Ubuntu 1192-2: Mozvoikko update

    Date17 Aug 2011
    CategoryUbuntu
    42
    Posted ByLinuxSecurity Advisories
    This update provides a compatible Mozvoikko for Firefox 6.
    ==========================================================================
    Ubuntu Security Notice USN-1192-2
    August 17, 2011
    
    mozvoikko update
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 11.04
    
    Summary:
    
    This update provides a compatible Mozvoikko for Firefox 6.
    
    Software Description:
    - mozvoikko: Finnish spell-checker extension for Firefox
    
    Details:
    
    USN-1192-1 fixed vulnerabilities in Firefox. This update provides an
    updated Mozvoikko for use with Firefox 6.
    
    Original advisory details:
    
     Aral Yaman discovered a vulnerability in the WebGL engine. An attacker
     could potentially use this to crash Firefox or execute arbitrary code with
     the privileges of the user invoking Firefox. (CVE-2011-2989)
     
     Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An
     attacker could potentially use this to crash Firefox or execute arbitrary
     code with the privileges of the user invoking Firefox. (CVE-2011-2991)
     
     Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg
     reader. An attacker could potentially use this to crash Firefox or execute
     arbitrary code with the privileges of the user invoking Firefox.
     (CVE-2011-2991)
     
     Robert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn
     Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple
     memory vulnerabilities in the browser rendering engine. An attacker could
     use these to possibly execute arbitrary code with the privileges of the
     user invoking Firefox. (CVE-2011-2985)
     
     Rafael Gieschke discovered that unsigned JavaScript could call into a
     script inside a signed JAR. This could allow an attacker to execute
     arbitrary code with the identity and permissions of the signed JAR.
     (CVE-2011-2993)
     
     Michael Jordon discovered that an overly long shader program could cause a
     buffer overrun. An attacker could potentially use this to crash Firefox or
     execute arbitrary code with the privileges of the user invoking Firefox.
     (CVE-2011-2988)
     
     Michael Jordon discovered a heap overflow in the ANGLE library used in
     Firefox's WebGL implementation. An attacker could potentially use this to
     crash Firefox or execute arbitrary code with the privileges of the user
     invoking Firefox. (CVE-2011-2987)
     
     It was discovered that an SVG text manipulation routine contained a
     dangling pointer vulnerability. An attacker could potentially use this to
     crash Firefox or execute arbitrary code with the privileges of the user
     invoking Firefox. (CVE-2011-0084)
     
     Mike Cardwell discovered that Content Security Policy violation reports
     failed to strip out proxy authorization credentials from the list of
     request headers. This could allow a malicious website to capture proxy
     authorization credentials. Daniel Veditz discovered that redirecting to a
     website with Content Security Policy resulted in the incorrect resolution
     of hosts in the constructed policy. This could allow a malicious website to
     circumvent the Content Security Policy of another website. (CVE-2011-2990)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 11.04:
      xul-ext-mozvoikko               1.9.0~svn20101114r3591-0ubuntu3.11.04.2
    
    After a standard system update you need to restart Firefox to make
    all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-1192-2
      http://www.ubuntu.com/usn/usn-1192-1
      https://launchpad.net/bugs/825459
    
    Package Information:
      https://launchpad.net/ubuntu/+source/mozvoikko/1.9.0~svn20101114r3591-0ubuntu3.11.04.2
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.