A Firefox update has been released for Ubuntu Linux 5.04
==========================================================
Ubuntu Security Notice USN-134-1 May 26, 2005
mozilla-firefox vulnerabilities
MFSA 2005-42, CAN-2005-1531, CAN-2005-1532
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
mozilla-firefox
The problem can be corrected by upgrading the affected package to version 1.0.2-0ubuntu5.3. After doing a standard system upgrade you need to restart Firefox to effect the necessary changes.
Details follow:
It was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous Javascript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. If the target site is allowed to raise the install confirmation dialog in Firefox then this flaw even allowed the malicious site to execute arbitrary code with the privileges of the Firefox user. By default only the Mozilla Update site is allowed to attempt software installation; however, users can permit this for additional sites. (MFSA 2005-42)
Michael Krax, Georgi Guninski, and L. David Baron found that the security checks that prevent script injection could be bypassed by wrapping a javascript: url in another pseudo-protocol like "view-source:" or "jar:". (CAN-2005-1531)
A variant of the attack described in CAN-2005-1160 (see USN-124-1) was discovered. Additional checks were added to make sure Javascript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them. (CAN-2005-1532)
Note: These flaws also apply to Ubuntu 5.04's Mozilla, and to the Ubuntu 4.10 versions of Firefox and Mozilla. These will be fixed soon.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3.diff.gz
Size/MD5: 844189 0cb2c9138a00d4c8cbe439c96239c019
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3.dsc
Size/MD5: 1696 b6f9a2fd0df83ad93436e0a9e0afcafb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2.orig.tar.gz
Size/MD5: 41023585 7e98ce4aefc5ea9b5f1f35b7a0c58f60
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_amd64.deb
Size/MD5: 2630106 6f1e278ee5e205b5ed277e2fedae640e
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_amd64.deb
Size/MD5: 157070 cbca0d235bc0ed4048afb1ea97fd5912
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_amd64.deb
Size/MD5: 56344 62f0466b21c60e23e360d7a01d129a6b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_amd64.deb
Size/MD5: 9757086 fa6c87f80a2142e0b5a71b3a5a93d4c6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_i386.deb
Size/MD5: 2630048 3ec6273947d6770635e3f6187322163d
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_i386.deb
Size/MD5: 151962 3621cb9df77851fb9bb20acb67ca762f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_i386.deb
Size/MD5: 52944 6cd2ad56c4ca6e21acb772d93f7b3242
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_i386.deb
Size/MD5: 8789122 e1e5baedeb8583af2c0bd83667a00c58
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_powerpc.deb
Size/MD5: 2630154 91ee224d4231d50c54645d9978faf5d4
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_powerpc.deb
Size/MD5: 150728 ee5a62a980629bfb4ac6fd6f5bbebe6a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_powerpc.deb
Size/MD5: 55580 50cc0fc42ac4da395f416943522be4c9
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_powerpc.deb
Size/MD5: 8446932 4796ec228c2b08010550bda6f5d366ff
==========================================================
Ubuntu Security Notice USN-134-1 May 26, 2005
mozilla-firefox vulnerabilities
MFSA 2005-42, CAN-2005-1531, CAN-2005-1532
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
mozilla-firefox
The problem can be corrected by upgrading the affected package to version 1.0.2-0ubuntu5.3. After doing a standard system upgrade you need to restart Firefox to effect the necessary changes.
Details follow:
It was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous Javascript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. If the target site is allowed to raise the install confirmation dialog in Firefox then this flaw even allowed the malicious site to execute arbitrary code with the privileges of the Firefox user. By default only the Mozilla Update site is allowed to attempt software installation; however, users can permit this for additional sites. (MFSA 2005-42)
Michael Krax, Georgi Guninski, and L. David Baron found that the security checks that prevent script injection could be bypassed by wrapping a javascript: url in another pseudo-protocol like "view-source:" or "jar:". (CAN-2005-1531)
A variant of the attack described in CAN-2005-1160 (see USN-124-1) was discovered. Additional checks were added to make sure Javascript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them. (CAN-2005-1532)
Note: These flaws also apply to Ubuntu 5.04's Mozilla, and to the Ubuntu 4.10 versions of Firefox and Mozilla. These will be fixed soon.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3.diff.gz
Size/MD5: 844189 0cb2c9138a00d4c8cbe439c96239c019
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3.dsc
Size/MD5: 1696 b6f9a2fd0df83ad93436e0a9e0afcafb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2.orig.tar.gz
Size/MD5: 41023585 7e98ce4aefc5ea9b5f1f35b7a0c58f60
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_amd64.deb
Size/MD5: 2630106 6f1e278ee5e205b5ed277e2fedae640e
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_amd64.deb
Size/MD5: 157070 cbca0d235bc0ed4048afb1ea97fd5912
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_amd64.deb
Size/MD5: 56344 62f0466b21c60e23e360d7a01d129a6b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_amd64.deb
Size/MD5: 9757086 fa6c87f80a2142e0b5a71b3a5a93d4c6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_i386.deb
Size/MD5: 2630048 3ec6273947d6770635e3f6187322163d
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_i386.deb
Size/MD5: 151962 3621cb9df77851fb9bb20acb67ca762f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_i386.deb
Size/MD5: 52944 6cd2ad56c4ca6e21acb772d93f7b3242
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_i386.deb
Size/MD5: 8789122 e1e5baedeb8583af2c0bd83667a00c58
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_powerpc.deb
Size/MD5: 2630154 91ee224d4231d50c54645d9978faf5d4
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_powerpc.deb
Size/MD5: 150728 ee5a62a980629bfb4ac6fd6f5bbebe6a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_powerpc.deb
Size/MD5: 55580 50cc0fc42ac4da395f416943522be4c9
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_powerpc.deb
Size/MD5: 8446932 4796ec228c2b08010550bda6f5d366ff
