Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Firefox regression Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Gregory Fleischer discovered that it was possible to use JavaScript to manipulate Firefox's Referer header. A malicious web site could exploit this to conduct cross-site request forgeries against sites that relied only on Referer headers for protection from such attacks. (CVE-2007-5960)
Ubuntu Security Notice USN-546-2          December 04, 2007
firefox regression

A security issue affects the following Ubuntu releases:

Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:

Ubuntu 7.04:

Ubuntu 7.10:

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Details follow:

USN-546-1 fixed vulnerabilities in Firefox. The upstream update included
a faulty patch which caused the drawImage method of the canvas element to
fail.  This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that Firefox incorrectly associated redirected sites
 as the origin of "jar:" contents. A malicious web site could exploit this
 to modify or steal confidential data (such as passwords) from other web
 sites. (CVE-2007-5947)
 Various flaws were discovered in the layout and JavaScript engines. By
 tricking a user into opening a malicious web page, an attacker could
 execute arbitrary code with the user's privileges. (CVE-2007-5959)
 Gregory Fleischer discovered that it was possible to use JavaScript to
 manipulate Firefox's Referer header.  A malicious web site could exploit
 this to conduct cross-site request forgeries against sites that relied
 only on Referer headers for protection from such attacks. (CVE-2007-5960)

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   320952 8250d87dfbb4c7fb182a3d9d907a640f
      Size/MD5:     1874 63110f2bdcefe502315b17d7f99463eb
      Size/MD5: 44854248 59727bd78e1e2e5285ad495643a8c679

  Architecture independent packages:
      Size/MD5:   237584 f0a0f95b51582f6313d34dde515f6022
      Size/MD5:    56386 bcecbddc0db2db283635a3b288458333
      Size/MD5:    56482 9343150dfd1fb4a22a1aff81e71e7b92
      Size/MD5:    56492 cc92e69717452919c99ddda4715cf63c
      Size/MD5:    57294 3ae2406b986078ad7149853c40ab73c9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 50521182 55aa3f98deb428648466dff20372c61f
      Size/MD5:  3178188 21b85f630e244bbd6a5beff8659473e0
      Size/MD5:    90862 6b47fc101cf94e7706b6908d77db3eb7
      Size/MD5: 10450908 4bb8e1302d8954828f5c1849137fc18b
      Size/MD5:   226496 0e3fb01baa7af6f362dcbcf716b3d51a
      Size/MD5:   168868 f19315d09da09d0cdb1045edb60eb0f6
      Size/MD5:   251530 5ce0bf97661e753683ce857d0ca6bf77
      Size/MD5:   872732 e51ad0fbd00d3d760dfbf91e55e09dd7

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 49678950 b731dd58ef86a67509a7eeba766c900e
      Size/MD5:  3167512 d4555bff768ab062fa80827d0a44b372
      Size/MD5:    84512 bedf6b188c556ebcb293d71fac25fc1c
      Size/MD5:  9269320 3aebff0469d7d9adc0e98e552a9e9f40
      Size/MD5:   226488 5b5ca2116f85dd28f3eb5eb73b2a8f16
      Size/MD5:   158460 cbf4fe26413da01450a011d2bccd72ca
      Size/MD5:   251522 79a32edbfd79077bab75a3d4c3038e98
      Size/MD5:   794818 c000b33d6dc505108506ee45c048f32f

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 52208852 7849ccd50975a29fd12f442788c64063
      Size/MD5:  3175458 772b8cf8aaa3686854243266691a849b
      Size/MD5:    86382 c08c5a3ce2ce8c9b33e02acbfdc3f051
      Size/MD5: 10115048 d6b936461b55ac08be9f1d0acb7523a5
      Size/MD5:   226496 d867c36c822ba7a9651aea8122ea8054
      Size/MD5:   167554 273826fb907eb5b3ce818e762de9f7fc
      Size/MD5:   251512 49e6e3b4094dd513f476a27493472567
      Size/MD5:   870456 3e0786e77473a2c6b78cfc3126a8d488

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 49716744 8765b3293d16bc550a6dd389061cc3a9
      Size/MD5:  3165218 42c109ef8277b4154e7c113ba5d3d0fb
      Size/MD5:    84178 ac222a0f8d9e47f69057e410571ef33f
      Size/MD5:  9542474 d3f8b2a1ff3ac4d6292ecd346dbf4f09
      Size/MD5:   226496 9705e3f2e4b816e8d8549e9e44dcbcd0
      Size/MD5:   156432 d624432b5d9492c1a8fc503dc7d0114d
      Size/MD5:   251532 eb47d7215fa06cb947f1da7ec0a4a363
      Size/MD5:   776610 be94727aa1108221558f141ef844a23c

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   314514 78b7228f82d37a4f471232e2edd339ea
      Size/MD5:     1860 c69b313f300b5644a4873b6ab89f3ad2
      Size/MD5: 44854248 a43dd58b7b6dd56131f7db4b411739ed

  Architecture independent packages:
      Size/MD5:   243038 c5450ae05cf3db416c2e03fc9dd3add8
      Size/MD5:    58360 ac4e127698bdca8dc7646f5ab4988df8
      Size/MD5:    58456 b751b5c0ac7989a6e15db9735618768a
      Size/MD5:    58464 879dc023daa0e9627a0317b9d13fbdd9
      Size/MD5:    59270 fa5f505b136bccd432d1b3d5f0b7ef18

