| ||||||||||||||||
Ubuntu alert USN-428-1 (firefox)
=========================================================== Ubuntu Security Notice USN-428-1 February 26, 2007 firefox vulnerabilities CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996, CVE-2007-1092 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: firefox 1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1 Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1 libnspr4 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1 libnss3 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1 Ubuntu 6.10: firefox 2.0.0.2+0dfsg-0ubuntu0.6.10 libnspr4 2.0.0.2+0dfsg-0ubuntu0.6.10 libnss3 2.0.0.2+0dfsg-0ubuntu0.6.10 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Details follow: Several flaws have been found that could be used to perform Cross-site scripting attacks. A malicious web site could exploit these to modify the contents or steal confidential data (such as passwords) from other opened web pages. (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996) The SSLv2 protocol support in the NSS library did not sufficiently check the validity of public keys presented with a SSL certificate. A malicious SSL web site using SSLv2 could potentially exploit this to execute arbitrary code with the user's privileges. (CVE-2007-0008) The SSLv2 protocol support in the NSS library did not sufficiently verify the validity of client master keys presented in an SSL client certificate. A remote attacker could exploit this to execute arbitrary code in a server application that uses the NSS library. (CVE-2007-0009) Various flaws have been reported that could allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page. (CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-1092) Two web pages could collide in the disk cache with the result that depending on order loaded the end of the longer document could be appended to the shorter when the shorter one was reloaded from the cache. It is possible a determined hacker could construct a targeted attack to steal some sensitive data from a particular web page. The potential victim would have to be already logged into the targeted service (or be fooled into doing so) and then visit the malicious site. (CVE-2007-0778) David Eckel reported that browser UI elements--such as the host name and security indicators--could be spoofed by using custom cursor images and a specially crafted style sheet. (CVE-2007-0779) Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 176831 76744cf2123e13143408e37deb2311c0 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 1063 eac4c86acb16ad4cf85604e5cc9f441c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 44679183 d55d439c238064ddcedb8fabb6089ff2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 50314 d17e00b536378e1710c918f2b834e513 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/moz... Size/MD5: 51208 abdc905b5e3c31c05a427defdc9035bc amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 3167242 01f67e394a7b569df52fd02513712811 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 217230 bc5d29d293abc4665c052c0fc76aef79 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 83544 d7978eba50c0e82d4e3606240e38e3fa http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 10311286 4ea4f615c24ecceae90e7b432ddb5e4a i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 3167298 571b158ab384827e881ab52d05c7afcb http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 210744 0092218d208b41e1a72b1303a77b3238 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 75946 21eda2226572b3c3143f8e4ab8145ba6 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 8712048 66138335623748c529c3050084ceadaa powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 3167330 7cdba77a564720cf82ea475eace3aef5 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 214166 630d44a2240aa9d8790de3db3e9b05ff http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 79138 f4b3d39d326f77acde26161d1d66c84b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 9899346 9066e6747aa0337985a1f29f4e64cffd sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 3167284 e6726b6ed59b5c083796ae93c6eedc64 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 211730 b1f127d2df48b09c7b404f09754c71be http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 77516 8b430af0eadfa18b180f2637fafa7a5e http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 9227232 727146f6c93a565f8aabda0a1bbfc80b Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 177547 396588ea856af87e8137682342648d1d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 1120 1625dcf8053738851d0a2978b6f0e315 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 44679183 d55d439c238064ddcedb8fabb6089ff2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 50410 66f8a212fb4dbf22b9c8abbb21650d2c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/moz... Size/MD5: 51296 8dc3631d49303156f74ba2e0ad72c744 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 47439362 0e8e0cc7f0385fc74a953610f7f41c11 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 2804532 a9c1cd1a790a715b6ad58785cb0eea01 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 217360 f217f66f7563f80f309e065a44a08cfb http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 83620 0b3738208c8069b8a5449a59ae604293 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 9553646 c66621583e808b88663b200ad3238f7a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 220158 e4f1cc5b0c2edc41cf1e4c6aa3051a33 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 163484 e1c0ab1f05132b717751783ccc0c22c1 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 245468 10d43347432618aaa140c081c20ed10f http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 710556 53cb8cc7e3a7d346630184980df34ff5 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 44003676 a53682ff42f56d8dd494c96d2e3817d5 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 2804534 281bc91e92c6224df7c77b4ce2840e1b http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 210766 0d2d6ecfaa6ad0b629fc78159a8ba0f3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 75992 fc370791f6533f01409d3b369505766a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 8044874 cbda163790d814d785831358cb53cabc http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 220160 2067d9432ff164e7344bd8142bb026ff http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 148072 274cd0206aafa1a5ad02dbe279a37216 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 245474 ed709e80de120a795d79df237b6dd421 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 616162 766f3224ad0924ae1d47c6970a2bfd16 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 48831230 a594a826614ab062cb8e12a5e67a7115 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 2804524 01b3f645267c4b3b166a6dcdebe099cf http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 214208 d5563084e7a175423a1a27d98270c5a7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 79110 fa20295177cf290ee980127c3ed1ff33 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 9215262 f641d7657a284bd049c75d5119512013 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 220160 b684d9f82943b8698b9f369737cd318a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 160684 0919604b7e446d0a7923968ee1d0357b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 245472 d9e5620a0672e46e89a90123430e78ae http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 655490 5c4225025b12a75900899859c6b616d1 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 45406824 2ade39640c714000138eec2c5b8691f9 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 2804570 0f0d35704d9f00e41c3ccce5535cb9ce http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 211712 f88704bb8c6671debcfae882f408c607 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 77564 d5b89bc054fb2c6cf0089b04c727d0a7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 8571602 6eb03eae7ffb19c3afc766a016d2e723 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 220156 a92bbd2e0e9a936355abeaae9376264c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 150554 85be23282c348b3de7bf3786aa56a5a6 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 245474 dd03340bae55531e40a887ad5204c774 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 599816 04b5ea1db1aa17f292481d913eddecb5 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 322293 4d8894d022833e46c25d5e6ce269ee5b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 1218 c6708c7c771a995e0ec709cc022ce61a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 46466665 f6dad051f9995ebba310e8cd6497ae9f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 236878 52d4d42a0881949da47a5f7946d2edec http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 55668 a379aaf8d4f67465c0e71aaa852a3b8a http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 55762 aea5774743b8e3bc90c8349099e9c423 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 55776 85b1c150c432f3fc2038a5ff3a5804ed http://security.ubuntu.com/ubuntu/pool/universe/f/firefox... Size/MD5: 56574 91e46691914551281676003e3b6589bb amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 50341952 381fc5626f047660d2bdd680824db54d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 3120906 263ed42e4bdbcc4ba3010744cb900160 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 90062 198b64dcde3d7e1eb9bed2aeb32ce808 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 10399974 e3adef875d5fefa75c56fdf614183bdc http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 225444 9a1465fcc7386edba0fb81d00079066e http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 168168 1ccb3b97ed970c07bbdf6fb769f2e4b5 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 250820 df7c647e48cb8941a0421d5f1a5c4661 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 862110 87c01e4266d1c06d1097e5f8a58806d2 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 49498816 4c61ffe25628585a91e1d90180997343 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 3111488 1ec3b0bbe8564828421f381ed8b0d5fb http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 83792 91c2b8d2410921fd6e19c742e9552550 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 9225462 4c0d2cb608ee830bdc38b7f8d89f9a33 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 225434 5293ae8d41c018d4a956555c189fd7f6 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 157774 cc2c474e306b1d80db79cdba936c2ee6 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 250794 42e6e643fb73ae668e569ec3d5052ea9 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 785948 fefc874278ea69ba2a8b518d6826e158 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 52033226 d7ddf5236086638446d6ea4775c833ee http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 3117424 0a5038c00b1997b6c7b72f16e1ca85e7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 85668 25e4f56d5311cc9e3a0ecaf28d6189ff http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 10067834 1758c9d69c571c0d7bf9ec20b74e2a33 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 225432 241089d26f31cb5e0816debe7b09a55d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 166830 dd932812a920701677df9b3bf9970023 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 250798 65cddc61ad6f809004d342dcdf07c2cc http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 860802 217ffcce7a3a99cabd9b4cff500281a8 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 49550142 e432529be2a2c6b7b327ede81d2cc1c3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 3108058 4a2bc97252c385fe323b56b7fb03c64f http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 83484 8d24e2420d7d2188a620674aa566956d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/fir... Size/MD5: 9493984 e311cd75fa46ed1a47958f6883ea65aa http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 225444 fdcd4bf5450574bcbe7d3aca89dbc403 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 155678 a99e5fc7bef8c29e0e89c48288144fc6 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 250800 dd3473d37b593e55c82f5dce245bebe0 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/lib... Size/MD5: 766616 ba23d67757ddc39888e92f6af56ec67d (Log in to post comments)
|
||||||||||||||||