Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Firefox vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785)
Ubuntu Security Notice USN-623-1              July 17, 2008
firefox vulnerabilities
CVE-2008-2785, CVE-2008-2933

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                         1.5.dfsg+

Ubuntu 7.04:

Ubuntu 7.10:

After a standard system upgrade you need to restart Firefox to effect the
necessary changes.

Details follow:

A flaw was discovered in the browser engine. A variable could be made to
overflow causing the browser to crash. If a user were tricked into opening
a malicious web page, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-2785)

Billy Rios discovered that Firefox did not properly perform URI splitting
with pipe symbols when passed a command-line URI. If Firefox were passed
a malicious URL, an attacker may be able to execute local content with
chrome privileges. (CVE-2008-2933)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   178151 d0b09079753a96289ad31123fdf94bcb
      Size/MD5:     1156 07aef3c4e171d3f7a0061a58b1a7ba17
      Size/MD5: 46933003 5cc05b28c9b510a47e204f6a55d6e6d8

  Architecture independent packages:
      Size/MD5:    53430 3169004ffa6e76400f1c5fb05ab02ee2
      Size/MD5:    52544 de31ae2e89b1422c7f90b39c868e903e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 47632312 18044c0afd8b950032bef400e5aee128
      Size/MD5:  2857768 5cf5fd9d371ab2668ca78646313d17d8
      Size/MD5:    85822 71d3bda668876242d5fd0fed35a7b366
      Size/MD5:  9485784 e351e74dca3808c42a6c2535f3361d66
      Size/MD5:   222114 f95a9fc9d26c17e0d1d31ade8a7e7329
      Size/MD5:   165656 86601e1dcec24391d4a31274b8c4220a
      Size/MD5:   247640 5b22b74b1d0f1aab78fe12f83c2ac92c
      Size/MD5:   825292 8a3b295f350a9246f278941fea21c518
      Size/MD5:   218350 4c44fb2fc34c33c9bb3c0c7e62b92a16

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 44176334 9adf5299d987c453a0305a899e347c13
      Size/MD5:  2857816 1a9778b8aea0c020d698b7649dd81779
      Size/MD5:    78142 165c5d04e66f46e7561a81c6e1ca8f68
      Size/MD5:  7991876 18531c0b91f728a567488dc9c9b8468e
      Size/MD5:   222108 b695d435c120e9a94d43ae8f25d5ea86
      Size/MD5:   150130 329579df0aac53cc5de39ffdda7ab5ec
      Size/MD5:   247626 6a278717ddd4182dcd03681896b0ca9b
      Size/MD5:   716904 ee6995bd02e360ec943f2cceecd13b4d
      Size/MD5:   211562 b900e48368c6cb45550dbce4ba55b094

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 49020006 16423a83f7c645524f35a5b04f2065ec
      Size/MD5:  2857772 fa0dab152dec04c8126a2a009eec2e1b
      Size/MD5:    81250 cb0e74b0e2991810d95de6b5b3c6043a
      Size/MD5:  9105488 1002d179857d78194b603e2650cb0651
      Size/MD5:   222110 53f3c09136e24c674a6e0639819fa100
      Size/MD5:   162852 eec1cc1e39ce0ffd373cfe73905f0f97
      Size/MD5:   247634 6df72382a52aced30a3a2c15a257583f
      Size/MD5:   815914 10e98c9a7efc469f210076ea71b1de87
      Size/MD5:   215044 cd8460c56fc07937f87af0f58c85b312

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 45585734 dcaf526dbf2d9aa0b94d601f4db99aa0
      Size/MD5:  2857832 2807d85895d282bb3eced9e160426d73
      Size/MD5:    79716 4f81d9902993dfe5f36a2948fba5462a
      Size/MD5:  8490332 b0b0d665bc73b6780c3113e4e134889a
      Size/MD5:   222118 0912f9d586be3b4c845fd92e3d8e0883
      Size/MD5:   152736 b84946d063f6e0ee0bd3f19a04d86021
      Size/MD5:   247646 a3dc6659795aa9fea0b89349bcad62da
      Size/MD5:   727356 8f86e62c1b88373bc9bae246bf2327a2
      Size/MD5:   212506 8d7671658f4b49b5dd6e0ef13096738f

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   315296 d6973efb85064d5ea799d323fca1cd75
      Size/MD5:     1686 0879aeb2323e4b0e8d1efa53e99bc3d8
      Size/MD5: 48623879 0e844648ff1ecf16d7994fc72ac3b7ea

  Architecture independent packages:
      Size/MD5:   243544 be78e2156be0edcf44010580cae436c6
      Size/MD5:    58916 08f58febd569869ab365f300c9385bde
      Size/MD5:    59016 fe1e94aad944d42059d6496722c42840
      Size/MD5:    59028 0309b301b352d43a72e39dd917494865
      Size/MD5:    59822 348712eef935745893e4eb85f94177c7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 50650648 5fbf5a65dd9ef39ca9fd68ab5b1770c2
      Size/MD5:  3186186 eb5f91641394186a915c9eba1e30ba7c
      Size/MD5:    92720 5e84b559be19e17ea638481f6c57b036
      Size/MD5:    62712 41812095b871bf8271e165b06e1c6e0c
      Size/MD5: 10488204 38805af5a04aea483bcae6152ce161cf
      Size/MD5:   228872 248f218fa62e01fbef076ceaecd1289b
      Size/MD5:   174412 f424f2ff05fc30065012d4c9f07631c2
      Size/MD5:   254968 738767786bd9017e3a454d4267f74834
      Size/MD5:   888210 b9bedb7952de9e27e59a3c41a1fbaaa8

