Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Firefox vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Various flaws were discovered in the browser and JavaScript engine. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-0412, CVE-2008-0413)
Ubuntu Security Notice USN-576-1          February 08, 2008
firefox vulnerabilities
CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415,
CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419,
CVE-2008-0420, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593,

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                         1.5.dfsg+

Ubuntu 6.10:

Ubuntu 7.04:

Ubuntu 7.10:

After a standard system upgrade you need to restart firefox to effect
the necessary changes.

Details follow:

Various flaws were discovered in the browser and JavaScript engine.
By tricking a user into opening a malicious web page, an attacker
could execute arbitrary code with the user's privileges.
(CVE-2008-0412, CVE-2008-0413)

Flaws were discovered in the file upload form control. A malicious
website could force arbitrary files from the user's computer to be
uploaded without consent. (CVE-2008-0414)

Various flaws were discovered in the JavaScript engine. By tricking
a user into opening a malicious web page, an attacker could escalate
privileges within the browser, perform cross-site scripting attacks
and/or execute arbitrary code with the user's privileges. (CVE-2008-0415)

Various flaws were discovered in character encoding handling. If a
user were ticked into opening a malicious web page, an attacker
could perform cross-site scripting attacks. (CVE-2008-0416)

Justin Dolske discovered a flaw in the password saving mechanism. By
tricking a user into opening a malicious web page, an attacker could
corrupt the user's stored passwords. (CVE-2008-0417)

Gerry Eisenhaur discovered that the chrome URI scheme did not properly
guard against directory traversal. Under certain circumstances, an
attacker may be able to load files or steal session data. Ubuntu is
not vulnerable in the default installation. (CVE-2008-0418)

David Bloom discovered flaws in the way images are treated by the
browser. A malicious website could exploit this to steal the user's
history information, crash the browser and/or possibly execute
arbitrary code with the user's privileges. (CVE-2008-0419)

Flaws were discovered in the BMP decoder. By tricking a user into
opening a specially crafted BMP file, an attacker could obtain
sensitive information. (CVE-2008-0420)

Michal Zalewski discovered flaws with timer-enabled security dialogs.
A malicious website could force the user to confirm a security dialog
without explicit consent. (CVE-2008-0591)

It was discovered that Firefox mishandled locally saved plain text
files. By tricking a user into saving a specially crafted text file,
an attacker could prevent the browser from displaying local files
with a .txt extension. (CVE-2008-0592)

Martin Straka discovered flaws in stylesheet handling after a 302
redirect. By tricking a user into opening a malicious web page, an
attacker could obtain sensitive URL parameters. (CVE-2008-0593)

Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery
warning dialog wasn't displayed under certain circumstances. A
malicious website could exploit this to conduct phishing attacks
against the user. (CVE-2008-0594)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   178154 2cf6b393f77f5b872ffac9f05901d86e
      Size/MD5:     1792 25c9c6c7c68cd2ffb437ff3c235ccf5b
      Size/MD5: 48567134 5f38febe80dd0965ea410ac190a99a79

  Architecture independent packages:
      Size/MD5:    53122 9b8108791fa1acc6a8cd36174d7e004f
      Size/MD5:    52236 39ada1e6aeb7b51289c70c71d0f8031e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 47575618 166e66c75fe45216b3ed03b2017ad9f9
      Size/MD5:  2863920 c4fb4492c9c0d33c5ee1ebaa90822add
      Size/MD5:    85508 22e0f29c67b28b7f268d13c47ff21b18
      Size/MD5:  9477254 da7188d3d1a255f46d703b7f9f4af558
      Size/MD5:   222308 66948fa52f626e2e94c277582dd9b419
      Size/MD5:   165292 f14d66384255da7196da5786244d7636
      Size/MD5:   247344 915feb3274a401c8cf7a026c6bcef55d
      Size/MD5:   824986 ee41c39f0dc78dcb269e2c849d7a959b
      Size/MD5:   219314 6ff861dde457e29b7d78cb0b485cc892

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 44132276 7d2488c56e8fc420b7d4b8741842a8d2
      Size/MD5:  2863958 3e65d51503bf4220df6523ad788250c0
      Size/MD5:    77834 58eaaaa178b0775221215bcbc18eb618
      Size/MD5:  7986002 634c8d5dc00d42acac3319a6d8484401
      Size/MD5:   222308 84d7212ebc789c76cbe907c1600a77e6
      Size/MD5:   149850 9373d8373c10536f85d13a5a176889e3
      Size/MD5:   247320 9ae55bba5c7cbe340db54c567fca6158
      Size/MD5:   716594 5e6581e7b8f83755ee6182dc522a16d9
      Size/MD5:   212712 42d4658e91e8dcab0cdc85b0da6ec700

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 48978594 143d1dd5a6ce245fc55c5083749aaecc
      Size/MD5:  2864070 9c399a5d23e6338f5d663606a3c1fe6e
      Size/MD5:    80948 c11c970fa9e3c95a2c7e28be5978d7ca
      Size/MD5:  9097372 a1865d328a9fa56f46ae4fb1bd6757d9
      Size/MD5:   222306 76bc431137ce8c72c4d097c15af86785
      Size/MD5:   162552 309fd0bb01d24a983e187fe50da1e8ea
      Size/MD5:   247346 d6d3ea02f9c3dd500d308215caa50fa8
      Size/MD5:   815602 c939dd4eb7d5e514b86fb6756c3258c5
      Size/MD5:   216154 f4f8d3b69f847ddfd238a8fbef952953

