==========================================================Ubuntu Security Notice USN-878-1           January 08, 2010
firefox-3.5, xulrunner-1.9.1 regression
https://launchpad.net/bugs/504516
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  firefox-3.5                     3.5.7+nobinonly-0ubuntu0.9.10.1
  xulrunner-1.9.1                 1.9.1.7+nobinonly-0ubuntu0.9.10.1

After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner to effect the necessary changes.

Details follow:

USN-874-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream
changes introduced a regression when using NTLM authentication. This update
fixes the problem and added additional stability fixes.

We apologize for the inconvenience.

Original advisory details:
 Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and
 David James discovered several flaws in the browser and JavaScript engines
 of Firefox. If a user were tricked into viewing a malicious website, a
 remote attacker could cause a denial of service or possibly execute
 arbitrary code with the privileges of the user invoking the program.
 (CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986)

 Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox.
 If an NTLM authenticated user visited a malicious website, a remote
 attacker could send requests to other applications, authenticated as the
 user. (CVE-2009-3983)

 Jonathan Morgan discovered that Firefox did not properly display SSL
 indicators under certain circumstances. This could be used by an attacker
 to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)

 Jordi Chancel discovered that Firefox did not properly display invalid URLs
 for a blank page. If a user were tricked into accessing a malicious
 website, an attacker could exploit this to spoof the location bar, such as
 in a phishing attack. (CVE-2009-3985)

 David Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third
 party media libraries. If a user were tricked into opening a crafted media
 file, a remote attacker could cause a denial of service or possibly execute
 arbitrary code with the privileges of the user invoking the program.
 (CVE-2009-3388, CVE-2009-3389)


Updated packages for Ubuntu 9.10:

  Source archives:

          Size/MD5:   128326 9c43a61bea9183527630d057e246fdbc
          Size/MD5:     2940 50f7c1a9cb76736b95e0f74c0689dadb
          Size/MD5: 44871531 fdf9997dcafc4fcb7bae2b0c803b7512
          Size/MD5:    61062 35ebeb44bbcd4197864e22edb88edde3
          Size/MD5:     2910 2aca7f7b399801e6db987b4d07b9e452
          Size/MD5: 44411311 eb6d23438bdf08c0f7fa8be4f10695bd

  Architecture independent packages:

          Size/MD5:    73384 3c2b10c5e6ee82552905bd67c3f17abc
          Size/MD5:    73242 c349cc0e7f7036802368d7634feffbe6
          Size/MD5:    73242 643d7488bf2ea8e64f1309c4ed5a86f5
          Size/MD5:    73240 6fb7bf2b0c18954de263f4addc534115
          Size/MD5:    73298 4f613552e4cb4b506bd5741437cab2fc
          Size/MD5:    73398 e613137f3b56d9904dc400de6b3d57fa
          Size/MD5:    73260 d97180d863af2d6f452c903914ae96ae
          Size/MD5:     8934 49b609fcc1796a10537250be33579fb0
          Size/MD5:    73258 85992111edf7a7a37cde6749e5f93e41
          Size/MD5:     8934 d132403154eb5390029f3ed03423606b
          Size/MD5:    73444 2f6edbecce814a10cf10c061ca9e94ae
          Size/MD5:    73244 be5307c4b2efabbb1af1167b5e0557ca
          Size/MD5:    73260 af232afd0018d0d7fe4a7ea8db3bab62
          Size/MD5:    73264 10f155e49c89dd6914a0202439ec83d7
          Size/MD5:    73248 7de96ea625e1d81313e58127cc1dd249
          Size/MD5:    73230 df156197aaefa019ba27b1deaf08abe1
          Size/MD5:    73248 f9bc6985464f99c80bdc383dae08c4ec
          Size/MD5:    73258 7198bb91fded86fa1c2e5b9309968278
          Size/MD5:    73230 028fdc0382876e0ce3504db44abba601
          Size/MD5:    73248 130b1f1a81fa654bacf706b7eb3d535d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   207748 94ef8515920cf10f39eca5bcf6dd8126
          Size/MD5:   206414 a777a1a42b7caec651fb3c401f979124
          Size/MD5:   469966 2a357fb3f83fcd160cbd279a826f3bae
          Size/MD5:    73320 d85920b2da374db99f78fae14eb65cd5
          Size/MD5:    93556 ff550d55542d121a7fd747009d0a2f8f
          Size/MD5:   960362 3dd9084434f761760c221b3efa068e28
          Size/MD5: 59840962 f2148dfd6fa9c024b8352dc6dfaa6e0a
          Size/MD5:  4793268 a90190b957a66c5a1f34a890020a4583
          Size/MD5:    47786 07aff3550af2c513d0cf86ba15774fee
          Size/MD5:    70626 f5224b62bf3b1841bcf0be1f62b3011b
          Size/MD5:  9101766 e188e10960ef8b9811516dad8c898f0f
          Size/MD5:    26854 ef450d5e4818973b6bacedbed6197a49
          Size/MD5:  5590844 f1f39ee97e381bfba8f4ce328c726b9a

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   207744 a428dfdebf39fdbe68847ba6ee007c9c
          Size/MD5:   206416 3234ed6715842fe5171041f9af2f1d27
          Size/MD5:   465602 71039ee22d0fd1d182e0e7b40e1844be
          Size/MD5:    73324 c0ee802eca206b71ef1f971346277d0d
          Size/MD5:    89996 3fb9ffe2a738f2d0ab2e5b2159aacb67
          Size/MD5:   942524 c3199399ca532d64651968170033fd52
          Size/MD5: 60236294 124e4a6f7733bc1612a1e28a43183efd
          Size/MD5:  4814046 1a9d472aa5049b676989228855d5b959
          Size/MD5:    40558 5672f260ca7de1846f026762436c64f4
          Size/MD5:    70624 eb8b996eed6a8c66289d2cdb90c44b02
          Size/MD5:  7995156 f6f9791296211b6c73753c7d1abc515c
          Size/MD5:    26850 bba3338da3c1c43e703304c2c7299d0c
          Size/MD5:  5431320 2f87115a163ed67a58869902d5b16ebe

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   207748 0e144c11f0245681a5e13f97599131be
          Size/MD5:   206414 dedb5085f9022a5180963695b10cb386
          Size/MD5:   465146 59778df9abd03ca27e482b929db08a48
          Size/MD5:    73324 57cecf24b39dbbaac7529ac29abcd41b
          Size/MD5:    89450 ed7859d764cf85fdef5eaf976ed39a77
          Size/MD5:   940534 95d925b1b8ad6099cb6645c9ed910f37
          Size/MD5: 60262282 8cfff2f52bc1cfc8886137321d5fd744
          Size/MD5:  4810120 b6529f069d502194d5e42fd9eabd813d
          Size/MD5:    39718 69c2a484aaccf9e4aa2c1c0f550c5c61
          Size/MD5:    70618 c348223ebb2773e99693f3ea1f374b2d
          Size/MD5:  7885114 e555dc3e11f5acea46a10ee768ce5969
          Size/MD5:    26854 74463db7c00a752339d32bc83fa70ea0
          Size/MD5:  5425402 5e30d4afa106b427026ebd9dbbead09b

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   207750 ad69c1aa4aa78f6e9ef58d701697fdca
          Size/MD5:   206426 082d5539e95fdbff145ea3e63f33af69
          Size/MD5:   484022 258f5a9af2bcba0fa5e25241edd61165
          Size/MD5:    73324 d4dfb2cde9b7ab13d30706600cada705
          Size/MD5:    92980 e91857d5548bfba2ffc27a1e3fb13f6f
          Size/MD5:   963614 86450585d3ffb4b58687719c7455b997
          Size/MD5: 64988252 8e2fa391633d8c3ba33853f7a2eb651e
          Size/MD5:  4798594 b06bfcd572c63f0d0695cd6016d2cbbf
          Size/MD5:    47232 702010742ed75a25e84dfd96eb41f25d
          Size/MD5:    70630 81d6b684ca36e958bcbf63cd527aa619
          Size/MD5:  9732274 4367cd18b9af557b5e3ce5d5c76b1e24
          Size/MD5:    26856 68d8142d8924954c9c1f6d7d45910334
          Size/MD5:  5677316 9dc7552215f5cb05f53fef3e10bb75fd

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   207752 4785fe9598c5ae14f12bc9d1806c4f54
          Size/MD5:   206426 0ab6feb4d68959c7b8c77bc2822dde65
          Size/MD5:   458662 d99cb52e3e3030a3a4a23ad985c9339e
          Size/MD5:    73324 2bb5111842ac3155e4dc5d9f8602f8cd
          Size/MD5:    88666 ebe1ef25941bf57eadd9a7194d318ccd
          Size/MD5:   941478 c1f38610970bd099bae66c4fdf9ca45d
          Size/MD5: 59347572 7b75bf81c34f62c5ef79e1956e5d98df
          Size/MD5:  4776518 90419ac0d348e6fa2ce5068638648878
          Size/MD5:    39120 cc77b8c6657ef131cbe832237b8c078d
          Size/MD5:    70620 0af0fc7accf89472938da0789b633b63
          Size/MD5:  8489554 901f9cbe66455e4afe7f571ae8ab7af2
          Size/MD5:    26852 1839116ccf8fda684c3b7b2c2dd61f76
          Size/MD5:  5400198 95a82f873820f2cb477793ed21359d07

Ubuntu 878-1: Firefox 3.5 and Xulrunner 1.9.1 regression

January 8, 2010
USN-874-1 fixed vulnerabilities in Firefox and Xulrunner

Summary

Update Instructions

References

Severity
firefox-3.5, xulrunner-1.9.1 regression

Package Information

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved