Ubuntu 874-1: Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities

==========================================================Ubuntu Security Notice USN-874-1          December 18, 2009
firefox-3.5, xulrunner-1.9.1 vulnerabilities
CVE-2009-3388, CVE-2009-3389, CVE-2009-3979, CVE-2009-3980,
CVE-2009-3982, CVE-2009-3983, CVE-2009-3984, CVE-2009-3985,
CVE-2009-3986
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  firefox-3.5                     3.5.6+nobinonly-0ubuntu0.9.10.1
  xulrunner-1.9.1                 1.9.1.6+nobinonly-0ubuntu0.9.10.1

After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner to effect the necessary changes.

Details follow:

Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and
David James discovered several flaws in the browser and JavaScript engines
of Firefox. If a user were tricked into viewing a malicious website, a
remote attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986)

Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox.
If an NTLM authenticated user visited a malicious website, a remote
attacker could send requests to other applications, authenticated as the
user. (CVE-2009-3983)

Jonathan Morgan discovered that Firefox did not properly display SSL
indicators under certain circumstances. This could be used by an attacker
to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)

Jordi Chancel discovered that Firefox did not properly display invalid URLs
for a blank page. If a user were tricked into accessing a malicious
website, an attacker could exploit this to spoof the location bar, such as
in a phishing attack. (CVE-2009-3985)

David Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third
party media libraries. If a user were tricked into opening a crafted media
file, a remote attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-3388, CVE-2009-3389)


Updated packages for Ubuntu 9.10:

  Source archives:

          Size/MD5:   128283 e6e585514715e6e0ea1f5e427003aba2
          Size/MD5:     2940 277090a9a34de65d4bd9e3007a7b0c3d
          Size/MD5: 44871653 05996e1ba09042927eac601539a8c7b8
          Size/MD5:    61296 afbb9a81915423c2ea000066f4f6625c
          Size/MD5:     2910 bff790ef4f78da09fdc85a1f8ebc194e
          Size/MD5: 44411868 b56ec5c4b8c8314f3b7ebf07184da99b

  Architecture independent packages:

          Size/MD5:    73344 6bb91b215cb7c1ead091f3edfa2c1f9e
          Size/MD5:    73198 c4107546848d57c0a9a3bb262522cc52
          Size/MD5:    73194 c2e5377ff999bcee36dd599200047127
          Size/MD5:    73194 30c50d5807c87dc169f3fff3c39dd2ea
          Size/MD5:    73262 072e36bbd65e89d425916f2d7aaabf0d
          Size/MD5:    73360 0f75bae5badbfa61aeb0ffb82eefb8b2
          Size/MD5:    73220 7b36cd1515fd777378c64c28c4b1613d
          Size/MD5:     8936 68ab29aa9fdf09502fdc3e741dc13b09
          Size/MD5:    73216 9f953bd3a41a1bc421841419c9650744
          Size/MD5:     8934 1d763e3687427393c201c0de8b67c687
          Size/MD5:    73400 ca39fe5b1db93235ad4b3ead5c3fa094
          Size/MD5:    73204 521fafab126b71d311e6bf80e34f7466
          Size/MD5:    73218 d62fff05452351b1aea056c5a51debc9
          Size/MD5:    73224 fa0388bb5bf340394801bcb6fb3df15f
          Size/MD5:    73206 8be962d5c33ad39f8fc572649f231df7
          Size/MD5:    73186 b0408aa7ccd59562186da946ec6bd83c
          Size/MD5:    73202 3018b32b3bf7fd85352c810d49f1c2dd
          Size/MD5:    73220 d0727b00ef738ad4cdfd356d3780b211
          Size/MD5:    73188 73d296edec799ab1337cd9754f5d8887
          Size/MD5:    73212 71a0035378073b365fe81bb354dbde30

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   207734 1613ca49dd1382cea351a7e996bf1f78
          Size/MD5:   206378 5a21bb8c6fe26c0169f0f9cd5b716d28
          Size/MD5:   469950 1d7c1c3912cfab80d9dcc19aa112c15a
          Size/MD5:    73286 019d3bf5157850f7a5c5efa75c3bf587
          Size/MD5:    93522 efebd4a31956aa3ff08dc9af11e0d298
          Size/MD5:   960384 a3911256c31c5772860b9d2be8737916
          Size/MD5: 59835276 690d8bbac079bc5b7cbf27b13c82d060
          Size/MD5:  4793576 cbb107a37d57d51ce8adf5b1f0f12012
          Size/MD5:    47778 262c6c29cd3c57f73514cc34b5ad6b30
          Size/MD5:    70544 c71cd6dc64312dd40c54687c66838780
          Size/MD5:  9101464 938f246f7ee35152f8187c41d2bd2a34
          Size/MD5:    26760 6e953abdc55fbd2dc04d90a2248deca8
          Size/MD5:  5589612 66824dd66655a95061e38aaeb2fe51c5