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 45531866 273486483a76cc366c7f22d50a8e1585
      Size/MD5:  2864002 48d560e88b2a92576e1a4ee592297ce6
      Size/MD5:    79414 70c392f787204334116e9ce76f546a46
      Size/MD5:  8483442 3562cacfdf57585c037b651be2860162
      Size/MD5:   222310 6435f1625def65ad5cb1a9732ae035b4
      Size/MD5:   152438 79cc70393fa4b75cac01405f3bdaa830
      Size/MD5:   247346 530a4597f2708ddd246845dcd9948eaf
      Size/MD5:   727040 f954f2d179c4477caf4ac860dee0a3ee
      Size/MD5:   213662 57bd9a62025696c9ac01aeb2c499004a

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   321397 4a12ea7d4aff45a651e7169df59b66d1
      Size/MD5:     1880 d07152222f3bbbd54702964e6c484e5c
      Size/MD5: 44800182 38c678dd75c578424a1c18876dd074c4

  Architecture independent packages:
      Size/MD5:   238002 ac7bdaa151b30f01a44f46e65c8096d8
      Size/MD5:    56822 b9a0587c020e3e1ff251db1da16a3360
      Size/MD5:    56922 736209d00ed7a493ad632a595dc3e23e
      Size/MD5:    56934 65a72a74cd45970e0fdea2eacf97a19f
      Size/MD5:    57734 08259cf76e7911a1643f9dd34a5946e0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 50541330 aedaa6323fe786ac93a0361712fe2eef
      Size/MD5:  3181304 9de420a7be03b4f2dc7877d51d86641a
      Size/MD5:    91280 77851caa28f9541474c579b2fcb58de8
      Size/MD5: 10459390 b794e9dca1f5985ac8f2de5e3021d04d
      Size/MD5:   226904 e1401fba7056cfed7bfb5c402c773223
      Size/MD5:   169286 ef4c54634455afec2b88618fee46b330
      Size/MD5:   251926 e8596b001554965f3a84a517c7eabdb7
      Size/MD5:   873158 3674842461178bb2118cd634d5ab50a5

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 49700122 488b37255f93579b4aa3d091438f0b07
      Size/MD5:  3171304 e30a5b8ffac759624c9cec382cf076aa
      Size/MD5:    84944 53061af8afe191476af93f7fd822c879
      Size/MD5:  9275526 b79a270c10e7b0a53409ee7d2c47a958
      Size/MD5:   226916 a70250bb5ca1ee549b8fd855ba0aac8b
      Size/MD5:   158884 6b82381a44eb2d3a7fca63772f299cb0
      Size/MD5:   251926 1475d73a2829eb9fd9d996b739386152
      Size/MD5:   795256 e1f9c6278da78da5a15316fcaad8878b

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 52219576 c0aca4abff7994ed57feedd4b9fad3c6
      Size/MD5:  3178480 51d9d70a821af1b86a0dbe3f1047b695
      Size/MD5:    86810 d20daf80fe21dd441e76544d436b5a97
      Size/MD5: 10120398 d9da66873e77ae9b151806369ea79999
      Size/MD5:   226904 7f5b533329fa758c7119737c3c2932b6
      Size/MD5:   167982 cf663fffe8e0cc731518ad9c2b927353
      Size/MD5:   251958 af430564abd104b1a0d74c6601f9da21
      Size/MD5:   870874 310fadfe6f3678646ddb0eb6905891ae

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 49730348 02a7529d1ce21e8c80c1eacab37d32e9
      Size/MD5:  3167800 8540b1e6b3ed43155da0aabe6e9b9646
      Size/MD5:    84614 00db1446c0b00efd811f50d924dd5298
      Size/MD5:  9546592 3258e1fbd28f510545f4083d1c4286ca
      Size/MD5:   226908 ec859ea978ee4faad18198557bd0b93a
      Size/MD5:   156870 a08586da831b5189bb86b5613457be8c
      Size/MD5:   251942 154e0e0a90641ca61d02229f909c9afe
      Size/MD5:   777010 15935c9b003f9246bee54b84150c87c1

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   314990 26d843966dfcd15d09732da370613437
      Size/MD5:     1866 65a8df8593e51c9bd75384019fed4578
      Size/MD5: 44800182 be1a3be614b123a5f65ef0631cc3ba57

  Architecture independent packages:
      Size/MD5:   243402 da8caba52c3c82557d4821d770299ecc
      Size/MD5:    58762 45baf9be97557e8b91d2943ca6ba41e6
      Size/MD5:    58856 42d6160c4ce8fdb5bf9a37293aa53b1c
      Size/MD5:    58870 9dd7670172ef63a5c95a8e0d0b3b2b96
      Size/MD5:    59670 492308cc265c713ffddb255884c4e504

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 50542618 2ca3b30b33b3b999071a16abf8bcd13c
      Size/MD5:  3184070 271fa86786f418711a313712877eea98
      Size/MD5:    92594 5143ea4adbda306600aee9af86ce77fe
      Size/MD5:    62572 a4e2e6b0064c79138f3b2bfa91ac97d1
      Size/MD5: 10471176 175a2d6fa77654b739398a2a9d1d03ac
      Size/MD5:   228738 30a1385156baa2a9f24b78c129412f18
      Size/MD5:   174270 3849519034a0821095cd70f444507d99
      Size/MD5:   253900 7b383ef692d89ab55dae43836b2fdd0a
      Size/MD5:   880882 8ba385f8afc6037a95707fcb7b23b46d

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 49691234 29f617919ad489ca52ee6b81f01c5cbd
      Size/MD5:  3174990 188a68b01767bc4cca87d3d25337e017
      Size/MD5:    86790 1e73455e05a6171cc71210f322db025f
      Size/MD5:    61972 35aeae2f74e57deddf75cc940927b666
      Size/MD5:  9276348 4801d027bd0a419209a7192eb6b2e5b0
      Size/MD5:   228752 70786d226354b7dfe928f8a627faf0e9
      Size/MD5:   163166 9a04fc6540e7b8adf3fb170cadec304d
      Size/MD5:   253906 fc119126017f04c5b56c3d6f34afdc72
      Size/MD5:   802282 348a087da1e50abdcc82ab5e540e9f0b

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 52204680 048216fdda7b51cc351f5282152dae0a
      Size/MD5:  3186926 b6bbe9c19c9f915cff028058a9703485
      Size/MD5:    90636 60db1e12e8d6324c854217356713ed9a
      Size/MD5:    62806 ae3c6db90b09e7343a43bb2d2506776a
      Size/MD5: 10350504 084e73de7223b081b0a34c4f05cd8e5e
      Size/MD5:   228746 a19d7edc4e883b4325a65679a4b53f2b
      Size/MD5:   179910 2ed7a05241f477e018235dadeaa0a180
      Size/MD5:   253906 2d7306a969e66f7ba62020ec9683c5d2
      Size/MD5:   890490 0611974c638cc23f8bb0e64dd5fb1204

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 49727862 0b04e498c69841fba2fb44c0026b9360
      Size/MD5:  3173504 a3e8070e87df04e2e1178793a3c28ebb
      Size/MD5:    86486 e4e8c5fa9661d7f2883a64c9c913955a
      Size/MD5:    62030 b8cba7f28f9ad581adb2952b0cd27778
      Size/MD5:  9557480 d914a1f143d06130139ebbaf299a998a
      Size/MD5:   228734 0b7a1e9e9c4e8e4dd30faa51715b9b3a
      Size/MD5:   161968 6d1e3b53500017050fcd6ad5f797a34c
      Size/MD5:   253912 e997d59184566bb92afd170e3d6e16ae
      Size/MD5:   796038 b7db09f4ad1a2271524d745c807eec0e

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   192967 f613f26149f995bb2d90897640751c55
      Size/MD5:     1831 10cc37e4a7a8b1ef9913c4336e139e34
      Size/MD5: 34952512 361be132e02f7583555fdb5909138bdf

  Architecture independent packages:
      Size/MD5:   200720 e85d0d26bbba30c7cf1acd8539d4ce5d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 77918994 5e5b6abb9c51f6f991f1270f9fac5c7b
      Size/MD5:  3195186 0ea7fd2d7e532bdc5676988b36643cc7
      Size/MD5:    98086 ab6e4e54dfb6700e405f5a4004e5f817
      Size/MD5:    67082 ff21fe32334e31142459446bf7f7aad7
      Size/MD5: 10442880 36de6e6c9f3f34f5eea1b88abce14c6a

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 77067198 da3fb93ae70ee78f63495d8ebfe5a356
      Size/MD5:  3182764 fb3bbf088ecea048f3f163a2ba7aa84d
      Size/MD5:    91770 4384731b32d52be25ff6e419bf2ec269
      Size/MD5:    66370 3d301f5fe0766f685ac0cad7766af38b
      Size/MD5:  9189236 7a8f9a6523ed805b0edb42d9f688fbbc

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 80531802 0e94eeb3d506799508eb354f7a067b52
      Size/MD5:  3198570 31ca5d436b1510aeb40d98da1e80b6ba
      Size/MD5:    96114 e30b3fc0ee76304c61b36ae059510ba0
      Size/MD5:    67356 6374a01034d982e01e973cd6544f7c5c
      Size/MD5: 10285072 40e7d114d1f2adba2d8be70f40acbfbe

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 77899398 bf815b834944a0a8097c79ae2da6f188
      Size/MD5:  3180268 90be06ecf15c876086c03c5910d2e575
      Size/MD5:    91548 33215f4ce2e598f29cde37ab518b555e
      Size/MD5:    66446 9db9ae28f9b571e27a524f087e8e0f31
      Size/MD5:  9436014 697d38db0d9a9d1718fe94aacf3f2abb

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.