[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070127013746.GT2912@outflux.net>
Date: Fri, 26 Jan 2007 17:37:46 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-398-4] Firefox regression
===========================================================
Ubuntu Security Notice USN-398-4 January 27, 2007
firefox regression
https://launchpad.net/bugs/77859
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
firefox 1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1
Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1
After a standard system upgrade you need to restart Firefox to effect
the necessary changes.
Details follow:
USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when
auto-filling saved-password login forms without a username field,
Firefox would crash. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)
Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
malicious web page containing JavaScript. (CVE-2006-6503)
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1.diff.gz
Size/MD5: 177581 9b53de9f6503f646717dd333edd8f147
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1.dsc
Size/MD5: 1060 af80befe4baf6e7a63dd189278839480
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9.orig.tar.gz
Size/MD5: 44874639 3a812560d4b85bf878bba9ca961b26b7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_all.deb
Size/MD5: 49800 b5dbc793061e8f1203ed989ef2454bc7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_all.deb
Size/MD5: 50688 01efc07ddbff2c5a3f8691aa91c5a4b8
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_amd64.deb
Size/MD5: 3155128 95cfbd77ed46121ff914f9e9fa43623d
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_amd64.deb
Size/MD5: 216710 6f467785b059d6eca05faff473189fe7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_amd64.deb
Size/MD5: 83018 d3d0aa27df9c2b3389e34a117e93886e
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_amd64.deb
Size/MD5: 10236156 ef6ebdfd9e18a0a1629763dd7fc97517
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_i386.deb
Size/MD5: 3155148 1c5c6876da0cc9f0edb80004b974d52a
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_i386.deb
Size/MD5: 210246 186b27c34724e7d975c5e552883d39be
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_i386.deb
Size/MD5: 75426 e146ac105edd51d0e02c694c70ea7ef2
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_i386.deb
Size/MD5: 8665444 0be9969fa43f8b49960ae4a554bf4c04
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_powerpc.deb
Size/MD5: 3155158 6e0b4c5e109aba254079bdf91fb8eb25
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_powerpc.deb
Size/MD5: 213646 2fbfad91065c6b04ec01327068758cc0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_powerpc.deb
Size/MD5: 78624 42dc1282a625a1754283850475aa4e59
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_powerpc.deb
Size/MD5: 9846152 c107484362ba9761e7214815f9b66711
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_sparc.deb
Size/MD5: 3155252 cb24c2658d83c77cbf2813fae8f2191f
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_sparc.deb
Size/MD5: 211202 61fd3bfd2cc747787018e6832c814c7a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_sparc.deb
Size/MD5: 77010 dd5dd13d89c13fe44a3c2c76d3365a1c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1_sparc.deb
Size/MD5: 9178540 64c37a67c934bad7d86076cab6a6f3a8
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1.diff.gz
Size/MD5: 177979 557c44cc6c2500d6f342450979cb6be1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1.dsc
Size/MD5: 1117 7e8096909dee45e293c4e0f673f5e9b0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9.orig.tar.gz
Size/MD5: 44874639 3a812560d4b85bf878bba9ca961b26b7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_all.deb
Size/MD5: 49812 7854563947bbbc8195a11af9842946d8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_all.deb
Size/MD5: 50700 e51a62b89a5fda6b195b708852e1e3b5
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 47406864 b113c262e59309c5a3dff2e0a7a61700
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 2801622 6a90a8ff153e6170557b01e3a489f22f
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 216748 9fc0e8b581e5d194d2152478cc4e4307
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 83002 c0a41cb329b58013302e62ecb9022df5
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 9428466 1c98bf4a993dcb8ea2c8c8c3e3863e62
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 219448 9b1e42b16e42881677c07a4db608804d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 162498 c979e7f22686bcd42bffd149027ef922
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 236362 4572fca2f2df6fb5e77af2d6a3847cc6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 758168 b30697faa7fb430f592bf1aa631d2d70
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
Size/MD5: 43974030 6022783bbfbd8e3ecf2bcf6b8bc26f11
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
Size/MD5: 2801710 125c6de5d86324b20f40b0f6c030a708
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
Size/MD5: 210176 b06f333d8d415ce76350ecd7d95f4dcd
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
Size/MD5: 75394 0af7777b392baf3a8a2fdc3b32e26c34
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
Size/MD5: 7944252 550a36ee7add6b76d331f6295f92a147
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
Size/MD5: 219432 ac902c9cf91abb32ceca32c93a52d846
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
Size/MD5: 147164 c4fe716b77a16c342733d3120194dd5a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
Size/MD5: 236352 30ef069f2e662093ea0049f7d681ae7e
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_i386.deb
Size/MD5: 670306 08a71565579c7c3995e110a7606e4f79
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 48788298 c0be007419d054c8be7aa68a19ce5e53
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 2801704 fe1800b652445cec3df20eddf04edd15
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 213618 8a80d992e2145d4cacd89321cf4f633f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 78508 c970a49cc485e9b12114991956de790d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 9047878 24ae15763d644004d7637906eb0bd3c5
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 219456 d74feee574b4066385d9231445869781
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 159754 21f199b4e275624eb1fcf00be9f5f272
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 236358 90b858e1a1a77f9c5798551f28dd0cb6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 769096 84de135a18e371c088ac3a58d4594916
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 45365336 e84c066990d9ad4dd8f45a21cdaf8d2a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 2801624 cf0964e13b5372390553741809f4d8ea
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 211120 297ee23d36c2ce4ce592479d883c06f6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 76954 d6f76f8bcd8b21178a8d90c741a69e3b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 8437784 6e9a0809a6d7b19c8b97eaac03ece1e5
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 219446 1dba167ed97a25b5dbeb6e00b45f5db9
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 149678 b79bb4be820b2f8abfd95bd5f7629dfd
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 236364 97fee71d37edfa37e53ec9e9d935c4a6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 682392 31ac0ad91f371f542d2dd63275bbe411
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists