[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070103204442.GK4462@outflux.net>
Date: Wed, 3 Jan 2007 12:44:42 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-398-2] Firefox vulnerabilities
===========================================================
Ubuntu Security Notice USN-398-2 January 03, 2007
firefox vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503, CVE-2006-6504
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
firefox 1.5.dfsg+1.5.0.9-0ubuntu0.5.10
firefox-dev 1.5.dfsg+1.5.0.9-0ubuntu0.5.10
Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
firefox-dev 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
libnspr-dev 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
libnspr4 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
libnss-dev 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
libnss3 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
After a standard system upgrade you need to restart Firefox to effect
the necessary changes.
Details follow:
USN-398-1 fixed vulnerabilities in Firefox 2.0. This update provides
the corresponding updates for Firefox 1.5.
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)
Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
malicious web page containing JavaScript. (CVE-2006-6503)
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.diff.gz
Size/MD5: 177350 f25badcde69aee85eb82330d0daf4417
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.dsc
Size/MD5: 1056 9ae774570929de1c68168e410e608e3a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9.orig.tar.gz
Size/MD5: 44874639 3a812560d4b85bf878bba9ca961b26b7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_all.deb
Size/MD5: 49746 84497ea1bbd2840a37503b5e38886d67
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_all.deb
Size/MD5: 50632 9639b6c6241c35e840384a5ecd0d057d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb
Size/MD5: 3155112 e5f077de48261c34807f677bc662091e
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb
Size/MD5: 216646 f1c933298c42c3b66ffb04f7bc2d7ea1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb
Size/MD5: 82948 83870eb321a81a8dad6a0a6f2d3d8e1a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb
Size/MD5: 10236150 c17e84ae66c45ac0fbcbda65c7c2f42e
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb
Size/MD5: 3155084 d0a3d80a4f31162766cdf9fc1a7efd6d
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb
Size/MD5: 210186 2f367ee0291586942ce9f59d98f7819f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb
Size/MD5: 75374 a09eb76531b5ae26b885ac81d3474aa1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb
Size/MD5: 8665274 5751674cb5ba9b5834d1fc25dea64f19
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb
Size/MD5: 3155162 d6a5c0576de5c87dd4efe14decd72b64
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb
Size/MD5: 213588 3aa264bcd755a87de5482218a58fa8da
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb
Size/MD5: 78570 f640333523dd410eb9c48e67da42d223
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb
Size/MD5: 9846102 127532fa6ba779840ef82f644f682f26
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb
Size/MD5: 3155148 8a43a11a33232ec238084cfb2f10d8a2
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb
Size/MD5: 211138 6d7ffa6baa8b66dd62537f7fe2212fb9
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb
Size/MD5: 76946 b848074711b2db139bedfbf21a0b222b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb
Size/MD5: 9178266 7c0dc78fb50b1f49d5410f774e112e92
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.diff.gz
Size/MD5: 177734 bb37d65ee1e10592a985b10c7212bc2b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.dsc
Size/MD5: 1113 57c738f08983536c35222d634a19c54f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9.orig.tar.gz
Size/MD5: 44874639 3a812560d4b85bf878bba9ca961b26b7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_all.deb
Size/MD5: 49760 722b1406fca3ce894b8d2a99aeef1c4d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_all.deb
Size/MD5: 50646 fddb4ef03e948f9d1f831ebd10f82ff7
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 47406762 81e1e328d3132ae6b6e689e7dc6e925c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 2801586 fc5564e969c5f124d4d1caa0c7729587
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 216702 4cbd97efd2e01a06aa8eec24e0d3ccae
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 82932 509cea191c58287577c416468438420b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 9428520 a5ef3bf48aacd88d37db5c1f0b042ac2
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 219376 d599f9cf370e33e07a777e383a4aea59
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 162426 595ca13ae337bc0d80fbef0c617cfb3d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 236304 6333f01d8320b203213891bfc1aea045
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb
Size/MD5: 758106 479c1e43b140959ce0253ccbd5931186
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 43973946 cbc8c149302cd85aa3340f1c6fb6556a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 2801606 fe19bd6f5f497621eab0b8fee4f9156f
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 210120 3518227623d7d06342ab07ea67dcbcc0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 75348 dbeffcf2a2c58201eed2f1a84d6cb617
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 7944068 9f02d1712680eadfd058c4590c26d173
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 219386 1501d84bd496b41dba93e406e5568eef
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 147126 cbb87b272c50e7a3e646d2460a40d974
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 236296 0746795b91d883f50fb8b280c58658ab
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb
Size/MD5: 670250 4639cb05497532e4117bd1955f9c21db
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 48787984 efb1774fb5bba3d9714647571c8591fe
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 2801640 2e62374f3c50fead822f01e9712fcf5f
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 213568 9197ba5be37eb905fe72b6768e7db181
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 78456 b5eda90c93ca5b64cf32e87aeb2001c0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 9047798 3f69986dc6b187c8818604a02a60d1a3
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 219386 e217097185da1e749b462096958dc159
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 159720 a026903f12a1bb284125d3844277ab3f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 236290 39f0a869a3f24dd5fe7d443f59af29d9
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb
Size/MD5: 769050 0cd9d7fd052b5da45529447c39dec812
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 45364958 6feca8379273bfcd93509d273c80bb3d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 2801706 bcc563e78b0f45de039730d1cd1518e8
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 211060 e7c737cd2fbf96ca80fe3b5da8ab265c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 76914 42d57032d8a2f5428b2026597fa50957
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 8437612 48829e7c5fd375db1debd36b2d929efd
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 219398 b0a9ee505873fbf1c1f1b9839b8ff4a2
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 149624 0b21b6362773ee675bef15dd04cf289c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 236290 93a968fc6b14988b4ed9ea53fbddaabe
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb
Size/MD5: 682330 88de775e621fa00e144797d8512c8dad
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists