[General] [Fwd: Re: [USN-398-1] Firefox vulnerabilities]

Bashar Al-Abdulhadi bashar at kuwaitnet.net
Wed Jan 3 20:11:16 +03 2007 

FYI&A


-------- Original Message --------
Subject: 	Re: [USN-398-1] Firefox vulnerabilities
Date: 	Tue, 02 Jan 2007 22:23:32 -0700
From: 	Scott <geekboy at angrykeyboarder.com>
Organization: 	angrykeyboarder.com - http://angrykeyboarder.com
To: 	ubuntu-users at lists.ubuntu.com
CC: 	full-disclosure at lists.grok.org.uk, bugtraq at securityfocus.com
References: 	<20070103024138.GR4462 at outflux.net>



Kees Cook spake thusly on 01/02/2007 07:41 PM:
> =========================================================== 
> Ubuntu Security Notice USN-398-1           January 02, 2007
> firefox vulnerabilities
> CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
> CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506,
> CVE-2006-6507
> ===========================================================
> 
> A security issue affects the following Ubuntu releases:
> 
> Ubuntu 6.10
> 
> This advisory also applies to the corresponding versions of
> Kubuntu, Edubuntu, and Xubuntu.
> 
> The problem can be corrected by upgrading your system to the
> following package versions:
> 
> Ubuntu 6.10:
>   firefox                                  2.0.0.1+0dfsg-0ubuntu0.6.10
>   firefox-dev                              2.0.0.1+0dfsg-0ubuntu0.6.10
>   libnspr-dev                              2.0.0.1+0dfsg-0ubuntu0.6.10
>   libnspr4                                 2.0.0.1+0dfsg-0ubuntu0.6.10
>   libnss-dev                               2.0.0.1+0dfsg-0ubuntu0.6.10
>   libnss3                                  2.0.0.1+0dfsg-0ubuntu0.6.10
> 
> After a standard system upgrade you need to restart Firefox to effect 
> the necessary changes.
> 
> Details follow:
> 
> Various flaws have been reported that allow an attacker to execute
> arbitrary code with user privileges by tricking the user into opening
> a malicious web page containing JavaScript or SVG.  (CVE-2006-6497, 
> CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, 
> CVE-2006-6504)
> 
> Various flaws have been reported that allow an attacker to bypass 
> Firefox's internal XSS protections by tricking the user into opening a 
> malicious web page containing JavaScript.  (CVE-2006-6503, 
> CVE-2006-6507)
> 
> Jared Breland discovered that the "Feed Preview" feature could leak 
> referrer information to remote servers.  (CVE-2006-6506)


We're getting better.  This one only took 9 days...

http://www.mozilla.com/en-US/firefox/2.0.0.1/releasenotes/

-- 


-- 
	Scott
http://angrykeyboarder.com
© 2007 angrykeyboarder™ & Elmer Fudd. All Wights Wesewved


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://oskw.org/pipermail/general_oskw.org/attachments/20070103/0c6936ea/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3249 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://oskw.org/pipermail/general_oskw.org/attachments/20070103/0c6936ea/attachment.bin>

More information about the General mailing list