Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Mozilla
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Mozilla
ID: USN-186-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10, Ubuntu 5.04
Datum: Fr, 23. September 2005, 16:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2968
Applikationen:

Originalnachricht


--===============1130915066==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="cNdxnHkX5QqsyA0e"
Content-Disposition: inline


--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-186-1 September 23, 2005
mozilla, mozilla-firefox vulnerabilities
CAN-2005-2968, MFSA-2005-58
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

mozilla-browser
mozilla-calendar
mozilla-mailnews
mozilla-firefox

On Ubuntu 4.10, the problem can be corrected by upgrading the affected
package to version 2:1.7.12-0ubuntu04.10 (mozilla-browser,
mozilla-calendar, mozilla-mailnews).

On Ubuntu 5.04, the problem can be corrected by upgrading the affected
package to version 2:1.7.12-0ubuntu05.04 (mozilla-browser,
mozilla-calendar, mozilla-mailnews) and 1.0.7-0ubuntu0.1
(mozilla-firefox).

After a standard system upgrade you need to restart all Firefox and
Mozilla browsers to effect the necessary changes.

Note: The Ubuntu 4.10 version of Firefox is also affected by this. An
update will follow shortly.

Details follow:

Peter Zelezny discovered that URLs which are passed to Firefox or
Mozilla on the command line are not correctly protected against
interpretation by the shell. If Firefox or Mozilla is configured as
the default handler for URLs (which is the default in Ubuntu), this
could be exploited to execute arbitrary code with user privileges by
tricking the user into clicking on a specially crafted URL (for
example, in an email or chat client). (CAN-2005-2968, MFSA-2005-59)

A buffer overflow was discovered in the XBM image handler. By tricking
an user into opening a specially crafted XBM image, an attacker could
exploit this to execute arbitrary code with the user's privileges.
(MFSA-2005-58)

Mats Palmgren discovered a buffer overflow in the Unicode string
parser. Unicode strings that contained "zero-width non-joiner"
characters caused a browser crash, which could possibly even exploited
to execute arbitrary code with the user's privileges.
(MFSA-2005-58)

Georgi Guninski reported an integer overflow in the JavaScript engine.
This could be exploited to run arbitrary code under some conditions.
(MFSA-2005-58)

This update also fixes some less critical issues which are described
at http://www.mozilla.org/security/announce/mfsa2005-58.html.


Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

mozilla_1.7.12-0ubuntu04.10.diff.gz
Size/MD5: 788223 aa1e4fc34a5972bd8c63bdeb00a00548
mozilla_1.7.12-0ubuntu04.10.dsc
Size/MD5: 1114 26b9577fa6b313c15e3472eee0dd008b
mozilla_1.7.12.orig.tar.gz
Size/MD5: 30586581 2dea597156bca18aa1a1ad2162fc230f

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libnspr-dev_1.7.12-0ubuntu04.10_amd64.deb
Size/MD5: 168068 4246ddfebd7ecd667a24963fcecfbdb4
libnspr4_1.7.12-0ubuntu04.10_amd64.deb
Size/MD5: 140048 edf093b2753e4a1aeeb3aa93f17d3bfd
libnss-dev_1.7.12-0ubuntu04.10_amd64.deb
Size/MD5: 184948 4971fabf944871cb79e57d7513b69a68
libnss3_1.7.12-0ubuntu04.10_amd64.deb
Size/MD5: 708738 9d911df0c16a8c8f03912b2f7f83a953
mozilla-browser_1.7.12-0ubuntu04.10_amd64.deb
Size/MD5: 11418378 a7b06bae3410058189d899a480822977
mozilla-calendar_1.7.12-0ubuntu04.10_amd64.deb
Size/MD5: 403276 2397b79a8b453293fe7df4102133dcbd
mozilla-chatzilla_1.7.12-0ubuntu04.10_amd64.deb
Size/MD5: 158330 7d1342ae3704452e252f34772d74f6bd
mozilla-dev_1.7.12-0ubuntu04.10_amd64.deb
Size/MD5: 3350490 c5706cfb23ae321fb9c861def4008921
mozilla-dom-inspector_1.7.12-0ubuntu04.10_amd64.deb
Size/MD5: 121144 2bceda531d48feb75ee4f6f29e90a9bf
mozilla-js-debugger_1.7.12-0ubuntu04.10_amd64.deb
Size/MD5: 204158 aed00506b295571e2f5d987b8810bb51
mozilla-mailnews_1.7.12-0ubuntu04.10_amd64.deb
Size/MD5: 1937802 3ee5ab5c88e2b5e8fa986647588b698c
mozilla-psm_1.7.12-0ubuntu04.10_amd64.deb
Size/MD5: 204172 db6fa05ac05fd0b155a658b8f5314586
mozilla_1.7.12-0ubuntu04.10_amd64.deb
Size/MD5: 1040 fda02d1f818b599724dc95ddb0fcd1b9

i386 architecture (x86 compatible Intel/AMD)

libnspr-dev_1.7.12-0ubuntu04.10_i386.deb
Size/MD5: 168068 5fd93ef1c080ccc9cd2275d00b665b75
libnspr4_1.7.12-0ubuntu04.10_i386.deb
Size/MD5: 126604 167ed1a6eb48f74b71b8833a8b7dd4da
libnss-dev_1.7.12-0ubuntu04.10_i386.deb
Size/MD5: 184946 99a4c8a4a3f992cf586c38ac24cb7f76
libnss3_1.7.12-0ubuntu04.10_i386.deb
Size/MD5: 638390 14d17c52af2afb68fdfcbc1ecd3b76ed
mozilla-browser_1.7.12-0ubuntu04.10_i386.deb
Size/MD5: 10603776 07129fa46d8b4dc09f83e1bf1effc107
mozilla-calendar_1.7.12-0ubuntu04.10_i386.deb
Size/MD5: 403266 3fd5dad0c12ac4ffb15cef2b89a75388
mozilla-chatzilla_1.7.12-0ubuntu04.10_i386.deb
Size/MD5: 158328 6b6b2f1d1580932f336b1154d270011e
mozilla-dev_1.7.12-0ubuntu04.10_i386.deb
Size/MD5: 3343338 177ce9f0ba9325b8fd105868d4ab9af6
mozilla-dom-inspector_1.7.12-0ubuntu04.10_i386.deb
Size/MD5: 115812 55af0701990c4e1959a07c96f9541d62
mozilla-js-debugger_1.7.12-0ubuntu04.10_i386.deb
Size/MD5: 204146 4f7751b02d563503c9f9fd7781563ae5
mozilla-mailnews_1.7.12-0ubuntu04.10_i386.deb
Size/MD5: 1780918 9b694361f191aa5ac96c5150d3b56a73
mozilla-psm_1.7.12-0ubuntu04.10_i386.deb
Size/MD5: 188212 9e5508805c6d9d01a9cf7b72557402a3
mozilla_1.7.12-0ubuntu04.10_i386.deb
Size/MD5: 1034 723286cce9011977cf1c3d43c1c475d7

powerpc architecture (Apple Macintosh G3/G4/G5)

libnspr-dev_1.7.12-0ubuntu04.10_powerpc.deb
Size/MD5: 168074 e9ed909e7f3db040d33fb8e5c6af289e
libnspr4_1.7.12-0ubuntu04.10_powerpc.deb
Size/MD5: 125238 56f38b44f9813b955d25de26ce227f4a
libnss-dev_1.7.12-0ubuntu04.10_powerpc.deb
Size/MD5: 184948 ce0d42494dc4ebbcb7e3e173792f6425
libnss3_1.7.12-0ubuntu04.10_powerpc.deb
Size/MD5: 713148 73872acae67d348785c872e4f18b7bbd
mozilla-browser_1.7.12-0ubuntu04.10_powerpc.deb
Size/MD5: 10166548 209040f237e68d0a6cdd32a18a83ed30
mozilla-calendar_1.7.12-0ubuntu04.10_powerpc.deb
Size/MD5: 403272 b9b7b1b11c436273d45d4578bf121a7b
mozilla-chatzilla_1.7.12-0ubuntu04.10_powerpc.deb
Size/MD5: 158338 5ced5f8a90cf476aff3fed4e9e89716d
mozilla-dev_1.7.12-0ubuntu04.10_powerpc.deb
Size/MD5: 3338602 7cf6ca63ef69d3f5b5187f7df87822e5
mozilla-dom-inspector_1.7.12-0ubuntu04.10_powerpc.deb
Size/MD5: 114548 7577d4889ee0f94f7d097239721b7c54
mozilla-js-debugger_1.7.12-0ubuntu04.10_powerpc.deb
Size/MD5: 204162 0d1766be6634726ac95ea644a5f35479
mozilla-mailnews_1.7.12-0ubuntu04.10_powerpc.deb
Size/MD5: 1642590 4d04eb9ddf161c9a61d15c5bbb3cb474
mozilla-psm_1.7.12-0ubuntu04.10_powerpc.deb
Size/MD5: 175492 37a4b4141da284f73ff15e1f88a960cc
mozilla_1.7.12-0ubuntu04.10_powerpc.deb
Size/MD5: 1040 d777cab85f19cc9efc173d6c3e779168

