=========================================================== Ubuntu Security Notice USN-296-1 June 09, 2006 firefox vulnerabilities CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.4-0ubuntu6.06 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Please note that Firefox 1.0.8 in Ubuntu 5.10 and Ubuntu 5.04 are also affected by these problems. Updates for these Ubuntu releases will be delayed due to upstream dropping support for this Firefox version. We strongly advise that you disable JavaScript to disable the attack vectors for most vulnerabilities if you use one of these Ubuntu versions. Details follow: Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious web site could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775) Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar attack was discovered by moz_bug_r_a4 that leveraged SelectionObject notifications that were called in privileged context. (MFSA 2006-43, CVE-2006-2777) Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By tricking a user to visit a site with an SSL certificate with specially crafted optional Certificate Authority name arguments, this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-38, CVE-2006-2778) The Mozilla developer team discovered several bugs that lead to crashes with memory corruption. These might be exploitable by malicious web sites to execute arbitrary code with the privileges of the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780, CVE-2006-2788) Chuck McAuley reported that the fix for CVE-2006-1729 (file stealing by changing input type) was not sufficient to prevent all variants of exploitation. (MFSA 2006-41, CVE-2006-2782) Masatoshi Kimura found a way to bypass web input sanitizers which filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)' characters into the HTML code (e. g. '<scr[BOM]ipt>'), these filters might not recognize the tags anymore; however, Firefox would still execute them since BOM markers are filtered out before processing the page. (MFSA 2006-42, CVE-2006-2783) Paul Nickerson noticed that the fix for CVE-2005-0752 (JavaScript privilege escalation on the plugins page) was not sufficient to prevent all variants of exploitation. (MFSA 2006-36, CVE-2006-2784) Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose "View Image" from the context menu then he could get JavaScript to run on a site of the attacker's choosing. This could be used to steal login cookies or other confidential information from the target site. (MFSA 2006-34, CVE-2006-2785) Kazuho Oku discovered various ways to perform HTTP response smuggling when used with certain proxy servers. Due to different interpretation of nonstandard HTTP headers in Firefox and the proxy server, a malicious web site can exploit this to send back two responses to one request. The second response could be used to steal login cookies or other sensitive data from another opened web site. (MFSA 2006-33, CVE-2006-2786) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06.diff.gz Size/MD5: 167298 f47b780d96935c7ec982abf3d1cb23fa http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06.dsc Size/MD5: 1109 af86fe956f6cbe2d03bdac43920e8f67 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4.orig.tar.gz Size/MD5: 42942490 2ac9d43529710e49b06ad6c358716ea4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.4-0ubuntu6.06_all.deb Size/MD5: 48814 29b5ce2c38dae8510506cbe2d10f9cd3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06_all.deb Size/MD5: 49706 26c239c98e4ecd26f1b25cb3a9111b02 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 47215364 a69b194be686538156d4c0513dfb527b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 2795932 265477059f8e1e6ecc9fdf22ececa362 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 215752 9927725795f7f49ecde3903c408912b3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 82014 e6b1d0bdc7f8ec61f4047d6a07664835 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 9395266 b1dbbc159e3407381323e4ddfd82188f http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 218436 389a755efbd959c55c6311d8d6decb0e http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 161480 7a567a40560ea00f03ab279dfe591e05 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 235386 66c1434f1c0c86c13948c8519000234e http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 757072 16b86b81d8815aa7dd0fe8da0680cc71 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 43799038 231446d3a93c66a92a5686d2011180fa http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 2795898 58ce3a92e6bc32a1f277568a1aefb157 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 209168 3d78487a1ec843de5c968daac5774a2c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 74348 a9da42db19117d43ae6eb40aa1bb5270 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 7910938 226b0db56dfec4f84eb51fe23c35b8d3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 218436 c4ea086ae992aefacc940c9944897009 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 146190 1a47ce6da183f2b4299525f38dc6b397 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 235380 63465b4ffdd74bc86d7327b0a1fe2d7a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 669186 07308fb95fd53becb506ef179fa91666 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 48597138 374792224c05b7baf406ff88409b3b51 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 2795908 1c1a036cc9bbeeaee4b9c629e2f27106 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 212602 5223d8d37deca276a6a61fa1f39dfebf http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 77522 b8d6a6d80f297397ad9e95dd2a19b0c1 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 9011932 702eb283fa9cfb68cd682166ec42f1fc http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 218436 08b7248b0dee668dcd2296538ed10ba7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 158722 2761f24a70c304680a47a100abf07029 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 235396 983d844a1b9f56543c59b618f051cc7f http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 767948 495c253eca9a842c913ff0299c57c632
Attachment:
signature.asc
Description: Digital signature