Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Firefox vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5500)
Ubuntu Security Notice USN-690-3          December 18, 2008
firefox vulnerabilities
CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507,
CVE-2008-5511, CVE-2008-5512

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                         1.5.dfsg+

After a standard system upgrade you need to restart Firefox to effect the
necessary changes.

Details follow:

Several flaws were discovered in the browser engine. These problems could allow
an attacker to crash the browser and possibly execute arbitrary code with user
privileges. (CVE-2008-5500)

Boris Zbarsky discovered that the same-origin check in Firefox could be
bypassed by utilizing XBL-bindings. An attacker could exploit this to read data
from other domains. (CVE-2008-5503)

Marius Schilder discovered that Firefox did not properly handle redirects to
an outside domain when an XMLHttpRequest was made to a same-origin resource.
It's possible that sensitive information could be revealed in the
XMLHttpRequest response. (CVE-2008-5506)

Chris Evans discovered that Firefox did not properly protect a user's data when
accessing a same-domain Javascript URL that is redirected to an unparsable
Javascript off-site resource. If a user were tricked into opening a malicious
website, an attacker may be able to steal a limited amount of private data.

Several flaws were discovered in the Javascript engine. If a user were tricked
into opening a malicious website, an attacker could exploit this to execute
arbitrary Javascript code within the context of another website or with chrome
privileges. (CVE-2008-5511, CVE-2008-5512)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   184514 ea36713d00feb7d1a44974a0e1c7f493
      Size/MD5:     1162 6930aff7e9ed188341f10c1a410ae8ec
      Size/MD5: 48160160 7234454384feba2cea0c2fe41c1db3f0

  Architecture independent packages:
      Size/MD5:    53606 88e207c0ae72435f1ee16e2a9198cc0d
      Size/MD5:    52716 720a5744971e6fdc93c6324473fce469

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 47668874 24ebc949c4b042769d1d192cde3fad6c
      Size/MD5:  2858706 b308aaff2727c534c0c10c938e01aca3
      Size/MD5:    85988 03b8fab9f9e8c0066a2cf45c35efcb3a
      Size/MD5:  9491628 1bde3e7e8e4e5b7285025f3743ebdead
      Size/MD5:   222272 a49b67decdfc95d1ceec3c978761e511
      Size/MD5:   165798 c5fc0c565b74a533e1293c1538296259
      Size/MD5:   247788 d1739f167db8c0094dc14b7000ba816d
      Size/MD5:   825458 0d923da8d43e1d5028f8e8347a0c01dc
      Size/MD5:   218528 90b4b67171bddf8e9636e8f9d8086524

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 44216124 36645bf7f4e758f672f6ad7bccad30d3
      Size/MD5:  2858786 7b8c9f8bea221de9d15a79140adab139
      Size/MD5:    78306 3af6a143d315938d3cf6a34aed0d7455
      Size/MD5:  7996714 f9155efc87c724c004f0030ef7c91b7d
      Size/MD5:   222276 ecc6a7ab950aad5f5c354a3ccd4ae2c3
      Size/MD5:   150298 a45f3acd46bd16deca7e86e763e7b5ca
      Size/MD5:   247806 17ca19b5839bf8f936a28586592235d9
      Size/MD5:   717050 3568cb97cab3046c01871623bb693b58
      Size/MD5:   211710 98539293de180f0c2c490738251a4c70

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5: 49064930 01a7ab07783039a8d2aba382575d2c93
      Size/MD5:  2858692 3245c1741fc0724e1d2519dff5162471
      Size/MD5:    81410 e31d7e4c5435b423d549451ae910bf5f
      Size/MD5:  9110532 347dff9938017ab1aaaf52b46e7aeaa0
      Size/MD5:   222272 9f39c3f49151495effe7d158ee598942
      Size/MD5:   163020 225f807a3352e3e2dea8da52bf7f9eaa
      Size/MD5:   247800 43a23378212bdf28593317558511f93d
      Size/MD5:   816064 6dae4206ca4eab627eec02dea32458b7
      Size/MD5:   215204 c0e70554202a3213957134410f1dc53e

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 45622948 fd76934bc9197987941387d75d320d3a
      Size/MD5:  2858776 1568836552f71509bb5c03d5bf2d4a26
      Size/MD5:    79900 dfcbbb0101e4ee0f8d4535ed13968d83
      Size/MD5:  8497250 cc23bc0a806da4b69f58a93c653b6418
      Size/MD5:   222280 30723d627fbaf0c46ea538fe66a06c4c
      Size/MD5:   152926 a1485715cdc0678bafb30f0531308982
      Size/MD5:   247788 6aa8bd3cc4819eea10d4021007dd74e3
      Size/MD5:   727496 0e55e59e84fca0f8e4d29fa3ac9731c2
      Size/MD5:   212662 97f40e7b5fc4479807698e8248c88890

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.