=========================================================== 
Ubuntu Security Notice USN-428-1          February 26, 2007
firefox vulnerabilities
CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775,
CVE-2007-0776, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779,
CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995,
CVE-2007-0996, CVE-2007-1092
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  firefox                                  1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1

Ubuntu 6.06 LTS:
  firefox                                  1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1
  libnspr4                                 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1
  libnss3                                  1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1

Ubuntu 6.10:
  firefox                                  2.0.0.2+0dfsg-0ubuntu0.6.10
  libnspr4                                 2.0.0.2+0dfsg-0ubuntu0.6.10
  libnss3                                  2.0.0.2+0dfsg-0ubuntu0.6.10

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Details follow:

Several flaws have been found that could be used to perform Cross-site
scripting attacks. A malicious web site could exploit these to modify
the contents or steal confidential data (such as passwords) from other
opened web pages. (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800,
CVE-2007-0981, CVE-2007-0995, CVE-2007-0996)

The SSLv2 protocol support in the NSS library did not sufficiently
check the validity of public keys presented with a SSL certificate. A
malicious SSL web site using SSLv2 could potentially exploit this to
execute arbitrary code with the user's privileges.  (CVE-2007-0008)

The SSLv2 protocol support in the NSS library did not sufficiently
verify the validity of client master keys presented in an SSL client
certificate. A remote attacker could exploit this to execute arbitrary
code in a server application that uses the NSS library.
(CVE-2007-0009)

Various flaws have been reported that could allow an attacker to
execute arbitrary code with user privileges by tricking the user into
opening a malicious web page. (CVE-2007-0775, CVE-2007-0776,
CVE-2007-0777, CVE-2007-1092)

Two web pages could collide in the disk cache with the result that
depending on order loaded the end of the longer document could be
appended to the shorter when the shorter one was reloaded from the
cache. It is possible a determined hacker could construct a targeted
attack to steal some sensitive data from a particular web page. The
potential victim would have to be already logged into the targeted
service (or be fooled into doing so) and then visit the malicious
site. (CVE-2007-0778)

David Eckel reported that browser UI elements--such as the host name
and security indicators--could be spoofed by using custom cursor
images and a specially crafted style sheet. (CVE-2007-0779)


Updated packages for Ubuntu 5.10:

  Source archives:

          Size/MD5:   176831 76744cf2123e13143408e37deb2311c0
          Size/MD5:     1063 eac4c86acb16ad4cf85604e5cc9f441c
          Size/MD5: 44679183 d55d439c238064ddcedb8fabb6089ff2

  Architecture independent packages:

          Size/MD5:    50314 d17e00b536378e1710c918f2b834e513
          Size/MD5:    51208 abdc905b5e3c31c05a427defdc9035bc

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:  3167242 01f67e394a7b569df52fd02513712811
          Size/MD5:   217230 bc5d29d293abc4665c052c0fc76aef79
          Size/MD5:    83544 d7978eba50c0e82d4e3606240e38e3fa
          Size/MD5: 10311286 4ea4f615c24ecceae90e7b432ddb5e4a

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:  3167298 571b158ab384827e881ab52d05c7afcb
          Size/MD5:   210744 0092218d208b41e1a72b1303a77b3238
          Size/MD5:    75946 21eda2226572b3c3143f8e4ab8145ba6
          Size/MD5:  8712048 66138335623748c529c3050084ceadaa

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:  3167330 7cdba77a564720cf82ea475eace3aef5
          Size/MD5:   214166 630d44a2240aa9d8790de3db3e9b05ff
          Size/MD5:    79138 f4b3d39d326f77acde26161d1d66c84b
          Size/MD5:  9899346 9066e6747aa0337985a1f29f4e64cffd

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:  3167284 e6726b6ed59b5c083796ae93c6eedc64
          Size/MD5:   211730 b1f127d2df48b09c7b404f09754c71be
          Size/MD5:    77516 8b430af0eadfa18b180f2637fafa7a5e
          Size/MD5:  9227232 727146f6c93a565f8aabda0a1bbfc80b

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   177547 396588ea856af87e8137682342648d1d
          Size/MD5:     1120 1625dcf8053738851d0a2978b6f0e315
          Size/MD5: 44679183 d55d439c238064ddcedb8fabb6089ff2

  Architecture independent packages:

          Size/MD5:    50410 66f8a212fb4dbf22b9c8abbb21650d2c
          Size/MD5:    51296 8dc3631d49303156f74ba2e0ad72c744

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5: 47439362 0e8e0cc7f0385fc74a953610f7f41c11
          Size/MD5:  2804532 a9c1cd1a790a715b6ad58785cb0eea01
          Size/MD5:   217360 f217f66f7563f80f309e065a44a08cfb
          Size/MD5:    83620 0b3738208c8069b8a5449a59ae604293
          Size/MD5:  9553646 c66621583e808b88663b200ad3238f7a
          Size/MD5:   220158 e4f1cc5b0c2edc41cf1e4c6aa3051a33
          Size/MD5:   163484 e1c0ab1f05132b717751783ccc0c22c1
          Size/MD5:   245468 10d43347432618aaa140c081c20ed10f
          Size/MD5:   710556 53cb8cc7e3a7d346630184980df34ff5

