Date: Wed, 24 Sep 2008 07:30:20 -0500
From: Jamie Strandboge <jamie@canonical.com.>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-645-2] Firefox vulnerabilities
Message-ID: <20080924123019.GF8986@severus.strandboge.com.>
Reply-To: Jamie Strandboge <jamie@canonical.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="mJm6k4Vb/yFcL9ZU"
Content-Disposition: inline
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
X-Virus-Scanned: antivirus-gw at tyumen.ru
--mJm6k4Vb/yFcL9ZU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-645-2 September 24, 2008
firefox vulnerabilities
CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837,
CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,
CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065,
CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3
After a standard system upgrade you need to restart Firefox to
effect the necessary changes.
Details follow:
USN-645-1 fixed vulnerabilities in Firefox and xulrunner for Ubuntu
7.04, 7.10 and 8.04 LTS. This provides the corresponding update for
Ubuntu 6.06 LTS.
Original advisory details:
Justin Schuh, Tom Cross and Peter Williams discovered errors in the
Firefox URL parsing routines. If a user were tricked into opening a
crafted hyperlink, an attacker could overflow a stack buffer and
execute arbitrary code. (CVE-2008-0016)
=20
It was discovered that the same-origin check in Firefox could be
bypassed. If a user were tricked into opening a malicious website,
an attacker may be able to execute JavaScript in the context of a
different website. (CVE-2008-3835)
=20
Several problems were discovered in the JavaScript engine. This
could allow an attacker to execute scripts from page content with
chrome privileges. (CVE-2008-3836)
=20
Paul Nickerson discovered Firefox did not properly process mouse
click events. If a user were tricked into opening a malicious web
page, an attacker could move the content window, which could
potentially be used to force a user to perform unintended drag and
drop operations. (CVE-2008-3837)
=20
Several problems were discovered in the browser engine. This could
allow an attacker to execute code with chrome privileges.
(CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)
=20
Drew Yao, David Maciejak and other Mozilla developers found several
problems in the browser engine of Firefox. If a user were tricked
into opening a malicious web page, an attacker could cause a denial
of service or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2008-4061, CVE-2008-4062,
CVE-2008-4063, CVE-2008-4064)
=20
Dave Reed discovered a flaw in the JavaScript parsing code when
processing certain BOM characters. An attacker could exploit this
to bypass script filters and perform cross-site scripting attacks.
(CVE-2008-4065)
=20
Gareth Heyes discovered a flaw in the HTML parser of Firefox. If a
user were tricked into opening a malicious web page, an attacker
could bypass script filtering and perform cross-site scripting
attacks. (CVE-2008-4066)
=20
Boris Zbarsky and Georgi Guninski independently discovered flaws in
the resource: protocol. An attacker could exploit this to perform
directory traversal, read information about the system, and prompt
the user to save information in a file. (CVE-2008-4067,
CVE-2008-4068)
=20
Billy Hoffman discovered a problem in the XBM decoder. If a user were
tricked into opening a malicious web page or XBM file, an attacker
may be able to cause a denial of service via application crash.
