Ubuntu 1924-2: Ubufox and Unity Firefox Extension update

    Date06 Aug 2013
    CategoryUbuntu
    55
    Posted ByLinuxSecurity Advisories
    This update provides compatible packages for Firefox 23.
    ==========================================================================
    Ubuntu Security Notice USN-1924-2
    August 06, 2013
    
    ubufox, unity-firefox-extension update
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 13.04
    - Ubuntu 12.10
    - Ubuntu 12.04 LTS
    
    Summary:
    
    This update provides compatible packages for Firefox 23.
    
    Software Description:
    - ubufox: Ubuntu Firefox specific configuration defaults and apt support
    - unity-firefox-extension: Unity Integration for Firefox
    
    Details:
    
    USN-1924-1 fixed vulnerabilities in Firefox. This update provides the
    corresponding updates for Ubufox and Unity Firefox Extension.
    
    Original advisory details:
    
     Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler,
     Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered
     multiple memory safety issues in Firefox. If the user were tricked in to
     opening a specially crafted page, an attacker could possibly exploit these
     to cause a denial of service via application crash, or potentially execute
     arbitrary code with the privileges of the user invoking Firefox.
     (CVE-2013-1701, CVE-2013-1702)
     
     A use-after-free bug was discovered when the DOM is modified during a
     SetBody mutation event. If the user were tricked in to opening a specially
     crafted page, an attacker could potentially exploit this to execute
     arbitrary code with the privileges of the user invoking Firefox.
     (CVE-2013-1704)
     
     A use-after-free bug was discovered when generating a CRMF request with
     certain parameters. If the user were tricked in to opening a specially
     crafted page, an attacker could potentially exploit this to execute
     arbitrary code with the privileges of the user invoking Firefox.
     (CVE-2013-1705)
     
     Aki Helin discovered a crash when decoding a WAV file in some
     circumstances. An attacker could potentially exploit this to cause a
     denial of service. (CVE-2013-1708)
     
     It was discovered that a document's URI could be set to the URI of
     a different document. An attacker could potentially exploit this to
     conduct cross-site scripting (XSS) attacks. (CVE-2013-1709)
     
     A flaw was discovered when generating a CRMF request in certain
     circumstances. An attacker could potentially exploit this to conduct
     cross-site scripting (XSS) attacks, or execute arbitrary code with the
     privileges of the user invoking Firefox. (CVE-2013-1710)
     
     Bobby Holley discovered that XBL scopes could be used to circumvent
     XrayWrappers in certain circumstances. An attacked could potentially
     exploit this to conduct cross-site scripting (XSS) attacks or cause
     undefined behaviour. (CVE-2013-1711)
     
     Cody Crews discovered that some Javascript components performed security
     checks against the wrong URI, potentially bypassing same-origin policy
     restrictions. An attacker could exploit this to conduct cross-site
     scripting (XSS) attacks or install addons from a malicious site.
     (CVE-2013-1713)
     
     Federico Lanusse discovered that web workers could bypass cross-origin
     checks when using XMLHttpRequest. An attacker could potentially exploit
     this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1714)
     
     Georgi Guninski and John Schoenick discovered that Java applets could
     access local files under certain circumstances. An attacker could
     potentially exploit this to steal confidential data. (CVE-2013-1717)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 13.04:
      xul-ext-ubufox                  2.7-0ubuntu0.13.04.1
    
    Ubuntu 12.10:
      xul-ext-ubufox                  2.7-0ubuntu0.12.10.1
      xul-ext-unity                   2.4.7-0ubuntu0.2
    
    Ubuntu 12.04 LTS:
      xul-ext-ubufox                  2.7-0ubuntu0.12.04.1
    
    After a standard system update you need to restart Firefox to make
    all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-1924-2
      http://www.ubuntu.com/usn/usn-1924-1
      https://launchpad.net/bugs/1208039
    
    Package Information:
      https://launchpad.net/ubuntu/+source/ubufox/2.7-0ubuntu0.13.04.1
      https://launchpad.net/ubuntu/+source/ubufox/2.7-0ubuntu0.12.10.1
      https://launchpad.net/ubuntu/+source/unity-firefox-extension/2.4.7-0ubuntu0.2
      https://launchpad.net/ubuntu/+source/ubufox/2.7-0ubuntu0.12.04.1
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"38","type":"x","order":"1","pct":52.05,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.7,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.25,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.