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

mozilla_1.7.12-0ubuntu05.04.diff.gz
Size/MD5: 311548 54c5a98b96d3e5da6641e9b6fbab323f
mozilla_1.7.12-0ubuntu05.04.dsc
Size/MD5: 1136 5898d1e89e20f00ec8f063bc83d7136b
mozilla_1.7.12.orig.tar.gz
Size/MD5: 30586581 2dea597156bca18aa1a1ad2162fc230f
mozilla-firefox_1.0.7-0ubuntu0.1.diff.gz
Size/MD5: 805864 b508b6c501809c0e614c5281f8bd8210
mozilla-firefox_1.0.7-0ubuntu0.1.dsc
Size/MD5: 1101 fc727b8a2c4748e9eb1680a59a1c38a9
mozilla-firefox_1.0.7.orig.tar.gz
Size/MD5: 41535890 c7c83c060b13562fc1bb53cf51cb38fa

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libnspr-dev_1.7.12-0ubuntu05.04_amd64.deb
Size/MD5: 168080 0b9d7b8244dc86303823b0af730017ba
libnspr4_1.7.12-0ubuntu05.04_amd64.deb
Size/MD5: 140524 5e3dd7f65aec8a693fe416588fec43f3
libnss-dev_1.7.12-0ubuntu05.04_amd64.deb
Size/MD5: 184954 60fe4d7274d3a8263b213fe71132a231
libnss3_1.7.12-0ubuntu05.04_amd64.deb
Size/MD5: 709362 d82fa58b9cfe7ffbdbcbba9e7866090a
mozilla-browser_1.7.12-0ubuntu05.04_amd64.deb
Size/MD5: 10605316 c2cce4cb71bfb1458eb732280896c13d
mozilla-calendar_1.7.12-0ubuntu05.04_amd64.deb
Size/MD5: 403260 db6e5dc27ac708b4829a83450bb88c50
mozilla-chatzilla_1.7.12-0ubuntu05.04_amd64.deb
Size/MD5: 158328 4b67bb5f17cce41687d8e027beed42a8
mozilla-dev_1.7.12-0ubuntu05.04_amd64.deb
Size/MD5: 3350600 39d0a272b446d628f49fbc3610fd164d
mozilla-dom-inspector_1.7.12-0ubuntu05.04_amd64.deb
Size/MD5: 121184 e40aee293e487db8dab67d1c01de1c4e
mozilla-js-debugger_1.7.12-0ubuntu05.04_amd64.deb
Size/MD5: 204146 32bfedbc3cbbbed031c1b365e20b7918
mozilla-mailnews_1.7.12-0ubuntu05.04_amd64.deb
Size/MD5: 1935964 97da3c9fed4737670b7083a43fce759c
mozilla-psm_1.7.12-0ubuntu05.04_amd64.deb
Size/MD5: 204118 b05f3a23703bba78394dde931754a57b
mozilla_1.7.12-0ubuntu05.04_amd64.deb
Size/MD5: 1038 2f32f9c5e2317fbb3bbacae8fb563040
mozilla-firefox-dev_1.0.7-0ubuntu0.1_amd64.deb
Size/MD5: 2632830 31f1e2e283ccc940d42efd59665970eb
mozilla-firefox-dom-inspector_1.0.7-0ubuntu0.1_amd64.deb
Size/MD5: 157950 b08b741f63d8604fbd3dacd786835490
mozilla-firefox-gnome-support_1.0.7-0ubuntu0.1_amd64.deb
Size/MD5: 57228 40ad25dc461816e15a072b5457f1391e
mozilla-firefox_1.0.7-0ubuntu0.1_amd64.deb
Size/MD5: 9773040 58ef45a552bd70b49dcb159795e6f054

i386 architecture (x86 compatible Intel/AMD)