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 49789964 b6a37c59e930a4a0edb80538c9f4999a
      Size/MD5:  3177338 50f90746557b8903d1f236617622a7f6
      Size/MD5:    86936 b494cb7da54fcf8af81d1c09714c3525
      Size/MD5:    62128 ae3f510f1295637f7ebc81d5ebe467a1
      Size/MD5:  9295960 d338928f84ceb0c714c8de5c21125d2d
      Size/MD5:   228878 d04f4fd9e6190e1618cf7515e8b1610a
      Size/MD5:   163310 8cddccfc0ae6c9999ecc6884821e6d97
      Size/MD5:   254958 b745a7727168fb94b7e3b43f46a9530b
      Size/MD5:   809596 649d46c492320700244e779d2cc837a7

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 52304824 2741eed1a686e38a6a45020f5913a9d9
      Size/MD5:  3189040 ca31ddf7c64b9d8556372a6a172981a4
      Size/MD5:    90760 63b805b5ec895285958bf838ce5625ad
      Size/MD5:    62946 0e7e05a94a4426859c6e752ed78dd04c
      Size/MD5: 10366820 3f88d93c49fde1d75de8a55c45e1067a
      Size/MD5:   228876 fc8468f854ec88ea96e26283c6abae76
      Size/MD5:   180054 ac39b2b9a692c8ee22b467140f398c2c
      Size/MD5:   254966 0c89d7a7e1ebcf9d7d6a7b300922e8bd
      Size/MD5:   896088 367ab305df1469e4dc528c3ad131f136

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 49828476 0cb047b52a46aa3c4724efe363ddf681
      Size/MD5:  3176158 b81c7fff2314168b1875a551192301ea
      Size/MD5:    86634 0b270f02aa2f32cf6007dba50d0d3ab4
      Size/MD5:    62186 567dfa9f5293dff8e38519462b3d1ef0
      Size/MD5:  9572536 344fc2c17f76e97a2fe90e1d14719a76
      Size/MD5:   228868 faf94a3836a2b455f96da7c48776ed37
      Size/MD5:   162098 c19dcb1a1b746a4ba045122c82d93135
      Size/MD5:   254964 71a3d7d5723edc746d3e083934632b4f
      Size/MD5:   801444 c1030dff725f017bcc59c214edd52646

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   193429 d08b4e22a2adea89297b23793b0b1e3a
      Size/MD5:     1653 d39ac354add9bb5bef6e7db4c25b52da
      Size/MD5: 37859057 5ba04c37439eabb69c208bd2e50d8223

  Architecture independent packages:
      Size/MD5:   200824 201aa6f4829042a16e7a3218adfae320

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 78051038 a3d533429602430a3c2d853a600581b9
      Size/MD5:  3197352 447b98e534c050e13867166498762505
      Size/MD5:    98162 5d5f2469aaa3a0b65e9882ca0f2a24a9
      Size/MD5:    67180 447de287d410b12ec2ddc9242d390ebb
      Size/MD5: 10463162 0474c1d78a748f69e33abeabdb3ec88e

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 77194948 785b7f725d088abd03d44d41b4c46831
      Size/MD5:  3184916 df79cddbce3d915a9da84a7d398e921d
      Size/MD5:    91876 261974d2a47906080ff0bfaeab8fea69
      Size/MD5:    66466 edb483cc30c3fd8cd4b1a0087a185025
      Size/MD5:  9204388 9e5f563ddb9ebfd2b0a813926e2daf6f

  lpia architecture (Low Power Intel Architecture):
      Size/MD5: 77480306 c03bf8cd64155f15b01be49a11a53f91
      Size/MD5:  3182488 438e68ab81c3bfa56e5420f5ecf55248
      Size/MD5:    91518 4c2ebee5459b71498106ad31417e18d4
      Size/MD5:    66410 5da1ae8e1a8a9bced84ef02dd1c4cdba
      Size/MD5:  9064042 2e2e82248fed4851e2a2f9f48de1deb8

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 80676138 e83d92771b15376c86b8721ae684b346
      Size/MD5:  3200868 86186a6f2a35aab71fc48be364c5c77a
      Size/MD5:    96204 678dee9210e4a372469dbeac8a759aee
      Size/MD5:    67458 c69f8711cb27d75a6990ffd535bc0de2
      Size/MD5: 10305632 d1909b01382bead327e129a1c13fcb8c

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 78031038 6ca0fc3fd957be1d1803f6fbf9ce02cc
      Size/MD5:  3182434 e7360d04363c3771aff13e0de4cab87e
      Size/MD5:    91646 0c93c7bc136490a781b8a8c66915a6fa
      Size/MD5:    66546 b4f8fcc5448e832e540d512297410d42
      Size/MD5:  9455542 9846d172758fdcf5c3ecc3f2c8ea8a42

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.