[Full-disclosure] [USN-134-1] Firefox vulnerabilities

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 05/26/05

  • Next message: Luigi Auriemma: "[Full-disclosure] Buffer-overflow and crash in Terminator 3: War of the Machines 1.16" 
    Date: Thu, 26 May 2005 17:24:03 +0200
To: ubuntu-security-announce@lists.ubuntu.com

    ===========================================================
    Ubuntu Security Notice USN-134-1 May 26, 2005
    mozilla-firefox vulnerabilities
    MFSA 2005-42, CAN-2005-1531, CAN-2005-1532
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 5.04 (Hoary Hedgehog)

    The following packages are affected:

    mozilla-firefox

    The problem can be corrected by upgrading the affected package to
    version 1.0.2-0ubuntu5.3. After doing a standard system upgrade you
    need to restart Firefox to effect the necessary changes.

    Details follow:

    It was discovered that a malicious website could inject arbitrary
    scripts into a target site by loading it into a frame and navigating
    back to a previous Javascript URL that contained an eval() call. This
    could be used to steal cookies or other confidential data from the
    target site. If the target site is allowed to raise the install
    confirmation dialog in Firefox then this flaw even allowed the
    malicious site to execute arbitrary code with the privileges of the
    Firefox user. By default only the Mozilla Update site is allowed to
    attempt software installation; however, users can permit this for
    additional sites. (MFSA 2005-42)

    Michael Krax, Georgi Guninski, and L. David Baron found that the
    security checks that prevent script injection could be bypassed by
    wrapping a javascript: url in another pseudo-protocol like
    "view-source:" or "jar:". (CAN-2005-1531)

    A variant of the attack described in CAN-2005-1160 (see USN-124-1) was
    discovered. Additional checks were added to make sure Javascript eval
    and Script objects are run with the privileges of the context that
    created them, not the potentially elevated privilege of the context
    calling them. (CAN-2005-1532)

    Note: These flaws also apply to Ubuntu 5.04's Mozilla, and to the
    Ubuntu 4.10 versions of Firefox and Mozilla. These will be fixed soon.

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3.diff.gz
          Size/MD5: 844189 0cb2c9138a00d4c8cbe439c96239c019
        http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3.dsc
          Size/MD5: 1696 b6f9a2fd0df83ad93436e0a9e0afcafb
        http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2.orig.tar.gz
          Size/MD5: 41023585 7e98ce4aefc5ea9b5f1f35b7a0c58f60

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_amd64.deb
          Size/MD5: 2630106 6f1e278ee5e205b5ed277e2fedae640e
        http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_amd64.deb
          Size/MD5: 157070 cbca0d235bc0ed4048afb1ea97fd5912
        http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_amd64.deb
          Size/MD5: 56344 62f0466b21c60e23e360d7a01d129a6b
        http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_amd64.deb
          Size/MD5: 9757086 fa6c87f80a2142e0b5a71b3a5a93d4c6

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_i386.deb
          Size/MD5: 2630048 3ec6273947d6770635e3f6187322163d
        http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_i386.deb
          Size/MD5: 151962 3621cb9df77851fb9bb20acb67ca762f
        http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_i386.deb
          Size/MD5: 52944 6cd2ad56c4ca6e21acb772d93f7b3242
        http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_i386.deb
          Size/MD5: 8789122 e1e5baedeb8583af2c0bd83667a00c58

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.3_powerpc.deb
          Size/MD5: 2630154 91ee224d4231d50c54645d9978faf5d4
        http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.3_powerpc.deb
          Size/MD5: 150728 ee5a62a980629bfb4ac6fd6f5bbebe6a
        http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.3_powerpc.deb
          Size/MD5: 55580 50cc0fc42ac4da395f416943522be4c9
        http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.3_powerpc.deb
          Size/MD5: 8446932 4796ec228c2b08010550bda6f5d366ff

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Luigi Auriemma: "[Full-disclosure] Buffer-overflow and crash in Terminator 3: War of the Machines 1.16"

    Relevant Pages

    • [USN-134-1] Firefox vulnerabilities
      ... Ubuntu 5.04 ... need to restart Firefox to effect the necessary changes. ... scripts into a target site by loading it into a frame and navigating ... These flaws also apply to Ubuntu 5.04's Mozilla, ...
      (Bugtraq)
    • Re: Opening unknown filetypes from Firefox: KDE users please confirm
      ... bug on Firefox directly if you can't first find an already filed bug ... The Ubuntu Fx folks may get around to responding to your bug report ... I do not agree that this is a Mozilla issue. ...
      (Ubuntu)
    • Re: Transfer of Firefox and Thunderbird data
      ... The setup of Ubuntu was simple and getting a root access was tricky but it is all good now. ... Transferring both Firefox and Thunderbird details was easy going from Fedora versions but nothing works transferred to Ubuntu. ... Firefox stores it's information in /user/.moxilla and I put my F8 .mozilla in place of the original and now Firefox will not come up. ...
      (Ubuntu)
    • Re: Firefox 3
      ... I have Firefox 3 rc1 installed on Ubuntu 8.04 ... today Firefox 3 final version is available for download. ... 3.0+nobinonly-0ubuntu0.8.04.1 meta package for the popular mozilla ... 3.0+nobinonly-0ubuntu0.8.04.1 safe and easy web browser from Mozilla ...
      (Ubuntu)
    • [Full-disclosure] [USN-323-1] mozilla vulnerabilities
      ... A security issue affects the following Ubuntu releases: ... After a standard system upgrade you need to restart Mozilla to effect ... with full user privileges (MFSA 2006-37, ...
      (Full-Disclosure)
    • Quantcast