Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Ubuntu: USN-717-3 Critical: Firefox Script Bypass and Cookie Access

Calendar Feb 11, 2009 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical Ubuntu firefox cookie access bypass scripting issue
Kojima Hajime discovered that Firefox did not properly handle an escaped nullcharacter. An attacker may be able to exploit this flaw to bypass scriptsanitization. (CVE-2008-5510) 
==========================================================Ubuntu Security Notice USN-717-3          February 11, 2009
firefox vulnerabilities
CVE-2008-5510, CVE-2009-0357
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                         1.5.dfsg+1.5.0.15~prepatch080614j-0ubuntu1

After a standard system upgrade you need to restart Firefox to effect the
necessary changes.

Details follow:

Kojima Hajime discovered that Firefox did not properly handle an escaped null
character. An attacker may be able to exploit this flaw to bypass script
sanitization. (CVE-2008-5510)

Wladimir Palant discovered that Firefox did not restrict access to cookies in
HTTP response headers. If a user were tricked into opening a malicious web
page, a remote attacker could view sensitive information. (CVE-2009-0357)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   184569 201540f2560ee07d0a7b30d367ce41bd
          Size/MD5:     1800 e8a6f2726dbc06dade12a0ebc19c7fae
          Size/MD5: 48454140 496d1a74f2a98e8983737a874a9db29f

  Architecture independent packages:

          Size/MD5:    53638 9a18c7067527411eababced232354e7c
          Size/MD5:    52746 fa9d687831d30b8f8ef39da07c7a1ff4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5: 47675616 d3b427dc0d4db0eebb5f3147ce3d29bb
          Size/MD5:  3045278 1683527a70cdf674f7b711ad559db6b4
          Size/MD5:    85802 d88ad731cdfc825cb1f88ad91d8fbe2d
          Size/MD5:  9522850 b6d18064354f4e733894ce40fe048be4
          Size/MD5:   228116 90343b0a500020dd643c049164ba9c93
          Size/MD5:   165590 3c2be076fb6d9c61cb42d938a90b93d2
          Size/MD5:   254734 4198117776b43f20ca6d70b554b81db7
          Size/MD5:   826298 b88f70f60cb48caa96add58750e5b4bd
          Size/MD5:   218730 e76dcc4583433117dbd7b81a77a858f5

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5: 44222898 8c37f41c90782d6f7a1bef130a33bebc
          Size/MD5:  3042728 4542d11b7a0d330ba036246b518b7348
          Size/MD5:    78320 a09d5ac38d8656b09b02f61de4a3a848
          Size/MD5:  8031042 89edcd5c182b752bd4a81d53bb4fcf9c
          Size/MD5:   226174 0837e3ee67b4f6cde742c775e037f458
          Size/MD5:   150976 6405eb0e815c96e8627f2b4d136eff11
          Size/MD5:   255144 0e40cab26f0632c3d8687def727799c5
          Size/MD5:   716692 950b133f03721a6e850c39374211eed9
          Size/MD5:   212318 32b6d850fe57e89ae8646adb606552df

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5: 49080148 8c660c35194a0d6ea0eaef04217fabee
          Size/MD5:  2858774 459ccaa976dadf0a084d79a749a1117e
          Size/MD5:    81422 ebce34e5fbdc9f9512eb52ff4722ae5b
          Size/MD5:  9112744 6b2cda45169a8a9bb7b13afd2698a304
          Size/MD5:   222260 6aae274c9ced525cd99cc4995a893118
          Size/MD5:   163044 390f958f20ee78f041342d934b67edcd
          Size/MD5:   247834 3a4363d4e6b72e79826f46013328d975
          Size/MD5:   816088 69bf430f8f920576685682d684dd0159
          Size/MD5:   215280 33d4ae48f71b7ac9c0b8a3ddaccbe9b9

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5: 45627582 86289259deef3338488deff398981f8f
          Size/MD5:  2858786 b846d70d98da5c911c56175900f38561
          Size/MD5:    79926 b001d774bd2f4eeba25abe99aaf806f1
          Size/MD5:  8498570 191dac8aa9174eefd1a0bdfe212b453a
          Size/MD5:   222282 2dc8e2df944c5d49c4e7a409077eb3ff
          Size/MD5:   152948 68af6ea71c2386cff897d0862f2025ab
          Size/MD5:   247844 243fcbcde87e019f0e81748b9db25014
          Size/MD5:   727550 dcb087f639cc1fe8be4fea51c4034d28
          Size/MD5:   212730 d74dc227e12ba13b96cb586edefe1c90

Ubuntu: USN-717-3 Critical: Firefox Script Bypass and Cookie Access

ubuntu
Calendar Grey February 11, 2009
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-718-1 details significant vulnerabilities in Chromium and recommends comprehensive safeguards.
Kojima Hajime discovered that Firefox did not properly handle an escaped nullcharacter

Summary

Topics%20covered

Topics Covered

security advisory critical Ubuntu firefox cookie access bypass scripting issue

Update Instructions

References

Severity
critical
Lowest
Low
Medium
High
Critical

firefox vulnerabilities

Topics%20covered

Topics Covered

security advisory critical Ubuntu firefox cookie access bypass scripting issue

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here