Ubuntu 728-1: Firefox and Xulrunner vulnerabilities

==========================================================Ubuntu Security Notice USN-728-1             March 05, 2009
firefox-3.0, xulrunner-1.9 vulnerabilities
CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773,
CVE-2009-0774, CVE-2009-0775, CVE-2009-0776, CVE-2009-0777
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  firefox-3.0                     3.0.7+nobinonly-0ubuntu0.8.04.1
  xulrunner-1.9                   1.9.0.7+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10:
  abrowser                        3.0.7+nobinonly-0ubuntu0.8.10.1
  firefox-3.0                     3.0.7+nobinonly-0ubuntu0.8.10.1
  xulrunner-1.9                   1.9.0.7+nobinonly-0ubuntu0.8.10.1

After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner, such as Epiphany, to effect the necessary
changes.

Details follow:

Glenn Randers-Pehrson discovered that the embedded libpng in Firefox
did not properly initialize pointers. If a user were tricked into
viewing a malicious website with a crafted PNG file, a remote attacker
could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2009-0040)

Martijn Wargers, Jesse Ruderman, Josh Soref, Gary Kwong, and Timothee
Groleau discovered flaws in the browser engine. If a user were tricked
into viewing a malicious website, a remote attacker could cause a
denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-0771,
CVE-2009-0772, CVE-2009-0773, CVE-2009-0774)

A flaw was discovered in Firefox's garbage collection process. Under
certain circumstances a remote attacker could exploit this to cause a
denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-0775)

Georgi Guninski discovered a flaw when Firefox performed a
cross-domain redirect. An attacker could bypass the same-origin policy
in Firefox by utilizing nsIRDFService and steal private data from
users authenticated to the redirected website. (CVE-2009-0776)

Masahiro Yamada discovered that Firefox did not display control
characters in the location bar. An attacker could exploit this to
spoof the location bar, such as in a phishing attack. (CVE-2009-0777)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:   105994 04b9d1bafed9bc08a61ab9e08d5ef6a7
          Size/MD5:     2711 a678a36cd38c2af5da3e5612b30fb3d5
          Size/MD5: 11584703 1eb105545135d54fa8570fa7090ae36d
          Size/MD5:    77677 178d45873043ce5cbf7fded1b3520fdd
          Size/MD5:     2776 53cd8156746a28170435a6c8c7561d03
          Size/MD5: 40329406 9bd2e7a239626e8c044534ee018930e3

  Architecture independent packages:

          Size/MD5:    66112 f6d6d89249de6f21475a09554a22eb19
          Size/MD5:    66132 55ae97d8f30a0ff22c4af4879d0624de
          Size/MD5:    66090 f72929e17e4e11ff291e4e93d00423be
          Size/MD5:    66074 b4a02c6eb96d06d0fa507ff9ea565a14
          Size/MD5:    66236 4af37c8f00b1409775c9cd03a8547f23
          Size/MD5:    66140 78de5ea335eefb930c24cd182e6dcb89
          Size/MD5:    66086 a5d0645c4e47441b6e6c5a5807e45507
          Size/MD5:     8968 3b54f5f3615f2c6294e37cf3d91f8b59
          Size/MD5:     8960 4f28f284bc7566d1170e7a915cecb33d
          Size/MD5:    66108 cb9d5c1113ebc8a659a6ae5828b5c2dc
          Size/MD5:    66078 de32918683dc657ccf05587f4f9f9fdd
          Size/MD5:    66070 06ee3c150a0711ba55057bc88510f2a1
          Size/MD5:     8948 078412b88989508cf324fec469ee4c92
          Size/MD5:    66098 217d7b4aa083eb850eae74e6b35b4366
          Size/MD5:     8940 ce58775deebdaf2f4a909e3808e0692a
          Size/MD5:    66058 e80276baca487d3d81bc7bdb050f5898
          Size/MD5:   125460 47ef25d063c85cf7f23a9441fc67f26c
          Size/MD5:   235478 3a530a0911ab8b2d7c26ecdb43d5f085

