[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <459B3DD4.3010104@angrykeyboarder.com>
Date: Tue, 02 Jan 2007 22:23:32 -0700
From: Scott <geekboy@...rykeyboarder.com>
To: ubuntu-users@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: [USN-398-1] Firefox vulnerabilities
Kees Cook spake thusly on 01/02/2007 07:41 PM:
> ===========================================================
> Ubuntu Security Notice USN-398-1 January 02, 2007
> firefox vulnerabilities
> CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
> CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506,
> CVE-2006-6507
> ===========================================================
>
> A security issue affects the following Ubuntu releases:
>
> Ubuntu 6.10
>
> This advisory also applies to the corresponding versions of
> Kubuntu, Edubuntu, and Xubuntu.
>
> The problem can be corrected by upgrading your system to the
> following package versions:
>
> Ubuntu 6.10:
> firefox 2.0.0.1+0dfsg-0ubuntu0.6.10
> firefox-dev 2.0.0.1+0dfsg-0ubuntu0.6.10
> libnspr-dev 2.0.0.1+0dfsg-0ubuntu0.6.10
> libnspr4 2.0.0.1+0dfsg-0ubuntu0.6.10
> libnss-dev 2.0.0.1+0dfsg-0ubuntu0.6.10
> libnss3 2.0.0.1+0dfsg-0ubuntu0.6.10
>
> After a standard system upgrade you need to restart Firefox to effect
> the necessary changes.
>
> Details follow:
>
> Various flaws have been reported that allow an attacker to execute
> arbitrary code with user privileges by tricking the user into opening
> a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
> CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
> CVE-2006-6504)
>
> Various flaws have been reported that allow an attacker to bypass
> Firefox's internal XSS protections by tricking the user into opening a
> malicious web page containing JavaScript. (CVE-2006-6503,
> CVE-2006-6507)
>
> Jared Breland discovered that the "Feed Preview" feature could leak
> referrer information to remote servers. (CVE-2006-6506)
We're getting better. This one only took 9 days...
http://www.mozilla.com/en-US/firefox/2.0.0.1/releasenotes/
--
--
Scott
http://angrykeyboarder.com
© 2007 angrykeyboarder™ & Elmer Fudd. All Wights Wesewved
Powered by blists - more mailing lists