lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 7 Jan 2010 19:03:32 -0600
From: Jamie Strandboge <>
Subject: [USN-878-1] Firefox 3.5 and Xulrunner 1.9.1 regression

Ubuntu Security Notice USN-878-1           January 08, 2010
firefox-3.5, xulrunner-1.9.1 regression

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  firefox-3.5                     3.5.7+nobinonly-0ubuntu0.9.10.1

After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner to effect the necessary changes.

Details follow:

USN-874-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream
changes introduced a regression when using NTLM authentication. This update
fixes the problem and added additional stability fixes.

We apologize for the inconvenience.

Original advisory details:
 Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and
 David James discovered several flaws in the browser and JavaScript engines
 of Firefox. If a user were tricked into viewing a malicious website, a
 remote attacker could cause a denial of service or possibly execute
 arbitrary code with the privileges of the user invoking the program.
 (CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986)

 Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox.
 If an NTLM authenticated user visited a malicious website, a remote
 attacker could send requests to other applications, authenticated as the
 user. (CVE-2009-3983)

 Jonathan Morgan discovered that Firefox did not properly display SSL
 indicators under certain circumstances. This could be used by an attacker
 to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)

 Jordi Chancel discovered that Firefox did not properly display invalid URLs
 for a blank page. If a user were tricked into accessing a malicious
 website, an attacker could exploit this to spoof the location bar, such as
 in a phishing attack. (CVE-2009-3985)

 David Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third
 party media libraries. If a user were tricked into opening a crafted media
 file, a remote attacker could cause a denial of service or possibly execute
 arbitrary code with the privileges of the user invoking the program.
 (CVE-2009-3388, CVE-2009-3389)

Updated packages for Ubuntu 9.10:

  Source archives:
      Size/MD5:   128326 9c43a61bea9183527630d057e246fdbc
      Size/MD5:     2940 50f7c1a9cb76736b95e0f74c0689dadb
      Size/MD5: 44871531 fdf9997dcafc4fcb7bae2b0c803b7512
      Size/MD5:    61062 35ebeb44bbcd4197864e22edb88edde3
      Size/MD5:     2910 2aca7f7b399801e6db987b4d07b9e452
      Size/MD5: 44411311 eb6d23438bdf08c0f7fa8be4f10695bd

  Architecture independent packages:
      Size/MD5:    73384 3c2b10c5e6ee82552905bd67c3f17abc
      Size/MD5:    73242 c349cc0e7f7036802368d7634feffbe6
      Size/MD5:    73242 643d7488bf2ea8e64f1309c4ed5a86f5
      Size/MD5:    73240 6fb7bf2b0c18954de263f4addc534115
      Size/MD5:    73298 4f613552e4cb4b506bd5741437cab2fc
      Size/MD5:    73398 e613137f3b56d9904dc400de6b3d57fa
      Size/MD5:    73260 d97180d863af2d6f452c903914ae96ae
      Size/MD5:     8934 49b609fcc1796a10537250be33579fb0
      Size/MD5:    73258 85992111edf7a7a37cde6749e5f93e41
      Size/MD5:     8934 d132403154eb5390029f3ed03423606b
      Size/MD5:    73444 2f6edbecce814a10cf10c061ca9e94ae
      Size/MD5:    73244 be5307c4b2efabbb1af1167b5e0557ca
      Size/MD5:    73260 af232afd0018d0d7fe4a7ea8db3bab62
      Size/MD5:    73264 10f155e49c89dd6914a0202439ec83d7
      Size/MD5:    73248 7de96ea625e1d81313e58127cc1dd249
      Size/MD5:    73230 df156197aaefa019ba27b1deaf08abe1
      Size/MD5:    73248 f9bc6985464f99c80bdc383dae08c4ec
      Size/MD5:    73258 7198bb91fded86fa1c2e5b9309968278
      Size/MD5:    73230 028fdc0382876e0ce3504db44abba601
      Size/MD5:    73248 130b1f1a81fa654bacf706b7eb3d535d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   207748 94ef8515920cf10f39eca5bcf6dd8126
      Size/MD5:   206414 a777a1a42b7caec651fb3c401f979124
      Size/MD5:   469966 2a357fb3f83fcd160cbd279a826f3bae
      Size/MD5:    73320 d85920b2da374db99f78fae14eb65cd5
      Size/MD5:    93556 ff550d55542d121a7fd747009d0a2f8f
      Size/MD5:   960362 3dd9084434f761760c221b3efa068e28
      Size/MD5: 59840962 f2148dfd6fa9c024b8352dc6dfaa6e0a
      Size/MD5:  4793268 a90190b957a66c5a1f34a890020a4583
      Size/MD5:    47786 07aff3550af2c513d0cf86ba15774fee
      Size/MD5:    70626 f5224b62bf3b1841bcf0be1f62b3011b
      Size/MD5:  9101766 e188e10960ef8b9811516dad8c898f0f
      Size/MD5:    26854 ef450d5e4818973b6bacedbed6197a49
      Size/MD5:  5590844 f1f39ee97e381bfba8f4ce328c726b9a

