[USN-690-2] Firefox vulnerabilities

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [USN-690-2] Firefox vulnerabilities
From: Jamie Strandboge <jamie@xxxxxxxxxxxxx>
Date: Wed, 17 Dec 2008 18:13:13 -0600
Cc: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: Jamie Strandboge <jamie@xxxxxxxxxxxxx>
User-agent: Mutt/1.5.18 (2008-05-17)

===========================================================
Ubuntu Security Notice USN-690-2          December 18, 2008
firefox vulnerabilities
CVE-2008-5500, CVE-2008-5503, CVE-2008-5504, CVE-2008-5506,
CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511,
CVE-2008-5512, CVE-2008-5513
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  firefox                         2.0.0.19+nobinonly1-0ubuntu0.7.10.1

After a standard system upgrade you need to restart Firefox to effect the
necessary changes.

Details follow:

Several flaws were discovered in the browser engine. These problems could allow
an attacker to crash the browser and possibly execute arbitrary code with user
privileges. (CVE-2008-5500)

Boris Zbarsky discovered that the same-origin check in Firefox could be
bypassed by utilizing XBL-bindings. An attacker could exploit this to read data
from other domains. (CVE-2008-5503)

Several problems were discovered in the JavaScript engine. An attacker could
exploit feed preview vulnerabilities to execute scripts from page content with
chrome privileges. (CVE-2008-5504)

Marius Schilder discovered that Firefox did not properly handle redirects to
an outside domain when an XMLHttpRequest was made to a same-origin resource.
It's possible that sensitive information could be revealed in the
XMLHttpRequest response. (CVE-2008-5506)

Chris Evans discovered that Firefox did not properly protect a user's data when
accessing a same-domain Javascript URL that is redirected to an unparsable
Javascript off-site resource. If a user were tricked into opening a malicious
website, an attacker may be able to steal a limited amount of private data.
(CVE-2008-5507)

Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Firefox
did not properly parse URLs when processing certain control characters.
(CVE-2008-5508)

Kojima Hajime discovered that Firefox did not properly handle an escaped null
character. An attacker may be able to exploit this flaw to bypass script
sanitization. (CVE-2008-5510)

Several flaws were discovered in the Javascript engine. If a user were tricked
into opening a malicious website, an attacker could exploit this to execute
arbitrary Javascript code within the context of another website or with chrome
privileges. (CVE-2008-5511, CVE-2008-5512)

Flaws were discovered in the session-restore feature of Firefox. If a user were
tricked into opening a malicious website, an attacker could exploit this to
perform cross-site scripting attacks or execute arbitrary Javascript code with
chrome privileges. (CVE-2008-5513)


Updated packages for Ubuntu 7.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1.diff.gz
      Size/MD5:   193899 36adc1276acd43f74f72cfcc1ae3d0e9
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1.dsc
      Size/MD5:     1667 191a120d310a4e50dc3890bc39dd5eb4
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1.orig.tar.gz
      Size/MD5: 38003869 ef1cc2719a0d2e765e7395191917b0e1

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_all.deb
      Size/MD5:   200940 bb5074878422fcc2770502b9ccb0da27

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
      Size/MD5: 78150706 95fdf710a1475b0bc9c2d05b93729e1d
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
      Size/MD5:  3199474 a81af067e5cd04967c4b073e4ea88b3d
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
      Size/MD5:    98272 a5da4c672ee9cdb9238827240a1fd8d4
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
      Size/MD5:    67296 1867fa5365e1877b2991f0012a5a0508
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_amd64.deb
      Size/MD5: 10470700 e782eb0e3ee75833b54f6bf6eb7ad587

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
      Size/MD5: 77284164 a71bc30bc1337cf8f764c4e34c0225bc
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
      Size/MD5:  3187094 ac6687331ea182a211af874e78d6ed17
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
      Size/MD5:    91982 e940726ca92857100f60b40c0627ebe7
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
      Size/MD5:    66578 8b2d79255ed23faa29d212394bcba143
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_i386.deb
      Size/MD5:  9216882 bc3cbdf09eab1655725e7c6f6e702227

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
      Size/MD5: 77568340 e0c635c7c94d02df21c3959245f82eae
    
http://ports.ubuntu.com/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:  3184640 e8dbcad248acefdf2e67206fd9a99884
    
http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:    91636 54e13279350c153e6c86bc6f56c413ff
    
http://ports.ubuntu.com/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:    66524 ebc91a165868249a1d87a91727b7d2fd
    
http://ports.ubuntu.com/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:  9073898 5a46dfbb0577f2f590d6ba0b4e8427ae

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5: 80768006 e9ae877064a52623eb7e35814f9b34cc
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5:  3202786 6e6b92b3b5e47bcc20e3803d6c967b0d
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    96330 eac0521eb7d2d212869337a96576741b
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    67580 9261fce133f2603c58f710cfb1c7e387
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5: 10315794 2f30e74ebaf0e5bb0eed03669e67c7b7

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
      Size/MD5: 78127352 ab6da326b1db0baf28f1041eff70e3e4
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:  3184440 74705617fd5764f9414756ecf9e2281c
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:    91764 440f4a3bf1774945c2b93cd90948b7d2
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:    66664 1f2b23c6612f07ee3f932ff0e294a123
    
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.19+nobinonly1-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:  9466814 70da09e753b9ab898be59a3bdd25a646

Attachment: signature.asc
Description: Digital signature

Prev by Date: Re: Joomla: Session hijacking vulnerability, CVE-2008-4122
Next by Date: Firefox cross-domain text theft (CESA-2008-011)
Previous by thread: [USN-693-1] LittleCMS vulnerability
Next by thread: Firefox cross-domain text theft (CESA-2008-011)
Index(es):
- Date
- Thread