[USN-717-2] Firefox vulnerabilities
Date: Tue, 10 Feb 2009 19:43:03 -0600
From: Jamie Strandboge <jamie@canonical.com.>
To: [email protected]
Subject: [USN-717-2] Firefox vulnerabilities
Message-ID: <20090211014302.GB3543@severus.strandboge.com.>
Reply-To: Jamie Strandboge <jamie@canonical.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="+g7M9IMkV8truYOl"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Virus-Scanned: antivirus-gw at tyumen.ru
--+g7M9IMkV8truYOl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Ubuntu Security Notice USN-717-2 February 10, 2009
firefox-3.0 vulnerabilities
CVE-2009-0355, CVE-2009-0357
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
firefox 2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1
After a standard system upgrade you need to restart Firefox to effect the
necessary changes.
Details follow:
A flaw was discovered in the browser engine when restoring closed tabs. If a
user were tricked into restoring a tab to a malicious website with form input
controls, an attacker could steal local files on the user's system.
(CVE-2009-0355)
Wladimir Palant discovered that Firefox did not restrict access to cookies in
HTTP response headers. If a user were tricked into opening a malicious web
page, a remote attacker could view sensitive information. (CVE-2009-0357)
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1.diff.gz
Size/MD5: 194096 3b0eb4a53c8a6f101d8e802172b35470
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1.dsc
Size/MD5: 2410 1a4f7e3c168867fe00d15a9ab0fddbd0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly.orig.tar.gz
Size/MD5: 37773218 99f6660ed9a5123b99deb71a4e542beb
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_all.deb
Size/MD5: 201368 31cb5c6d1a08cc7ba16bb639c91a0aaf
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 78163666 58624d232e8d4cfefd8aa0b3930f1645
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 3409228 2c70383c7fdb1c47dff030bcfc19c667
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 98652 96c04d01cb85d0e7bf7f6bd0a462217d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 67370 d7c39e5768ab583dfd378dd8caaec8ad
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 10514542 e2848c8d832da591ee6738b6c83e46fe
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_i386.deb
Size/MD5: 77307750 06d768c4f6ff11b0e9a767d9430d1167
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_i386.deb
Size/MD5: 3389432 6d0f9551aad0bf24730ce9e8bd0e43a8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_i386.deb
Size/MD5: 91414 0e6b2a8b84b703e83daff329bec2aaa8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_i386.deb
Size/MD5: 66320 509349c58bd38c4c8d5c3f01c5f854d8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_i386.deb
Size/MD5: 9263558 5071f73cd799d6be6694ffc325ece112
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/firefox/firefox-dbg_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 77589024 34b1054c205c40487c6fb63a07b7f8ea
http://ports.ubuntu.com/pool/main/f/firefox/firefox-dev_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 3387598 9f72cfde2387f9728124f32e82adab69
http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 92266 b52a5d27e848f2b49642accce30457a1
http://ports.ubuntu.com/pool/main/f/firefox/firefox-libthai_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 66600 60206314a39b88285db5ff69efa2079c
http://ports.ubuntu.com/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 9116162 08e770ab94d22ad21731033bb9569bc9
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 80783090 7e7d643e7fba65302c52f6c250b826ac
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 3202874 ac1e5d66c385ddc6c52ac47d54408624
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 96388 1d752d1304bae4438e69e7176c853df7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 67654 de86db9d630be0c23ac80d17bdc21552
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 10317856 2b66401173a009cfdc915156c3eafa7c
--+g7M9IMkV8truYOl
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmSLSYACgkQW0JvuRdL8Bo4JgCghlSOsvUBVcd4f06Iwb+H3XTC
+HgAnjPuabFYU4uUnmS7fbXPOt8GhSBD
=jZfP
-----END PGP SIGNATURE-----
--+g7M9IMkV8truYOl--