Re: [USN-398-1] Firefox vulnerabilities

To: ubuntu-users@xxxxxxxxxxxxxxxx
Subject: Re: [USN-398-1] Firefox vulnerabilities
From: Scott <geekboy@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 02 Jan 2007 22:23:32 -0700
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20070103024138.GR4462@xxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: angrykeyboarder.com - http://angrykeyboarder.com
References: <20070103024138.GR4462@xxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1pre) Gecko/20061206 Thunderbird/2.0b1 Mnenhy/0.7.4.666

Kees Cook spake thusly on 01/02/2007 07:41 PM:

===========================================================Ubuntu Security Notice USN-398-1 January 02, 2007
firefox vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506,
CVE-2006-6507
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  firefox                                  2.0.0.1+0dfsg-0ubuntu0.6.10
  firefox-dev                              2.0.0.1+0dfsg-0ubuntu0.6.10
  libnspr-dev                              2.0.0.1+0dfsg-0ubuntu0.6.10
  libnspr4                                 2.0.0.1+0dfsg-0ubuntu0.6.10
  libnss-dev                               2.0.0.1+0dfsg-0ubuntu0.6.10
  libnss3                                  2.0.0.1+0dfsg-0ubuntu0.6.10
After a standard system upgrade you need to restart Firefox to effectthe necessary changes.
Details follow:

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,CVE-2006-6504)
Various flaws have been reported that allow an attacker to bypassFirefox's internal XSS protections by tricking the user into opening amalicious web page containing JavaScript. (CVE-2006-6503,CVE-2006-6507)
Jared Breland discovered that the "Feed Preview" feature could leakreferrer information to remote servers. (CVE-2006-6506)



We're getting better.  This one only took 9 days...

http://www.mozilla.com/en-US/firefox/2.0.0.1/releasenotes/

--


--
        Scott
http://angrykeyboarder.com
© 2007 angrykeyboarder™ & Elmer Fudd. All Wights Wesewved

References:
- [USN-398-1] Firefox vulnerabilities
  - From: Kees Cook

Prev by Date: Whos Johny Pwnerseed?
Next by Date: Re: Windows Vista 64bits and unexported kernel symbols
Previous by thread: [USN-398-1] Firefox vulnerabilities
Next by thread: Simple Web Content Management System SQL Injection Exploit
Index(es):
- Date
- Thread