what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 645-3

Ubuntu Security Notice 645-3
Posted Sep 25, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 645-3 - USN-645-1 fixed vulnerabilities in Firefox and xulrunner. The upstream patches introduced a regression in the saved password handling. While password data was not lost, if a user had saved any passwords with non-ASCII characters, Firefox could not access the password database. This update fixes the problem. A very large amount of vulnerabilities have been addressed in the latest Firefox release from Ubuntu.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069
SHA-256 | a978bbdfecb457451bdcd378563f68292a1897028ca8bed1392915cbdd4b019d

Ubuntu Security Notice 645-3

Change Mirror Download
=========================================================== 
Ubuntu Security Notice USN-645-3 September 25, 2008
firefox-3.0, xulrunner-1.9 regression
https://launchpad.net/bugs/270429
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
firefox 3.0.3+build1+nobinonly-0ubuntu0.8.04.1
xulrunner-1.9 1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1

After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner, such as Epiphany, to effect the
necessary changes.

Details follow:

USN-645-1 fixed vulnerabilities in Firefox and xulrunner. The upstream
patches introduced a regression in the saved password handling. While
password data was not lost, if a user had saved any passwords with
non-ASCII characters, Firefox could not access the password database.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Justin Schuh, Tom Cross and Peter Williams discovered errors in the
Firefox URL parsing routines. If a user were tricked into opening a
crafted hyperlink, an attacker could overflow a stack buffer and
execute arbitrary code. (CVE-2008-0016)

It was discovered that the same-origin check in Firefox could be
bypassed. If a user were tricked into opening a malicious website,
an attacker may be able to execute JavaScript in the context of a
different website. (CVE-2008-3835)

Several problems were discovered in the JavaScript engine. This
could allow an attacker to execute scripts from page content with
chrome privileges. (CVE-2008-3836)

Paul Nickerson discovered Firefox did not properly process mouse
click events. If a user were tricked into opening a malicious web
page, an attacker could move the content window, which could
potentially be used to force a user to perform unintended drag and
drop operations. (CVE-2008-3837)

Several problems were discovered in the browser engine. This could
allow an attacker to execute code with chrome privileges.
(CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)

Drew Yao, David Maciejak and other Mozilla developers found several
problems in the browser engine of Firefox. If a user were tricked
into opening a malicious web page, an attacker could cause a denial
of service or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2008-4061, CVE-2008-4062,
CVE-2008-4063, CVE-2008-4064)

Dave Reed discovered a flaw in the JavaScript parsing code when
processing certain BOM characters. An attacker could exploit this
to bypass script filters and perform cross-site scripting attacks.
(CVE-2008-4065)

Gareth Heyes discovered a flaw in the HTML parser of Firefox. If a
user were tricked into opening a malicious web page, an attacker
could bypass script filtering and perform cross-site scripting
attacks. (CVE-2008-4066)

Boris Zbarsky and Georgi Guninski independently discovered flaws in
the resource: protocol. An attacker could exploit this to perform
directory traversal, read information about the system, and prompt
the user to save information in a file. (CVE-2008-4067,
CVE-2008-4068)

Billy Hoffman discovered a problem in the XBM decoder. If a user were
tricked into opening a malicious web page or XBM file, an attacker
may be able to cause a denial of service via application crash.
(CVE-2008-4069)


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly-0ubuntu0.8.04.1.diff.gz
Size/MD5: 105898 8e9d91766d1673d85b4e2e60f09ffbb6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly-0ubuntu0.8.04.1.dsc
Size/MD5: 2760 57a929804f986040bc7227fe3009156c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly.orig.tar.gz
Size/MD5: 11573662 bcf09e18019b2f2cbb8517932c891485
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1.diff.gz
Size/MD5: 77467 f5a62ff3d325e95c5120cc22bda2d554
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1.dsc
Size/MD5: 2825 ab55f7ea35f9ee735528805831854977
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly.orig.tar.gz
Size/MD5: 40164202 72a5e40dda74d050021677f1b3ebabcc

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 65954 3f06a1b75554d1d2340afc44b78022ac
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 65968 6d8a8e29f0a7c87d2c8f179f574d7aa6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 65924 3ac2f3dfa932bdc940950c0a894b9080
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 65912 e9e9a4746bec14f42b2450bea8225057
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 66064 6775e8fa75a92e1f33cc8ae5bb7f9e8a
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 65974 751dd3d6688c6639e9d0ec0da761cc5c
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 65924 cfb57e23eb08498e16a6bbef2ca4238e
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 8974 25f83a796d3169788d39ea68cd8635c6
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 8962 01cc668f88c84f91e2fd886d42d92f13
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 65948 c4718d66cfe19443c59978f4e39e7e41
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 65914 71f6cddfc729e4018eefe95c79efd9df
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 65906 97334f76bbbd654157c7c5aabf7e31c6
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 8946 f9d779ba38a6e7732ad71bb751523a7a
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 65936 4fa1a2d88890b85d3bce5cb045ec792b
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 8936 700210f41bc608472f4fe88615dab81f
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 65902 d907072601c66ad491d706566c2824de
http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 125194 abdbdf7f8a7597a88c60af6d98ad3be3
http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 235304 8c3f950ba19f57700fb82918f343bed3

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 9028 45557a5d8f43797bebb0ee77783bdc87
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 29576 78c9677804c24f5b6d95e0eb6c7a7f38
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 1086672 7399df1205d00bd6124d03fc63cf6592
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 4035336 eaff46064356cea1e966ab221e45eb30
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 48656 41dc8e708b4972e61b2e12ab54c0c4fc
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 9031700 f608db020679c1a062deaf017d5defd2

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 9028 a8fd22201b420b5b0fa11fab1c9466d3
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 25726 823066888e006035bbe5f1eb790eccfa
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 1065018 32827a47e8cd521d89391879a3d84d5c
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 4016914 4285536cc152b65fa881946890b44185
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 38514 04869df4ca726ad6c59d2e43383bf4f6
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 7763786 685dc1eb5dce09d60c56ffa1c059735b

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 9028 2de0d8feb75644816867deec8668ec34
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 25342 5e70051d1c36fa4115ad1b569a57b290
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 1063126 4e9a3f4c3adaacb731b9d715e38fd3e2
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 4012342 92f97468c8260b9980d348024b3b6971
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 37610 88681831e70f2c7ab81da01928fcf09f
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 7650950 80ab78a657265b9cad8ec759ac8864e9

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 9026 c90a944ecbc4366a54001c769d29e35b
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 27502 d140872135657f26a214585501d48c8c
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 1079210 2594afd5cad19bc4bee8f0bad4483c5c
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 4023426 cb239f374f28f6b90ae9289240acf871
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 43686 d176b974055a33ede0065b4c9f2047fd
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 8609908 8e66fdbd3106ee310b9e8591d5fc35ad


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close