lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070127013746.GT2912@outflux.net>
Date: Fri, 26 Jan 2007 17:37:46 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-398-4] Firefox regression

=========================================================== 
Ubuntu Security Notice USN-398-4           January 27, 2007
firefox regression
https://launchpad.net/bugs/77859
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  firefox                                  1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1

Ubuntu 6.06 LTS:
  firefox                                  1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1

After a standard system upgrade you need to restart Firefox to effect 
the necessary changes.

Details follow:

USN-398-2 fixed vulnerabilities in Firefox 1.5.  However, when 
auto-filling saved-password login forms without a username field, 
Firefox would crash.  This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Various flaws have been reported that allow an attacker to execute
 arbitrary code with user privileges by tricking the user into opening
 a malicious web page containing JavaScript or SVG.  (CVE-2006-6497, 
 CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, 
 CVE-2006-6504)

 Various flaws have been reported that allow an attacker to bypass 
 Firefox's internal XSS protections by tricking the user into opening a 
 malicious web page containing JavaScript.  (CVE-2006-6503)


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1.diff.gz
      Size/MD5:   177581 9b53de9f6503f646717dd333edd8f147
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1.dsc
      Size/MD5:     1060 af80befe4baf6e7a63dd189278839480
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9.orig.tar.gz
      Size/MD5: 44874639 3a812560d4b85bf878bba9ca961b26b7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_all.deb
      Size/MD5:    49800 b5dbc793061e8f1203ed989ef2454bc7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_all.deb
      Size/MD5:    50688 01efc07ddbff2c5a3f8691aa91c5a4b8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_amd64.deb
      Size/MD5:  3155128 95cfbd77ed46121ff914f9e9fa43623d
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_amd64.deb
      Size/MD5:   216710 6f467785b059d6eca05faff473189fe7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_amd64.deb
      Size/MD5:    83018 d3d0aa27df9c2b3389e34a117e93886e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_amd64.deb
      Size/MD5: 10236156 ef6ebdfd9e18a0a1629763dd7fc97517

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_i386.deb
      Size/MD5:  3155148 1c5c6876da0cc9f0edb80004b974d52a
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_i386.deb
      Size/MD5:   210246 186b27c34724e7d975c5e552883d39be
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_i386.deb
      Size/MD5:    75426 e146ac105edd51d0e02c694c70ea7ef2
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_i386.deb
      Size/MD5:  8665444 0be9969fa43f8b49960ae4a554bf4c04

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_powerpc.deb
      Size/MD5:  3155158 6e0b4c5e109aba254079bdf91fb8eb25
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_powerpc.deb
      Size/MD5:   213646 2fbfad91065c6b04ec01327068758cc0
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_powerpc.deb
      Size/MD5:    78624 42dc1282a625a1754283850475aa4e59
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_powerpc.deb
      Size/MD5:  9846152 c107484362ba9761e7214815f9b66711

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_sparc.deb
      Size/MD5:  3155252 cb24c2658d83c77cbf2813fae8f2191f
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_sparc.deb
      Size/MD5:   211202 61fd3bfd2cc747787018e6832c814c7a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_sparc.deb
      Size/MD5:    77010 dd5dd13d89c13fe44a3c2c76d3365a1c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_sparc.deb
      Size/MD5:  9178540 64c37a67c934bad7d86076cab6a6f3a8

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1.diff.gz
      Size/MD5:   177979 557c44cc6c2500d6f342450979cb6be1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1.dsc
      Size/MD5:     1117 7e8096909dee45e293c4e0f673f5e9b0
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9.orig.tar.gz
      Size/MD5: 44874639 3a812560d4b85bf878bba9ca961b26b7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_all.deb
      Size/MD5:    49812 7854563947bbbc8195a11af9842946d8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_all.deb
      Size/MD5:    50700 e51a62b89a5fda6b195b708852e1e3b5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
      Size/MD5: 47406864 b113c262e59309c5a3dff2e0a7a61700
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:  2801622 6a90a8ff153e6170557b01e3a489f22f
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   216748 9fc0e8b581e5d194d2152478cc4e4307
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:    83002 c0a41cb329b58013302e62ecb9022df5
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:  9428466 1c98bf4a993dcb8ea2c8c8c3e3863e62
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   219448 9b1e42b16e42881677c07a4db608804d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   162498 c979e7f22686bcd42bffd149027ef922
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   236362 4572fca2f2df6fb5e77af2d6a3847cc6
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   758168 b30697faa7fb430f592bf1aa631d2d70

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
      Size/MD5: 43974030 6022783bbfbd8e3ecf2bcf6b8bc26f11
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
      Size/MD5:  2801710 125c6de5d86324b20f40b0f6c030a708
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   210176 b06f333d8d415ce76350ecd7d95f4dcd
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
      Size/MD5:    75394 0af7777b392baf3a8a2fdc3b32e26c34
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
      Size/MD5:  7944252 550a36ee7add6b76d331f6295f92a147
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   219432 ac902c9cf91abb32ceca32c93a52d846
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   147164 c4fe716b77a16c342733d3120194dd5a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   236352 30ef069f2e662093ea0049f7d681ae7e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   670306 08a71565579c7c3995e110a7606e4f79

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5: 48788298 c0be007419d054c8be7aa68a19ce5e53
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:  2801704 fe1800b652445cec3df20eddf04edd15
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   213618 8a80d992e2145d4cacd89321cf4f633f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:    78508 c970a49cc485e9b12114991956de790d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:  9047878 24ae15763d644004d7637906eb0bd3c5
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   219456 d74feee574b4066385d9231445869781
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   159754 21f199b4e275624eb1fcf00be9f5f272
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   236358 90b858e1a1a77f9c5798551f28dd0cb6
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   769096 84de135a18e371c088ac3a58d4594916

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
      Size/MD5: 45365336 e84c066990d9ad4dd8f45a21cdaf8d2a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:  2801624 cf0964e13b5372390553741809f4d8ea
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   211120 297ee23d36c2ce4ce592479d883c06f6
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:    76954 d6f76f8bcd8b21178a8d90c741a69e3b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:  8437784 6e9a0809a6d7b19c8b97eaac03ece1e5
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   219446 1dba167ed97a25b5dbeb6e00b45f5db9
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   149678 b79bb4be820b2f8abfd95bd5f7629dfd
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   236364 97fee71d37edfa37e53ec9e9d935c4a6
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   682392 31ac0ad91f371f542d2dd63275bbe411


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