Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Firefox vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws in Firefox's character encoding handling. If a user were tricked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-0416)
Ubuntu Security Notice USN-592-1             March 26, 2008
firefox vulnerabilities
CVE-2007-4879, CVE-2008-0416, CVE-2008-1195, CVE-2008-1233,
CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,
CVE-2008-1238, CVE-2008-1240, CVE-2008-1241

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                         1.5.dfsg+

Ubuntu 6.10:

Ubuntu 7.04:

Ubuntu 7.10:

After a standard system upgrade you need to restart firefox to effect
the necessary changes.

Details follow:

Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws
in Firefox's character encoding handling. If a user were tricked into
opening a malicious web page, an attacker could perform cross-site
scripting attacks. (CVE-2008-0416)

Various flaws were discovered in the JavaScript engine. By tricking
a user into opening a malicious web page, an attacker could escalate
privileges within the browser, perform cross-site scripting attacks
and/or execute arbitrary code with the user's privileges.
(CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)

Several problems were discovered in Firefox which could lead to crashes
and memory corruption. If a user were tricked into opening a malicious
web page, an attacker may be able to execute arbitrary code with the
user's privileges. (CVE-2008-1236, CVE-2008-1237)

Gregory Fleischer discovered Firefox did not properly process HTTP
Referrer headers when they were sent with with requests to URLs
containing Basic Authentication credentials with empty usernames. An
attacker could exploit this vulnerability to perform cross-site request
forgery attacks. (CVE-2008-1238)

Peter Brodersen and Alexander Klink reported that default the setting in
Firefox for SSL Client Authentication allowed for users to be tracked
via their client certificate. The default has been changed to prompt
the user each time a website requests a client certificate.

Gregory Fleischer discovered that web content fetched via the jar
protocol could use Java LiveConnect to connect to arbitrary ports on
the user's machine due to improper parsing in the Java plugin. If a
user were tricked into opening malicious web content, an attacker may be
able to access services running on the user's machine. (CVE-2008-1195,

Chris Thomas discovered that Firefox would allow an XUL popup from an
unselected tab to display in front of the selected tab. An attacker
could exploit this behavior to spoof a login prompt and steal the user's
credentials. (CVE-2008-1241)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   178343 4bed05ac329d21464dc5e48371d150d2
      Size/MD5:     1792 15b938b12c9b267611cd28ef71138fcb
      Size/MD5: 45989256 3496e0ebbf3065927a85394617eb857b

  Architecture independent packages:
      Size/MD5:    53292 86959d3ce86d6da7df48d896e9e867a1
      Size/MD5:    52404 e0f6959b5002f0162264e337db49e5c8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 47610368 3ad4b9c7caee6c6e33e8a03c8d12d63a
      Size/MD5:  2863938 23239e074ca6d2b4a627727ad6179fb7
      Size/MD5:    85672 9c241904818c5d3bc37304e22f922fd0
      Size/MD5:  9482510 20181be162c0d95497c16ecfa4fa69a8
      Size/MD5:   222478 1de8f81cd5be47f5cd18320947d3a617
      Size/MD5:   165504 6b7ae2069b9872189b8f7c30344bec8f
      Size/MD5:   247506 80bbefbf6b21ba0d6d753ef04257c6aa
      Size/MD5:   825148 1cf82147b73b2c444a4d6cc03c78daeb
      Size/MD5:   219482 910308b8b1ebf37229b20808271af052

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 44155666 d3eb603b18b9d5682119d3a0b1fbcd19
      Size/MD5:  2863958 9cda86f84e347ae3b66f0b59160d9dc1
      Size/MD5:    78008 dd92a08fd122d59ae09dea1d314aa223
      Size/MD5:  7989102 8ae5010963dc43240708881a81fe39e0
      Size/MD5:   222476 6626af34a079ad20cff3e62cc7407b62
      Size/MD5:   150024 37cb40c77a19065b35d593f97567e433
      Size/MD5:   247478 39b27ed43d467240774b3129c8d69558
      Size/MD5:   716756 61279520824b13c7cf5bdeb3e4cdf873
      Size/MD5:   212886 a1f350612147685ba92a67ad1b8a83c5

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 49004938 aad7d77bc69304c2635767c620899079
      Size/MD5:  2864018 916d544016120ab59bc575c49db8bd24
      Size/MD5:    81118 e464002909185b27051a10e3c5030319
      Size/MD5:  9101300 4a6f6c116ce1d4b9d93c3ce4b36fee3f
      Size/MD5:   222484 3a853a80032186512cbdc6819938256b
      Size/MD5:   162712 f30452d6e1ae31e0944d85358210c2d6
      Size/MD5:   247506 d883bf495437186e11ca2aa6d7df1ef8
      Size/MD5:   815780 d2a9db6b6de1000ac139fdb94706e8ba
      Size/MD5:   216332 e624b5c3f377ed981ec75f0a5ef018e5

