[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050526152403.GA23895@box79162.elkhouse.de>
Date: Thu May 26 16:24:19 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-134-1] Firefox vulnerabilities
===========================================================
Ubuntu Security Notice USN-134-1 May 26, 2005
mozilla-firefox vulnerabilities
MFSA 2005-42, CAN-2005-1531, CAN-2005-1532
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
mozilla-firefox
The problem can be corrected by upgrading the affected package to
version 1.0.2-0ubuntu5.3. After doing a standard system upgrade you
need to restart Firefox to effect the necessary changes.
Details follow:
It was discovered that a malicious website could inject arbitrary
scripts into a target site by loading it into a frame and navigating
back to a previous Javascript URL that contained an eval() call. This
could be used to steal cookies or other confidential data from the
target site. If the target site is allowed to raise the install
confirmation dialog in Firefox then this flaw even allowed the
malicious site to execute arbitrary code with the privileges of the
Firefox user. By default only the Mozilla Update site is allowed to
attempt software installation; however, users can permit this for
additional sites. (MFSA 2005-42)
Michael Krax, Georgi Guninski, and L. David Baron found that the
security checks that prevent script injection could be bypassed by
wrapping a javascript: url in another pseudo-protocol like
"view-source:" or "jar:". (CAN-2005-1531)
A variant of the attack described in CAN-2005-1160 (see USN-124-1) was
discovered. Additional checks were added to make sure Javascript eval
and Script objects are run with the privileges of the context that
created them, not the potentially elevated privilege of the context
calling them. (CAN-2005-1532)
Note: These flaws also apply to Ubuntu 5.04's Mozilla, and to the
Ubuntu 4.10 versions of Firefox and Mozilla. These will be fixed soon.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3.diff.gz
Size/MD5: 844189 0cb2c9138a00d4c8cbe439c96239c019
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3.dsc
Size/MD5: 1696 b6f9a2fd0df83ad93436e0a9e0afcafb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2.orig.tar.gz
Size/MD5: 41023585 7e98ce4aefc5ea9b5f1f35b7a0c58f60
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_amd64.deb
Size/MD5: 2630106 6f1e278ee5e205b5ed277e2fedae640e
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_amd64.deb
Size/MD5: 157070 cbca0d235bc0ed4048afb1ea97fd5912
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_amd64.deb
Size/MD5: 56344 62f0466b21c60e23e360d7a01d129a6b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_amd64.deb
Size/MD5: 9757086 fa6c87f80a2142e0b5a71b3a5a93d4c6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_i386.deb
Size/MD5: 2630048 3ec6273947d6770635e3f6187322163d
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_i386.deb
Size/MD5: 151962 3621cb9df77851fb9bb20acb67ca762f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_i386.deb
Size/MD5: 52944 6cd2ad56c4ca6e21acb772d93f7b3242
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_i386.deb
Size/MD5: 8789122 e1e5baedeb8583af2c0bd83667a00c58
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_powerpc.deb
Size/MD5: 2630154 91ee224d4231d50c54645d9978faf5d4
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_powerpc.deb
Size/MD5: 150728 ee5a62a980629bfb4ac6fd6f5bbebe6a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_powerpc.deb
Size/MD5: 55580 50cc0fc42ac4da395f416943522be4c9
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_powerpc.deb
Size/MD5: 8446932 4796ec228c2b08010550bda6f5d366ff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050526/c9298bf5/attachment.bin
Powered by blists - more mailing lists