[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20081218001313.GD16973@severus.strandboge.com>
Date: Wed, 17 Dec 2008 18:13:13 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-690-2] Firefox vulnerabilities
===========================================================
Ubuntu Security Notice USN-690-2 December 18, 2008
firefox vulnerabilities
CVE-2008-5500, CVE-2008-5503, CVE-2008-5504, CVE-2008-5506,
CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511,
CVE-2008-5512, CVE-2008-5513
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
firefox 2.0.0.19+nobinonly1-0ubuntu0.7.10.1
After a standard system upgrade you need to restart Firefox to effect the
necessary changes.
Details follow:
Several flaws were discovered in the browser engine. These problems could allow
an attacker to crash the browser and possibly execute arbitrary code with user
privileges. (CVE-2008-5500)
Boris Zbarsky discovered that the same-origin check in Firefox could be
bypassed by utilizing XBL-bindings. An attacker could exploit this to read data
from other domains. (CVE-2008-5503)
Several problems were discovered in the JavaScript engine. An attacker could
exploit feed preview vulnerabilities to execute scripts from page content with
chrome privileges. (CVE-2008-5504)
Marius Schilder discovered that Firefox did not properly handle redirects to
an outside domain when an XMLHttpRequest was made to a same-origin resource.
It's possible that sensitive information could be revealed in the
XMLHttpRequest response. (CVE-2008-5506)
Chris Evans discovered that Firefox did not properly protect a user's data when
accessing a same-domain Javascript URL that is redirected to an unparsable
Javascript off-site resource. If a user were tricked into opening a malicious
website, an attacker may be able to steal a limited amount of private data.
(CVE-2008-5507)
Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Firefox
did not properly parse URLs when processing certain control characters.
(CVE-2008-5508)
Kojima Hajime discovered that Firefox did not properly handle an escaped null
character. An attacker may be able to exploit this flaw to bypass script
sanitization. (CVE-2008-5510)
Several flaws were discovered in the Javascript engine. If a user were tricked
into opening a malicious website, an attacker could exploit this to execute
arbitrary Javascript code within the context of another website or with chrome
privileges. (CVE-2008-5511, CVE-2008-5512)
Flaws were discovered in the session-restore feature of Firefox. If a user were
tricked into opening a malicious website, an attacker could exploit this to
perform cross-site scripting attacks or execute arbitrary Javascript code with
chrome privileges. (CVE-2008-5513)
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1.diff.gz
Size/MD5: 193899 36adc1276acd43f74f72cfcc1ae3d0e9
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1.dsc
Size/MD5: 1667 191a120d310a4e50dc3890bc39dd5eb4
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1.orig.tar.gz
Size/MD5: 38003869 ef1cc2719a0d2e765e7395191917b0e1
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_all.deb
Size/MD5: 200940 bb5074878422fcc2770502b9ccb0da27
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 78150706 95fdf710a1475b0bc9c2d05b93729e1d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 3199474 a81af067e5cd04967c4b073e4ea88b3d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 98272 a5da4c672ee9cdb9238827240a1fd8d4
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 67296 1867fa5365e1877b2991f0012a5a0508
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 10470700 e782eb0e3ee75833b54f6bf6eb7ad587
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
Size/MD5: 77284164 a71bc30bc1337cf8f764c4e34c0225bc
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
Size/MD5: 3187094 ac6687331ea182a211af874e78d6ed17
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
Size/MD5: 91982 e940726ca92857100f60b40c0627ebe7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
Size/MD5: 66578 8b2d79255ed23faa29d212394bcba143
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
Size/MD5: 9216882 bc3cbdf09eab1655725e7c6f6e702227
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 77568340 e0c635c7c94d02df21c3959245f82eae
http://ports.ubuntu.com/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 3184640 e8dbcad248acefdf2e67206fd9a99884
http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 91636 54e13279350c153e6c86bc6f56c413ff
http://ports.ubuntu.com/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 66524 ebc91a165868249a1d87a91727b7d2fd
http://ports.ubuntu.com/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 9073898 5a46dfbb0577f2f590d6ba0b4e8427ae
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 80768006 e9ae877064a52623eb7e35814f9b34cc
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 3202786 6e6b92b3b5e47bcc20e3803d6c967b0d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 96330 eac0521eb7d2d212869337a96576741b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 67580 9261fce133f2603c58f710cfb1c7e387
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 10315794 2f30e74ebaf0e5bb0eed03669e67c7b7
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
Size/MD5: 78127352 ab6da326b1db0baf28f1041eff70e3e4
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
Size/MD5: 3184440 74705617fd5764f9414756ecf9e2281c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
Size/MD5: 91764 440f4a3bf1774945c2b93cd90948b7d2
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
Size/MD5: 66664 1f2b23c6612f07ee3f932ff0e294a123
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
Size/MD5: 9466814 70da09e753b9ab898be59a3bdd25a646
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
Powered by blists - more mailing lists