Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-930-3] Firefox regression
From: Jamie Strandboge <jamie () canonical com>
Date: Wed, 30 Jun 2010 14:40:20 -0500

===========================================================
Ubuntu Security Notice USN-930-3              June 30, 2010
firefox regression
https://launchpad.net/bugs/600022
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  apturl                          0.2.2ubuntu1.2
  firefox-3.0                     3.6.6+nobinonly-0ubuntu0.8.04.2

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Details follow:

USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging
problem, the Firefox 3.6 update could not be installed when the firefox-2
package was also installed. This update fixes the problem and updates
apturl for the change.

Original advisory details:

 If was discovered that Firefox could be made to access freed memory. If a
 user were tricked into viewing a malicious site, a remote attacker could
 cause a denial of service or possibly execute arbitrary code with the
 privileges of the user invoking the program. This issue only affected
 Ubuntu 8.04 LTS. (CVE-2010-1121)
 
 Several flaws were discovered in the browser engine of Firefox. If a
 user were tricked into viewing a malicious site, a remote attacker could
 cause a denial of service or possibly execute arbitrary code with the
 privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201,
 CVE-2010-1202, CVE-2010-1203)
 
 A flaw was discovered in the way plugin instances interacted. An attacker
 could potentially exploit this and use one plugin to access freed memory from a
 second plugin to execute arbitrary code with the privileges of the user
 invoking the program. (CVE-2010-1198)
 
 An integer overflow was discovered in Firefox. If a user were tricked into
 viewing a malicious site, an attacker could overflow a buffer and cause a
 denial of service or possibly execute arbitrary code with the privileges of
 the user invoking the program. (CVE-2010-1196)
 
 Martin Barbella discovered an integer overflow in an XSLT node sorting
 routine. An attacker could exploit this to overflow a buffer and cause a
 denial of service or possibly execute arbitrary code with the privileges of
 the user invoking the program. (CVE-2010-1199)
 
 Michal Zalewski discovered that the focus behavior of Firefox could be
 subverted. If a user were tricked into viewing a malicious site, a remote
 attacker could use this to capture keystrokes. (CVE-2010-1125)
 
 Ilja van Sprundel discovered that the 'Content-Disposition: attachment'
 HTTP header was ignored when 'Content-Type: multipart' was also present.
 Under certain circumstances, this could potentially lead to cross-site
 scripting attacks. (CVE-2010-1197)
 
 Amit Klein discovered that Firefox did not seed its random number generator
 often enough. An attacker could exploit this to identify and track users
 across different web sites. (CVE-2008-5913)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apturl/apturl_0.2.2ubuntu1.2.dsc
      Size/MD5:     1183 a6e321f732b396c896c583fbed3ba1fb
    http://security.ubuntu.com/ubuntu/pool/main/a/apturl/apturl_0.2.2ubuntu1.2.tar.gz
      Size/MD5:    18845 a29deaac412aa806ac824251a0dd6842
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.6+nobinonly-0ubuntu0.8.04.2.diff.gz
      Size/MD5:   133729 bb6f8f16bf270e6b6fab61832c3635a1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.6+nobinonly-0ubuntu0.8.04.2.dsc
      Size/MD5:     2457 54e1b873ecd3da88004f1245ee94d1ac
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.6+nobinonly.orig.tar.gz
      Size/MD5: 49863533 683b70c4ef74c32db815b1ae6215ba2a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/apturl/apturl_0.2.2ubuntu1.2_all.deb
      Size/MD5:    12110 967b3f1c988d7082a027268edff8fc2d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
      Size/MD5:    69814 92cfdaa9311e0ba9b7a6c7b3ace0eecb
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
      Size/MD5:    69634 a4e68b180b5b8aa6194b71175ef35b95
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
      Size/MD5:    69660 8d1c4b7dfe03c98880225b488648e97b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
      Size/MD5:    70042 3ca7b6865fce10cfb37f342b8e38ed4e
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
      Size/MD5:    69652 740bf0069ac8f9794ea2905ff76a7439
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
      Size/MD5:    69644 704d0508860190bd97a7bac4c9caa54b
    
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
      Size/MD5:    69672 13f65e160a7f98c776fe50513f69a108
    
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
      Size/MD5:    69642 a047bae5f8544e3df24fb1f1977cfb39
    
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
      Size/MD5:    69634 1ba2b60664ec4b30e208726c92d8cec4
    
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
      Size/MD5:    69662 6e42491b42fcf88a69efd4dd669500bb
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
      Size/MD5:    69632 2c644abffef717ed55c8d2f8f170f208

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
      Size/MD5:   193498 692e078687b4e15fecf78efc756109e1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
      Size/MD5:   197052 107f23abaa027339672b817a37ad687a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
      Size/MD5: 61790646 09b3ef5b95bfc25973900771817af969
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
      Size/MD5:    69752 134807027017fce8048a2d6b3db450fd
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
      Size/MD5:   117516 f17561f5ab69da78489720cb8ba4cec6
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
      Size/MD5:    70122 ed8b71c9de53b1a2e0178e2955899c3c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
      Size/MD5: 12572150 a69167e70b2e351c07720fb101bf43ea

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
      Size/MD5:   193492 d3742d0039175aeba66b2231a85ac295
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
      Size/MD5:   197054 116890340b7db7c131bc7c31c6ec5c6b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
      Size/MD5: 61374450 ab310dda4e9a2a2eb711d644befb864e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
      Size/MD5:    69754 02f37b84f929e83dc8519eec42be9dd1
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
      Size/MD5:   112778 816b1c00602a24cc5740e37372bdda35
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
      Size/MD5:    70116 52cf4bd3e00938008816315c1e658abb
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
      Size/MD5: 11084316 ab1cc2959cf186cfb38d367d4029aaaa

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
      Size/MD5:   193480 c317ec3d4b4b58efdec08c7202c015c2
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
      Size/MD5:   197050 b49f2e88a946838e93200965abaff104
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
      Size/MD5: 55664396 471593992f81cfa99d9b2fffa2779410
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
      Size/MD5:    69748 ddbae127bf716b6c40df2ff11c868f47
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
      Size/MD5:   112596 04949dd13f329f25dcf288eaa8b521c2
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
      Size/MD5:    70114 cbfc4b3882cdd56cd8ecd37821871b92
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
      Size/MD5: 10533860 a496862cc4e86804ee566daaf12ce47d

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
      Size/MD5:   193502 ceb1c3bfc323acd90ba548519943b027
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
      Size/MD5:   197056 fd418c9af8d25497a3b410c6ba65f071
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
      Size/MD5: 57219046 8b47cd45058bb5cbaefaa41379085ce5
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
      Size/MD5:    69760 d141a06937b50b6c0613f0f0b713a5e3
    
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
      Size/MD5:   117864 69abfc22c541571edc7a987019e69df6
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
      Size/MD5:    70126 d688bd6e0165212cdceabf92ca6375f8
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
      Size/MD5: 11621258 d84ceded5051f1265dd09289992fe385



Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-930-3] Firefox regression Jamie Strandboge (Jun 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]