lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070103204442.GK4462@outflux.net>
Date: Wed, 3 Jan 2007 12:44:42 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-398-2] Firefox vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-398-2           January 03, 2007
firefox vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503, CVE-2006-6504
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  firefox                                  1.5.dfsg+1.5.0.9-0ubuntu0.5.10
  firefox-dev                              1.5.dfsg+1.5.0.9-0ubuntu0.5.10

Ubuntu 6.06 LTS:
  firefox                                  1.5.dfsg+1.5.0.9-0ubuntu0.6.06
  firefox-dev                              1.5.dfsg+1.5.0.9-0ubuntu0.6.06
  libnspr-dev                              1.5.dfsg+1.5.0.9-0ubuntu0.6.06
  libnspr4                                 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
  libnss-dev                               1.5.dfsg+1.5.0.9-0ubuntu0.6.06
  libnss3                                  1.5.dfsg+1.5.0.9-0ubuntu0.6.06

After a standard system upgrade you need to restart Firefox to effect 
the necessary changes.

Details follow:

USN-398-1 fixed vulnerabilities in Firefox 2.0.  This update provides 
the corresponding updates for Firefox 1.5.

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG.  (CVE-2006-6497, 
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, 
CVE-2006-6504)

Various flaws have been reported that allow an attacker to bypass 
Firefox's internal XSS protections by tricking the user into opening a 
malicious web page containing JavaScript.  (CVE-2006-6503)


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.diff.gz
      Size/MD5:   177350 f25badcde69aee85eb82330d0daf4417
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.dsc
      Size/MD5:     1056 9ae774570929de1c68168e410e608e3a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9.orig.tar.gz
      Size/MD5: 44874639 3a812560d4b85bf878bba9ca961b26b7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_all.deb
      Size/MD5:    49746 84497ea1bbd2840a37503b5e38886d67
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_all.deb
      Size/MD5:    50632 9639b6c6241c35e840384a5ecd0d057d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb
      Size/MD5:  3155112 e5f077de48261c34807f677bc662091e
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb
      Size/MD5:   216646 f1c933298c42c3b66ffb04f7bc2d7ea1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb
      Size/MD5:    82948 83870eb321a81a8dad6a0a6f2d3d8e1a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb
      Size/MD5: 10236150 c17e84ae66c45ac0fbcbda65c7c2f42e

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb
      Size/MD5:  3155084 d0a3d80a4f31162766cdf9fc1a7efd6d
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb
      Size/MD5:   210186 2f367ee0291586942ce9f59d98f7819f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb
      Size/MD5:    75374 a09eb76531b5ae26b885ac81d3474aa1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb
      Size/MD5:  8665274 5751674cb5ba9b5834d1fc25dea64f19

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb
      Size/MD5:  3155162 d6a5c0576de5c87dd4efe14decd72b64
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb
      Size/MD5:   213588 3aa264bcd755a87de5482218a58fa8da
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb
      Size/MD5:    78570 f640333523dd410eb9c48e67da42d223
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb
      Size/MD5:  9846102 127532fa6ba779840ef82f644f682f26

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb
      Size/MD5:  3155148 8a43a11a33232ec238084cfb2f10d8a2
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb
      Size/MD5:   211138 6d7ffa6baa8b66dd62537f7fe2212fb9
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb
      Size/MD5:    76946 b848074711b2db139bedfbf21a0b222b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb
      Size/MD5:  9178266 7c0dc78fb50b1f49d5410f774e112e92

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.diff.gz
      Size/MD5:   177734 bb37d65ee1e10592a985b10c7212bc2b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.dsc
      Size/MD5:     1113 57c738f08983536c35222d634a19c54f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9.orig.tar.gz
      Size/MD5: 44874639 3a812560d4b85bf878bba9ca961b26b7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_all.deb
      Size/MD5:    49760 722b1406fca3ce894b8d2a99aeef1c4d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_all.deb
      Size/MD5:    50646 fddb4ef03e948f9d1f831ebd10f82ff7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
      Size/MD5: 47406762 81e1e328d3132ae6b6e689e7dc6e925c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
      Size/MD5:  2801586 fc5564e969c5f124d4d1caa0c7729587
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
      Size/MD5:   216702 4cbd97efd2e01a06aa8eec24e0d3ccae
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
      Size/MD5:    82932 509cea191c58287577c416468438420b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
      Size/MD5:  9428520 a5ef3bf48aacd88d37db5c1f0b042ac2
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
      Size/MD5:   219376 d599f9cf370e33e07a777e383a4aea59
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
      Size/MD5:   162426 595ca13ae337bc0d80fbef0c617cfb3d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
      Size/MD5:   236304 6333f01d8320b203213891bfc1aea045
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
      Size/MD5:   758106 479c1e43b140959ce0253ccbd5931186

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
      Size/MD5: 43973946 cbc8c149302cd85aa3340f1c6fb6556a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
      Size/MD5:  2801606 fe19bd6f5f497621eab0b8fee4f9156f
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
      Size/MD5:   210120 3518227623d7d06342ab07ea67dcbcc0
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
      Size/MD5:    75348 dbeffcf2a2c58201eed2f1a84d6cb617
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
      Size/MD5:  7944068 9f02d1712680eadfd058c4590c26d173
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
      Size/MD5:   219386 1501d84bd496b41dba93e406e5568eef
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
      Size/MD5:   147126 cbb87b272c50e7a3e646d2460a40d974
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
      Size/MD5:   236296 0746795b91d883f50fb8b280c58658ab
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
      Size/MD5:   670250 4639cb05497532e4117bd1955f9c21db

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 48787984 efb1774fb5bba3d9714647571c8591fe
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
      Size/MD5:  2801640 2e62374f3c50fead822f01e9712fcf5f
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   213568 9197ba5be37eb905fe72b6768e7db181
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
      Size/MD5:    78456 b5eda90c93ca5b64cf32e87aeb2001c0
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
      Size/MD5:  9047798 3f69986dc6b187c8818604a02a60d1a3
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   219386 e217097185da1e749b462096958dc159
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   159720 a026903f12a1bb284125d3844277ab3f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   236290 39f0a869a3f24dd5fe7d443f59af29d9
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   769050 0cd9d7fd052b5da45529447c39dec812

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
      Size/MD5: 45364958 6feca8379273bfcd93509d273c80bb3d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
      Size/MD5:  2801706 bcc563e78b0f45de039730d1cd1518e8
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
      Size/MD5:   211060 e7c737cd2fbf96ca80fe3b5da8ab265c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
      Size/MD5:    76914 42d57032d8a2f5428b2026597fa50957
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
      Size/MD5:  8437612 48829e7c5fd375db1debd36b2d929efd
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
      Size/MD5:   219398 b0a9ee505873fbf1c1f1b9839b8ff4a2
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
      Size/MD5:   149624 0b21b6362773ee675bef15dd04cf289c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
      Size/MD5:   236290 93a968fc6b14988b4ed9ea53fbddaabe
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
      Size/MD5:   682330 88de775e621fa00e144797d8512c8dad


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