[General] [Fwd: [USN-398-1] Firefox vulnerabilities]

Abdulmajeed Al-Sabah abdulmajeed.alsabah at gmail.com
Sun Jan 7 14:04:18 +03 2007 

Salam Alekum,

I received the following from ACM technews,  it is interesting and maybe
alarming.

http://www.securityfocus.com/news/11430?ref=rss


Abdulmajeed Al-Sabah


On 1/5/07, Bashar Al-Abdulhadi <bashar at kuwaitnet.net> wrote:
>
>  FYI&A
>
> -------- Original Message --------  Subject: [USN-398-1] Firefox
> vulnerabilities  Date: Tue, 2 Jan 2007 18:41:39 -0800  From: Kees Cook
> <kees at ubuntu.com> <kees at ubuntu.com>  Organization: Ubuntu  To:
> ubuntu-security-announce at lists.ubuntu.com  CC: bugtraq at securityfocus.com,
> full-disclosure at lists.grok.org.uk
>
> ===========================================================
> Ubuntu Security Notice USN-398-1           January 02, 2007
> firefox vulnerabilities
> CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
> CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506,
> CVE-2006-6507
> ===========================================================
>
> A security issue affects the following Ubuntu releases:
>
> Ubuntu 6.10
>
> This advisory also applies to the corresponding versions of
> Kubuntu, Edubuntu, and Xubuntu.
>
> The problem can be corrected by upgrading your system to the
> following package versions:
>
> Ubuntu 6.10:
>   firefox                                  2.0.0.1+0dfsg-0ubuntu0.6.10
>   firefox-dev                              2.0.0.1+0dfsg-0ubuntu0.6.10
>   libnspr-dev                              2.0.0.1+0dfsg-0ubuntu0.6.10
>   libnspr4                                 2.0.0.1+0dfsg-0ubuntu0.6.10
>   libnss-dev                               2.0.0.1+0dfsg-0ubuntu0.6.10
>   libnss3                                  2.0.0.1+0dfsg-0ubuntu0.6.10
>
>
> After a standard system upgrade you need to restart Firefox to effect
> the necessary changes.
>
> Details follow:
>
> Various flaws have been reported that allow an attacker to execute
> arbitrary code with user privileges by tricking the user into opening
> a malicious web page containing JavaScript or SVG.  (CVE-2006-6497,
> CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
> CVE-2006-6504)
>
> Various flaws have been reported that allow an attacker to bypass
> Firefox's internal XSS protections by tricking the user into opening a
> malicious web page containing JavaScript.  (CVE-2006-6503,
> CVE-2006-6507)
>
> Jared Breland discovered that the "Feed Preview" feature could leak
> referrer information to remote servers.  (CVE-2006-6506)
>
>
> Updated packages for Ubuntu 6.10:
>
>   Source archives:
>
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10.diff.gz
>       Size/MD5:   322554 79c04227229a107f0c9d45049605bd48
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10.dsc
>       Size/MD5:     1218 6ce84b9960bdbb97c9ec6c3705653eae
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg.orig.tar.gz
>       Size/MD5: 46670638 1cb13be9a35205af63fe70eeff14eb0e
>
>   Architecture independent packages:
>
>     http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
>       Size/MD5:   236456 9ed7043d22624085cffc10dc7cde8f26
>     http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
>       Size/MD5:    55270 2f8fde2f2488af7750e65e886493cd13
>     http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dom-inspector_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
>       Size/MD5:    55362 eb1b5c963f64a784e053bdeee6537481
>     http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
>       Size/MD5:    55378 dd6516fe8c1798d617bcf95b4fbd21c4
>     http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_all.deb
>       Size/MD5:    56176 eae029799af7b101a55a9bfdffc88330
>
>   amd64 architecture (Athlon64, Opteron, EM64T Xeon)
>
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
>       Size/MD5: 50310432 263fa952660d303d4320ac519836a1fb
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
>       Size/MD5:  3119132 75d94b87d53efb786ffdf56ff6d6b075
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
>       Size/MD5:    89652 913420b9f378f322c1ca1b02037f2677
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
>       Size/MD5: 10387770 78104d3965f2bfbda5575574d9f755ba
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
>       Size/MD5:   225036 ea87d34202b6d3223dbac099cf51c8df
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
>       Size/MD5:   167466 55bbefb531652d568f02438aeed10f1d
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
>       Size/MD5:   250348 1bbc07d9af10768ac6656d927000abcd
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_amd64.deb
>       Size/MD5:   861350 3fc1cbb4e1eb02995567cdec7b660bd2
>
>   i386 architecture (x86 compatible Intel/AMD)
>
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
>       Size/MD5: 49457428 a30d035ca9fd1819091c1c6b48d325b1
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
>       Size/MD5:  3109488 e86991da3947ee093b840abd83cf07b2
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
>       Size/MD5:    83386 77793d13bf5a26f0c43962ac5fbd186c
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
>       Size/MD5:  9207840 8dcf11221cfef75bf7f51422dcf60dd7
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
>       Size/MD5:   225046 90012c5f90396f6a5db7705b243e2521
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
>       Size/MD5:   156952 80817ef1fbd45ddfbdfdf75279275c34
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
>       Size/MD5:   250336 655f2f4a30dae71ec29bf96cfb7f0229
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_i386.deb
>       Size/MD5:   785180 131a2623fa95997b99085884204fd89a
>
>   powerpc architecture (Apple Macintosh G3/G4/G5)
>
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
>       Size/MD5: 51980774 4865d18b50b3a10dfd1b228e11ac0435
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
>       Size/MD5:  3115886 c6f8efcab8edfd7b83453ee041a24612
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
>       Size/MD5:    85272 b66da0f160a453b1f3ee18f5b1722e8d
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
>       Size/MD5: 10056020 9102c8484c7c71186fd0b970a610e7e4
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
>       Size/MD5:   225038 4f83154583b4a058a123a3a8586ab0f2
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
>       Size/MD5:   166288 6190cda57dbebe29c65c1ca97daba292
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
>       Size/MD5:   250334 b3f846f1dafbf1a990ab27df8258b9e1
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_powerpc.deb
>       Size/MD5:   860068 d0f2e68e9d1ca8be8d9914e6fcdf1bff
>
>   sparc architecture (Sun SPARC/UltraSPARC)
>
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
>       Size/MD5: 49511534 d0e1bad8c05a69231dfee2db6b34b990
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
>       Size/MD5:  3106194 1adc42b08102dca85285244139d312da
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
>       Size/MD5:    83086 ef47b587d79afdce14ec47b2e13ce89c
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
>       Size/MD5:  9485274 13146d26d590e4981281cf21957cfb61
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
>       Size/MD5:   225036 b72f082c255cd9510435cd0c0912a5bc
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
>       Size/MD5:   155116 9d629deae12ea27812081b13bb0216ba
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
>       Size/MD5:   250332 c3e90b969d3c3de2fe47c4942f8dc96f
>     http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.1+0dfsg-0ubuntu0.6.10_sparc.deb
>       Size/MD5:   766060 a32f928bcb9a7cd2d601b2aafbec6bef
>
>
>
> _______________________________________________
> General mailing list
> General at oskw.org
> http://mail.oskw.org/mailman/listinfo/general_oskw.org
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://oskw.org/pipermail/general_oskw.org/attachments/20070107/bcd2b09f/attachment.html>

More information about the General mailing list