USN-667-1: Firefox and xulrunner vulnerabilities

Ubuntu Security Notice USN-667-1

17th November, 2008

firefox, firefox-3.0, xulrunner-1.9 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.10
  • Ubuntu 8.04 LTS
  • Ubuntu 7.10
  • Ubuntu 6.06 LTS

Software description

  • firefox
  • firefox-3.0
  • xulrunner-1.9

Details

Liu Die Yu discovered an information disclosure vulnerability in Firefox
when using saved .url shortcut files. If a user were tricked into
downloading a crafted .url file and a crafted HTML file, an attacker
could steal information from the user's cache. (CVE-2008-4582)

Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the
same-origin check in Firefox could be bypassed. If a user were tricked
into opening a malicious website, an attacker could obtain private
information from data stored in the images, or discover information
about software on the user's computer. This issue only affects Firefox 2.
(CVE-2008-5012)

It was discovered that Firefox did not properly check if the Flash
module was properly unloaded. By tricking a user into opening a crafted
SWF file, an attacker could cause Firefox to crash and possibly execute
arbitrary code with user privileges. This issue only affects Firefox 2.
(CVE-2008-5013)

Jesse Ruderman discovered that Firefox did not properly guard locks on
non-native objects. If a user were tricked into opening a malicious
website, an attacker could cause a browser crash and possibly execute
arbitrary code with user privileges. This issue only affects Firefox 2.
(CVE-2008-5014)

Luke Bryan discovered that Firefox sometimes opened file URIs with
chrome privileges. If a user saved malicious code locally, then opened
the file in the same tab as a privileged document, an attacker could
run arbitrary JavaScript code with chrome privileges. This issue only
affects Firefox 3.0. (CVE-2008-5015)

Several problems were discovered in the browser, layout and JavaScript
engines. These problems could allow an attacker to crash the browser
and possibly execute arbitrary code with user privileges.
(CVE-2008-5016, CVE-2008-5017, CVE-2008-5018)

David Bloom discovered that the same-origin check in Firefox could be
bypassed by utilizing the session restore feature. An attacker could
exploit this to run JavaScript in the context of another site or
execute arbitrary JavaScript code with chrome privileges.
(CVE-2008-5019)

Justin Schuh discovered a flaw in Firefox's mime-type parsing. If a
user were tricked into opening a malicious website, an attacker could
send a crafted header in the HTTP index response, causing a browser
crash and execute arbitrary code with user privileges. (CVE-2008-0017)

A flaw was discovered in Firefox's DOM constructing code. If a user
were tricked into opening a malicious website, an attacker could
cause the browser to crash and potentially execute arbitrary code with
user privileges. (CVE-2008-5021)

It was discovered that the same-origin check in Firefox could be
bypassed. If a user were tricked into opening a malicious website, an
attacker could execute JavaScript in the context of a different website.
(CVE-2008-5022)

Collin Jackson discovered various flaws in Firefox when processing
stylesheets which allowed JavaScript to be injected into signed JAR
files. If a user were tricked into opening malicious web content, an
attacker could execute arbitrary code with the privileges of the
signed JAR or of a different website. (CVE-2008-5023)

Chris Evans discovered that Firefox did not properly parse E4X
documents, leading to quote characters in the namespace not being
properly escaped. (CVE-2008-5024)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 8.10:
firefox-3.0 3.0.4+nobinonly-0ubuntu0.8.10.1
abrowser 3.0.4+nobinonly-0ubuntu0.8.10.1
xulrunner-1.9 1.9.0.4+nobinonly-0ubuntu0.8.10.1
Ubuntu 8.04 LTS:
firefox-3.0 3.0.4+nobinonly-0ubuntu0.8.04.1
xulrunner-1.9 1.9.0.4+nobinonly-0ubuntu0.8.04.1
Ubuntu 7.10:
firefox 2.0.0.18+nobinonly-0ubuntu0.7.10
Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart Firefox and any
application that use xulrunner, such as Epiphany, to effect the
necessary changes.

References

CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024