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 50525626 5bc92dc74676a2a9e7fde5d19d4f2ba4
      Size/MD5:  3181476 8ea836942bedc8030a51b0ecfa4dbcb6
      Size/MD5:    92184 b630e458caee931c61fc92a62a4326ba
      Size/MD5:    62160 7aff96bc490d5280c5613bdf36a685b1
      Size/MD5: 10465592 383123e6281096519d182e7794f21672
      Size/MD5:   228304 c0450b89dc977ee47b02e81055f2f8d5
      Size/MD5:   173846 5dffb27bdb0bf2552197da84bdaeb674
      Size/MD5:   253488 9fdf82b7237bf4df81fff479fe955a1d
      Size/MD5:   880480 f8f5eca81c65c4f819da5e6c7ff7b4eb

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 49673880 291edc56e6d1a6679884529eaa818eac
      Size/MD5:  3171744 88a7cf270e9494fcdd37623a11bddc2c
      Size/MD5:    86398 3e9af61af4bf23980df08f480511d252
      Size/MD5:    61574 4a97c0ec643c2513d245196383e5785c
      Size/MD5:  9274248 a25bb8171285a714f995705d63aca076
      Size/MD5:   228310 f324e38856c29f795fc7396dfcb5024e
      Size/MD5:   162766 decb1481c37618626408d00914d45816
      Size/MD5:   253488 dac1ff0478d551cd56bab932b9446d16
      Size/MD5:   801864 4600ed0c662e4084fecb480457330e6a

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 52183516 829215a4a469dfe5229a0af920fdf839
      Size/MD5:  3184272 0d7bac81c45b3e1deb37caeb9771e742
      Size/MD5:    90208 ed02e43e1527dbf561d1e5a1888e6548
      Size/MD5:    62410 7fd0bfd6c17bad749036a41114b433cc
      Size/MD5: 10344256 41d5a51dff246a23f96ced60f5827727
      Size/MD5:   228304 a720546e6f52dff87725f1296ab208e9
      Size/MD5:   179488 3c1b143bfd507faab657af270a3a20d8
      Size/MD5:   253490 001e374b392e6255ebd46c5b63af4e95
      Size/MD5:   890054 3902fd154817c75889e9ed3ff8c7979c

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 49709456 6cf0280427d815a565728d4a368c5b71
      Size/MD5:  3169790 f4f5cc72d05911c078b1a6b40210d2f9
      Size/MD5:    86086 745f2978abc98f1071224c8c61501cc5
      Size/MD5:    61632 6bf8ab72b5ea960b97528fc2e9e68b0e
      Size/MD5:  9551248 b7cf3cd44881fbd0769c21442697d021
      Size/MD5:   228298 cb542e6491b6d16c07a07003a4a4e4c3
      Size/MD5:   161566 ff0b82ff46f1e5ccffa45e920bdea4d5
      Size/MD5:   253466 b600f88117b3352f401c7ece6d1a8ea6
      Size/MD5:   795626 b39a5a4716bc2e8710d8d305c8900e6b

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   193340 d1e4083b92826fcd6118af5ef7fe817f
      Size/MD5:     1825 2c7628dda6ed9e5ad3884cbd6e259b6e
      Size/MD5: 34977207 2561d704488ac7b8dfb677e9e67298dd

  Architecture independent packages:
      Size/MD5:   200244 867345a0b9b8e645def0ad5336d6dbf1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 77906382 64658284c8093fad2fda64a12bcb4617
      Size/MD5:  3191930 0f70f268532e005e8c91838ffb7cd6ee
      Size/MD5:    97646 ed4d987259ecb0bc87b98b3499e3778f
      Size/MD5:    66646 e28d07c1813982bf5dd98023a4f652a4
      Size/MD5: 10435322 6c1aca38a8db7b0c064d1e6f10358f2c

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 77039234 ea3b67cdee8f2aa10a2461d387cdef2f
      Size/MD5:  3179910 71d769907c92ffa90f7ab43f7253972e
      Size/MD5:    91352 541c6ff2c54349f74b2f89f7d48b9b52
      Size/MD5:    65944 68ece59cfffa607f11cdecdafc9e953d
      Size/MD5:  9184670 71aa20c61601afd9652e0901b41f96b0

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 80501294 9cffab64539b82be99926b093d417e76
      Size/MD5:  3195312 87baabb935243d3ea7a6ebb2033913c9
      Size/MD5:    95676 ee55ee151a2f5eae00d2cd8695fd055f
      Size/MD5:    66858 e82be6a14d87590fa19c045a2514076a
      Size/MD5: 10279696 e5a7b106941f46c079fc52df9fae2807

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 77872318 67e77c43463b6f126a8bba91cc98274f
      Size/MD5:  3177486 ef13adc32d4d6427109094b791a75274
      Size/MD5:    91112 1ec3e63a302946fe6cccdb595149f7bb
      Size/MD5:    66016 57a5884577cbc2725f2c02330c54a18b
      Size/MD5:  9430716 c7eef7899d066ce778baafde6b364ead

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.