LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Firefox vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-645-1 fixed vulnerabilities in Firefox and xulrunner for Ubuntu 7.04, 7.10 and 8.04 LTS. This provides the corresponding update for Ubuntu 6.06 LTS.
=========================================================== 
Ubuntu Security Notice USN-645-2         September 24, 2008
firefox vulnerabilities
CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837,
CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,
CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065,
CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                         1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3

After a standard system upgrade you need to restart Firefox to
effect the necessary changes.

Details follow:

USN-645-1 fixed vulnerabilities in Firefox and xulrunner for Ubuntu
7.04, 7.10 and 8.04 LTS. This provides the corresponding update for
Ubuntu 6.06 LTS.

Original advisory details:

 Justin Schuh, Tom Cross and Peter Williams discovered errors in the
 Firefox URL parsing routines. If a user were tricked into opening a
 crafted hyperlink, an attacker could overflow a stack buffer and
 execute arbitrary code. (CVE-2008-0016)
 
 It was discovered that the same-origin check in Firefox could be
 bypassed. If a user were tricked into opening a malicious website,
 an attacker may be able to execute JavaScript in the context of a
 different website. (CVE-2008-3835)
 
 Several problems were discovered in the JavaScript engine. This
 could allow an attacker to execute scripts from page content with
 chrome privileges. (CVE-2008-3836)
 
 Paul Nickerson discovered Firefox did not properly process mouse
 click events. If a user were tricked into opening a malicious web
 page, an attacker could move the content window, which could
 potentially be used to force a user to perform unintended drag and
 drop operations. (CVE-2008-3837)
 
 Several problems were discovered in the browser engine. This could
 allow an attacker to execute code with chrome privileges.
 (CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)
 
 Drew Yao, David Maciejak and other Mozilla developers found several
 problems in the browser engine of Firefox. If a user were tricked
 into opening a malicious web page, an attacker could cause a denial
 of service or possibly execute arbitrary code with the privileges
 of the user invoking the program. (CVE-2008-4061, CVE-2008-4062,
 CVE-2008-4063, CVE-2008-4064)
 
 Dave Reed discovered a flaw in the JavaScript parsing code when
 processing certain BOM characters. An attacker could exploit this
 to bypass script filters and perform cross-site scripting attacks.
 (CVE-2008-4065)
 
 Gareth Heyes discovered a flaw in the HTML parser of Firefox. If a
 user were tricked into opening a malicious web page, an attacker
 could bypass script filtering and perform cross-site scripting
 attacks. (CVE-2008-4066)
 
 Boris Zbarsky and Georgi Guninski independently discovered flaws in
 the resource: protocol. An attacker could exploit this to perform
 directory traversal, read information about the system, and prompt
 the user to save information in a file. (CVE-2008-4067,
 CVE-2008-4068)
 
 Billy Hoffman discovered a problem in the XBM decoder. If a user were
 tricked into opening a malicious web page or XBM file, an attacker
 may be able to cause a denial of service via application crash.
 (CVE-2008-4069)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3.diff.gz
      Size/MD5:   184879 85df86b82d3b0791f1152f7048e80c59
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3.dsc
      Size/MD5:     1800 958f213fa0b3290fd34ff151fac0f11e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614e.orig.tar.gz
      Size/MD5: 47543282 53d4cf0a63c82ad875208a660dfcefd5

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb
      Size/MD5:    53526 a27b80846d4996481aa3c9b13ed6e0d4
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb
      Size/MD5:    52640 b400a1eb1b12d75503cece2b8f9941c3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
      Size/MD5: 47643106 bb2d5e1d0d251044f0dffbc53799af52
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
      Size/MD5:  2858414 52e37bdb64081a8d5b05abedd62464a7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
      Size/MD5:    85904 7240d77e5653c6cb3ff8208ee348e98e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
      Size/MD5:  9487524 e42a4014d438d56bd9403790084a20ea
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
      Size/MD5:   222196 186264226f8109b8d9a4353df2a96c21
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
      Size/MD5:   165740 4942a627546bce7b1a68af361dff8ddc
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
      Size/MD5:   247744 8d2e29ecd2c76966a12ffb218aca6b8b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
      Size/MD5:   825388 a941d1b5f5d272938622b777f612d6b9
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
      Size/MD5:   218446 817b2802f0c08f88070af9b80a17d323

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
      Size/MD5: 44189792 a99fcb830eea5a75444972e90ec06df6
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
      Size/MD5:  2858412 d9472137105f46be8e22253f7ba18ffa
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
      Size/MD5:    78234 2d007e9a576408e32f5238f91f0fe33c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
      Size/MD5:  7993044 b20d3c354ab667504e3a4f8ba5acecdd
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
      Size/MD5:   222200 4beee709850374317bb599654390c852
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
      Size/MD5:   150230 bc5723c3db54d55cb7f91658aafb062e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
      Size/MD5:   247722 fe7ec32c36decef74b0bc30c4b2d8a01
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
      Size/MD5:   716996 816c953c9adbee0db6c0f6dd437424cd
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
      Size/MD5:   211634 1939fa4918c8d6532c896f159cd49d6a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
      Size/MD5: 49030768 4701e733eb96c668a5f2b1189aa81294
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
      Size/MD5:  2858468 afc845e382ad583537459a6106bf4f02
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
      Size/MD5:    81350 1277ac1b04d1ada3c4fda0f55e4341ca
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
      Size/MD5:  9106808 1ec7402a547a6f1809675633871e5b8b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
      Size/MD5:   222202 b664c35a64096e4b33fe0a9f633de940
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
      Size/MD5:   162948 05f3d6313d9bba82cb7c3eed0579a2de
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
      Size/MD5:   247744 1b660f1ea982ea4a00dec41d9edef14e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
      Size/MD5:   816008 1c1d8b2d2f6811c52ec7a0385c98f12a
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
      Size/MD5:   215140 4f6d3b38485844a7927dfa0fa42175ce

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
      Size/MD5: 45584634 ebf76dfa8dea74542ceaad68f8a1221f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
      Size/MD5:  2858520 f0bd6ea3c889db6d04e22200f8608132
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
      Size/MD5:    79810 48e4adce12e817f9fa2e140ff2dee4b3
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
      Size/MD5:  8492834 2c0dbfdd4d05b306c9fa5448a031f25f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
      Size/MD5:   222202 3c098adc301eb3994baaad251dfc2c20
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
      Size/MD5:   152836 4970d18b4ec02af2898c4fd8fe3fc49b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
      Size/MD5:   247744 0f7d58a46c0f558b9622cd8d0a7f3d23
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
      Size/MD5:   727436 5605e6220a85ea3fbce5f8214a397a60
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
      Size/MD5:   212588 edc501e8453ce85df4311de5d97f2d14



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.