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5: 44003676 a53682ff42f56d8dd494c96d2e3817d5
          Size/MD5:  2804534 281bc91e92c6224df7c77b4ce2840e1b
          Size/MD5:   210766 0d2d6ecfaa6ad0b629fc78159a8ba0f3
          Size/MD5:    75992 fc370791f6533f01409d3b369505766a
          Size/MD5:  8044874 cbda163790d814d785831358cb53cabc
          Size/MD5:   220160 2067d9432ff164e7344bd8142bb026ff
          Size/MD5:   148072 274cd0206aafa1a5ad02dbe279a37216
          Size/MD5:   245474 ed709e80de120a795d79df237b6dd421
          Size/MD5:   616162 766f3224ad0924ae1d47c6970a2bfd16

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5: 48831230 a594a826614ab062cb8e12a5e67a7115
          Size/MD5:  2804524 01b3f645267c4b3b166a6dcdebe099cf
          Size/MD5:   214208 d5563084e7a175423a1a27d98270c5a7
          Size/MD5:    79110 fa20295177cf290ee980127c3ed1ff33
          Size/MD5:  9215262 f641d7657a284bd049c75d5119512013
          Size/MD5:   220160 b684d9f82943b8698b9f369737cd318a
          Size/MD5:   160684 0919604b7e446d0a7923968ee1d0357b
          Size/MD5:   245472 d9e5620a0672e46e89a90123430e78ae
          Size/MD5:   655490 5c4225025b12a75900899859c6b616d1

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5: 45406824 2ade39640c714000138eec2c5b8691f9
          Size/MD5:  2804570 0f0d35704d9f00e41c3ccce5535cb9ce
          Size/MD5:   211712 f88704bb8c6671debcfae882f408c607
          Size/MD5:    77564 d5b89bc054fb2c6cf0089b04c727d0a7
          Size/MD5:  8571602 6eb03eae7ffb19c3afc766a016d2e723
          Size/MD5:   220156 a92bbd2e0e9a936355abeaae9376264c
          Size/MD5:   150554 85be23282c348b3de7bf3786aa56a5a6
          Size/MD5:   245474 dd03340bae55531e40a887ad5204c774
          Size/MD5:   599816 04b5ea1db1aa17f292481d913eddecb5

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:   322293 4d8894d022833e46c25d5e6ce269ee5b
          Size/MD5:     1218 c6708c7c771a995e0ec709cc022ce61a
          Size/MD5: 46466665 f6dad051f9995ebba310e8cd6497ae9f

  Architecture independent packages:

          Size/MD5:   236878 52d4d42a0881949da47a5f7946d2edec
          Size/MD5:    55668 a379aaf8d4f67465c0e71aaa852a3b8a
          Size/MD5:    55762 aea5774743b8e3bc90c8349099e9c423
          Size/MD5:    55776 85b1c150c432f3fc2038a5ff3a5804ed
          Size/MD5:    56574 91e46691914551281676003e3b6589bb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5: 50341952 381fc5626f047660d2bdd680824db54d
          Size/MD5:  3120906 263ed42e4bdbcc4ba3010744cb900160
          Size/MD5:    90062 198b64dcde3d7e1eb9bed2aeb32ce808
          Size/MD5: 10399974 e3adef875d5fefa75c56fdf614183bdc
          Size/MD5:   225444 9a1465fcc7386edba0fb81d00079066e
          Size/MD5:   168168 1ccb3b97ed970c07bbdf6fb769f2e4b5
          Size/MD5:   250820 df7c647e48cb8941a0421d5f1a5c4661
          Size/MD5:   862110 87c01e4266d1c06d1097e5f8a58806d2

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5: 49498816 4c61ffe25628585a91e1d90180997343
          Size/MD5:  3111488 1ec3b0bbe8564828421f381ed8b0d5fb
          Size/MD5:    83792 91c2b8d2410921fd6e19c742e9552550
          Size/MD5:  9225462 4c0d2cb608ee830bdc38b7f8d89f9a33
          Size/MD5:   225434 5293ae8d41c018d4a956555c189fd7f6
          Size/MD5:   157774 cc2c474e306b1d80db79cdba936c2ee6
          Size/MD5:   250794 42e6e643fb73ae668e569ec3d5052ea9
          Size/MD5:   785948 fefc874278ea69ba2a8b518d6826e158

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5: 52033226 d7ddf5236086638446d6ea4775c833ee
          Size/MD5:  3117424 0a5038c00b1997b6c7b72f16e1ca85e7
          Size/MD5:    85668 25e4f56d5311cc9e3a0ecaf28d6189ff
          Size/MD5: 10067834 1758c9d69c571c0d7bf9ec20b74e2a33
          Size/MD5:   225432 241089d26f31cb5e0816debe7b09a55d
          Size/MD5:   166830 dd932812a920701677df9b3bf9970023
          Size/MD5:   250798 65cddc61ad6f809004d342dcdf07c2cc
          Size/MD5:   860802 217ffcce7a3a99cabd9b4cff500281a8

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5: 49550142 e432529be2a2c6b7b327ede81d2cc1c3
          Size/MD5:  3108058 4a2bc97252c385fe323b56b7fb03c64f
          Size/MD5:    83484 8d24e2420d7d2188a620674aa566956d
          Size/MD5:  9493984 e311cd75fa46ed1a47958f6883ea65aa
          Size/MD5:   225444 fdcd4bf5450574bcbe7d3aca89dbc403
          Size/MD5:   155678 a99e5fc7bef8c29e0e89c48288144fc6
          Size/MD5:   250800 dd3473d37b593e55c82f5dce245bebe0
          Size/MD5:   766616 ba23d67757ddc39888e92f6af56ec67d

Ubuntu: Firefox vulnerabilities USN-428-1

February 28, 2007
Several flaws have been found in Firefox that could be used to perform Cross-site scripting attacks.

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-428-1 February 26, 2007

Package Information

Related News

5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved