Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Firefox vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Various flaws were discovered in the browser engine. By tricking a user into opening a malicious web page, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2798, CVE-2008-2799)
Ubuntu Security Notice USN-619-1              July 02, 2008
firefox vulnerabilities
CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801,
CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2806,
CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810,

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                         1.5.dfsg+

Ubuntu 7.04:

Ubuntu 7.10:

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Details follow:

Various flaws were discovered in the browser engine. By tricking
a user into opening a malicious web page, an attacker could cause
a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the
program. (CVE-2008-2798, CVE-2008-2799)

Several problems were discovered in the JavaScript engine. If a
user were tricked into opening a malicious web page, an attacker
could perform cross-site scripting attacks. (CVE-2008-2800)

Collin Jackson discovered various flaws in the JavaScript engine
which allowed JavaScript to be injected into signed JAR files. If
a user were tricked into opening malicious web content, an
attacker may be able to execute arbitrary code with the privileges
of a different website or link content within the JAR file to an
attacker-controlled JavaScript file. (CVE-2008-2801)

It was discovered that Firefox would allow non-privileged XUL
documents to load chrome scripts from the fastload file. This
could allow an attacker to execute arbitrary JavaScript code with
chrome privileges. (CVE-2008-2802)

A flaw was discovered in Firefox that allowed overwriting trusted
objects via mozIJSSubScriptLoader.loadSubScript(). If a user were
tricked into opening a malicious web page, an attacker could
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-2803)

Claudio Santambrogio discovered a vulnerability in Firefox which
could lead to stealing of arbitrary files. If a user were tricked
into opening malicious content, an attacker could force the browser
into uploading local files to the remote server. (CVE-2008-2805)

Gregory Fleischer discovered a flaw in Java LiveConnect. An attacker
could exploit this to bypass the same-origin policy and create
arbitrary socket connections to other domains. (CVE-2008-2806)

Daniel Glazman found that an improperly encoded .properties file
in an add-on can result in uninitialized memory being used. If
a user were tricked into installing a malicious add-on, the
browser may be able to see data from other programs.

Masahiro Yamada discovered that Firefox did not properly sanitize
file URLs in directory listings, resulting in files from directory
listings being opened in unintended ways or not being able to be
opened by the browser at all. (CVE-2008-2808)

John G. Myers discovered a weakness in the trust model used by
Firefox regarding alternate names on self-signed certificates. If
a user were tricked into accepting a certificate containing
alternate name entries, an attacker could impersonate another
server. (CVE-2008-2809)

A flaw was discovered in the way Firefox opened URL files. If a user
were tricked into opening a bookmark to a malicious web page, the
page could potentially read from local files on the user's computer.

A vulnerability was discovered in the block reflow code of Firefox.
This vulnerability could be used by an attacker to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2008-2811)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   178465 555be79fadaec3dbe6467f9b07e58a33
      Size/MD5:     1156 12b3c9c93624d0636b1999bb076a4f04
      Size/MD5: 46649317 5f471b387fb508342ee6feaf13bef0ef

  Architecture independent packages:
      Size/MD5:    53392 fadd8096c4f2a7aba95bca64c702a3df
      Size/MD5:    52502 2a0814339a45213c263d5be797e90d17

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 47631018 353761ca872d4c3b30ab0da2ebd0e4c4
      Size/MD5:  2857612 1edf737f7de184fddad3bd52ff565a09
      Size/MD5:    85794 9eed693c2f22028bbfca48183871a6d1
      Size/MD5:  9485396 5bcd954da3b95453fb40b9e57cba61f2
      Size/MD5:   222088 0383888aa9d2bcfac30f3a5e7130a90d
      Size/MD5:   165606 f0dcfea398b5f8e0bedad9a2568f178f
      Size/MD5:   247604 cc07e4a502c8a4e106d460c995dcd00d
      Size/MD5:   825272 958ec3b985dd4f80e76bbd8e683ceca6
      Size/MD5:   218312 c3a813f2384f2340cdf1359ba9886280

