Ubuntu 930-3: Firefox regression

    Date30 Jun 2010
    CategoryUbuntu
    61
    Posted ByLinuxSecurity Advisories
    USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging problem, the Firefox 3.6 update could not be installed when the firefox-2 package was also installed. This update fixes the problem and updates apturl for the change. [More...]
    ===========================================================
    Ubuntu Security Notice USN-930-3              June 30, 2010
    firefox regression
    https://launchpad.net/bugs/600022
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 8.04 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 8.04 LTS:
      apturl                          0.2.2ubuntu1.2
      firefox-3.0                     3.6.6+nobinonly-0ubuntu0.8.04.2
    
    After a standard system upgrade you need to restart Firefox to effect
    the necessary changes.
    
    Details follow:
    
    USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging
    problem, the Firefox 3.6 update could not be installed when the firefox-2
    package was also installed. This update fixes the problem and updates
    apturl for the change.
    
    Original advisory details:
    
     If was discovered that Firefox could be made to access freed memory. If a
     user were tricked into viewing a malicious site, a remote attacker could
     cause a denial of service or possibly execute arbitrary code with the
     privileges of the user invoking the program. This issue only affected
     Ubuntu 8.04 LTS. (CVE-2010-1121)
     
     Several flaws were discovered in the browser engine of Firefox. If a
     user were tricked into viewing a malicious site, a remote attacker could
     cause a denial of service or possibly execute arbitrary code with the
     privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201,
     CVE-2010-1202, CVE-2010-1203)
     
     A flaw was discovered in the way plugin instances interacted. An attacker
     could potentially exploit this and use one plugin to access freed memory from a
     second plugin to execute arbitrary code with the privileges of the user
     invoking the program. (CVE-2010-1198)
     
     An integer overflow was discovered in Firefox. If a user were tricked into
     viewing a malicious site, an attacker could overflow a buffer and cause a
     denial of service or possibly execute arbitrary code with the privileges of
     the user invoking the program. (CVE-2010-1196)
     
     Martin Barbella discovered an integer overflow in an XSLT node sorting
     routine. An attacker could exploit this to overflow a buffer and cause a
     denial of service or possibly execute arbitrary code with the privileges of
     the user invoking the program. (CVE-2010-1199)
     
     Michal Zalewski discovered that the focus behavior of Firefox could be
     subverted. If a user were tricked into viewing a malicious site, a remote
     attacker could use this to capture keystrokes. (CVE-2010-1125)
     
     Ilja van Sprundel discovered that the 'Content-Disposition: attachment'
     HTTP header was ignored when 'Content-Type: multipart' was also present.
     Under certain circumstances, this could potentially lead to cross-site
     scripting attacks. (CVE-2010-1197)
     
     Amit Klein discovered that Firefox did not seed its random number generator
     often enough. An attacker could exploit this to identify and track users
     across different web sites. (CVE-2008-5913)
    
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/a/apturl/apturl_0.2.2ubuntu1.2.dsc
          Size/MD5:     1183 a6e321f732b396c896c583fbed3ba1fb
        http://security.ubuntu.com/ubuntu/pool/main/a/apturl/apturl_0.2.2ubuntu1.2.tar.gz
          Size/MD5:    18845 a29deaac412aa806ac824251a0dd6842
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.6+nobinonly-0ubuntu0.8.04.2.diff.gz
          Size/MD5:   133729 bb6f8f16bf270e6b6fab61832c3635a1
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.6+nobinonly-0ubuntu0.8.04.2.dsc
          Size/MD5:     2457 54e1b873ecd3da88004f1245ee94d1ac
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.6+nobinonly.orig.tar.gz
          Size/MD5: 49863533 683b70c4ef74c32db815b1ae6215ba2a
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/a/apturl/apturl_0.2.2ubuntu1.2_all.deb
          Size/MD5:    12110 967b3f1c988d7082a027268edff8fc2d
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
          Size/MD5:    69814 92cfdaa9311e0ba9b7a6c7b3ace0eecb
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
          Size/MD5:    69634 a4e68b180b5b8aa6194b71175ef35b95
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
          Size/MD5:    69660 8d1c4b7dfe03c98880225b488648e97b
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
          Size/MD5:    70042 3ca7b6865fce10cfb37f342b8e38ed4e
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
          Size/MD5:    69652 740bf0069ac8f9794ea2905ff76a7439
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
          Size/MD5:    69644 704d0508860190bd97a7bac4c9caa54b
        http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
          Size/MD5:    69672 13f65e160a7f98c776fe50513f69a108
        http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
          Size/MD5:    69642 a047bae5f8544e3df24fb1f1977cfb39
        http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
          Size/MD5:    69634 1ba2b60664ec4b30e208726c92d8cec4
        http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
          Size/MD5:    69662 6e42491b42fcf88a69efd4dd669500bb
        http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.6.6+nobinonly-0ubuntu0.8.04.2_all.deb
          Size/MD5:    69632 2c644abffef717ed55c8d2f8f170f208
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
          Size/MD5:   193498 692e078687b4e15fecf78efc756109e1
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
          Size/MD5:   197052 107f23abaa027339672b817a37ad687a
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
          Size/MD5: 61790646 09b3ef5b95bfc25973900771817af969
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
          Size/MD5:    69752 134807027017fce8048a2d6b3db450fd
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
          Size/MD5:   117516 f17561f5ab69da78489720cb8ba4cec6
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
          Size/MD5:    70122 ed8b71c9de53b1a2e0178e2955899c3c
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.6.6+nobinonly-0ubuntu0.8.04.2_amd64.deb
          Size/MD5: 12572150 a69167e70b2e351c07720fb101bf43ea
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
          Size/MD5:   193492 d3742d0039175aeba66b2231a85ac295
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
          Size/MD5:   197054 116890340b7db7c131bc7c31c6ec5c6b
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
          Size/MD5: 61374450 ab310dda4e9a2a2eb711d644befb864e
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
          Size/MD5:    69754 02f37b84f929e83dc8519eec42be9dd1
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
          Size/MD5:   112778 816b1c00602a24cc5740e37372bdda35
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
          Size/MD5:    70116 52cf4bd3e00938008816315c1e658abb
        http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.6.6+nobinonly-0ubuntu0.8.04.2_i386.deb
          Size/MD5: 11084316 ab1cc2959cf186cfb38d367d4029aaaa
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
          Size/MD5:   193480 c317ec3d4b4b58efdec08c7202c015c2
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
          Size/MD5:   197050 b49f2e88a946838e93200965abaff104
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
          Size/MD5: 55664396 471593992f81cfa99d9b2fffa2779410
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
          Size/MD5:    69748 ddbae127bf716b6c40df2ff11c868f47
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
          Size/MD5:   112596 04949dd13f329f25dcf288eaa8b521c2
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
          Size/MD5:    70114 cbfc4b3882cdd56cd8ecd37821871b92
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox_3.6.6+nobinonly-0ubuntu0.8.04.2_lpia.deb
          Size/MD5: 10533860 a496862cc4e86804ee566daaf12ce47d
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
          Size/MD5:   193502 ceb1c3bfc323acd90ba548519943b027
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-branding_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
          Size/MD5:   197056 fd418c9af8d25497a3b410c6ba65f071
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
          Size/MD5: 57219046 8b47cd45058bb5cbaefaa41379085ce5
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-dev_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
          Size/MD5:    69760 d141a06937b50b6c0613f0f0b713a5e3
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support-dbg_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
          Size/MD5:   117864 69abfc22c541571edc7a987019e69df6
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-gnome-support_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
          Size/MD5:    70126 d688bd6e0165212cdceabf92ca6375f8
        http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox_3.6.6+nobinonly-0ubuntu0.8.04.2_powerpc.deb
          Size/MD5: 11621258 d84ceded5051f1265dd09289992fe385
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.