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   207738 c039abf03fbc6a753302f5b7fe7ef203
          Size/MD5:   206382 3f317de2efe459cd513f4eca3131363f
          Size/MD5:   465552 11ae74231a16c3c3c837b88835857c2b
          Size/MD5:    73286 9a26aa11cadca06542127ecf7d98a960
          Size/MD5:    89956 0b325c3447dbfe756b881e2f85b74f4f
          Size/MD5:   942542 6666eb55ba6f648d3371fc0199db9ead
          Size/MD5: 60238048 a69d17b3ef4f6618d139951a3299aab9
          Size/MD5:  4813856 43563159d4941b7b4e68f07143a25c22
          Size/MD5:    40556 bf3bf808d598da3e3712221bab0a735e
          Size/MD5:    70542 b44ae0426dc326d96c344d6a906fe5a7
          Size/MD5:  7994204 3eb3268ac127925f2b965f75eb952f07
          Size/MD5:    26756 e8222451fcc4aec5343b50d7abe99356
          Size/MD5:  5431184 4ce2960eaae184dcf85b2965a9d936d6

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   207730 15399ee490686fb8018fe06f7fcf719a
          Size/MD5:   206366 5f5be62ebc185edbdb4375744e7965cf
          Size/MD5:   465096 bb7ecfb8109e162eaa0b223da0b87fc4
          Size/MD5:    73278 3b1e9757a5ac0d18c2b2a9ddbd5f3205
          Size/MD5:    89416 e6d1194cea39a949f894ede9511e261c
          Size/MD5:   940510 c7047cbbc5a8bfa340321c40883e8608
          Size/MD5: 60262144 851b6755a85308f44e4e32d701346046
          Size/MD5:  4810046 574fe50a9ba72c9f16952945bb36cb39
          Size/MD5:    39698 0f13b2c6faec451c5d82394b9ce59924
          Size/MD5:    70544 6c4bddbe453e2e274b572c9a7e344f7f
          Size/MD5:  7884616 52ccc22d2411a7debef8a7488dd64e13
          Size/MD5:    26752 e84a9eee969be6fb220d4776fdf48fb4
          Size/MD5:  5423656 efcab77fd487da4a5bc9bb9931fed665

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   207744 07d5286d7a18daf031896ccb65919173
          Size/MD5:   206392 ce024bdfb55ff776d5bf86ad23423ad3
          Size/MD5:   483932 85b6745d35638c9d52831a828272d86d
          Size/MD5:    73286 181437d6bbc39dcb4c2b00cb83eb5e88
          Size/MD5:    92946 93d9aa9c78c7aed338fd2e8d7e8fd773
          Size/MD5:   963670 a88bda7c8d3392a1ee5850a740bb1a0c
          Size/MD5: 64984046 3bb584848dbbbacd9ef871eb77d7f66a
          Size/MD5:  4799684 5d5f58b1a95290551cd2b01fedef10d0
          Size/MD5:    47228 bfb33e8383dec81fb23304ffc28da2a3
          Size/MD5:    70550 fda2ec1ee66bb5e37cad8908e154eefc
          Size/MD5:  9731978 aee78cdc472f8ecd3c7540d440aa2519
          Size/MD5:    26758 40c8b4208ee853aa58145cbfe8a4bfc0
          Size/MD5:  5677152 8fa877f76e0bf6851ff1518c5953c0b8

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   207738 5e739eb29adde9acff9d126a24cda1a9
          Size/MD5:   206378 fe5fe728fa3ee9cb2b22e1758b2eb50b
          Size/MD5:   458598 f14f121df951e8dfb5b2f0d86ef37f70
          Size/MD5:    73280 b9e59ae2c1b122e643b03027b99338e5
          Size/MD5:    88618 1fcfdce155d4345a0180ed26b4b22de0
          Size/MD5:   941490 bfddb26ec184c08f581113a97395b40f
          Size/MD5: 59349048 14e2474623aca5024bda53fe189eeb2b
          Size/MD5:  4776708 999dc443f02df7551a9f1174a31d454b
          Size/MD5:    39118 617fbca067d180ec8ad4bb96d0d01462
          Size/MD5:    70548 334e92204957611650785befe66de3da
          Size/MD5:  8489668 489e67413a254f2fa6f5981b87278c0f
          Size/MD5:    26760 94ae36a7bf88255fddabedf7427f1063
          Size/MD5:  5400564 dd0934c63625b4afd9105618eb8cec66
Ubuntu 874-1: Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities

Summary

Update Instructions

References

Package Information

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
