===========================================================
Ubuntu Security Notice USN-398-1 January 02, 2007
firefox vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506,
CVE-2006-6507
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.10:
firefox 2.0.0.1+0dfsg-0ubuntu0.6.10
firefox-dev 2.0.0.1+0dfsg-0ubuntu0.6.10
libnspr-dev 2.0.0.1+0dfsg-0ubuntu0.6.10
libnspr4 2.0.0.1+0dfsg-0ubuntu0.6.10
libnss-dev 2.0.0.1+0dfsg-0ubuntu0.6.10
libnss3 2.0.0.1+0dfsg-0ubuntu0.6.10
After a standard system upgrade you need to restart Firefox to effect
the necessary changes.
Details follow:
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)
Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
malicious web page containing JavaScript. (CVE-2006-6503,
CVE-2006-6507)
Jared Breland discovered that the "Feed Preview" feature could leak
referrer information to remote servers. (CVE-2006-6506)