LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 1355-2: Mozvoikko update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu This update provides compatible Mozvoikko packages for the latest Firefox.
==========================================================================
Ubuntu Security Notice USN-1355-2
February 03, 2012

mozvoikko update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

This update provides compatible Mozvoikko packages for the latest Firefox.

Software Description:
- mozvoikko: Finnish spell-checker extension for Firefox

Details:

USN-1355-1 fixed vulnerabilities in Firefox. This update provides an
updated Mozvoikko package for use with the latest Firefox.

Original advisory details:

 It was discovered that if a user chose to export their Firefox Sync key
 the "Firefox Recovery Key.html" file is saved with incorrect permissions,
 making the file contents potentially readable by other users.
 (CVE-2012-0450)
 
 Nicolas Gregoire and Aki Helin discovered that when processing a malformed
 embedded XSLT stylesheet, Firefox can crash due to memory corruption. If
 the user were tricked into opening a specially crafted page, an attacker
 could exploit this to cause a denial of service via application crash, or
 potentially execute code with the privileges of the user invoking Firefox.
 (CVE-2012-0449)
 
 It was discovered that memory corruption could occur during the decoding of
 Ogg Vorbis files. If the user were tricked into opening a specially crafted
 file, an attacker could exploit this to cause a denial of service via
 application crash, or potentially execute code with the privileges of the
 user invoking Firefox. (CVE-2012-0444)
 
 Tim Abraldes discovered that when encoding certain images types the
 resulting data was always a fixed size. There is the possibility of
 sensitive data from uninitialized memory being appended to these images.
 (CVE-2012-0447)
 
 It was discovered that Firefox did not properly perform XPConnect security
 checks. An attacker could exploit this to conduct cross-site scripting
 (XSS) attacks through web pages and Firefox extensions. With cross-site
 scripting vulnerabilities, if a user were tricked into viewing a specially
 crafted page, a remote attacker could exploit this to modify the contents,
 or steal confidential data, within the same domain. (CVE-2012-0446)
 
 It was discovered that Firefox did not properly handle node removal in the
 DOM. If the user were tricked into opening a specially crafted page, an
 attacker could exploit this to cause a denial of service via application
 crash, or potentially execute code with the privileges of the user invoking
 Firefox. (CVE-2011-3659)
 
 Alex Dvorov discovered that Firefox did not properly handle sub-frames in
 form submissions. An attacker could exploit this to conduct phishing
 attacks using HTML5 frames. (CVE-2012-0445)
 
 Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse
 Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey
 discovered memory safety issues affecting Firefox. If the user were tricked
 into opening a specially crafted page, an attacker could exploit these to
 cause a denial of service via application crash, or potentially execute
 code with the privileges of the user invoking Firefox. (CVE-2012-0442,
 CVE-2012-0443)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  xul-ext-mozvoikko               2.0.1-0ubuntu0.11.10.1

Ubuntu 11.04:
  xul-ext-mozvoikko               2.0.1-0ubuntu0.11.04.1

Ubuntu 10.10:
  xul-ext-mozvoikko               2.0.1-0ubuntu0.10.10.1

Ubuntu 10.04 LTS:
  xul-ext-mozvoikko               2.0.1-0ubuntu0.10.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1355-2
  http://www.ubuntu.com/usn/usn-1355-1
  https://launchpad.net/bugs/923319

Package Information:
  https://launchpad.net/ubuntu/+source/mozvoikko/2.0.1-0ubuntu0.11.10.1
  https://launchpad.net/ubuntu/+source/mozvoikko/2.0.1-0ubuntu0.11.04.1
  https://launchpad.net/ubuntu/+source/mozvoikko/2.0.1-0ubuntu0.10.10.1
  https://launchpad.net/ubuntu/+source/mozvoikko/2.0.1-0ubuntu0.10.04.1




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Four fake Google haxbots hit YOUR WEBSITE every day
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
The Barnaby Jack Few Knew: Celebrated Hacker Saw Spotlight as 'Necessary Evil'
What I Learned from Edward Snowden at the Hacker Conference
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.