USN-398-1: Firefox vulnerabilities
Posted on: 01/03/2007 03:55 AM

A new Firefox vulnerabilities update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-398-1 January 02, 2007
firefox vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506,
CVE-2006-6507
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
firefox 2.0.0.1+0dfsg-0ubuntu0.6.10
firefox-dev 2.0.0.1+0dfsg-0ubuntu0.6.10
libnspr-dev 2.0.0.1+0dfsg-0ubuntu0.6.10
libnspr4 2.0.0.1+0dfsg-0ubuntu0.6.10
libnss-dev 2.0.0.1+0dfsg-0ubuntu0.6.10
libnss3 2.0.0.1+0dfsg-0ubuntu0.6.10

After a standard system upgrade you need to restart Firefox to effect=20
the necessary changes.

Details follow:

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,=20
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,=20
CVE-2006-6504)

Various flaws have been reported that allow an attacker to bypass=20
Firefox's internal XSS protections by tricking the user into opening a=20
malicious web page containing JavaScript. (CVE-2006-6503,=20
CVE-2006-6507)

Jared Breland discovered that the "Feed Preview" feature could leak=20
referrer information to remote servers. (CVE-2006-6506)


Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0=
dfsg-0ubuntu0.6.10.diff.gz
Size/MD5: 322554 79c04227229a107f0c9d45049605bd48
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0=
dfsg-0ubuntu0.6.10.dsc
Size/MD5: 1218 6ce84b9960bdbb97c9ec6c3705653eae
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0=
dfsg.orig.tar.gz
Size/MD5: 46670638 1cb13be9a35205af63fe70eeff14eb0e

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-i=
nspector_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 236456 9ed7043d22624085cffc10dc7cde8f26
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firef=
ox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 55270 2f8fde2f2488af7750e65e886493cd13
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firef=
ox-dom-inspector_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 55362 eb1b5c963f64a784e053bdeee6537481
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firef=
ox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 55378 dd6516fe8c1798d617bcf95b4fbd21c4
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firef=
ox_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 56176 eae029799af7b101a55a9bfdffc88330

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0=
=2E1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 50310432 263fa952660d303d4320ac519836a1fb
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0=
=2E1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 3119132 75d94b87d53efb786ffdf56ff6d6b075
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-sup=
port_2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 89652 913420b9f378f322c1ca1b02037f2677
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0=
dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 10387770 78104d3965f2bfbda5575574d9f755ba
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fir=
efox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 225036 ea87d34202b6d3223dbac099cf51c8df
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefo=
x2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 167466 55bbefb531652d568f02438aeed10f1d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fire=
fox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 250348 1bbc07d9af10768ac6656d927000abcd
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox=
2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 861350 3fc1cbb4e1eb02995567cdec7b660bd2

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0=
=2E1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 49457428 a30d035ca9fd1819091c1c6b48d325b1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0=
=2E1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 3109488 e86991da3947ee093b840abd83cf07b2
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-sup=
port_2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 83386 77793d13bf5a26f0c43962ac5fbd186c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0=
dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 9207840 8dcf11221cfef75bf7f51422dcf60dd7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fir=
efox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 225046 90012c5f90396f6a5db7705b243e2521
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefo=
x2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 156952 80817ef1fbd45ddfbdfdf75279275c34
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fire=
fox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 250336 655f2f4a30dae71ec29bf96cfb7f0229
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox=
2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 785180 131a2623fa95997b99085884204fd89a

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0=
=2E1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 51980774 4865d18b50b3a10dfd1b228e11ac0435
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0=
=2E1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 3115886 c6f8efcab8edfd7b83453ee041a24612
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-sup=
port_2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 85272 b66da0f160a453b1f3ee18f5b1722e8d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0=
dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 10056020 9102c8484c7c71186fd0b970a610e7e4
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fir=
efox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 225038 4f83154583b4a058a123a3a8586ab0f2
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefo=
x2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 166288 6190cda57dbebe29c65c1ca97daba292
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fire=
fox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 250334 b3f846f1dafbf1a990ab27df8258b9e1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox=
2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 860068 d0f2e68e9d1ca8be8d9914e6fcdf1bff

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0=
=2E1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 49511534 d0e1bad8c05a69231dfee2db6b34b990
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0=
=2E1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 3106194 1adc42b08102dca85285244139d312da
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-sup=
port_2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 83086 ef47b587d79afdce14ec47b2e13ce89c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0=
dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 9485274 13146d26d590e4981281cf21957cfb61
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fir=
efox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 225036 b72f082c255cd9510435cd0c0912a5bc
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefo=
x2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 155116 9d629deae12ea27812081b13bb0216ba
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fire=
fox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 250332 c3e90b969d3c3de2fe47c4942f8dc96f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox=
2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 766060 a32f928bcb9a7cd2d601b2aafbec6bef


--5I6of5zJg18YgZEa
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFmxfiH/9LqRcGPm0RAjr3AJ0RpQhi53Zqe32INjEfuDWn0DVCyQCeMRv7
djgl/+mFLSJXQ57GYa7KGgI=
=LTup
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_398_1_firefox_vulnerabilities.html)