lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 11 May 2005 08:56:57 +0200
From: Martin Pitt <>
Subject: [USN-124-1] Mozilla and Firefox vulnerabilities

Ubuntu Security Notice USN-124-1	       May 11, 2005
mozilla-firefox, mozilla vulnerabilities
CAN-2005-1153, CAN-2005-1154, CAN-2005-1155, CAN-2005-1156,
CAN-2005-1157, CAN-2005-1158, CAN-2005-1160

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to
version 1.0.2-0ubuntu5.1 (mozilla-firefox) and 2:1.7.6-1ubuntu2.1
(mozilla-browser).  After a standard system upgrade you need to
restart your browser to effect the necessary changes.

Please note that Ubuntu 5.04 (Warty Warthog) is also affected; this
release will be fixed soon in a separate advisory.

Details follow:

When a popup is blocked the user is given the ability to open that
popup through the popup-blocking status bar icon and, in Firefox,
through the information bar.  Doron Rosenberg noticed that popups
which are permitted by the user were executed with elevated
privileges, which could be abused to automatically install and execute
arbitrary code with the privileges of the user.  (CAN-2005-1153)

It was discovered that the browser did not start with a clean global
JavaScript state for each new website.  This allowed a malicious web
page to define a global variable known to be used by a different site,
allowing malicious code to be executed in the context of that site
(for example, sending web mail or automatic purchasing).

Michael Krax discovered a flaw in the "favicon" links handler.  A
malicious web page could define a favicon link tag as JavaScript,
which could be exploited to execute arbitrary code with the privileges
of the user.  (CAN-2005-1155)

Michael Krax found two flaws in the Search Plugin installation.  This
allowed malicious plugins to execute arbitrary code in the context of
the current site.  If the current page had elevated privileges (like
"about:plugins" or "about:config"), the malicious plugin could even
install malicious software when a search was performed.
(CAN-2005-1156, CAN-2005-1157)

Kohei Yoshino discovered two missing security checks when Firefox
opens links in its sidebar.  This allowed a malicious web page to
construct a link that, when clicked on, could execute arbitrary
JavaScript code with the privileges of the user.  (CAN-2005-1158)

Georgi Guninski discovered that the types of certain XPInstall
related JavaScript objects were not sufficiently validated when they
were called.  This could be exploited by a malicious website to crash
Firefox or even execute arbitrary code with the privileges of the
user.  (CAN-2005-1159)

Firefox did not properly verify the values of XML DOM nodes of web
pages.  By tricking the user to perform a common action like clicking
on a link or opening the context menu, a malicious page could exploit
this to execute arbitrary JavaScript code with the full privileges of
the user.  (CAN-2005-1160)

  Source archives:
      Size/MD5:   830197 4ce184fa78a64ea7b7080534b7bb4855
      Size/MD5:     1696 1d3777c903164f487f0f1b3710acfc93
      Size/MD5: 41023585 7e98ce4aefc5ea9b5f1f35b7a0c58f60
      Size/MD5:   314103 47b87f40b60e80d62eaccf9760632dd2
      Size/MD5:     1767 1c1dde816d6772fd3e6d47334757c61b
      Size/MD5: 30587697 800f8d3877193a5d786d9ce4e3d1e400

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   168060 ed2993df33ab89c2f256385cb8c29146
      Size/MD5:   139634 30cabc7ee95013519fc0e96220a45265
      Size/MD5:   184942 2915e105352efa7bedcf7de8f4c4d653
      Size/MD5:   708458 47ff7e80d251d1c0bcb2b1bcdf5cefef
      Size/MD5: 10591978 a8cc6ec3a71921fa1daeeacbe8ec85dc
      Size/MD5:   403262 2420179b28f69331ea96352ca3c90cc3
      Size/MD5:   158320 94912562292b87c86c6538c782d1efeb
      Size/MD5:  3348764 5adf0f0b038cbe91cb08a3af971960a1
      Size/MD5:   121178 6df756cf8cae9232c361a0f74fa04ac7
      Size/MD5:  2629544 14da7a2f6e6f68820800c38ad987ea57
      Size/MD5:   156958 d46c88bd1084fa30f51f617da0866ebb
      Size/MD5:    56234 61f9327937882137049c0f75d9e796db
      Size/MD5:  9756214 a8f6bfa38739f09696eb2a4731d8e6c5
      Size/MD5:   204148 53132a415b5d2c5e82eb8ef76f99d485
      Size/MD5:  1935848 1e697ad9f4a24d46c62a0f5ba1cf8dba
      Size/MD5:   204116 423fb6293d4547192a9c7dd7b7d5f6be
      Size/MD5:     1032 6c15f001a938f0bd7d5090e9906a8339

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   168058 222d46dac5ca6f51a03d04768cc4bb69
      Size/MD5:   126282 5338a7ac6ec8f0407ce273d4bda614cf
      Size/MD5:   184948 c2ae8d09fbb125b0efa3f7be632da257
      Size/MD5:   638278 ada234a2e1a35c38e21ee0a3d305e7ec
      Size/MD5:  9609946 66d3a0479de8127b56f0482342bd93de
      Size/MD5:   403286 e9b6231b9140172afcfe966248603133
      Size/MD5:   158334 0a81f18ac7fc7bdda0780a40d66580da
      Size/MD5:  3341098 b6e580a5de3c6a77809485e0dd68322e
      Size/MD5:   115820 69166b1cf69c798f2fcb24aeca9db981
      Size/MD5:  2629486 f02da01be0f2bbb867ca81cb028f5221
      Size/MD5:   151858 868d1b4632978f22f09af3594d5a681b
      Size/MD5:    52824 f19d463a3db16a8f18f3c2fc4de09386
      Size/MD5:  8788424 95629abf4db585733e4883c5e31a1275
      Size/MD5:   204158 83a4bba634abd309ccc8a6da5d138dc1
      Size/MD5:  1780844 5540a89fbe45d02f399d168e407d91b8
      Size/MD5:   188178 19977271c04901479dfadc5a4d1f6dd6
      Size/MD5:     1032 29a610e4ed60a34fccbef8e957282112

  ia64 architecture (Intel Itanium)
      Size/MD5:   168060 016f780244ef101dfb590af59aafe67a
      Size/MD5:   167994 639735a28f74803de95f9952666708d7
      Size/MD5:   184938 bc36f3745afa98fc59ecd2668be6f3cb
      Size/MD5:   960402 0f859bcd08441b21017df723b0681dbd
      Size/MD5: 12420732 21cf6e5a13833e0a0f87320488eef3cd
      Size/MD5:   403268 8c729829bb2ad3a0231ca9e36bcd7562
      Size/MD5:   158316 9dd45991a4b6db9b3c5ab46946c610bf
      Size/MD5:  3374846 42e83bf82f8a05d084e3489d4fd685d6
      Size/MD5:   125580 36621440b6877a70f2f3e15319426647
      Size/MD5:  2629556 9f568be6452b5df2dcb0e2afa79dfc0b
      Size/MD5:   161108 6caf35526e85085dcc735f9614270988
      Size/MD5:    60966 a833be3832f033a3dda4d78ac358c7ca
      Size/MD5: 11697162 45b9ab1529ea6bdd0902f23af13ae991
      Size/MD5:   204146 bea56abb3658a36940d5072862b6c9c6
      Size/MD5:  2302082 3fe0de68589a09debf6e88f3a45835de
      Size/MD5:   242278 1a4c320cf968e67192cde5f1241a17a6
      Size/MD5:     1030 2ff818fdd8ddadf3b4557f19eab32f3f

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   168058 af918e0c1dacc2e6e99e1700dd1b81d1
      Size/MD5:   125046 7ed144c7220f45d114217894a06f005e
      Size/MD5:   184936 e99c819a8f2c223ec80d1cc24537ee12
      Size/MD5:   712690 706d71fed7d5414b78d371e9521a1541
      Size/MD5:  9160526 ff174690d0608415e67d263d61ff32b7
      Size/MD5:   403272 1126a9bb557965befe61ffbc6f312833
      Size/MD5:   158320 6c21f61154745bbb310d53ed981afa1a
      Size/MD5:  3336710 3babb94961cc6b7b33f29a95f5437e7c
      Size/MD5:   114574 5d1be8d4c536eb9e6e64a09e879d1b12
      Size/MD5:  2629590 2afc3fc11370be8965471df308cad9ca
      Size/MD5:   150628 ae5e401c15b84d79c208a64f5481672f
      Size/MD5:    55468 02bcb9dc7edc927e87e1240762def966
      Size/MD5:  8446334 19563893ea6dd9dde53a1646a1039c0b
      Size/MD5:   204152 97550a0b3c55285231c2918443c92499
      Size/MD5:  1642892 b261f0b2564022c476cf48ad086fabb0
      Size/MD5:   175480 b8ba64bbb7a49b9b0fe6fd40aee60030
      Size/MD5:     1028 48085111c4e1c0fd807d0c3dc98e2ea5

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists