--===============7824371363032457689==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="yNb1oOkm5a9FJOVX"
Content-Disposition: inline
--yNb1oOkm5a9FJOVX
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inlin
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1509-1
July 17, 2012
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith,
Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered
memory safety issues affecting Firefox. If the user were tricked into opening a
specially crafted page, an attacker could possibly exploit these to cause a
denial of service via application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2012-1948, CVE-2012-1949)
Mario Gomes discovered that the address bar may be incorrectly updated.
Drag-and-drop events in the address bar may cause the address of the previous
site to be displayed while a new page is loaded. An attacker could exploit this
to conduct phishing attacks. (CVE-2012-1950)
Abhishek Arya discovered four memory safety issues affecting Firefox. If the
user were tricked into opening a specially crafted page, an attacker could
possibly exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)
Mariusz Mlynski discovered that the address bar may be incorrectly updated.
Calls to history.forward and history.back could be used to navigate to a site
while the address bar still displayed the previous site. A remote attacker
could exploit this to conduct phishing attacks. (CVE-2012-1955)
Mario Heiderich discovered that HTML
|