Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [USN-398-1] Firefox vulnerabilities
From: Scott <geekboy () angrykeyboarder com>
Date: Tue, 02 Jan 2007 22:23:32 -0700

Kees Cook spake thusly on 01/02/2007 07:41 PM:
=========================================================== Ubuntu Security Notice USN-398-1 January 02, 2007
firefox vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506,
CVE-2006-6507
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  firefox                                  2.0.0.1+0dfsg-0ubuntu0.6.10
  firefox-dev                              2.0.0.1+0dfsg-0ubuntu0.6.10
  libnspr-dev                              2.0.0.1+0dfsg-0ubuntu0.6.10
  libnspr4                                 2.0.0.1+0dfsg-0ubuntu0.6.10
  libnss-dev                               2.0.0.1+0dfsg-0ubuntu0.6.10
  libnss3                                  2.0.0.1+0dfsg-0ubuntu0.6.10

After a standard system upgrade you need to restart Firefox to effect the necessary changes.

Details follow:

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504)

Various flaws have been reported that allow an attacker to bypass Firefox's internal XSS protections by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-6503, CVE-2006-6507)

Jared Breland discovered that the "Feed Preview" feature could leak referrer information to remote servers. (CVE-2006-6506)


We're getting better.  This one only took 9 days...

http://www.mozilla.com/en-US/firefox/2.0.0.1/releasenotes/

--


--
        Scott
http://angrykeyboarder.com
¬© 2007 angrykeyboarder‚ĄĘ & Elmer Fudd. All Wights Wesewved


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault