Firefox 3.5 and Xulrunner Ubuntu vulnerabilities
Ubuntu Security Notice USN-921-1 April 09, 2010firefox-3.5, xulrunner-1.9.1 vulnerabilitiesCVE-2010-0173, CVE-2010-0174, CVE-2010-0175, CVE-2010-0176,CVE-2010-0177, CVE-2010-0178, CVE-2010-0179, CVE-2010-0181,CVE-2010-0182===========================================================A security issue affects the following Ubuntu releases:Ubuntu 9.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 9.10: firefox-3.5 3.5.9+nobinonly-0ubuntu0.9.10.1 xulrunner-1.9.1 1.9.1.9+nobinonly-0ubuntu0.9.10.1After a standard system upgrade you need to restart Firefox and anyapplications that use Xulrunner to effect the necessary changes.Details follow:Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discoveredflaws in the browser engine of Firefox. If a user were tricked into viewinga malicious website, a remote attacker could cause a denial of service orpossibly execute arbitrary code with the privileges of the user invokingthe program. couples counseling . (CVE-2010-0173, CVE-2010-0174)It was discovered that Firefox could be made to access previously freedmemory. If a user were tricked into viewing a malicious website, a remoteattacker could cause a denial of service or possibly execute arbitrary codewith the privileges of the user invoking the program. (CVE-2010-0175,CVE-2010-0176, CVE-2010-0177)Paul Stone discovered that Firefox could be made to change a mouse clickinto a drag and drop event. If the user could be tricked into performingthis action twice on a crafted website, an attacker could executearbitrary JavaScript with chrome privileges. (CVE-2010-0178)It was discovered that the XMLHttpRequestSpy module as used by the Firebugadd-on could be used to escalate privileges within the browser. If the userhad the Firebug add-on installed and were tricked into viewing a maliciouswebsite, an attacker could potentially run arbitrary JavaScript.(CVE-2010-0179)Henry Sudhof discovered that an image tag could be used as a redirect toa mailto: URL to launch an external mail handler. bountiful utah . (CVE-2010-0181)Wladimir Palant discovered that Firefox did not always perform securitychecks on XML content. An attacker could exploit this to bypass securitypolicies to load certain resources. (CVE-2010-0182)
(No Ratings Yet)
Loading ...
Loading ...
This is an excellent article . I enjoyed reading it and am likely to reread it again soon so I can revisit some of the points that I want to consider.