The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-690-3] Firefox vulnerabilities


<< Previous INDEX Search src / Print Next >>
Date: Wed, 17 Dec 2008 18:19:24 -0600
From: Jamie Strandboge <jamie@canonical.com.>
To: [email protected]
Subject: [USN-690-3] Firefox vulnerabilities
Message-ID: <20081218001924.GE16973@severus.strandboge.com.>
Reply-To: Jamie Strandboge <jamie@canonical.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="OaZoDhBhXzo6bW1J"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Virus-Scanned: antivirus-gw at tyumen.ru


--OaZoDhBhXzo6bW1J
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-690-3          December 18, 2008
firefox vulnerabilities
CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507,
CVE-2008-5511, CVE-2008-5512
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                         1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1

After a standard system upgrade you need to restart Firefox to effect the
necessary changes.

Details follow:

Several flaws were discovered in the browser engine. These problems could a=
llow
an attacker to crash the browser and possibly execute arbitrary code with u=
ser
privileges. (CVE-2008-5500)

Boris Zbarsky discovered that the same-origin check in Firefox could be
bypassed by utilizing XBL-bindings. An attacker could exploit this to read =
data
=66rom other domains. (CVE-2008-5503)

Marius Schilder discovered that Firefox did not properly handle redirects to
an outside domain when an XMLHttpRequest was made to a same-origin resource.
It's possible that sensitive information could be revealed in the
XMLHttpRequest response. (CVE-2008-5506)

Chris Evans discovered that Firefox did not properly protect a user's data =
when
accessing a same-domain Javascript URL that is redirected to an unparsable
Javascript off-site resource. If a user were tricked into opening a malicio=
us
website, an attacker may be able to steal a limited amount of private data.
(CVE-2008-5507)

Several flaws were discovered in the Javascript engine. If a user were tric=
ked
into opening a malicious website, an attacker could exploit this to execute
arbitrary Javascript code within the context of another website or with chr=
ome
privileges. (CVE-2008-5511, CVE-2008-5512)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614i-0ubuntu1.diff.gz
      Size/MD5:   184514 ea36713d00feb7d1a44974a0e1c7f493
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614i-0ubuntu1.dsc
      Size/MD5:     1162 6930aff7e9ed188341f10c1a410ae8ec
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614i.orig.tar.gz
      Size/MD5: 48160160 7234454384feba2cea0c2fe41c1db3f0

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1=
=2E5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_all.deb
      Size/MD5:    53606 88e207c0ae72435f1ee16e2a9198cc0d
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firef=
ox-dev_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_all.deb
      Size/MD5:    52716 720a5744971e6fdc93c6324473fce469

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.d=
fsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb
      Size/MD5: 47668874 24ebc949c4b042769d1d192cde3fad6c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.d=
fsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb
      Size/MD5:  2858706 b308aaff2727c534c0c10c938e01aca3
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-sup=
port_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb
      Size/MD5:    85988 03b8fab9f9e8c0066a2cf45c35efcb3a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb
      Size/MD5:  9491628 1bde3e7e8e4e5b7285025f3743ebdead
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fir=
efox1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb
      Size/MD5:   222272 a49b67decdfc95d1ceec3c978761e511
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefo=
x1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb
      Size/MD5:   165798 c5fc0c565b74a533e1293c1538296259
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fire=
fox1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb
      Size/MD5:   247788 d1739f167db8c0094dc14b7000ba816d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox=
1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb
      Size/MD5:   825458 0d923da8d43e1d5028f8e8347a0c01dc
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-i=
nspector_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_amd64.deb
      Size/MD5:   218528 90b4b67171bddf8e9636e8f9d8086524