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 44176266 8c3dad7066a8112e1a844d72bdd4677b
      Size/MD5:  2857614 67b087abcfad2910ad4e4665659887df
      Size/MD5:    78104 eb7e30f9afb0ddd7be10f86b30158776
      Size/MD5:  7990736 6d3225d6b9fb91bb80b7ce3c6bf98821
      Size/MD5:   222074 d25799f7207fb94d2f4bc0b787137d35
      Size/MD5:   150094 37c932bf0810c779e99be8d59c66c8bf
      Size/MD5:   247578 3032e3dba84a337686f93de81b448bda
      Size/MD5:   716862 3dea2b38a5356ef6011e088309b3780c
      Size/MD5:   211516 74fcf2d7d9323e88fcf1d00391d42022

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 49021298 1018117974b9d940f13b67f4455487f5
      Size/MD5:  2857658 323883e64579ca01ea2e94bd3c582a6e
      Size/MD5:    81226 8a08dc6223120f55dc27868ce95e13e2
      Size/MD5:  9104582 7254f446ee8eeb4501267dbe05d87398
      Size/MD5:   222090 e3c2905b8089a40c80ed7daacc374832
      Size/MD5:   162812 ed733d65aefc4376e1bcd9009944a815
      Size/MD5:   247608 cdf0244cf4f9c1a8d6916e0456204f66
      Size/MD5:   815874 0ad8681b309758570be1cb0e1d545d95
      Size/MD5:   215012 f4baf842ed8b8f919a2bac549b8924e3

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 45577288 0b6c5ab441ee954f81b828cd3c8c4aab
      Size/MD5:  2857710 5ee3a2d948c6c49aad20a6c7c8203afa
      Size/MD5:    79688 e9f710ea29500741a186c6071b31ed6f
      Size/MD5:  8488606 1162d5cb31f3cce528dcda4feb295607
      Size/MD5:   222094 27fc4ca2dd30ef38351d1ba456f2bc00
      Size/MD5:   152706 29085a3e043b18144abfa1c757a40b78
      Size/MD5:   247592 ad46ad5c7e21689ea205fbd5939a440c
      Size/MD5:   727318 596d2d793086498e4077e70a00b34da5
      Size/MD5:   212466 e24de9effd9cede6b1c0951d634e129b

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   314849 7c070836265cf8aabe1bfef4215198cf
      Size/MD5:     1224 4b83295a1f8683361862c04cb701389c
      Size/MD5: 48622119 b79f810df400c94ff5c9726b1920ce2d

  Architecture independent packages:
      Size/MD5:   243526 8b2a97df9058941dd805c7a7c5b832e8
      Size/MD5:    58870 3985c983eb55ca1fb074ab905838109b
      Size/MD5:    58968 d7085239b5519dd6a031d79287b9dc1f
      Size/MD5:    58976 5295e96f46aeb67690ae6a012e4b58f2
      Size/MD5:    59778 39490eeb9d587cb032606c926dd0cb70

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 50651918 ffb4d840e826ab7d93a8fee099995fc8
      Size/MD5:  3186110 065b21cf769f95b6a4c54a45eca68b0e
      Size/MD5:    92688 1909d98aca246f219ccbe722879c61aa
      Size/MD5:    62684 31f0bf3db936d2c3d88dcf31130b406e
      Size/MD5: 10486520 662aa1a55a9c9126f00e161acaa06143
      Size/MD5:   228846 c06d95261a00257c1d585281a6ba31d7
      Size/MD5:   174366 bed6cb9c880507b290faf0332db1717c
      Size/MD5:   254936 e113790e50610566ddf6c1c94f964b3e
      Size/MD5:   888168 0fe2f646e715adcc0f3e75253c331bb6

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 49787920 b63b40a508cb5bfbbf53059be10d8391
      Size/MD5:  3177264 9f821bade8d63783a367f82328673d87
      Size/MD5:    86906 b9c62c2432f49db6b851b8dc807da17d
      Size/MD5:    62092 e674ecd502eacda834368c557e1b6143
      Size/MD5:  9294592 79e1b6e99dbce290cd56ba6755dc881d
      Size/MD5:   228854 5fdbf6bd20f86f70797316b36ab4d173
      Size/MD5:   163288 b78c777702f3df4f0ebea2ebe63ce6d6
      Size/MD5:   254924 3465792dc109b728a78d6ffb29f53376
      Size/MD5:   809578 4b2310f5cb97c4e296180cb40756a894

