mailing list archives
Re: [USN-398-1] Firefox vulnerabilities
From: Scott <geekboy () angrykeyboarder com>
Date: Tue, 02 Jan 2007 22:23:32 -0700
Kees Cook spake thusly on 01/02/2007 07:41 PM:
Ubuntu Security Notice USN-398-1 January 02, 2007
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506,
A security issue affects the following Ubuntu releases:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
After a standard system upgrade you need to restart Firefox to effect
the necessary changes.
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
Jared Breland discovered that the "Feed Preview" feature could leak
referrer information to remote servers. (CVE-2006-6506)
We're getting better. This one only took 9 days...
© 2007 angrykeyboarder™ & Elmer Fudd. All Wights Wesewved
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/