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 45561444 d222284679f0295a52e076163bf3b974
      Size/MD5:  2864060 35dda63e217ec799d1c5b6be3728c47d
      Size/MD5:    79578 2e0292624691d1c4731f2ade1b31a278
      Size/MD5:  8487208 a003bdb78469b513e3ce2269dcc709fc
      Size/MD5:   222478 fce59029efcad5a409fe276330fe936d
      Size/MD5:   152604 0234dfbb8eb1c65e6c14e7a87ccd6294
      Size/MD5:   247514 01ba3fdaaa94314375418630372b80d0
      Size/MD5:   727208 5dc958243a9f39fe06fd6ec93c84fbc2
      Size/MD5:   213822 f04033ae32040c831d3dff1896bdcf20

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   321288 843c236a644898704def7abea82f7025
      Size/MD5:     1874 628afe3bb5ee81b4dc7113e07d1ad0e7
      Size/MD5: 44843889 921895bdcefea23f1cb982c37c77051b

  Architecture independent packages:
      Size/MD5:   238070 ab21da79bc9a0713f36d364c78395b43
      Size/MD5:    56840 07ecdc7cd2762ba569c88ae65ef0e7ca
      Size/MD5:    56938 3c492c1d52fcf5cf8588a071cf328bda
      Size/MD5:    56952 43e6dabf86de20526b592628ca3b1dea
      Size/MD5:    57754 79acceffdef90f87669794efb40b28e9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 50576734 8c8a2e5b0d75328b98d003a92063bbba
      Size/MD5:  3181982 49cc5f081411acebdb2eef30ffde9567
      Size/MD5:    91328 204136e9fa4ce05ea25703b640620084
      Size/MD5: 10465354 232b9c43157da23f14a035ed7753330b
      Size/MD5:   226940 069675a33c6e951d3daf236e2168ad20
      Size/MD5:   169308 eae68e57ed75cdb44300a7c8bf7174e1
      Size/MD5:   251950 3f0ec3583b7de4d1a3438aaeff170f04
      Size/MD5:   877612 902bf841d4e984279a2eeb8f6fe6eddf

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 49745464 2d0185eee9a1a94e5aca554416b7fa5d
      Size/MD5:  3172172 90a0677ac63d99bb5feabf9004beb5cb
      Size/MD5:    84962 7a7d1e8ea602a2bea4f467ca14b80dfe
      Size/MD5:  9280172 5fc3509c9c0b3bd6a1cd16e4de5eb27d
      Size/MD5:   226944 09403835cb234ebf4026e624e7006ffa
      Size/MD5:   158914 2959f24120bdd566e2f4238b748d65ec
      Size/MD5:   251986 f5efa2e8ccb56d367aff1fcb3759ae4e
      Size/MD5:   799976 38492a602c388d6883c6620b5710ae3e

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 52267454 98274e5276a74c4ce343a76316e2cf2b
      Size/MD5:  3179198 9ee2f1ebbf72c8082a5fbeaeed3e8710
      Size/MD5:    86826 7a2707990108bf2411f9a69de11e5b44
      Size/MD5: 10126338 1625e2731b31d589d26fba6ab57a14ad
      Size/MD5:   226940 c4ff5f83b1f6b6caa4cee097ff915f21
      Size/MD5:   168020 5938729ed31d2f227c348351654e1293
      Size/MD5:   251980 13b4087e3e62a4c2cb2fb2d0fbb519c5
      Size/MD5:   875912 088bfb084cdaf8ea0e01d7b806a96881

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 49775186 e6e5586e6852f6487ea31d04884e90de
      Size/MD5:  3168462 9427717398804e4a35aec6485bfeaada
      Size/MD5:    84636 0e102d3aeaa6e876657536965c1bc731
      Size/MD5:  9551124 af725de0a488bacdb1a5e1819a596fba
      Size/MD5:   226934 451765524a3b33cf22a1be94a8ba3e10
      Size/MD5:   156892 21b971907dea6e920030ee58d4fed054
      Size/MD5:   251976 255b90ac77111aed9df04c2faadd53a3
      Size/MD5:   782314 a1da1da9e12402f70553362a1e3c27a8

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   314933 f3e69507d41ad11ee63c249ebb6eb167
      Size/MD5:     1860 19bcf5f09aae50ef239c4735599c7721
      Size/MD5: 44843889 921895bdcefea23f1cb982c37c77051b

  Architecture independent packages:
      Size/MD5:   243474 d16f9375c1418afa78323b53cd0300df
      Size/MD5:    58810 f34ed0998b2a4b23b792ac532c3c4ea0
      Size/MD5:    58900 be9697eb7740bec5cec6a31048e7b302
      Size/MD5:    58916 00201bf27be4facea6f7be49ed348a65
      Size/MD5:    59714 447d20a640f806bfa357532c12328c41

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 50585318 89ed6df8f8ca8f9957c4c50cc025929a
      Size/MD5:  3184850 2b1cce9ced6ff4d488601b49a4108b43
      Size/MD5:    92632 89a48a12baa4ca6c1972e44f0254cfa6
      Size/MD5:    62614 9312eeece9d5985b4df221e827aafd2e
      Size/MD5: 10480550 b090af1b87ca2a76efc18ae914695996
      Size/MD5:   228786 ecdc80f5c4fa6b6bccf512da37cb0b7c
      Size/MD5:   174322 fde3243d3067cf3d0d250b131e49d41b
      Size/MD5:   253918 13954390a6ae11d46587cd462681eadf
      Size/MD5:   887252 f95b56e79157e370d544da32cf23a245

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 49738738 e4d81c3601b1e044f80fef078210b74a
      Size/MD5:  3175796 b313af70f01ad4af0a3f83ac048ece67
      Size/MD5:    86846 940d5b01573fa648d00ce4ad1d72d277
      Size/MD5:    62030 9e9468f5176c61486e89e5f747e4b973
      Size/MD5:  9282014 aa7fae05851ff3b1c9039d16820c486c
      Size/MD5:   228788 2f97c82679eb81c38552fd6998d1670e
      Size/MD5:   163204 ed381914ab55288e5092cd51a8bf3f35
      Size/MD5:   253948 72776c46f40b5fe62d97149bd5189941
      Size/MD5:   808830 33796389c5ff7ea4368c06395c0ff5d8

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 52249834 fbcdb9fe1f2947e45c7319d71ff0b2f3
      Size/MD5:  3187672 9582c561e3ea87e62e4c780d3cf56b69
      Size/MD5:    90668 84163b992b41c50f3b11eff5a5efec14
      Size/MD5:    62850 b8d2cab2ddc02cefe1ee339f81a1942c
      Size/MD5: 10355088 ef3b7172ee848c8d8097ef295cf9486b
      Size/MD5:   228786 10804e525c8f5cf8e5f72de68df8c549
      Size/MD5:   179940 72f3f1275df1ee179b81c1d4dcca99d0
      Size/MD5:   253922 e0b61df18d65a893aa87847c3d5a9cec
      Size/MD5:   895702 69d2a33ac9c545c7edf1c7b8082c6b40

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 49766138 d932b2934b14e56dc79275508973d1fe
      Size/MD5:  3174318 73569b1a8d566319d858aadf094e38e5
      Size/MD5:    86532 8eac38d6f94fa4c218b8b62a404d41c1
      Size/MD5:    62086 a9985c277a0f943d217e89000503ee20
      Size/MD5:  9564208 5d731ea27dbb54d1f54d0b4a4cb7c212
      Size/MD5:   228790 7a34217fe56b654a4d0e277e85e44d70
      Size/MD5:   162010 104932c78699df511451a286cfc18e9d
      Size/MD5:   253936 6718643271317f2c13c47f5cfc93d6e1
      Size/MD5:   801164 81c3a88fc37e07b0f4983e818a4d122e

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   193361 9caba82c162e13db34536248f4ddd764
      Size/MD5:     1825 4168f03321ae61deb21f6f77ebfbf2ed
      Size/MD5: 34937554 3fcd8afd1512e9b2cc5a536cce700f78

  Architecture independent packages:
      Size/MD5:   200754 66fef3a8fa00b7a5d34a8cc58e92dc84

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 77972116 b318f0f14179b2059bfcf4f89e35b88e
      Size/MD5:  3195870 d4f484db23ebaf1c86b222fff556c560
      Size/MD5:    98114 74591685bb5e845861f64e52a9046a5a
      Size/MD5:    67126 6b7bf4b518e95803ec795b3082d099ec
      Size/MD5: 10449390 3386e33285d2c226d1364615312a564c

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 77097208 e25db6982d893239e9707bc514de8ca9
      Size/MD5:  3183446 99ba052282d2a1930f4928877e2d65e2
      Size/MD5:    91818 4e2705d1853a71f94bf2db57101c2168
      Size/MD5:    66412 e44c34c48d81b31fc526338d41e83488
      Size/MD5:  9197358 e47ae8e6ddab2571c6f08dcbf063e224

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 80570942 5d2cb48d6072db3b4096c8f42f12b024
      Size/MD5:  3199312 04bf3d2fa8ec0db8a181091816bbfcf9
      Size/MD5:    96150 cd06bbd20e7d257236b4a21974418e07
      Size/MD5:    67414 81b5cd626712d854fc1f79a454490741
      Size/MD5: 10292506 1ed4912293fec9771b9b9ee59da2d21c

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 77948154 d66c203937066aa9775fbd8311d7bf34
      Size/MD5:  3181082 dc917d85d9f97e10fecb2c7299d0d377
      Size/MD5:    91600 33c5072b99a4994b0c67e96b9bd008c3
      Size/MD5:    66484 51dd6bb1d3ec112ebb2032747e9da6d5
      Size/MD5:  9441806 638bd86c61468fefbe6b2ef489ebef32

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.6 (GNU/Linux)



--==============%14941093241013845=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

ubuntu-security-announce mailing list
Modify settings or unsubscribe at:

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.