Ubuntu 957-1: Firefox and Xulrunner vulnerabilities
Summary
Update Instructions
References
Package Information
==========================================================Ubuntu Security Notice USN-957-1 July 23, 2010 firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities CVE-2010-0654, CVE-2010-1205, CVE-2010-1206, CVE-2010-1207, CVE-2010-1208, CVE-2010-1209, CVE-2010-1210, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213, CVE-2010-1214, CVE-2010-1215, CVE-2010-2751, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: firefox-3.0 3.6.7+build2+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9.2 1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2 Ubuntu 10.04 LTS: abrowser 3.6.7+build2+nobinonly-0ubuntu0.10.04.1 firefox 3.6.7+build2+nobinonly-0ubuntu0.10.04.1 xulrunner-1.9.2 1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. Details follow: Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XULelement. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754) Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 133798 271a64453687ebc18ca01d699037ba45 Size/MD5: 2506 5c9fb294eb76f6f4df27a7d2a6d427b2 Size/MD5: 49883446 e3bdceebdf5bcc94f0f901ce8744a6df Size/MD5: 67144 60a98052c5ff5ebed368edab309f6278 Size/MD5: 2577 15e7061d7023ae309200503d411fe4c7 Size/MD5: 49049246 24374c9313827c30bca434dc15cd7e34 Architecture independent packages: Size/MD5: 69844 85c4e3834feeb1cb861e7d17f0575ee3 Size/MD5: 69664 4a83b2aeb00e2a37445186b7433dd216 Size/MD5: 69684 2617bcda5d2f060181fac4856719f806 Size/MD5: 70070 e48d523346de8d1e8308dda462e8c55a Size/MD5: 69690 fa027b455560cc9624764ed947dd7c8b Size/MD5: 69676 fdfd4efd51efaf4948ac97518bf5df03 Size/MD5: 69708 492a22d9e2bf0f6c3608e44f7d5c5a51 Size/MD5: 69676 65584c1eee074b4a4d8de1b36f3ce72b Size/MD5: 69662 258b1f12d7d52197f810a7d7a870c022 Size/MD5: 69690 35bbb345037c9543954573e9b485bdb3 Size/MD5: 69660 14978d5ad3690c38d48d217ea04b1ae1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 193518 bb745007d8a4e9d2c439ed8f290120d1 Size/MD5: 197078 fe5d85d4e3604fdd069da27e54638415 Size/MD5: 61884478 ea30e6bf107da86db371d2958cf84fe0 Size/MD5: 69790 0ed39e1bfe2d1ee466df2d3886bae686 Size/MD5: 117538 859fefa229034ba29ea5448f62e187f1 Size/MD5: 70152 317a93572d034577da8f1fadefe9e9be Size/MD5: 12582384 c5e11f9c2125438be7198349f25b8ac2 Size/MD5: 65572054 2b5bfb2c2f72e036910997316bbe90b5 Size/MD5: 4850798 27013710b91e1c0d1a5ffa0160195a28 Size/MD5: 53474 f6c384027fc0cd8081f961b85aabb979 Size/MD5: 75574 66cda9511c09782c1a1ffdb64ef431c6 Size/MD5: 11000546 8ef7230a6e2b4bdd28ede9a0eb624bbe Size/MD5: 29402 1265e1e0ff93e51119e568583d9b8f22 Size/MD5: 7828476 9d0127ac6a486e89c4f1b7428f3e1e04 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 193506 5abc8098f2297ba4b2f53c40205ce046 Size/MD5: 197084 4bbb3f6d4caa58e7bde7405b5f97db8a Size/MD5: 61449850 c81e3823346390ace4376074275eb559 Size/MD5: 69788 2e994d5022894d61a40a15f42e1a7374 Size/MD5: 112764 791c7d6638ca643615c8864273a43ea7 Size/MD5: 70144 74f7f56dee4df37d4552f5ff1b7a89ac Size/MD5: 11091722 9babed8bee9c540cdadba7c0c00c250e Size/MD5: 65735590 c3b0c790d5b3d7669f6aa920e625514b Size/MD5: 4874828 6cead2e3fcf6822f959cec9aeb358424 Size/MD5: 43868 c821bcb229a45c3982adae01c8a61637 Size/MD5: 75572 e6987169d943c59d13754840af856fdd Size/MD5: 9730964 2ba76c99a9d0508b928d8c824d3d0be6 Size/MD5: 29394 2d28252d772eedfc4cd9e244074285ee Size/MD5: 7593148 f85b13abb03715d9519a0136355f3ffa lpia architecture (Low Power Intel Architecture): Size/MD5: 193510 70d2c0431adc92af9cec7b1abaa98d0d Size/MD5: 197068 fd6bc7cf5701e72bb91f5f9674470f94 Size/MD5: 55746708 95ca1c2a9a22fada9fd4a6a583c64448 Size/MD5: 69786 1444a787a8bb4b45d6bc77590bfa896d Size/MD5: 112596 04534f3c7a6247db74229bf72dc7111b Size/MD5: 70148 02b4917b416c9cfd6334be539df3e58e Size/MD5: 10539164 861702956583ec236e96b6c2ce9ae997 Size/MD5: 60039818 7bd06b0f917b91121fa6f4e6c202383b Size/MD5: 4834038 5ab205c99a0f534128c3e96046d53f35 Size/MD5: 42792 9aa1cba81d55aec0b25fcba965097fb1 Size/MD5: 75570 d2285407e9026fc0dbdd78eec5bcb645 Size/MD5: 9206882 31345981e2585d2562cec2bd29e54882 Size/MD5: 29396 561795934911eaaf1738449c29176691 Size/MD5: 7574132 ef071a3a0c3c6790d3f26ee4bdad3097 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 193514 b21e26ea3e9ec018cb2db75334b2158d Size/MD5: 197086 88facd8fbeff3c362d2157ed3fbe3dd7 Size/MD5: 57310986 b1c659403a8b1a1e0bddc620b66498e0 Size/MD5: 69788 eb428c8c01f6be3aa464777c674190b5 Size/MD5: 117864 9aa59444c252802f3b5924220d55eb08 Size/MD5: 70154 16f689e8a4ca5e39faf84d1a05b284b1 Size/MD5: 11630256 e87ebcc8a4e1662f77973b1459e7e3f8 Size/MD5: 61643232 c1d16ece8283c428c05e4536da749c43 Size/MD5: 4812322 702c04a61b7127d6cc94b2da10c789e9 Size/MD5: 51244 932f5c7499be44f3271211208192b5f5 Size/MD5: 75590 b253bda40f77b58075291b89c4039ba7 Size/MD5: 11048454 24a9d3e6451cbc4576ddd234a5065a3b Size/MD5: 29398 f6750de249a3a06862932c7653140afb Size/MD5: 7977978 b8d79bdb7b195b4b93671b1d3b2d3aed Updated packages for Ubuntu 10.04: Source archives: Size/MD5: 176178 b3bdd80ebdd2d8ee9d699cb687f14d1b Size/MD5: 2579 3ff3f293d113251fd07f955e767fd38f Size/MD5: 49883446 e3bdceebdf5bcc94f0f901ce8744a6df Size/MD5: 59348 ee3d606728404b5dad1e85e265045d4b Size/MD5: 2625 2c49cbc28bea388691e4551196ff463f Size/MD5: 49049246 24374c9313827c30bca434dc15cd7e34 Architecture independent packages: Size/MD5: 80062 8bac3087f159c0257b4bb94730fb9a23 Size/MD5: 79822 b56b1e09e4898613bd90f694546fc1a9 Size/MD5: 79818 d1888fa706d9c49eaac2e867a2fee5af Size/MD5: 79822 35012ede420cce4dafd26d868efcc4f4 Size/MD5: 79826 7f013ba9ec10d5456a7ffedfb28972fa Size/MD5: 79826 11451690afbff5bfe9b479da32429bfd Size/MD5: 79840 cdfdcc87bcc532a8d1f7d62fb49d4e9d Size/MD5: 8936 42ed58848f4ab3663cc59119e0124ddf Size/MD5: 79844 432e5b36c9bc4b70a44f70db6e349ca7 Size/MD5: 79842 d9e6119a134c15addc9eb1702a0afa49 Size/MD5: 79826 8b84744da7e05d09fd61c16750072498 Size/MD5: 79808 c77da23dfc7c77989ba17b4bcd3b5a1c Size/MD5: 79840 42fe71aebabdb6503aac45894eded920 Size/MD5: 79808 389f1620ce70f43288b64e0b1e790de1 Size/MD5: 79832 332988a82ee05d9f955bfcbafb7cd036 Size/MD5: 79846 3048f9eea8d682b0dbc320ebca661f22 Size/MD5: 79812 db5c1c2d6138178f10b57eb1274abf46 Size/MD5: 29688 f14c6acf9496c9cade65f1de2c2d4134 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 207154 35023f4877343fd702e4d28b82347d80 Size/MD5: 62302236 d6673f8182fab86776adaa74ffaf6726 Size/MD5: 79922 6e061ffb64a10641c346f8d021d4f430 Size/MD5: 113964 16644c9344d3e7dc37b88aa2649fb8c0 Size/MD5: 80404 861415506042ce00a13440331b217aec Size/MD5: 12527134 303a5598159fad4242c5e3791701d682 Size/MD5: 64611760 4f316a9717dbecf7929ce326ea5fca9f Size/MD5: 4733724 73d80d8dc55330653564ad1bf6da0728 Size/MD5: 75264 9b3c21aef15ec24abb836af0c7401445 Size/MD5: 10384748 1f7f07e21cf1b948b65140d05298bf46 Size/MD5: 29162 592b61379cbcef106f5c7a58c671cc8a Size/MD5: 203588 4d7bb2460b51f9ecffa4bfda52f09212 Size/MD5: 51050 b1d3abb53790493a98c0a252f7fc8c61 Size/MD5: 7753176 49f87ca1521d5a39654007319d95850b i386 architecture (x86 compatible Intel/AMD): Size/MD5: 207154 6e8ab4cc4a22334a4a846f514b46be30 Size/MD5: 62778246 d56da39268b4a559d285a18538c5d6b7 Size/MD5: 79916 23d444d3f4bec46e6a186da05b3bb2a6 Size/MD5: 113442 b69930c590f6c539a8b85281f7947627 Size/MD5: 80400 caa787e506ce73c86bbd8e01e7a69e8c Size/MD5: 11244268 f7c24d464ea79138f1b960920ba9d22a Size/MD5: 65829462 1b8afbe5079a5b08f24954173c00514b Size/MD5: 4762346 546fcec400c652713bf445f23d28148a Size/MD5: 75260 512f26dbadb3d8e252c4204ede22e83a Size/MD5: 9375274 124047f73321ac42f98e76395077eed8 Size/MD5: 29158 ad60a9a1cccfe4f8702531da45060006 Size/MD5: 203582 d0ea62c91360baf517ef56153d13c35f Size/MD5: 43258 e6fcfdd954455ba31855e0ab7fe17fc1 Size/MD5: 7577650 e98aa4185fdf79f5bbf9c38bfeecc49a powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 207166 925d624cfe3d653ae9b3f2d07e211699 Size/MD5: 59334046 917ff3a144910a891e0fba444b5aae9d Size/MD5: 79920 6777c05f75b0a45daa1a7e944d24089c Size/MD5: 118336 65ace801699a7769a847cdf5de1ac18c Size/MD5: 80404 42f80624b2aadfb3c16966c8949fd9b8 Size/MD5: 12050360 bba84c34b6e475fa55af88acf5b67078 Size/MD5: 64148266 d8486f048a5d181e99f5151b33bed166 Size/MD5: 4703220 80495ffb4b7b1c676b9ad02fa9235bfe Size/MD5: 75270 ec340871c8e9031b76937c99b544cc8f Size/MD5: 10444212 2c13f79bf2f06c6af1ff6367fc4ca47e Size/MD5: 29158 de133902ae85fbc819149a54790b3c0b Size/MD5: 203594 6505596fc236c9d6aa6816b7db752c84 Size/MD5: 50646 ac25d6be9e735bc36732decb081ec893 Size/MD5: 7851984 660e76677f099bd4875176d2256141fe sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 207158 3aefafcdf24111dcea0a2f00f3c4d7e4 Size/MD5: 56631458 204bcfdae61fef2ea48a271f3f942999 Size/MD5: 79918 8380bd71e3b55a14272a5471d8315185 Size/MD5: 109182 d4a4e69e6e0de25f87a77332ef0613d9 Size/MD5: 80402 ec0333aad274d54c09132eca79fb9e75 Size/MD5: 11420898 11f6e38c8140613b9750bb737154b42a Size/MD5: 58882828 f70edccb6dcd625204e6291cb4fac28e Size/MD5: 4684742 f94d779ec3ee86bc9fbe3dfaefa6e8ec Size/MD5: 75270 5ce106f544087f6881537ed3969faca5 Size/MD5: 9355980 a564a7b20f7969d85257939dc2305663 Size/MD5: 29158 ed011f2fa20f5f2438582b3c97d6ef5a Size/MD5: 203592 2c1359cff3d94cd2fedf6c281220005b Size/MD5: 42404 4a0951ee7f1d27167a1cb391f79fe9b0 Size/MD5: 7567012 0e0d24f9901ddbcbd03ab51c5d226a49