LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Firefox and xulrunner vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785)
=========================================================== 
Ubuntu Security Notice USN-626-1              July 29, 2008
firefox-3.0, xulrunner-1.9 vulnerabilities
CVE-2008-2785, CVE-2008-2933, CVE-2008-2934
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  firefox-3.0                     3.0.1+build1+nobinonly-0ubuntu0.8.04.3
  xulrunner-1.9                   1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3

After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner, such as Epiphany, to effect the
necessary changes.

Details follow:

A flaw was discovered in the browser engine. A variable could be made to
overflow causing the browser to crash. If a user were tricked into opening
a malicious web page, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-2785)

Billy Rios discovered that Firefox and xulrunner, as used by browsers
such as Epiphany, did not properly perform URI splitting with pipe
symbols when passed a command-line URI. If Firefox or xulrunner were
passed a malicious URL, an attacker may be able to execute local
content with chrome privileges. (CVE-2008-2933)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3.diff.gz
      Size/MD5:   105875 20bf75de131b805b31602d03f76edcdb
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3.dsc
      Size/MD5:     1605 0a4c85fb6f3771e494cb2596eb174f42
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly.orig.tar.gz
      Size/MD5: 10830088 546304d00e486587023418bef4c8c17e
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3.diff.gz
      Size/MD5:    77642 dd673f6d7523c5129df6775c369f55b1
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3.dsc
      Size/MD5:     1669 7fbd2e794a99288141e6c5fd6ca7bb8b
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly.orig.tar.gz
      Size/MD5: 40083410 802b0c07675ba0d1cc1819a6dac22c94

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:    65808 9fb1bd4f57c4ddaf255dec745cfb6394
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:    65824 9352e1cba510bcaed37478516413e41a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:    65784 3ef3e033acca41bf431e196289ff3075
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:    65776 30a60ceed5a490065dddb86dcbc44917
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:    65926 093d9772c250695694846c4a862151e4
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:    65832 2f47d1abc1cfee76a537e665c2a961e3
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:    65782 852eac738d3bf243f6f3ab707cab7de1
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:     8978 4ee6943368ba1582827914b014aa0b12
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:     8964 9df1e05f125072a41decae2f03ed796d
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:    65808 4cdc3a9a27af41bd6fadf4f9f1271af0
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:    65774 a12883abab5cdc8fd1be41abec1d2553
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:    65768 d30e21a3afcf4897450a2220b0448c52
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:     8944 ddb77e423b0d2fa01775998de6d16074
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:    65792 662c3740f2451030de9dbeef8915cd53
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:     8938 19647a69ea1a19fb20c3d832efb3f667
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:    65762 2948beefbc937ce8014246761aa5c42f
    http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:   125048 61ddef6346ed04823e4e08cb8b5915ad
    http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb
      Size/MD5:   235166 7dcc225d1e6a35d1c72d83478b264b03

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb
      Size/MD5:     9030 51c56b6eb17a90596664e5de1efcfaf0
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb
      Size/MD5:    29598 bdb8fd33fbb551fba94829b6de8f48c8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb
      Size/MD5:  1086692 9e85d93762021da9663079eb43a806ec
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb
      Size/MD5:  4034992 ded5cd52011190445b8cdbbc387dbb0e
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb
      Size/MD5:    48708 63a365a1ed33bdd9f3e86c704639c54b
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb
      Size/MD5:  9020046 ce8df3e6a4d09ac7c1429f63a69bb164

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb
      Size/MD5:     9032 9655df6f35d580fcd316fdbe35b25c44
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb
      Size/MD5:    25740 b449c8c524b7cb50e05a5092bb1692ad
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb
      Size/MD5:  1064456 58ffa05cc64086c5c51ff694beca780d
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb
      Size/MD5:  4016584 3c8e123c09ff04f63cde52effc867f0d
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb
      Size/MD5:    38500 8934fc3c6cdfa988ad9dee140be7373d
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb
      Size/MD5:  7749536 7ef6da6f25b7e0878419acccc052da3f

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb
      Size/MD5:     9028 fdd61fb530a3339c1fffbd9ece833d8e
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb
      Size/MD5:    25344 7666413c6a56eb14c3708ad2e16470c7
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb
      Size/MD5:  1062684 ec46a573876b24eb4748bd01a2bb5435
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb
      Size/MD5:  4012106 243d516f2dc244758d3568e4ead4839f
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb
      Size/MD5:    37592 d9c551a6e990c7e63b457d7c6166113a
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb
      Size/MD5:  7639310 ff4c7144795f6fa0a38b0f065c04db8e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb
      Size/MD5:     9032 5ffb1ce496a65cc0cfa57405a249426c
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb
      Size/MD5:    27506 ee4f59f65df53fdf3e09fa271e290dbc
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb
      Size/MD5:  1078404 8ee97515994e3deac2fe7aabbbbe15ab
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb
      Size/MD5:  4023136 5342ffc1f46ff68174dca7b3621eeab0
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb
      Size/MD5:    43654 649fa96e5214857fff22b53455e99bac
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb
      Size/MD5:  8595530 7a92e064fe96a000b0d9a507c0827555



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Four fake Google haxbots hit YOUR WEBSITE every day
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
The Barnaby Jack Few Knew: Celebrated Hacker Saw Spotlight as 'Necessary Evil'
What I Learned from Edward Snowden at the Hacker Conference
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.