libnspr-dev_1.7.12-0ubuntu05.04_i386.deb
Size/MD5: 168070 587a2ee227fa7b3686aac04a353b300a
libnspr4_1.7.12-0ubuntu05.04_i386.deb
Size/MD5: 127188 929f7c02749f00a6b901fe5164393bc5
libnss-dev_1.7.12-0ubuntu05.04_i386.deb
Size/MD5: 184954 c43aab0249cafd30f0d49d6e776d0203
libnss3_1.7.12-0ubuntu05.04_i386.deb
Size/MD5: 639180 eeb0fe190d7f7611cb66eb2b0b3d291c
mozilla-browser_1.7.12-0ubuntu05.04_i386.deb
Size/MD5: 9617562 d7193fa393e6748328af8bf62272c5ea
mozilla-calendar_1.7.12-0ubuntu05.04_i386.deb
Size/MD5: 403272 1431f851e61520b598c16fd8f7a9abbc
mozilla-chatzilla_1.7.12-0ubuntu05.04_i386.deb
Size/MD5: 158326 483d7c68c0aec4d09c326b41b0d7a3a7
mozilla-dev_1.7.12-0ubuntu05.04_i386.deb
Size/MD5: 3342992 a901d6e55c6cc6ec584c3d1a4f11aa56
mozilla-dom-inspector_1.7.12-0ubuntu05.04_i386.deb
Size/MD5: 115824 e6cf11402b033ed6efd39ee5cc6077ba
mozilla-js-debugger_1.7.12-0ubuntu05.04_i386.deb
Size/MD5: 204160 51e195495da9233fd88c316552f9cc5f
mozilla-mailnews_1.7.12-0ubuntu05.04_i386.deb
Size/MD5: 1780874 7d0e0f5e56b25d79e3d78afc11bb80d4
mozilla-psm_1.7.12-0ubuntu05.04_i386.deb
Size/MD5: 188194 41ee58b1ccc3ceb73e63fb54d9a55a6a
mozilla_1.7.12-0ubuntu05.04_i386.deb
Size/MD5: 1038 ac085c4ef4f9a3d038cb7c83c0437e44
mozilla-firefox-dev_1.0.7-0ubuntu0.1_i386.deb
Size/MD5: 2632838 07d55f74a1a1a70ba760256789582f5a
mozilla-firefox-dom-inspector_1.0.7-0ubuntu0.1_i386.deb
Size/MD5: 152868 2798bebe9e74497834f9624910c2a573
mozilla-firefox-gnome-support_1.0.7-0ubuntu0.1_i386.deb
Size/MD5: 53826 6e467114233760c65b340957e8b1936c
mozilla-firefox_1.0.7-0ubuntu0.1_i386.deb
Size/MD5: 8802094 684a5026f3a9210edf153e12d341e1b6

powerpc architecture (Apple Macintosh G3/G4/G5)

libnspr-dev_1.7.12-0ubuntu05.04_powerpc.deb
Size/MD5: 168070 b2f7fa7e1286fb27c479bce2ab4cf99c
libnspr4_1.7.12-0ubuntu05.04_powerpc.deb
Size/MD5: 125932 23fc376c2ae03ea9bb95399a54b14406
libnss-dev_1.7.12-0ubuntu05.04_powerpc.deb
Size/MD5: 184934 d2a25e726117df16b1b99ddbe40e5c99
libnss3_1.7.12-0ubuntu05.04_powerpc.deb
Size/MD5: 713582 2cf9200a8abf3c61104009cb26953607
mozilla-browser_1.7.12-0ubuntu05.04_powerpc.deb
Size/MD5: 9169128 863dc96a2652e8e38494924d37a54f2c
mozilla-calendar_1.7.12-0ubuntu05.04_powerpc.deb
Size/MD5: 403274 2b2840882e6cbe9fb26ac9c07b278348
mozilla-chatzilla_1.7.12-0ubuntu05.04_powerpc.deb
Size/MD5: 158330 e5b6542a912847608ba55c263a2755f0
mozilla-dev_1.7.12-0ubuntu05.04_powerpc.deb
Size/MD5: 3338704 580706999e4f4450fd371884a63e3fe9
mozilla-dom-inspector_1.7.12-0ubuntu05.04_powerpc.deb
Size/MD5: 114576 bb1456569ca974591cc97178cd5d0e2a
mozilla-js-debugger_1.7.12-0ubuntu05.04_powerpc.deb
Size/MD5: 204160 41cab2fa8c73b6aa96e11bfe34e6aa0e
mozilla-mailnews_1.7.12-0ubuntu05.04_powerpc.deb
Size/MD5: 1642988 e5767e432b69fe339036147f33f92d88
mozilla-psm_1.7.12-0ubuntu05.04_powerpc.deb
Size/MD5: 175492 c5b6399589bd94b251a4a5d16f910ee5
mozilla_1.7.12-0ubuntu05.04_powerpc.deb
Size/MD5: 1046 18104d5736df40220e5c187ac113bac2
mozilla-firefox-dev_1.0.7-0ubuntu0.1_powerpc.deb
Size/MD5: 2632888 6bf863da630863d42f4beaf0ae8a6e08
mozilla-firefox-dom-inspector_1.0.7-0ubuntu0.1_powerpc.deb
Size/MD5: 151598 acfc5e461326a34c58fca9a6bae67283
mozilla-firefox-gnome-support_1.0.7-0ubuntu0.1_powerpc.deb
Size/MD5: 56470 af6a58de6f12c1a9757dce2a9f0cb1a0
mozilla-firefox_1.0.7-0ubuntu0.1_powerpc.deb
Size/MD5: 8462888 049c55d4afd0418f53231002bdb4ea5f

--cNdxnHkX5QqsyA0e
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDNBOUDecnbV4Fd/IRAua3AJ9TzkMhnotqAOwstlUYGkB6PeDS/ACfVJjz
0fAWZwz7UdzclK4sdIsQL34=
=mSK5
-----END PGP SIGNATURE-----

--cNdxnHkX5QqsyA0e--


--===============1130915066==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1130915066==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung