===========================================================
Ubuntu Security Notice USN-490-1 July 19, 2007
firefox vulnerabilities
CVE-2007-3089, CVE-2007-3285, CVE-2007-3656, CVE-2007-3734,
CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.13~prepatch070716-0ubuntu1
Ubuntu 6.10:
firefox 2.0.0.5+0dfsg-0ubuntu0.6.10
Ubuntu 7.04:
firefox 2.0.0.5+1-0ubuntu1
After a standard system upgrade you need to restart Firefox to effect
the necessary changes.
Details follow:
Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-3734,
CVE-2007-3735)
Flaws were discovered in the JavaScript methods addEventListener and
setTimeout which could be used to inject script into another site in
violation of the browser's same-origin policy. A malicious web site
could exploit this to modify the contents, or steal confidential data
(such as passwords), of other web pages. (CVE-2007-3736)
Ronen Zilberman and Michal Zalewski discovered timing attacks in the
JavaScript engine's use of about:blank frames. A malicious web site
could exploit this to modify the contents, or steal confidential data
(such as passwords), of other web pages. (CVE-2007-3089)
A flaw was discovered in the JavaScript event handling code. By tricking
a user into opening a malicious web page, an attacker could execute
arbitrary code with the user's privileges. (CVE-2007-3737)
Ronald van den Heetkamp discovered that filename URLs including an encoded
null byte could confuse the extension matching code. By tricking a user
into opening a malicious web page, an attacker could execute arbitrary
helper programs. (CVE-2007-3285)
Michal Zalewski discovered flaws in the same-origin handling of cached
"wyciwyg://" documents. A malicious web site could exploit this to
modify the contents, or steal confidential data (such as passwords),
of other web pages. (CVE-2007-3656)
Various flaws were discovered in the XPCNativeWrapper method. By tricking
a user into opening a malicious web page, an attacker could execute
arbitrary code with the user's privileges. (CVE-2007-3738).
Updated packages for Ubuntu 6.06 LTS:
Source archives:
Size/MD5: 176482 585a1724008ab588acd527ff00bd48eb
Size/MD5: 1791 4f8c8171fd899e4634352f67c751b8be
Size/MD5: 45308190 fff06e9b9d0b560adfc702a7ee812eb9
Architecture independent packages:
Size/MD5: 50860 ed0cfa5afdae5e26943ee43c41775026
Size/MD5: 51750 df983f138cdf6d7defa9d64bc977c3a3
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 47541112 2d61afba766cdc4251a8b63c5474bd94
Size/MD5: 2850274 6b196684cf62be0cc5ccba8c0e35912a
Size/MD5: 216658 cad73219aaf95388aab6c18acf404123
Size/MD5: 84242 0c3f6f133a22d123c764d99ed75c3736
Size/MD5: 9463036 1afcd742ae2f8635ea6712e62b6bd70c
Size/MD5: 220352 2baf827a6ae0fb670bff1e749d567e53
Size/MD5: 163920 efa23a70f57841384ff76c64534033da
Size/MD5: 245954 27b85855edfc73e8fc67e46d6f9d48e5
Size/MD5: 823598 0b85e1a459afc38cc4af8889444b53d5
i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 44100198 c68b5d6ab9a2fb9984e0baf8413d8a95
Size/MD5: 2850326 4e33d2d8647c6362bd92df4deefe0752
Size/MD5: 209846 1f48857d2195df9733e75bd9885f4bca
Size/MD5: 76580 211b37482b8a7413db15011e54df1c72
Size/MD5: 7969208 1f3536f950a5f24265a58b9736b74e0f
Size/MD5: 220342 e07237b637147a254ddfd9fea09d085d
Size/MD5: 148478 af3172bdbc4de6e9bcda6d842e4dba12
Size/MD5: 245924 0de71eb0201d3cb69197d9407d2a9c8f
Size/MD5: 715162 2fdcb62302d21214e0df89b06dabecc4
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 48929312 299f7e24493b8613630048acae269352
Size/MD5: 2850304 3eee41aeaf057015e7849bfeee29c0aa
Size/MD5: 213350 8593ec1460efa81dd75725200c1404c9
Size/MD5: 79684 67ee2bc60c7810a66451feefdd894926
Size/MD5: 9079674 5d0ac3b894928ecdc0c674e195dcffda
Size/MD5: 220352 790ada5a498d747cc6e8b621b3a3715d
Size/MD5: 161160 81eb81f387d3086db12f2633326164fa
Size/MD5: 245930 6e9ef714de71584c3ae3d0923ac2852c
Size/MD5: 814224 332cea3562bb0babc0facb8582e3b857
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5: 45499210 779df0d2c8aec9ca7958811df9f55207
Size/MD5: 2850298 55c603c8f2abc1cf1de68b982ed2642e
Size/MD5: 210800 4099869f9db29ef16979239562b46f82
Size/MD5: 78182 f4dc689c5b92f33a69e49ab1b2bb7a87
Size/MD5: 8467856 4c7c5e7a2c980f9ea893d61c694da3c1
Size/MD5: 220356 ce2bfe470e531b41063da792b07e4d9f
Size/MD5: 151060 bde06407ab5c0bc359c2eeb84eb6d1d0
Size/MD5: 245950 75f9fb08c48b2020fb979e48693dbf2e
Size/MD5: 725678 2b7b6aeffad553907d79eb17ed527d35
Updated packages for Ubuntu 6.10:
Source archives:
Size/MD5: 320967 da60bd2eb0dd6dc6d20d66dcd1cab670
Size/MD5: 1856 9df40d557a1493af1e375e4dc24c84a8
Size/MD5: 46824450 d2134acbe260d9bfc7e1e9993fa9eb8b
Architecture independent packages:
Size/MD5: 237358 16ee6d610d47491ae233aba1484f5266
Size/MD5: 56152 88e9ed225edf7c8514f061574f4649c1
Size/MD5: 56250 cb7caeaca0090fc913b166ec4d8bae58
Size/MD5: 56260 0a259bba41162633d717d396af6ea4ae
Size/MD5: 57060 d229ec678969e27df2f04dd40effbb2c
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 50485542 1c73ea44de92154adec804a90e2f18af
Size/MD5: 3176034 40003f622453c7647ae4c6df36b56905
Size/MD5: 90662 96fb23440a2f83273be65da904684bc4
Size/MD5: 10438854 3ddb7e97713580345ffd8a3c493f1d34
Size/MD5: 226236 3b14369752924f8b34f38be921dd8f48
Size/MD5: 168622 ce9288b25f07a4b2ec4ae5b6846f6aaa
Size/MD5: 251256 09507566d2af73c402daedb42febbde0
Size/MD5: 872488 f15a7663f72d378feb62e81e9b3e6b56
i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 49630262 311591b730585de63ab6281f157b36ec
Size/MD5: 3164538 d8b92e7e41541ec98de40cd4842134b0
Size/MD5: 84376 e5cb9d691113510b9cf18b5fb3439384
Size/MD5: 9258940 67083bad9970d5734aefcc6bba3afdd1
Size/MD5: 226240 28a55f23ff5c10c1490b1bdc3b56d504
Size/MD5: 158212 c4284c4ba74d68a152ba474ef7e73997
Size/MD5: 251228 e0e7b4e7df99ef4bfc5c305c59914742
Size/MD5: 794592 f62045b9594297a4e170fef381baf845
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 52163778 f134ae65b860d2cec054a8befc2129a6
Size/MD5: 3172150 d2436b4e2a73d0aa500321ec8983ddcb
Size/MD5: 86286 b6382903d4dd8407477f44d700d7bd8c
Size/MD5: 10104742 343797cdff1bc37a669fd4f5f5584d8d
Size/MD5: 226238 42ea73f8cd1bb4d50561d350e27e1742
Size/MD5: 167294 409ca4133fa214f7deee99eaba4b129d
Size/MD5: 251234 a0092a3a9761a0b50e3d29938ae0edc4
Size/MD5: 870196 5d31a2ff70cad50c819cfbe3e92a497a
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5: 49678594 e55527fdfbd33b236da76e7af4894b5c
Size/MD5: 3163082 3a8d9dfcd47af6e9903d2ef3d73c5d23
Size/MD5: 84160 5582bc098bbd342f1d13598ea578ec2e
Size/MD5: 9531594 563f438e93e97f494488fdd72e1d281f
Size/MD5: 226250 a83b2bd27f610b4bb40d8777052639fd
Size/MD5: 156200 cd2209c797a4165e6d33c34e10acf58e
Size/MD5: 251224 708416acf23846dcad9f8b0b73de000c
Size/MD5: 776344 b616654db487b6d62f708832efafd37e
Updated packages for Ubuntu 7.04:
Source archives:
Size/MD5: 314429 4c2b1b5f37cfd74c9db3ff518c00213a
Size/MD5: 1822 75ef5e1aa1c4b12e9acfc2c7e1b81b12
Size/MD5: 47542900 4f60b3e7c3a177d42769b91b40deee20
Architecture independent packages:
Size/MD5: 242670 0b08cd08e59b7065b76ecac577176a6e
Size/MD5: 58076 22e37ce2c594e59ad92a42bcde9acfb2
Size/MD5: 58176 7fb62d62dd9f81815d8246aca822d57f
Size/MD5: 58188 79d01a00bf890af1cd4c60730f6b26ae
Size/MD5: 58990 7b476c83e21b4532608192a9ae1e41c7
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 50487660 27e7ad68b96c18d9d61b54c553013244
Size/MD5: 3179228 7817eede334025dc6f31fdcaa5289790
Size/MD5: 92608 4d896458f102abd01553bb2595677d6b
Size/MD5: 61878 30f8dcef423a7adca3056befa7f2cb79
Size/MD5: 10458882 e933f78e3113ed8a373f91cf6ebd3d1b
Size/MD5: 228018 3a9a0943daaa083081a1b82950251c19
Size/MD5: 173566 4772d01d3adc69c55a41109f92033db4
Size/MD5: 253210 71dce3ce5b7b590411f1d384814b6c1c
Size/MD5: 880184 13dd0a1b2d911039d70b0731e2920b1f
i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 49625922 ed02cd3fbfd722cb92c0e78f142625c6
Size/MD5: 3168076 ba70aaede411846660ce3445e8bd42a5
Size/MD5: 86214 dba6c280de5ade0719a336acc5563476
Size/MD5: 61280 87fad56b4a9d58a19814e2f69f665343
Size/MD5: 9261802 76a1dd67ed985ac46dd85fa3fe0b5d25
Size/MD5: 228012 28bd883f4874d535cc04a7f1549becf1
Size/MD5: 162488 65f931d129e29c5fc7d7ec28951ad871
Size/MD5: 253208 b964bcc55bf7194af80d73e897b64582
Size/MD5: 801582 4a9b28be9ef2b234e6e855dbd470c8a7
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 52142590 0be63bb4b01f64e73ccd80c7db581037
Size/MD5: 3181940 a8b833418e053b10e6fd47cc122d321d
Size/MD5: 90112 2824817df963f121868e36726f800588
Size/MD5: 62120 4ec2d484a3275092050ecd8a344488ed
Size/MD5: 10335034 00b2ecbc9642805a72bd787be755d8a4
Size/MD5: 228012 3bdc13616deedff227c7c8ea49e5aea5
Size/MD5: 179210 ceef2949474ea884cd9deddbbc26340b
Size/MD5: 253218 c0df96d5b759d23b9c6e72fb9299ae15
Size/MD5: 889778 cbbee45bb0f365f1572b0672b1f2ff1f
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5: 49667204 5b98fbb242d366332fea0e79dfed8bed
Size/MD5: 3166592 96c496e14946abcd08f3faed98b8dfb2
Size/MD5: 86032 2b0d502d377c90fe15fc79b9737521a3
Size/MD5: 61350 680d6847abd94ab41ea4d5fa93b60a60
Size/MD5: 9540120 3b89a12c94be3deb217de6ec37919ca3
Size/MD5: 228034 a9d7effd6cf79fda580aafdfba4ef955
Size/MD5: 161282 c3d57b23b9d7b8f08c5357477e0b2234
Size/MD5: 253230 55116d227c6352eefde1c51888a6d64c
Size/MD5: 795360 bcc537652e589bb4efaa40ef1aeb1aba
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.