=========================================================== Ubuntu Security Notice USN-155-1 July 26, 2005 mozilla vulnerabilities CAN-2005-1531, CAN-2005-1532, CAN-2005-1937, CAN-2005-2260, CAN-2005-2261, CAN-2005-2263, CAN-2005-2265, CAN-2005-2266, CAN-2005-2268, CAN-2005-2269, CAN-2005-2270 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: mozilla-browser mozilla-mailnews The problem can be corrected by upgrading the affected package to version 2:1.7.10-0ubuntu04.10 (for Ubuntu 4.10), or 2:1.7.10-0ubuntu05.04 (for Ubuntu 5.04). After a standard system upgrade you need to restart Mozilla to effect the necessary changes. Details follow: Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious web site to spoof the contents of other web sites. (CAN-2005-1937) It was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous Javascript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. (MFSA 2005-42) Michael Krax, Georgi Guninski, and L. David Baron found that the security checks that prevent script injection could be bypassed by wrapping a javascript: url in another pseudo-protocol like "view-source:" or "jar:". (CAN-2005-1531) A variant of the attack described in CAN-2005-1160 (see USN-124-1) was discovered. Additional checks were added to make sure Javascript eval and script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them. (CAN-2005-1532) In several places the browser user interface did not correctly distinguish between true user events, such as mouse clicks or keystrokes, and synthetic events genenerated by web content. This could be exploited by malicious web sites to generate e. g. mouse clicks that install malicious plugins. Synthetic events are now prevented from reaching the browser UI entirely. (CAN-2005-2260) Scripts in XBL controls from web content continued to be run even when Javascript was disabled. This could be combined with most script-based exploits to attack people running vulnerable versions who thought disabling Javascript would protect them. (CAN-2005-2261) Matthew Mastracci discovered a flaw in the addons installation launcher. By forcing a page navigation immediately after calling the install method a callback function could end up running in the context of the new page selected by the attacker. This callback script could steal data from the new page such as cookies or passwords, or perform actions on the user's behalf such as make a purchase if the user is already logged into the target site. However, the default settings allow only http://addons.mozilla.org to bring up this install dialog. This could only be exploited if users have added untrustworthy sites to the installation whitelist, and if a malicious site can convince you to install from their site. (CAN-2005-2263) The function for version comparison in the addons installer did not properly verify the type of its argument. By passing specially crafted Javascript objects to it, a malicious web site could crash the browser and possibly even execute arbitrary code with the privilege of the user account Firefox runs in. (CAN-2005-2265) A child frame can call top.focus() even if the framing page comes from a different origin and has overridden the focus() routine. Andreas Sandblad discovered that the call is made in the context of the child frame. This could be exploited to steal cookies and passwords from the framed page, or take actions on behalf of a signed-in user. However, web sites with above properties are not very common. (CAN-2005-2266) Alerts and prompts created by scripts in web pages were presented with the generic title [Javascript Application] which sometimes made it difficult to know which site created them. A malicious page could exploit this by causing a prompt to appear in front of a trusted site in an attempt to extract information such as passwords from the user. In the fixed version these prompts contain the hostname of the page which created it. (CAN-2005-2268) The XHTML DOM node handler did not take namespaces into account when verifying node types based on their names. For example, an XHTML document could contain an <IMG> tag with malicious contents, which would then be processed as the standard trusted HTML <img> tag. By tricking an user to view malicious web sites, this could be exploited to execute attacker-specified code with the full privileges of the user. (CAN-2005-2269) It was discovered that some objects were not created appropriately. This allowed malicious web content scripts to trace back the creation chain until they found a privileged object and execute code with higher privileges than allowed by the current site. (CAN-2005-2270) The update for Ubuntu 4.10 (Warty Warthog) also fixes several vulnerabilities which are not present in the Ubuntu 5.04 version. Some of them could be exploited to execute arbitrary code with full user privileges if the user visited a malicious web site. (MFSA-2005-01 to MFSA-2005-41; please see the following web site for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html). We apologize for the huge delay of this update; we changed our update strategy for Mozilla products to make sure that such long delays will not happen again. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.10-0ubuntu04.10.diff.gz Size/MD5: 787895 d1b93dab379d90229aff0b6444cd7958 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.10-0ubuntu04.10.dsc Size/MD5: 1114 54a79bdf1055da5a4cef2cb2dafc96f5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.10.orig.tar.gz Size/MD5: 30583956 46d33c8977831c434759f1f8be8349b9 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.10-0ubuntu04.10_amd64.deb Size/MD5: 168072 5f73543a027ca48255fb49b7d5698ba6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.10-0ubuntu04.10_amd64.deb Size/MD5: 139562 0cd70033ad7d3722795f88c6366eff27 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.10-0ubuntu04.10_amd64.deb Size/MD5: 184958 76dc43e6c0b49378f52c6eaeb21a7c5c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.10-0ubuntu04.10_amd64.deb Size/MD5: 708258 6b961f2168030777d6cf8eb2d6332f1e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.10-0ubuntu04.10_amd64.deb Size/MD5: 11419236 ea48391b5a5e050f23b1a0650a956783 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.10-0ubuntu04.10_amd64.deb Size/MD5: 403268 ed929a52dbdbc5b06e79ec0fb81ff9fa http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.10-0ubuntu04.10_amd64.deb Size/MD5: 158326 86b385a15b6c85e4b915bacdced31314 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.10-0ubuntu04.10_amd64.deb Size/MD5: 3350360 e1f4ca50e4bd19d34eee93290fb82629 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.10-0ubuntu04.10_amd64.deb Size/MD5: 121136 eef79c168a357b87409c153c1f201e36 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.10-0ubuntu04.10_amd64.deb Size/MD5: 204150 190f1f37a6a477cbba26f8f6f53dbc43 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.10-0ubuntu04.10_amd64.deb Size/MD5: 1937826 cf26eb285ceef89fcda0830758cc5bfd http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.10-0ubuntu04.10_amd64.deb Size/MD5: 204162 c83dc89bda3406a94923c07178adbda3 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.10-0ubuntu04.10_amd64.deb Size/MD5: 1036 b38a32c79d53150543aa65bd17344012 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.10-0ubuntu04.10_i386.deb Size/MD5: 168060 8c98d3b292d402cd22b11b420b54312b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.10-0ubuntu04.10_i386.deb Size/MD5: 126116 bb9174988c7e3c7ba95d152e66a512c0 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.10-0ubuntu04.10_i386.deb Size/MD5: 184946 a5e0cf933a97e2580f89ad2a8bd1800e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.10-0ubuntu04.10_i386.deb Size/MD5: 637908 68482be695882a1e245e72cd197395d9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.10-0ubuntu04.10_i386.deb Size/MD5: 10602576 53124ed462188a86b8a75dc27faa7be3 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.10-0ubuntu04.10_i386.deb Size/MD5: 403266 02b39a072c2c9d286fe1735ca7507a66 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.10-0ubuntu04.10_i386.deb Size/MD5: 158320 8879f23c27a1787c49e3695c9a4fcfe5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.10-0ubuntu04.10_i386.deb Size/MD5: 3343192 6b9057c17c18b2c1a73154500c70cc42 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.10-0ubuntu04.10_i386.deb Size/MD5: 115810 2b31e6c96b80615c2f916969f855a79f http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.10-0ubuntu04.10_i386.deb Size/MD5: 204140 c60f89e46ca9827c8bdc62990325738b http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.10-0ubuntu04.10_i386.deb Size/MD5: 1780920 93f92d8d66349f7bd8e59f5e4fc76ef6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.10-0ubuntu04.10_i386.deb Size/MD5: 188206 41231266c644d9760779988908efbc5c http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.10-0ubuntu04.10_i386.deb Size/MD5: 1030 f12e02b92ae890afeac4d8d41a85f276 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.10-0ubuntu04.10_powerpc.deb Size/MD5: 168072 ba80600f62884978df2b2f04c322f06c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.10-0ubuntu04.10_powerpc.deb Size/MD5: 124770 b17ebc91a1b791816f313746f52a6402 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.10-0ubuntu04.10_powerpc.deb Size/MD5: 184950 3e7c8c7cc16c9615b9255ce3fcc73b7c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.10-0ubuntu04.10_powerpc.deb Size/MD5: 712682 dc25643199535a3c8e4e48f766fa8e99 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.10-0ubuntu04.10_powerpc.deb Size/MD5: 10164662 5d494ec9f05ac4f910642f41264b8c60 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.10-0ubuntu04.10_powerpc.deb Size/MD5: 403276 65484c2dc4f038d104746f5fa2fc7489 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.10-0ubuntu04.10_powerpc.deb Size/MD5: 158332 05369072e2805e665dcb2eb0ed311ec4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.10-0ubuntu04.10_powerpc.deb Size/MD5: 3338534 623c77253ad680985c7c00fee1ea28e3 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.10-0ubuntu04.10_powerpc.deb Size/MD5: 114542 f4f3f3baa8b6b0e7c0129ccca3ffd7da http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.10-0ubuntu04.10_powerpc.deb Size/MD5: 204158 ddd745af7c8ec2ac86cb1a23e0b20a5c http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.10-0ubuntu04.10_powerpc.deb Size/MD5: 1642582 b6406c9fcf0720da67ebe2161884b8fb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.10-0ubuntu04.10_powerpc.deb Size/MD5: 175472 80bc4b4730e0cfc1c1d15ad41debf97e http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.10-0ubuntu04.10_powerpc.deb Size/MD5: 1036 4a8d43ad6703ee277fd33f558fc0ba10 Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.10-0ubuntu05.04.diff.gz Size/MD5: 310547 9114a0520dfd1ec3f1e8840cc7b209d4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.10-0ubuntu05.04.dsc Size/MD5: 1136 9c2b49a4c6127860bd5873c902df7103 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.10.orig.tar.gz Size/MD5: 30583956 46d33c8977831c434759f1f8be8349b9 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.10-0ubuntu05.04_amd64.deb Size/MD5: 168066 01ffef9884ce28174557a52f83733ef5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.10-0ubuntu05.04_amd64.deb Size/MD5: 140028 c8f9228d7793a031ab73f1f4e690dd3b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.10-0ubuntu05.04_amd64.deb Size/MD5: 184940 0e591f14f97cfce7af277aa7315009d7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.10-0ubuntu05.04_amd64.deb Size/MD5: 708860 a599ff95ab1687f2769c54bca8a0c920 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.10-0ubuntu05.04_amd64.deb Size/MD5: 10604772 ec3f043c5605adaaa40c53cbee400711 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.10-0ubuntu05.04_amd64.deb Size/MD5: 403258 d1a734b01463eff486bf73b71c72b95e http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.10-0ubuntu05.04_amd64.deb Size/MD5: 158322 b6adcb39d0eb40d51bc747bbf2dacb65 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.10-0ubuntu05.04_amd64.deb Size/MD5: 3350388 3a4978438779c894f1b2e531127a976a http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.10-0ubuntu05.04_amd64.deb Size/MD5: 121180 fe31f51e8c1ddce8d00c55a0ffaa0609 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.10-0ubuntu05.04_amd64.deb Size/MD5: 204144 6f30f8a5aab9a79d67010d3d6f30ba2d http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.10-0ubuntu05.04_amd64.deb Size/MD5: 1935902 e9237f23592a8210eb455372ce860fc7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.10-0ubuntu05.04_amd64.deb Size/MD5: 204122 93173df651b43c76a9b9377f098df9a5 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.10-0ubuntu05.04_amd64.deb Size/MD5: 1032 126b185c4886fc68a69dec48d0683ee7 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.10-0ubuntu05.04_i386.deb Size/MD5: 168064 5a0e70ac2d5e8c98ed086794e142c7b2 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.10-0ubuntu05.04_i386.deb Size/MD5: 126702 8415469bef6048d35e37fedd5f3962c6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.10-0ubuntu05.04_i386.deb Size/MD5: 184954 f9e1e504981b3d82bc4e997b63a87dc6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.10-0ubuntu05.04_i386.deb Size/MD5: 638694 74c6379cf3bb2ad963d969d31c501537 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.10-0ubuntu05.04_i386.deb Size/MD5: 9617280 8b3ab23e5c32f8afd5122d52d8951949 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.10-0ubuntu05.04_i386.deb Size/MD5: 403268 61436ebff7bac70672a2fa5ba184fb68 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.10-0ubuntu05.04_i386.deb Size/MD5: 158324 2d9bdc79894dedd525ec7b51078207a8 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.10-0ubuntu05.04_i386.deb Size/MD5: 3342872 0fa8ce7b49a5bf9099e876c45d7e294e http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.10-0ubuntu05.04_i386.deb Size/MD5: 115828 901524c4341f6e9c187c325823af9995 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.10-0ubuntu05.04_i386.deb Size/MD5: 204148 a8d9a4a49d53984d8a0b028333cbe0d1 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.10-0ubuntu05.04_i386.deb Size/MD5: 1780858 267c6c6389de344bf71332ea0248ac00 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.10-0ubuntu05.04_i386.deb Size/MD5: 188192 cbdc25cfb559cf8080f8430251fa5334 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.10-0ubuntu05.04_i386.deb Size/MD5: 1040 0059e2b4cae42fcce02d9a6e999973fa powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.10-0ubuntu05.04_powerpc.deb Size/MD5: 168072 ce35aab4bac03e2e597205fa0c07ef7f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.10-0ubuntu05.04_powerpc.deb Size/MD5: 125410 b9f7aca9a2c1b4a5849f99bf019f545c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.10-0ubuntu05.04_powerpc.deb Size/MD5: 184944 cb2727093d228450f2eda33edde7fbc8 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.10-0ubuntu05.04_powerpc.deb Size/MD5: 713078 220b0e60522361ae8f004d39412948c1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.10-0ubuntu05.04_powerpc.deb Size/MD5: 9168634 ef5834e1946c772b82dd6556bbbb3b41 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.10-0ubuntu05.04_powerpc.deb Size/MD5: 403272 1d25b0888c9e5f26cddcaf098262ffb2 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.10-0ubuntu05.04_powerpc.deb Size/MD5: 158330 0ef7507f9bf5afe90a169aaa6857f041 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.10-0ubuntu05.04_powerpc.deb Size/MD5: 3338630 3b1dbdbd8c43564ff5f93dd06ee22670 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.10-0ubuntu05.04_powerpc.deb Size/MD5: 114568 a67a49248469e7f890cd3a91e6248f9a http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.10-0ubuntu05.04_powerpc.deb Size/MD5: 204156 6cc870984199c8f9edea55d89333f784 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.10-0ubuntu05.04_powerpc.deb Size/MD5: 1642886 0569609ed88d459aaad2e83877dea6c1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.10-0ubuntu05.04_powerpc.deb Size/MD5: 175486 d494cff4442b868bc3ec0942c2881e29 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.10-0ubuntu05.04_powerpc.deb Size/MD5: 1034 f4c3ac4e8b6e1623dd3b98ca804d5146
Attachment:
signature.asc
Description: Digital signature