Bugtraq mailing list archives
Re: [USN-398-1] Firefox vulnerabilities
From: Scott <geekboy () angrykeyboarder com>
Date: Tue, 02 Jan 2007 22:23:32 -0700
Kees Cook spake thusly on 01/02/2007 07:41 PM:
=========================================================== Ubuntu Security Notice USN-398-1 January 02, 2007firefox vulnerabilities CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506, CVE-2006-6507 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.10: firefox 2.0.0.1+0dfsg-0ubuntu0.6.10 firefox-dev 2.0.0.1+0dfsg-0ubuntu0.6.10 libnspr-dev 2.0.0.1+0dfsg-0ubuntu0.6.10 libnspr4 2.0.0.1+0dfsg-0ubuntu0.6.10 libnss-dev 2.0.0.1+0dfsg-0ubuntu0.6.10 libnss3 2.0.0.1+0dfsg-0ubuntu0.6.10After a standard system upgrade you need to restart Firefox to effect the necessary changes.Details follow: Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into openinga malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504)Various flaws have been reported that allow an attacker to bypass Firefox's internal XSS protections by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-6503, CVE-2006-6507)Jared Breland discovered that the "Feed Preview" feature could leak referrer information to remote servers. (CVE-2006-6506)
We're getting better. This one only took 9 days... http://www.mozilla.com/en-US/firefox/2.0.0.1/releasenotes/ -- -- Scott http://angrykeyboarder.com © 2007 angrykeyboarder™ & Elmer Fudd. All Wights Wesewved
Current thread:
- [USN-398-1] Firefox vulnerabilities Kees Cook (Jan 03)
- Re: [USN-398-1] Firefox vulnerabilities Scott (Jan 03)