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:     9026 2b181ae4dd59b68dc384c4ba6e11a14a
          Size/MD5:    29570 95ebe01efbaf28cdd8b105067c1fb2ed
          Size/MD5:  1091326 9876ecde54e202d8c5f71235f289cc41
          Size/MD5:  4042800 a4d292bcb104ebb789e46a4a19a178de
          Size/MD5:    48652 d9ced924a2394b428e2a46e59544abc3
          Size/MD5:  9045044 dd4a313f0e403cab77879eb9a656a3cf

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:     9028 56550b82731b1f635f31067c0af2ec9d
          Size/MD5:    25728 f1556ce5253198d28c086bdcf5b18d54
          Size/MD5:  1070116 330547148854f23ab1ab2ad6f118f4a9
          Size/MD5:  4024488 1ee5ea7f8caf94fc619a45532a01911a
          Size/MD5:    38508 321eba3001df47e64661412ae905163c
          Size/MD5:  7774494 ae7a2221f90a571ba7e8c3e56a6615f0

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:     9026 c31764ee4663373906be69b8e8e3ff56
          Size/MD5:    25346 12bf631392dbdc76682e6db9a0147ad2
          Size/MD5:  1067178 b0255258768c4099ff7a15ee05010b5b
          Size/MD5:  4019482 170c83c8d7d260fd1cf880eccf4afccd
          Size/MD5:    37604 b72b413188d8fb52c85ad5c849e1a32c
          Size/MD5:  7663018 c067576f8901cac955a1c3c75dd4cdad

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:     9032 c9fb45ef171fce457b93583a89500a4c
          Size/MD5:    27508 c648c972e3e70cd3476062112ccfc1ab
          Size/MD5:  1084474 541069a0fa6532a1f5acc69241131b39
          Size/MD5:  4030810 4410651eedfe28f334558c14828fd557
          Size/MD5:    43666 f7615572cfa388bfdb883300e9086637
          Size/MD5:  8621812 ff3119ae39ce03842f273bfc0398a879

Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:   123881 233a9a0adab50951e837c2c181fada2a
          Size/MD5:     2766 4626259b8eed03325db8e980f5fe8a1d
          Size/MD5: 11584703 1eb105545135d54fa8570fa7090ae36d
          Size/MD5:   251259 d9c10491caa25980873284ea840536ed
          Size/MD5:     2794 27787db804863b74e4b77b9c339fc9c5
          Size/MD5: 40329406 9bd2e7a239626e8c044534ee018930e3

  Architecture independent packages:

          Size/MD5:    68898 663d81d0e5d2e628282227c4e760c543
          Size/MD5:    68802 e1234d884a1bcf722846a17f7e4fe32a
          Size/MD5:    68810 de6f5d134ad7dbb4deb600ac912988ba
          Size/MD5:    68772 64ed2b688770ea185f95a31d8a4f79f4
          Size/MD5:    68758 c75839659aa864c821b58c89ba5c14e6
          Size/MD5:    68890 bffca56d589ec9459e26195cea73b4e5
          Size/MD5:    68818 5bdcc46616bbed561d26019edfecf398
          Size/MD5:    68766 f45895027944395ebbe5fdedfa6e895e
          Size/MD5:     8966 0a39ea3df9414fd6546b19355a09a263
          Size/MD5:     8956 95db62a54642edbb83bfd90d88abf6ae
          Size/MD5:    68792 17860e76414f9878d00c1460e7e0163b
          Size/MD5:    68756 71d07a613a49049abd53989e52da4d74
          Size/MD5:    68750 ba7f4dbd6d5e796315e2ec08ec1aea50
          Size/MD5:     8950 aac646ef9c3095b093f62f4963741f78
          Size/MD5:    68780 d07fbe5d46b43819cc0e83a432c6076c
          Size/MD5:     8938 39e1b12b058529ddc33552589599a380
          Size/MD5:    68744 46c84d6fc91209da436052d98c9d7faf
          Size/MD5:   127474 88d7ee10aa41fc4dcff045a65aa979ae
          Size/MD5:   237322 8948b0c0ceea71b28ad36e85ad4d5d4c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   203616 6e6ca8f7638cb86158c9586561afbfb9
          Size/MD5:   201976 e79267a9b224c16ef235121b9cadf4ac
          Size/MD5:    68854 d56f78e3dbbfb956f51ec9f3e3679838
          Size/MD5:    88294 534476d96fe8b2fc36a363945e327ebe
          Size/MD5:   904786 ed80e1ee2124d8ed3a5a8f7d91a2914a
          Size/MD5:  4559978 bd12026b65c3e3ea55b6c44162af95ff
          Size/MD5:    47104 b9738b903c94469aaa744968b519d650
          Size/MD5:  8711852 f638643f3c6eeabf5fe1dfae1a66215a
          Size/MD5:    22546 f02c257f0d7ab89521b25cf647478168

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   203620 2ded677a2d05f4f50a631f5b456750b7
          Size/MD5:   201970 a8b3e70b7feefacc3a7556320761bb42
          Size/MD5:    68860 ef1565e8e45ab3b31e58602722bc7b2e
          Size/MD5:    84350 359753c1f8f0e203ee2e7e0abf6cd7e8
          Size/MD5:   886898 0b44c529219bc4c2112f5c6dc1a33854
          Size/MD5:  4536552 abc3e578c6349c218eb0eb6ac8176797
          Size/MD5:    39372 9a75908e72e6d9b454f4eac6d4781873
          Size/MD5:  7543452 6dc5b686f1422253e779d1df77f9d73b
          Size/MD5:    22548 38a9e8fa92ae0c5f17a03aa4f2b92a30

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   203616 3ebff4c63ac1c2712e9a6259d35056b9
          Size/MD5:   201962 aad343e9f6d600114c6e0ed91cb0ca6a
          Size/MD5:    68856 85da0a128cdc95098b03906aec1b1190
          Size/MD5:    83760 847e10ec2aeb60ff3985beaac7a32920
          Size/MD5:   884018 975da8dcb761379f8769cb9ba3d0ea80
          Size/MD5:  4533372 2387db126b081aa5c9e592bbf8d92174
          Size/MD5:    38404 c4cfb8fab3ee1f239894b9c307c14531
          Size/MD5:  7438136 884bd0c0af0259e7c9b38ae96215f8bf
          Size/MD5:    22548 d90e9a2d5676ce0575977b8f83053aa3

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   203620 ffd3808fa690600c02c5bd62a76d384e
          Size/MD5:   201976 64cdb3dff936db355b4d93a053790296
          Size/MD5:    68854 2cd55f0314e04ec164508ba3d55f5831
          Size/MD5:    85724 a5336aaf55e311450baad03bb823e540
          Size/MD5:   898390 0bde8e4724f00589bbd3bd1e60a4da6e
          Size/MD5:  4527550 597b72275c17e2d24cb21d2dc698d25b
          Size/MD5:    42400 68233fa80ee3b5edece63e6bc58a6b9a
          Size/MD5:  8280182 16eca24d78ae87d69e40fec27c7211a3
          Size/MD5:    22550 15fa47eb88a566b815e83ec702a6bbd6

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   203630 d21b023345b4f94b5a1b772b63ef10af
          Size/MD5:   201978 44c1ff45d99b6c235ca67c13af880b90
          Size/MD5:    68862 19db22bf276c21a6620bd2b08b22d93e
          Size/MD5:    83404 6ce858d51d00fd6e55ba0077c864e236
          Size/MD5:   886776 311fe913771ab25376b07a1a19b6a1f0
          Size/MD5:  4514046 ba25a2257d71d5fdfdd4a5443e4bb630
          Size/MD5:    37868 36f88b612f4cb30f147fef76f2d65111
          Size/MD5:  8099788 7e5fd7ac2a94c1f2fbaeaad6fdbec353
          Size/MD5:    22550 7ec7fb99d63f09e198b07eff4b805951
Ubuntu 728-1: Firefox and Xulrunner vulnerabilities

Summary

Update Instructions

References

Package Information

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
