USN-717-2: Firefox vulnerabilities

Ubuntu Security Notice USN-717-2

10th February, 2009

firefox-3.0 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.10

Software description

  • firefox


A flaw was discovered in the browser engine when restoring closed tabs. If a
user were tricked into restoring a tab to a malicious website with form input
controls, an attacker could steal local files on the user's system.

Wladimir Palant discovered that Firefox did not restrict access to cookies in
HTTP response headers. If a user were tricked into opening a malicious web
page, a remote attacker could view sensitive information. (CVE-2009-0357)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 7.10:

To update your system, please follow these instructions:

After a standard system upgrade you need to restart Firefox to effect the
necessary changes.


CVE-2009-0355, CVE-2009-0357