lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090306003613.GB8444@severus.strandboge.com>
Date: Thu, 5 Mar 2009 18:36:13 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-728-2] Firefox vulnerabilities

===========================================================
Ubuntu Security Notice USN-728-2             March 06, 2009
firefox vulnerabilities
CVE-2009-0772, CVE-2009-0774, CVE-2009-0776
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  firefox                         2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1

After a standard system upgrade you need to restart Firefox to effect the
necessary changes.

Details follow:

Jesse Ruderman and Gary Kwong discovered flaws in the browser engine.
If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service or possibly execute arbitrary
code with the privileges of the user invoking the program.
(CVE-2009-0772, CVE-2009-0774)

Georgi Guninski discovered a flaw when Firefox performed a
cross-domain redirect. An attacker could bypass the same-origin policy
in Firefox by utilizing nsIRDFService and steal private data from
users authenticated to the redirected website. (CVE-2009-0776)


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1.diff.gz
      Size/MD5:   194047 099271c2ea597d2a115b3be40995b2c7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1.dsc
      Size/MD5:     2340 63a3a1d155642b593de0ea6f4e7692de
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~tb.21+nobinonly.orig.tar.gz
      Size/MD5: 37774008 b2ba5de5a4123fb7e9a796cf790e8315

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_all.deb
      Size/MD5:   201048 c24401e053bc602c592bd8a6dfe919c5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_amd64.deb
      Size/MD5: 78166004 07ac094a00f59264c33d5ef3010016e1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_amd64.deb
      Size/MD5:  3203128 8afc60d5fc1e8b9975648a0b29adbcc7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_amd64.deb
      Size/MD5:    98360 efde6e650c8e51c0cc18691a3a5c6fcd
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_amd64.deb
      Size/MD5:    67414 c5901a62027583b17b0e9ad3206dc97b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_amd64.deb
      Size/MD5: 10469312 8eea2241465336d5ea9d41eefecec737

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_i386.deb
      Size/MD5: 77309416 0338ce165f4a8491a962489b8e71ae4f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_i386.deb
      Size/MD5:  3191016 08e9a1379c006a822f728b480c81d5ca
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_i386.deb
      Size/MD5:    92086 9af96f24ebe279862df72a913d4d8f7b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_i386.deb
      Size/MD5:    66690 5a02205c5307f59398ad670273b415d7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_i386.deb
      Size/MD5:  9210704 dcec421746059ebdbdaae9dd1cf0ff43

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/firefox/firefox-dbg_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_lpia.deb
      Size/MD5: 77579288 00f0752dc0e48c926e61ed3043234cf9
    http://ports.ubuntu.com/pool/main/f/firefox/firefox-dev_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:  3188640 11596823330f193c75d84e9065052f1d
    http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:    91748 f063e011410244eeb33f64d9504ad4a0
    http://ports.ubuntu.com/pool/main/f/firefox/firefox-libthai_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:    66636 bed3e1795c9b6cf073dc5d4b21ac0866
    http://ports.ubuntu.com/pool/main/f/firefox/firefox_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:  9071204 dda4ba5582f1013f0447dd6084dbc4b8

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5: 80777664 2f86b2bbf427f5cd9ad4230f87aab6a1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5:  3206352 e4adf960e211dbe93c7cb70a3d8cae75
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    96424 c005071737505b567f60f1d453baae1a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    67694 b0af3582bb18d21a1f4b8a9ab8337fcd
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5: 10313582 ab429fc180c403c804ed6b387de9427c

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_sparc.deb
      Size/MD5: 78135176 6c21f46463479bd7ee265bdfda6c56f7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:  3188258 d64a8e32dc28d89b27acf203718a18eb
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:    91868 8f1982672a49fc6a3b4c143f908a323b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:    66766 72ea8ae2a21540c480e979b65d971ba8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:  9464780 66cd0a187121b63fbc050c52e1b9e59c



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@...ts.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