LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Firefox vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges.
===========================================================
Ubuntu Security Notice USN-690-2          December 18, 2008
firefox vulnerabilities
CVE-2008-5500, CVE-2008-5503, CVE-2008-5504, CVE-2008-5506,
CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511,
CVE-2008-5512, CVE-2008-5513
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  firefox                         2.0.0.19+nobinonly1-0ubuntu0.7.10.1

After a standard system upgrade you need to restart Firefox to effect the
necessary changes.

Details follow:

Several flaws were discovered in the browser engine. These problems could allow
an attacker to crash the browser and possibly execute arbitrary code with user
privileges. (CVE-2008-5500)

Boris Zbarsky discovered that the same-origin check in Firefox could be
bypassed by utilizing XBL-bindings. An attacker could exploit this to read data
from other domains. (CVE-2008-5503)

Several problems were discovered in the JavaScript engine. An attacker could
exploit feed preview vulnerabilities to execute scripts from page content with
chrome privileges. (CVE-2008-5504)

Marius Schilder discovered that Firefox did not properly handle redirects to
an outside domain when an XMLHttpRequest was made to a same-origin resource.
It's possible that sensitive information could be revealed in the
XMLHttpRequest response. (CVE-2008-5506)

Chris Evans discovered that Firefox did not properly protect a user's data when
accessing a same-domain Javascript URL that is redirected to an unparsable
Javascript off-site resource. If a user were tricked into opening a malicious
website, an attacker may be able to steal a limited amount of private data.
(CVE-2008-5507)

Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Firefox
did not properly parse URLs when processing certain control characters.
(CVE-2008-5508)

Kojima Hajime discovered that Firefox did not properly handle an escaped null
character. An attacker may be able to exploit this flaw to bypass script
sanitization. (CVE-2008-5510)

Several flaws were discovered in the Javascript engine. If a user were tricked
into opening a malicious website, an attacker could exploit this to execute
arbitrary Javascript code within the context of another website or with chrome
privileges. (CVE-2008-5511, CVE-2008-5512)

Flaws were discovered in the session-restore feature of Firefox. If a user were
tricked into opening a malicious website, an attacker could exploit this to
perform cross-site scripting attacks or execute arbitrary Javascript code with
chrome privileges. (CVE-2008-5513)


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1.diff.gz
      Size/MD5:   193899 36adc1276acd43f74f72cfcc1ae3d0e9
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1.dsc
      Size/MD5:     1667 191a120d310a4e50dc3890bc39dd5eb4
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1.orig.tar.gz
      Size/MD5: 38003869 ef1cc2719a0d2e765e7395191917b0e1

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_all.deb
      Size/MD5:   200940 bb5074878422fcc2770502b9ccb0da27

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
      Size/MD5: 78150706 95fdf710a1475b0bc9c2d05b93729e1d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
      Size/MD5:  3199474 a81af067e5cd04967c4b073e4ea88b3d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
      Size/MD5:    98272 a5da4c672ee9cdb9238827240a1fd8d4
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
      Size/MD5:    67296 1867fa5365e1877b2991f0012a5a0508
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
      Size/MD5: 10470700 e782eb0e3ee75833b54f6bf6eb7ad587

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
      Size/MD5: 77284164 a71bc30bc1337cf8f764c4e34c0225bc
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
      Size/MD5:  3187094 ac6687331ea182a211af874e78d6ed17
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
      Size/MD5:    91982 e940726ca92857100f60b40c0627ebe7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
      Size/MD5:    66578 8b2d79255ed23faa29d212394bcba143
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
      Size/MD5:  9216882 bc3cbdf09eab1655725e7c6f6e702227

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
      Size/MD5: 77568340 e0c635c7c94d02df21c3959245f82eae
    http://ports.ubuntu.com/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:  3184640 e8dbcad248acefdf2e67206fd9a99884
    http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:    91636 54e13279350c153e6c86bc6f56c413ff
    http://ports.ubuntu.com/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:    66524 ebc91a165868249a1d87a91727b7d2fd
    http://ports.ubuntu.com/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:  9073898 5a46dfbb0577f2f590d6ba0b4e8427ae

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5: 80768006 e9ae877064a52623eb7e35814f9b34cc
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5:  3202786 6e6b92b3b5e47bcc20e3803d6c967b0d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    96330 eac0521eb7d2d212869337a96576741b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    67580 9261fce133f2603c58f710cfb1c7e387
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5: 10315794 2f30e74ebaf0e5bb0eed03669e67c7b7

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
      Size/MD5: 78127352 ab6da326b1db0baf28f1041eff70e3e4
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:  3184440 74705617fd5764f9414756ecf9e2281c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:    91764 440f4a3bf1774945c2b93cd90948b7d2
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:    66664 1f2b23c6612f07ee3f932ff0e294a123
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:  9466814 70da09e753b9ab898be59a3bdd25a646



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Canadians arrest a Heartbleed hacker
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.