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 52298392 2b28d6ee19d84e536245eb95d0a8a909
      Size/MD5:  3188938 7018bb95c07c6aaa97cde7b972a20166
      Size/MD5:    90740 bc84e90a93fb5b7b9f20d67c86c03a2e
      Size/MD5:    62926 e57644c65aea1a4f90f523353bf1e5b1
      Size/MD5: 10365110 3c0dfb58abb3d0efa6735f4cc98d7b20
      Size/MD5:   228860 3ba05d40bcb2a5f81c1b109015c4784a
      Size/MD5:   180002 733154c484aa8048529f64e366d8cb29
      Size/MD5:   254952 ced3de59adae121b57919d85ef2ee7c8
      Size/MD5:   896026 c822eb94fd5cebae2c49ffd3afcfaef4

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 49823786 e4c4ad5e13abfc980dcb8845170a6066
      Size/MD5:  3175916 2736c2ab5c8fe48c0f2bfc670237f7d3
      Size/MD5:    86592 9794cd53ceaab43313006dc928090ca6
      Size/MD5:    62138 c4d4d60255fa8a232436103ecbbe8d26
      Size/MD5:  9571186 d2d4086ccfe3d59683645a431822f0f4
      Size/MD5:   228848 a3b0b8cf03b5ccd5da1e4bfe4debde7e
      Size/MD5:   162076 6264a5f87b7d8492afbeec02f14a97fe
      Size/MD5:   254936 ba67be4782a972a18fe465fca598b34b
      Size/MD5:   801408 074ce0ac99fbfe8467768644edc25dad

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   193549 3df61e6e5dda06822772c81f55a5e09c
      Size/MD5:     1189 e474d538b042590c54cf779317c127be
      Size/MD5: 37810765 e123b1b65f4ed97980590928f961c5f2

  Architecture independent packages:
      Size/MD5:   200814 973c84088bba9fe7619562607649ae91

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 78049446 ff9b6ef4ff7e676de1e7631bf7cb8a3d
      Size/MD5:  3197256 c69ca60dc08dc4dd83b53df27cbd7f32
      Size/MD5:    98146 cb5365397df1022104b9c9d8de5b6409
      Size/MD5:    67152 1b33bdeb31a95455a4ea0a6024cc76e1
      Size/MD5: 10460276 7b2bf1c6f2e685e09d1e5dd937a380b4

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 77181324 f27d2a52d29eb953a2a2b2e72251ecfe
      Size/MD5:  3184840 e58f0f841248dbdc40513724ddaa84cf
      Size/MD5:    91840 87c455efc0df2403f962b0df9d4e6177
      Size/MD5:    66434 2bf2dc0e8a6333c58577db96edd98e35
      Size/MD5:  9203290 7e0ebb7384bd4b504bff560e370291a5

  lpia architecture (Low Power Intel Architecture):
      Size/MD5: 77460616 71b471e86aa5c6e2eac09a3251b80d94
      Size/MD5:  3182378 d90bfbae7b9743aeb4d592f517361c90
      Size/MD5:    91500 97848bd89ef94ffc7bd095185fe508f0
      Size/MD5:    66380 8dd93b124088314c1449195ce8201f6c
      Size/MD5:  9062590 4850c76f7d1e1c6ca9658863ac77e15f

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 80664386 0d6ef7225c028ede3092d9f86af0d736
      Size/MD5:  3200788 05c74bf9d2ee0d0407c41a83651ea0a4
      Size/MD5:    96178 58b2e155dc810ef5ea790e7af6bbd71d
      Size/MD5:    67430 8b6d5d82b36e32c68b1b8eb2aeddd06e
      Size/MD5: 10303234 18af52f985e61e7b4d9f573aafd5b6d6

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 78015546 63c0534c7bba8d01e36158fb58b6693e
      Size/MD5:  3182386 45c83bd5709c26e42d19a4a02d7e72ec
      Size/MD5:    91608 ad47d76f9e3afec9105cefaf73510d82
      Size/MD5:    66516 32af5ef7efccbd08fa8d83811d197384
      Size/MD5:  9453348 532a9a6fac002e08dfde90555242d54a

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.