lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070103024138.GR4462@outflux.net>
Date: Tue, 2 Jan 2007 18:41:39 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-398-1] Firefox vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-398-1           January 02, 2007
firefox vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506,
CVE-2006-6507
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  firefox                                  2.0.0.1+0dfsg-0ubuntu0.6.10
  firefox-dev                              2.0.0.1+0dfsg-0ubuntu0.6.10
  libnspr-dev                              2.0.0.1+0dfsg-0ubuntu0.6.10
  libnspr4                                 2.0.0.1+0dfsg-0ubuntu0.6.10
  libnss-dev                               2.0.0.1+0dfsg-0ubuntu0.6.10
  libnss3                                  2.0.0.1+0dfsg-0ubuntu0.6.10

After a standard system upgrade you need to restart Firefox to effect 
the necessary changes.

Details follow:

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG.  (CVE-2006-6497, 
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, 
CVE-2006-6504)

Various flaws have been reported that allow an attacker to bypass 
Firefox's internal XSS protections by tricking the user into opening a 
malicious web page containing JavaScript.  (CVE-2006-6503, 
CVE-2006-6507)

Jared Breland discovered that the "Feed Preview" feature could leak 
referrer information to remote servers.  (CVE-2006-6506)


Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10.diff.gz
      Size/MD5:   322554 79c04227229a107f0c9d45049605bd48
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10.dsc
      Size/MD5:     1218 6ce84b9960bdbb97c9ec6c3705653eae
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg.orig.tar.gz
      Size/MD5: 46670638 1cb13be9a35205af63fe70eeff14eb0e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
      Size/MD5:   236456 9ed7043d22624085cffc10dc7cde8f26
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
      Size/MD5:    55270 2f8fde2f2488af7750e65e886493cd13
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dom-inspector_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
      Size/MD5:    55362 eb1b5c963f64a784e053bdeee6537481
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
      Size/MD5:    55378 dd6516fe8c1798d617bcf95b4fbd21c4
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
      Size/MD5:    56176 eae029799af7b101a55a9bfdffc88330

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
      Size/MD5: 50310432 263fa952660d303d4320ac519836a1fb
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
      Size/MD5:  3119132 75d94b87d53efb786ffdf56ff6d6b075
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
      Size/MD5:    89652 913420b9f378f322c1ca1b02037f2677
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
      Size/MD5: 10387770 78104d3965f2bfbda5575574d9f755ba
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
      Size/MD5:   225036 ea87d34202b6d3223dbac099cf51c8df
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
      Size/MD5:   167466 55bbefb531652d568f02438aeed10f1d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
      Size/MD5:   250348 1bbc07d9af10768ac6656d927000abcd
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
      Size/MD5:   861350 3fc1cbb4e1eb02995567cdec7b660bd2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
      Size/MD5: 49457428 a30d035ca9fd1819091c1c6b48d325b1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
      Size/MD5:  3109488 e86991da3947ee093b840abd83cf07b2
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
      Size/MD5:    83386 77793d13bf5a26f0c43962ac5fbd186c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
      Size/MD5:  9207840 8dcf11221cfef75bf7f51422dcf60dd7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
      Size/MD5:   225046 90012c5f90396f6a5db7705b243e2521
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
      Size/MD5:   156952 80817ef1fbd45ddfbdfdf75279275c34
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
      Size/MD5:   250336 655f2f4a30dae71ec29bf96cfb7f0229
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
      Size/MD5:   785180 131a2623fa95997b99085884204fd89a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
      Size/MD5: 51980774 4865d18b50b3a10dfd1b228e11ac0435
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
      Size/MD5:  3115886 c6f8efcab8edfd7b83453ee041a24612
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
      Size/MD5:    85272 b66da0f160a453b1f3ee18f5b1722e8d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
      Size/MD5: 10056020 9102c8484c7c71186fd0b970a610e7e4
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
      Size/MD5:   225038 4f83154583b4a058a123a3a8586ab0f2
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
      Size/MD5:   166288 6190cda57dbebe29c65c1ca97daba292
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
      Size/MD5:   250334 b3f846f1dafbf1a990ab27df8258b9e1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
      Size/MD5:   860068 d0f2e68e9d1ca8be8d9914e6fcdf1bff

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
      Size/MD5: 49511534 d0e1bad8c05a69231dfee2db6b34b990
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
      Size/MD5:  3106194 1adc42b08102dca85285244139d312da
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
      Size/MD5:    83086 ef47b587d79afdce14ec47b2e13ce89c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
      Size/MD5:  9485274 13146d26d590e4981281cf21957cfb61
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
      Size/MD5:   225036 b72f082c255cd9510435cd0c0912a5bc
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
      Size/MD5:   155116 9d629deae12ea27812081b13bb0216ba
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
      Size/MD5:   250332 c3e90b969d3c3de2fe47c4942f8dc96f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
      Size/MD5:   766060 a32f928bcb9a7cd2d601b2aafbec6bef


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