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.d=
fsg+1.5.0.15~prepatch080614i-0ubuntu1_i386.deb
      Size/MD5: 44216124 36645bf7f4e758f672f6ad7bccad30d3
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.d=
fsg+1.5.0.15~prepatch080614i-0ubuntu1_i386.deb
      Size/MD5:  2858786 7b8c9f8bea221de9d15a79140adab139
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-sup=
port_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_i386.deb
      Size/MD5:    78306 3af6a143d315938d3cf6a34aed0d7455
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614i-0ubuntu1_i386.deb
      Size/MD5:  7996714 f9155efc87c724c004f0030ef7c91b7d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fir=
efox1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_i386.deb
      Size/MD5:   222276 ecc6a7ab950aad5f5c354a3ccd4ae2c3
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefo=
x1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_i386.deb
      Size/MD5:   150298 a45f3acd46bd16deca7e86e763e7b5ca
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fire=
fox1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_i386.deb
      Size/MD5:   247806 17ca19b5839bf8f936a28586592235d9
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox=
1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_i386.deb
      Size/MD5:   717050 3568cb97cab3046c01871623bb693b58
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-i=
nspector_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_i386.deb
      Size/MD5:   211710 98539293de180f0c2c490738251a4c70

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.d=
fsg+1.5.0.15~prepatch080614i-0ubuntu1_powerpc.deb
      Size/MD5: 49064930 01a7ab07783039a8d2aba382575d2c93
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.d=
fsg+1.5.0.15~prepatch080614i-0ubuntu1_powerpc.deb
      Size/MD5:  2858692 3245c1741fc0724e1d2519dff5162471
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-sup=
port_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_powerpc.deb
      Size/MD5:    81410 e31d7e4c5435b423d549451ae910bf5f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614i-0ubuntu1_powerpc.deb
      Size/MD5:  9110532 347dff9938017ab1aaaf52b46e7aeaa0
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fir=
efox1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_powerpc.deb
      Size/MD5:   222272 9f39c3f49151495effe7d158ee598942
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefo=
x1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_powerpc.deb
      Size/MD5:   163020 225f807a3352e3e2dea8da52bf7f9eaa
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fire=
fox1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_powerpc.deb
      Size/MD5:   247800 43a23378212bdf28593317558511f93d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox=
1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_powerpc.deb
      Size/MD5:   816064 6dae4206ca4eab627eec02dea32458b7
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-i=
nspector_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_powerpc.deb
      Size/MD5:   215204 c0e70554202a3213957134410f1dc53e

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.d=
fsg+1.5.0.15~prepatch080614i-0ubuntu1_sparc.deb
      Size/MD5: 45622948 fd76934bc9197987941387d75d320d3a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.d=
fsg+1.5.0.15~prepatch080614i-0ubuntu1_sparc.deb
      Size/MD5:  2858776 1568836552f71509bb5c03d5bf2d4a26
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-sup=
port_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_sparc.deb
      Size/MD5:    79900 dfcbbb0101e4ee0f8d4535ed13968d83
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614i-0ubuntu1_sparc.deb
      Size/MD5:  8497250 cc23bc0a806da4b69f58a93c653b6418
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fir=
efox1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_sparc.deb
      Size/MD5:   222280 30723d627fbaf0c46ea538fe66a06c4c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefo=
x1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_sparc.deb
      Size/MD5:   152926 a1485715cdc0678bafb30f0531308982
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fire=
fox1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_sparc.deb
      Size/MD5:   247788 6aa8bd3cc4819eea10d4021007dd74e3
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox=
1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_sparc.deb
      Size/MD5:   727496 0e55e59e84fca0f8e4d29fa3ac9731c2
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-i=
nspector_1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1_sparc.deb
      Size/MD5:   212662 97f40e7b5fc4479807698e8248c88890



--OaZoDhBhXzo6bW1J
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklJlwwACgkQW0JvuRdL8BrjbgCeOqTJsQ31kYXjPUt8T9tIDNDU
abMAniOPCL0xfoDxkRiwEofMC0W/q0qc
=kb02
-----END PGP SIGNATURE-----

--OaZoDhBhXzo6bW1J--


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру