD5:  3165910 9c19b8f16b249dbe0c95b15cff042015
      Size/MD5:    84412 02f68cc16ec1a273b790069de3812837
      Size/MD5:  9263840 14993564ccf62a66dfb39d49aef559e5
      Size/MD5:   226386 58d07a57b372eefc0d181404583a59d9
      Size/MD5:   158360 743273a6dde8b8c5db12cbd6e07c56e1
      Size/MD5:   251394 70cb94fba8ca50a622263eeedba68cb2
      Size/MD5:   794726 0d2c28b70564f6ce28bacf5b06bd5a97

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 52192608 b2202451e36eb7757ed0b93a5480cefe
      Size/MD5:  3173592 ed36c0f3d9368a2d9a13e4f8cf99c6f4
      Size/MD5:    86288 b3d495d044ff34d4fff7e1c64a76eb7f
      Size/MD5: 10110160 ce0ce7c93b5e8673e1f1441614c3c12c
      Size/MD5:   226382 4868582de054998c83c3eb205ea2e52b
      Size/MD5:   167450 9229ddecb080e48357e75214cbfb223c
      Size/MD5:   251400 364683c32bdae600a66ac86ebfd6c021
      Size/MD5:   870350 d2c26d9bef3979ca5fb6f8030cc23c03

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 49708092 cf81220243bf357413cfad89d3ede75c
      Size/MD5:  3164042 5d7db0af6103f84719316fad5c9be47e
      Size/MD5:    84088 ba919c293ddab6cf641b75515cf05686
      Size/MD5:  9540856 bf083b88465f3b286ddf9d98cc87df19
      Size/MD5:   226388 43a151920fedd0e892a2dc31723bbc49
      Size/MD5:   156344 a4aa570e0e8f0ca9755d4f6d0fdbc0d2
      Size/MD5:   251394 369ff634bfb1d8357c61ab495075c510
      Size/MD5:   776502 aaa0c529156b5f05c43222d0cfcdcb1f

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   288591 a261f9d05ed988f8149c19c2d0a63845
      Size/MD5:     1849 2f2fac5955b56f2e824f83a50e069532
      Size/MD5: 44871674 2b6da117f573fce93a1dbf4c4042f679

  Architecture independent packages:
      Size/MD5:   242896 06f5d29f5fe456001cd4c40393a8755a
      Size/MD5:    58248 ee815dcc5a10c06e24fe6c37b0bb3ea1
      Size/MD5:    58342 a3d0d94c497445b66d90572b503f6406
      Size/MD5:    58354 34a118942c5a9463f327f976eb988b80
      Size/MD5:    59160 b570b0285112e9149d3a57dad80b936f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 50514100 1e9b33754f6a6af26ff27ec5d9736f35
      Size/MD5:  3180250 f549eabab7d8580c763cd24e3fcef3af
      Size/MD5:    92070 614782fc9bfb0d6f19b96e90b8e46c66
      Size/MD5:    62042 f2d9917b0814e808e5e4f1edfbf08666
      Size/MD5: 10465046 f5cfb9e98ceacc01abb8260a4efdca22
      Size/MD5:   228178 5f05234c1ff1b72cb874eb42bbb50f0a
      Size/MD5:   173742 988eda9211c09caa973c6347c98e1663
      Size/MD5:   253314 bd57b2e384a8b3a8f146ba80fcf37c8f
      Size/MD5:   880366 710d4a87bf9e315cbe392ff5c1f4eca5

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 49659034 4108280474e2c79428ba999f9616721b
      Size/MD5:  3169792 d8dd11abc22199a790162946b6d032ca
      Size/MD5:    86276 b650511479651092c4feb76c17c65ee4
      Size/MD5:    61454 69ecee78a45d9e25af00ad0eecad174f
      Size/MD5:  9272264 179811c9e0b4aad190ff1f2256cc3977
      Size/MD5:   228170 32e6c6d6a5b30d5808873d0da13cf239
      Size/MD5:   162646 7b906486fc8d59234d418f9e4fb7f779
      Size/MD5:   253348 fac182cfbcfebe841a57ee728cbbfc96
      Size/MD5:   801748 3fa930d7f119e93fdcf6c5cdbba17390

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 52171062 550e360b32e424cc2156e53f387a2b61
      Size/MD5:  3183052 b661ac01ba175789879d7480788357e7
      Size/MD5:    90102 3652d8da5a8561e3e040d1c97e365cea
      Size/MD5:    62282 df5ff422a8a4f824e2719f6af3ac92e0
      Size/MD5: 10342330 35bd77ffbc6027807a180553939f364f
      Size/MD5:   228184 0f6ea032f937947cf0679a302271bb8f
      Size/MD5:   179372 8993a4742094bd5283dc3b2ed458a9b0
      Size/MD5:   253364 477ff7db7ab758aa2e4f0ed9aaf17288
      Size/MD5:   889942 f24125bc2da1eba05f7d4f36403fd00b

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 49702662 4729103db4ab56446f4fcbe74c5e234e
      Size/MD5:  3167978 7db2ccdc3b3b24bfafc21d2443e69e73
      Size/MD5:    85966 c6377a96af734aba1300005c1b96ab65
      Size/MD5:    61514 3dd35e13231fca3c6ec7ab977e2e43f1
      Size/MD5:  9548582 e52b6c3f4a4b6a3c900600e0c8f437e4
      Size/MD5:   228176 15a1c7d56eba7afe51678dbf61c41408
      Size/MD5:   161442 12554c642671598d59ed8c4b3421b411
      Size/MD5:   253326 9bcd13b7bc7d7865ee2159392c2fc1ee
      Size/MD5:   795512 a9d130185467a25c1781ca4e3fab9272

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   185835 e71a36efa48a39005abe690abd47c1cd
      Size/MD5:     1812 2016a63d2908f2d0550fd7e25000a091
      Size/MD5: 35004562 24d2d3d8d15def92aee2972d6d5bac16

  Architecture independent packages:
      Size/MD5:   199984 07c4855c3b6a3a521e2a752a3e90e70e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 77875912 1656b4c09298416d40f5c35ed17d0b52
      Size/MD5:  3189888 9ca6c10dffa56b6aa4794ed89067651b
      Size/MD5:    97364 f30485cbaede2cd31e0639659766ed67
      Size/MD5:    66384 1dbd3ae1c06a262addab039e494f3c83
      Size/MD5: 10432536 34ac9b7b74acbdb22a22aac05a579441

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 77018430 148d19be63b964e99ee1f2338b7e8c09
      Size/MD5:  3178014 9eaf945ec4821d3315951392b281b340
      Size/MD5:    91060 92d70a0d816af8abbf55ba59fb40e9ae
      Size/MD5:    65676 177fe5b60f86c1e4f4741d2abbad3b22
      Size/MD5:  9182540 85ea859709f95d1d36f2d24e0d6d13e9

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 80483356 ebadc89c28c9f347fde2f86600862750
      Size/MD5:  3193132 c72f25b3fc8426d4096e8f143890dfc7
      Size/MD5:    95396 370495719f1963c236930a32b2589405
      Size/MD5:    66588 7d60a7f59213edcd6eec317ca9f73c9e
      Size/MD5: 10277202 6df4992ccc93ce8e42f3610c2ef9a1c0

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 77856856 63b4432bde2f68387daeba926fb3d9ad
      Size/MD5:  3175700 2c25a10dcb14046bd8e53480c68b7be5
      Size/MD5:    90814 81989a68c643aa3793251f60cc039556
      Size/MD5:    65748 c0fefad61a3f270bed9c4c2d06172ea1
      Size/MD5:  9428532 ff2d301708557a9b0b83401f5ab0d588

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.