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   207744 a428dfdebf39fdbe68847ba6ee007c9c
      Size/MD5:   206416 3234ed6715842fe5171041f9af2f1d27
      Size/MD5:   465602 71039ee22d0fd1d182e0e7b40e1844be
      Size/MD5:    73324 c0ee802eca206b71ef1f971346277d0d
      Size/MD5:    89996 3fb9ffe2a738f2d0ab2e5b2159aacb67
      Size/MD5:   942524 c3199399ca532d64651968170033fd52
      Size/MD5: 60236294 124e4a6f7733bc1612a1e28a43183efd
      Size/MD5:  4814046 1a9d472aa5049b676989228855d5b959
      Size/MD5:    40558 5672f260ca7de1846f026762436c64f4
      Size/MD5:    70624 eb8b996eed6a8c66289d2cdb90c44b02
      Size/MD5:  7995156 f6f9791296211b6c73753c7d1abc515c
      Size/MD5:    26850 bba3338da3c1c43e703304c2c7299d0c
      Size/MD5:  5431320 2f87115a163ed67a58869902d5b16ebe

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   207748 0e144c11f0245681a5e13f97599131be
      Size/MD5:   206414 dedb5085f9022a5180963695b10cb386
      Size/MD5:   465146 59778df9abd03ca27e482b929db08a48
      Size/MD5:    73324 57cecf24b39dbbaac7529ac29abcd41b
      Size/MD5:    89450 ed7859d764cf85fdef5eaf976ed39a77
      Size/MD5:   940534 95d925b1b8ad6099cb6645c9ed910f37
      Size/MD5: 60262282 8cfff2f52bc1cfc8886137321d5fd744
      Size/MD5:  4810120 b6529f069d502194d5e42fd9eabd813d
      Size/MD5:    39718 69c2a484aaccf9e4aa2c1c0f550c5c61
      Size/MD5:    70618 c348223ebb2773e99693f3ea1f374b2d
      Size/MD5:  7885114 e555dc3e11f5acea46a10ee768ce5969
      Size/MD5:    26854 74463db7c00a752339d32bc83fa70ea0
      Size/MD5:  5425402 5e30d4afa106b427026ebd9dbbead09b

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   207750 ad69c1aa4aa78f6e9ef58d701697fdca
      Size/MD5:   206426 082d5539e95fdbff145ea3e63f33af69
      Size/MD5:   484022 258f5a9af2bcba0fa5e25241edd61165
      Size/MD5:    73324 d4dfb2cde9b7ab13d30706600cada705
      Size/MD5:    92980 e91857d5548bfba2ffc27a1e3fb13f6f
      Size/MD5:   963614 86450585d3ffb4b58687719c7455b997
      Size/MD5: 64988252 8e2fa391633d8c3ba33853f7a2eb651e
      Size/MD5:  4798594 b06bfcd572c63f0d0695cd6016d2cbbf
      Size/MD5:    47232 702010742ed75a25e84dfd96eb41f25d
      Size/MD5:    70630 81d6b684ca36e958bcbf63cd527aa619
      Size/MD5:  9732274 4367cd18b9af557b5e3ce5d5c76b1e24
      Size/MD5:    26856 68d8142d8924954c9c1f6d7d45910334
      Size/MD5:  5677316 9dc7552215f5cb05f53fef3e10bb75fd

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   207752 4785fe9598c5ae14f12bc9d1806c4f54
      Size/MD5:   206426 0ab6feb4d68959c7b8c77bc2822dde65
      Size/MD5:   458662 d99cb52e3e3030a3a4a23ad985c9339e
      Size/MD5:    73324 2bb5111842ac3155e4dc5d9f8602f8cd
      Size/MD5:    88666 ebe1ef25941bf57eadd9a7194d318ccd
      Size/MD5:   941478 c1f38610970bd099bae66c4fdf9ca45d
      Size/MD5: 59347572 7b75bf81c34f62c5ef79e1956e5d98df
      Size/MD5:  4776518 90419ac0d348e6fa2ce5068638648878
      Size/MD5:    39120 cc77b8c6657ef131cbe832237b8c078d
      Size/MD5:    70620 0af0fc7accf89472938da0789b633b63
      Size/MD5:  8489554 901f9cbe66455e4afe7f571ae8ab7af2
      Size/MD5:    26852 1839116ccf8fda684c3b7b2c2dd61f76
      Size/MD5:  5400198 95a82f873820f2cb477793ed21359d07

Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