(CVE-2008-4069)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614e-0ubuntu3.diff.gz
Size/MD5: 184879 85df86b82d3b0791f1152f7048e80c59
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614e-0ubuntu3.dsc
Size/MD5: 1800 958f213fa0b3290fd34ff151fac0f11e
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614e.orig.tar.gz
Size/MD5: 47543282 53d4cf0a63c82ad875208a660dfcefd5
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1=
=2E5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb
Size/MD5: 53526 a27b80846d4996481aa3c9b13ed6e0d4
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firef=
ox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb
Size/MD5: 52640 b400a1eb1b12d75503cece2b8f9941c3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.d=
fsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
Size/MD5: 47643106 bb2d5e1d0d251044f0dffbc53799af52
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.d=
fsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
Size/MD5: 2858414 52e37bdb64081a8d5b05abedd62464a7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-sup=
port_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
Size/MD5: 85904 7240d77e5653c6cb3ff8208ee348e98e
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
Size/MD5: 9487524 e42a4014d438d56bd9403790084a20ea
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fir=
efox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
Size/MD5: 222196 186264226f8109b8d9a4353df2a96c21
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefo=
x1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
Size/MD5: 165740 4942a627546bce7b1a68af361dff8ddc
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fire=
fox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
Size/MD5: 247744 8d2e29ecd2c76966a12ffb218aca6b8b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox=
1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
Size/MD5: 825388 a941d1b5f5d272938622b777f612d6b9
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-i=
nspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb
Size/MD5: 218446 817b2802f0c08f88070af9b80a17d323
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.d=
fsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
Size/MD5: 44189792 a99fcb830eea5a75444972e90ec06df6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.d=
fsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
Size/MD5: 2858412 d9472137105f46be8e22253f7ba18ffa
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-sup=
port_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
Size/MD5: 78234 2d007e9a576408e32f5238f91f0fe33c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
Size/MD5: 7993044 b20d3c354ab667504e3a4f8ba5acecdd
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fir=
efox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
Size/MD5: 222200 4beee709850374317bb599654390c852
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefo=
x1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
Size/MD5: 150230 bc5723c3db54d55cb7f91658aafb062e
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fire=
fox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
Size/MD5: 247722 fe7ec32c36decef74b0bc30c4b2d8a01
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox=
1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
Size/MD5: 716996 816c953c9adbee0db6c0f6dd437424cd
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-i=
nspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb
Size/MD5: 211634 1939fa4918c8d6532c896f159cd49d6a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.d=
fsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
Size/MD5: 49030768 4701e733eb96c668a5f2b1189aa81294
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.d=
fsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
Size/MD5: 2858468 afc845e382ad583537459a6106bf4f02
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-sup=
port_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
Size/MD5: 81350 1277ac1b04d1ada3c4fda0f55e4341ca
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
Size/MD5: 9106808 1ec7402a547a6f1809675633871e5b8b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fir=
efox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
Size/MD5: 222202 b664c35a64096e4b33fe0a9f633de940
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefo=
x1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
Size/MD5: 162948 05f3d6313d9bba82cb7c3eed0579a2de
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fire=
fox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
Size/MD5: 247744 1b660f1ea982ea4a00dec41d9edef14e
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox=
1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
Size/MD5: 816008 1c1d8b2d2f6811c52ec7a0385c98f12a
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-i=
nspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb
Size/MD5: 215140 4f6d3b38485844a7927dfa0fa42175ce
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.d=
fsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
Size/MD5: 45584634 ebf76dfa8dea74542ceaad68f8a1221f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.d=
fsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
Size/MD5: 2858520 f0bd6ea3c889db6d04e22200f8608132
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-sup=
port_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
Size/MD5: 79810 48e4adce12e817f9fa2e140ff2dee4b3
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+=
1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
Size/MD5: 8492834 2c0dbfdd4d05b306c9fa5448a031f25f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fir=
efox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
Size/MD5: 222202 3c098adc301eb3994baaad251dfc2c20
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefo=
x1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
Size/MD5: 152836 4970d18b4ec02af2898c4fd8fe3fc49b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fire=
fox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
Size/MD5: 247744 0f7d58a46c0f558b9622cd8d0a7f3d23
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox=
1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
Size/MD5: 727436 5605e6220a85ea3fbce5f8214a397a60
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-i=
nspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb
Size/MD5: 212588 edc501e8453ce85df4311de5d97f2d14
--mJm6k4Vb/yFcL9ZU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFI2jLbW0JvuRdL8BoRAsB+AKCXh5PvAsVATtZKPR/MydFkT9odVQCfVgHg
sYoWsxTwFPIhSHqZ2LhHDA8=
=U0o1
-----END PGP SIGNATURE-----
--mJm6k4Vb/yFcL9ZU--
