=========================================================== 
Ubuntu Security Notice USN-361-1           October 10, 2006
mozilla vulnerabilities
CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807,
CVE-2006-3808, CVE-2006-3809, CVE-2006-3811, CVE-2006-4340,
CVE-2006-4565, CVE-2006-4568, CVE-2006-4570, CVE-2006-4571
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libnspr4                                 2:1.7.13-0ubuntu05.04.2
  libnss3                                  2:1.7.13-0ubuntu05.04.2
  mozilla-browser                          2:1.7.13-0ubuntu05.04.2
  mozilla-mailnews                         2:1.7.13-0ubuntu05.04.2
  mozilla-psm                              2:1.7.13-0ubuntu05.04.2

Ubuntu 5.10:
  libnspr4                                 2:1.7.13-0ubuntu5.10.2
  libnss3                                  2:1.7.13-0ubuntu5.10.2
  mozilla-browser                          2:1.7.13-0ubuntu5.10.2
  mozilla-mailnews                         2:1.7.13-0ubuntu5.10.2
  mozilla-psm                              2:1.7.13-0ubuntu5.10.2

After a standard system upgrade you need to restart Mozilla to effect
the necessary changes.

Details follow:

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious URL. (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806,
CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565,
CVE-2006-4568, CVE-2006-4571)

A bug was found in the script handler for automatic proxy
configuration. A malicious proxy could send scripts which could
execute arbitrary code with the user's privileges. (CVE-2006-3808)

The NSS library did not sufficiently check the padding of PKCS #1 v1.5
signatures if the exponent of the public key is 3 (which is widely
used for CAs). This could be exploited to forge valid signatures
without the need of the secret key. (CVE-2006-4340)

Georgi Guninski discovered that even with JavaScript disabled, a
malicous email could still execute JavaScript when the message is
viewed, replied to, or forwarded by putting the script in a remote XBL
file loaded by the message. (CVE-2006-4570)


Updated packages for Ubuntu 5.04:

  Source archives:

          Size/MD5:   403767 ad89e14a1a7063ffd40c7966f66f63e6
          Size/MD5:     1140 62f9aae0950ae23ab127ed0c608a6cd0
          Size/MD5: 38788839 db906560b5abe488286ad1edc21d52b6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   168066 099a54a14163f7ffe0308530d7f513e8
          Size/MD5:   142106 f8c747f219197d2fc62c7be7532dd09e
          Size/MD5:   184956 80462134e344661ebcdb10668703c8cf
          Size/MD5:   711066 2b27ce520e6e2c519145592da529d67c
          Size/MD5: 10618640 187ac84d04bad5af52788263ce85516f
          Size/MD5:   403276 72d272889c297249f811744536aece56
          Size/MD5:   158328 1f81850675d5eb5df3c925b5b1b597ba
          Size/MD5:  3352872 63a790924643bed33c08e1a461978462
          Size/MD5:   121184 1cd6cd71393fad002ac4835bd4d77bc9
          Size/MD5:   204162 87a317642b4ecce9677cd0ed24efab5a
          Size/MD5:  1935960 adb803a894fa3a15852d0733afc74d4c
          Size/MD5:   204574 b3469c0df25b7aab832b7980141c5d37
          Size/MD5:     1036 7e85f8a2bb24b7b598af457fa837a5d9

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   168072 c7690f437e4bd147259cda6352735c39
          Size/MD5:   128792 e6b46d8085bb71e0a02bf4df562d5304
          Size/MD5:   184958 e577ec3493ceece312868c1b1525a15f
          Size/MD5:   640944 58e1b7fa33efd64fc7e76882644d4043
          Size/MD5:  9633508 d1e37ae68a659971781656f6538990a5
          Size/MD5:   403276 e50f3bbac2e41bb104eb5cc295faaa6a
          Size/MD5:   158324 80ee24d10d7096535ca385c31e6c3e15
          Size/MD5:  3345344 6fabf6cc2e004b1198e020955dd8ae8d
          Size/MD5:   115828 914b74534f1f1acc7ef824213e183207
          Size/MD5:   204166 ef89a748349c8b6d8d34669299826c72
          Size/MD5:  1780872 46d444ebdc9275f2f6af5e44386fda3a
          Size/MD5:   188690 fccd761b19b934c65b85692f48c1762f
          Size/MD5:     1040 7e8d5ad979310554776283e3214e3fca

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   168068 df3bd44e30b8879676bc16add8f8f8d7
          Size/MD5:   127516 7581cd6555ad4361a5c71712ef033a3b
          Size/MD5:   184962 f4acb756cb1e06d318dd47fa116ceb95
          Size/MD5:   715266 eba1496eaefd0d5518fbf760f2ab797d
          Size/MD5:  9185774 7ffeea84795d0e04d0c8f322986a93bc
          Size/MD5:   403266 1a4b5095e6189487f92759c56538a249
          Size/MD5:   158326 f451a11b17886ab40ffc5a6318a1c3ed
          Size/MD5:  3340928 84ad67e980f33f3851be557e3925d117
          Size/MD5:   114572 f0b66f845fa37fb4fe8446390a9febe2
          Size/MD5:   204162 dbc4ea2f92922d2c4e971f93c0654a8b
          Size/MD5:  1643070 50861039ddbc58e3af7ea190a3741bc2
          Size/MD5:   175956 c2ee0dd5fe36227e6ba889f536572404
          Size/MD5:     1042 294f7978e129035d0ddd01d5c80a28b7

Updated packages for Ubuntu 5.10:

  Source archives:

          Size/MD5:   405485 13b07818d2a9c3a822a3ca8401a7bae1
          Size/MD5:     1080 0a4ccbdb5a99be291f96831b89518c40
          Size/MD5: 38788839 db906560b5abe488286ad1edc21d52b6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   168034 7519d27e8092bb5580b1247f2fc5b5d2
          Size/MD5:   144144 a6dc385f53c79685e2b279cb9e36b5d9
          Size/MD5:   184944 7bf1d7cc91284ea519b7b12294ba06f6
          Size/MD5:   719760 d8ad4ba840f6228d44721c4d6659bf03
          Size/MD5: 10677284 95caf43274622ca4d152b69e41794768
          Size/MD5:   403240 36bd0aa4b881b5b5ab233398b94c4b6c
          Size/MD5:   158304 fdb8c415490ed55058213509bef937a4
          Size/MD5:  3348658 b9a541dee238a3ae69187d3fc2f86a99
          Size/MD5:   122354 3bccc7529278385f8a08218911cb4941
          Size/MD5:   204136 604e32b34b597cae8e6f5bb467adf760
          Size/MD5:  1962890 9f389ecdb51eae26a216239cc41f7472
          Size/MD5:   204424 8eb5609b154d3316f93c885869d256af
          Size/MD5:     1030 3a99313ff3bda75788f3c53a98703568

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   168032 0ac1e3dcf83ed167c4dd5b753fc3f86e
          Size/MD5:   129510 288838a25b84ab3ef0ce8abb78826a70
          Size/MD5:   184926 3739546c136ef47131c0c56f215f13b8
          Size/MD5:   635804 f3a85be693448a98f32ade7ccf0d572a
          Size/MD5:  9192548 87ce9472ff327ee15c061ca894f4c502
          Size/MD5:   403242 e10c7357c9abe4ff1c65b98ef04d8cca
          Size/MD5:   158306 da45278e8bbb9df31482e44355bb3022
          Size/MD5:  3338184 2dc446ab7c26e4e16c06f39e4181b2d6
          Size/MD5:   115300 969aeb4a686fe1706d62cac1a55c88ee
          Size/MD5:   204136 5c6604b2af81921b94dee9d6ab25fef4
          Size/MD5:  1691542 a26eea78868e8b914fdeb244e0a5ce99
          Size/MD5:   179006 478f4d4935d60cf5b540bbf2b9584015
          Size/MD5:     1032 b0690b4026428358310227b62e86a201

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   168044 4b49416501a5cf3dde11c85bca9d4003
          Size/MD5:   131208 8ae16b24d772df785f7ac7b45994bf81
          Size/MD5:   184944 c605f3e46e6eec714c52bdca024bf5cd
          Size/MD5:   697346 57c40323da49beb71ee92e628c513412
          Size/MD5:  9271350 ab423ec59fdc70062f5475abdf224450
          Size/MD5:   403248 638114d07b0e92e0dbf53889a93db2e9
          Size/MD5:   158316 82cf9eec804814c40b80743cfaa40c0c
          Size/MD5:  3337212 c77a728d100e4a814292c1ebf058b206
          Size/MD5:   115338 ee431929c1d42fea57deed6af5821222
          Size/MD5:   204132 d320df4c82bec0dbea9e23eac86e0c52
          Size/MD5:  1671452 6cfcd9843412b61bb38cc8b6e6347d36
          Size/MD5:   175960 445a0a66e665dd7fa1e19b17ebbc68e7
          Size/MD5:     1030 2f1b913bfec084dce97507bcb316184c

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   168044 b0283b659cac7e9fda0a52903183cc1a
          Size/MD5:   127776 dc6a2efef62c01494a86ce8d1db0cf0d
          Size/MD5:   184934 216d6c3730e6814bb553319b2c38a4a5
          Size/MD5:   631150 18932e443011e4d18ab953eab47fb9b9
          Size/MD5:  9017638 35b2c93ab3e9f139971fc78230d8caf6
          Size/MD5:   403236 89978443b4a64d64da69b7d771baa4b1
          Size/MD5:   158310 f8a4927cb65d95afa9a700214d98cf6d
          Size/MD5:  3336676 0d0b547f174249216f06176b06e6ca1b
          Size/MD5:   113838 a676537e1727286d1cdbe93072d120d2
          Size/MD5:   204134 678ada2642462d3267403d1459e77b54
          Size/MD5:  1629864 ee75fea2ad24654db58d59a72a4a0086
          Size/MD5:   170498 95c70a127d1b1c63e8530d1804e71cf2
          Size/MD5:     1038 0e2e0a04322e4f24d7982cd10e16669d

Ubuntu: Mozilla vulnerabilities

October 16, 2006
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-361-1 October 10, 2006

Package Information

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved