exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 717-2

Ubuntu Security Notice 717-2
Posted Feb 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-717-2 - A flaw was discovered in the browser engine when restoring closed tabs. If a user were tricked into restoring a tab to a malicious website with form input controls, an attacker could steal local files on the user's system. Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were tricked into opening a malicious web page, a remote attacker could view sensitive information.

tags | advisory, remote, web, local
systems | linux, ubuntu
advisories | CVE-2009-0355, CVE-2009-0357
SHA-256 | 5eb3961ec908da19beb5f976be19d24395dfd349964275176bc5a1c06d991ec3

Ubuntu Security Notice 717-2

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-717-2 February 10, 2009
firefox-3.0 vulnerabilities
CVE-2009-0355, CVE-2009-0357
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
firefox 2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1

After a standard system upgrade you need to restart Firefox to effect the
necessary changes.

Details follow:

A flaw was discovered in the browser engine when restoring closed tabs. If a
user were tricked into restoring a tab to a malicious website with form input
controls, an attacker could steal local files on the user's system.
(CVE-2009-0355)

Wladimir Palant discovered that Firefox did not restrict access to cookies in
HTTP response headers. If a user were tricked into opening a malicious web
page, a remote attacker could view sensitive information. (CVE-2009-0357)


Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1.diff.gz
Size/MD5: 194096 3b0eb4a53c8a6f101d8e802172b35470
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1.dsc
Size/MD5: 2410 1a4f7e3c168867fe00d15a9ab0fddbd0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly.orig.tar.gz
Size/MD5: 37773218 99f6660ed9a5123b99deb71a4e542beb

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_all.deb
Size/MD5: 201368 31cb5c6d1a08cc7ba16bb639c91a0aaf

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 78163666 58624d232e8d4cfefd8aa0b3930f1645
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 3409228 2c70383c7fdb1c47dff030bcfc19c667
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 98652 96c04d01cb85d0e7bf7f6bd0a462217d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 67370 d7c39e5768ab583dfd378dd8caaec8ad
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 10514542 e2848c8d832da591ee6738b6c83e46fe

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_i386.deb
Size/MD5: 77307750 06d768c4f6ff11b0e9a767d9430d1167
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_i386.deb
Size/MD5: 3389432 6d0f9551aad0bf24730ce9e8bd0e43a8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_i386.deb
Size/MD5: 91414 0e6b2a8b84b703e83daff329bec2aaa8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_i386.deb
Size/MD5: 66320 509349c58bd38c4c8d5c3f01c5f854d8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_i386.deb
Size/MD5: 9263558 5071f73cd799d6be6694ffc325ece112

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/f/firefox/firefox-dbg_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 77589024 34b1054c205c40487c6fb63a07b7f8ea
http://ports.ubuntu.com/pool/main/f/firefox/firefox-dev_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 3387598 9f72cfde2387f9728124f32e82adab69
http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 92266 b52a5d27e848f2b49642accce30457a1
http://ports.ubuntu.com/pool/main/f/firefox/firefox-libthai_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 66600 60206314a39b88285db5ff69efa2079c
http://ports.ubuntu.com/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_lpia.deb
Size/MD5: 9116162 08e770ab94d22ad21731033bb9569bc9

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 80783090 7e7d643e7fba65302c52f6c250b826ac
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 3202874 ac1e5d66c385ddc6c52ac47d54408624
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 96388 1d752d1304bae4438e69e7176c853df7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 67654 de86db9d630be0c23ac80d17bdc21552
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.21~20090209t122238+nobinonly-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 10317856 2b66401173a009cfdc915156c3eafa7c


Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close