drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Mozilla Firefox
Name: |
Mehrere Probleme in Mozilla Firefox |
|
ID: |
USN-1251-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10 |
|
Datum: |
Fr, 11. November 2011, 09:49 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650 |
|
Applikationen: |
Mozilla Firefox |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============8542265858754666734== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig98C31155B672582EFD7E7D5C"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig98C31155B672582EFD7E7D5C Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1251-1 November 10, 2011
firefox, xulrunner-1.9.2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10 - Ubuntu 10.04 LTS
Summary:
Multiple vulnerabilities have been fixed in Firefox and Xulrunner.
Software Description: - firefox: Mozilla Open Source web browser - xulrunner-1.9.2: Mozilla Gecko runtime environment
Details:
It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Firefox 3.6. An attacker could potentially exploit Firefox when an add-on was installed that used loadSubscript in vulnerable ways. (CVE-2011-3647)
Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. A malicious website could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648)
Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs which would potentially allow an attacker to remotely crash the browser. (CVE-2011-3650)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: firefox 3.6.24+build2+nobinonly-0ubuntu0.10.10.1 xulrunner-1.9.2 1.9.2.24+build2+nobinonly-0ubuntu0.10.10.1
Ubuntu 10.04 LTS: firefox 3.6.24+build2+nobinonly-0ubuntu0.10.04.1 xulrunner-1.9.2 1.9.2.24+build2+nobinonly-0ubuntu0.10.04.1
After a standard system upgrade you need to restart Firefox and any applications that use Xulrunner to effect the necessary changes.
References: http://www.ubuntu.com/usn/usn-1251-1 CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
Package Information: https://launchpad.net/ubuntu/+source/firefox/3.6.24+build2+nobinonly-0ubuntu0.10.10.1 https://launchpad.net/ubuntu/+source/xulrunner-1.9.2/1.9.2.24+build2+nobinonly-0ubuntu0.10.10.1 https://launchpad.net/ubuntu/+source/firefox/3.6.24+build2+nobinonly-0ubuntu0.10.04.1 https://launchpad.net/ubuntu/+source/xulrunner-1.9.2/1.9.2.24+build2+nobinonly-0ubuntu0.10.04.1
--------------enig98C31155B672582EFD7E7D5C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk68Kr8ACgkQTniv4aqX/VmfIgCbBTcl24Qhh8/XVKIVI0RlLXRt c9AAn1AtMSQD4CknyFXQ9lqLK455oHS7 =b+4g -----END PGP SIGNATURE-----
--------------enig98C31155B672582EFD7E7D5C--
--===============8542265858754666734== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8542265858754666734==--
|
|
|
|