lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050526152403.GA23895@box79162.elkhouse.de>
Date: Thu May 26 16:24:19 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-134-1] Firefox vulnerabilities

===========================================================
Ubuntu Security Notice USN-134-1	       May 26, 2005
mozilla-firefox vulnerabilities
MFSA 2005-42, CAN-2005-1531, CAN-2005-1532
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

mozilla-firefox

The problem can be corrected by upgrading the affected package to
version 1.0.2-0ubuntu5.3.  After doing a standard system upgrade you
need to restart Firefox to effect the necessary changes.

Details follow:

It was discovered that a malicious website could inject arbitrary
scripts into a target site by loading it into a frame and navigating
back to a previous Javascript URL that contained an eval() call. This
could be used to steal cookies or other confidential data from the
target site. If the target site is allowed to raise the install
confirmation dialog in Firefox then this flaw even allowed the
malicious site to execute arbitrary code with the privileges of the
Firefox user. By default only the Mozilla Update site is allowed to
attempt software installation; however, users can permit this for
additional sites.  (MFSA 2005-42)

Michael Krax, Georgi Guninski, and L. David Baron found that the
security checks that prevent script injection could be bypassed by
wrapping a javascript: url in another pseudo-protocol like
"view-source:" or "jar:".  (CAN-2005-1531)

A variant of the attack described in CAN-2005-1160 (see USN-124-1) was
discovered. Additional checks were added to make sure Javascript eval
and Script objects are run with the privileges of the context that
created them, not the potentially elevated privilege of the context
calling them.  (CAN-2005-1532)

Note: These flaws also apply to Ubuntu 5.04's Mozilla, and to the
Ubuntu 4.10 versions of Firefox and Mozilla. These will be fixed soon.


  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3.diff.gz
      Size/MD5:   844189 0cb2c9138a00d4c8cbe439c96239c019
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3.dsc
      Size/MD5:     1696 b6f9a2fd0df83ad93436e0a9e0afcafb
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2.orig.tar.gz
      Size/MD5: 41023585 7e98ce4aefc5ea9b5f1f35b7a0c58f60

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_amd64.deb
      Size/MD5:  2630106 6f1e278ee5e205b5ed277e2fedae640e
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_amd64.deb
      Size/MD5:   157070 cbca0d235bc0ed4048afb1ea97fd5912
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_amd64.deb
      Size/MD5:    56344 62f0466b21c60e23e360d7a01d129a6b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_amd64.deb
      Size/MD5:  9757086 fa6c87f80a2142e0b5a71b3a5a93d4c6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_i386.deb
      Size/MD5:  2630048 3ec6273947d6770635e3f6187322163d
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_i386.deb
      Size/MD5:   151962 3621cb9df77851fb9bb20acb67ca762f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_i386.deb
      Size/MD5:    52944 6cd2ad56c4ca6e21acb772d93f7b3242
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_i386.deb
      Size/MD5:  8789122 e1e5baedeb8583af2c0bd83667a00c58

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_powerpc.deb
      Size/MD5:  2630154 91ee224d4231d50c54645d9978faf5d4
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_powerpc.deb
      Size/MD5:   150728 ee5a62a980629bfb4ac6fd6f5bbebe6a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_powerpc.deb
      Size/MD5:    55580 50cc0fc42ac4da395f416943522be4c9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_powerpc.deb
      Size/MD5:  8446932 4796ec228c2b08010550bda6f5d366ff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050526/c9298bf5/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