Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Firefox
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Firefox
ID: USN-874-1
Distribution: Ubuntu
Plattformen: Ubuntu 9.10
Datum: Fr, 18. Dezember 2009, 23:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3980
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986
Applikationen: Mozilla Firefox

Originalnachricht

 

--===============5297818450762054702==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
 boundary="Qrgsu6vtpU/OV/zm"
Content-Disposition: inline


--Qrgsu6vtpU/OV/zm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-874-1          December 18, 2009
firefox-3.5, xulrunner-1.9.1 vulnerabilities
CVE-2009-3388, CVE-2009-3389, CVE-2009-3979, CVE-2009-3980,
CVE-2009-3982, CVE-2009-3983, CVE-2009-3984, CVE-2009-3985,
CVE-2009-3986
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  firefox-3.5                     3.5.6+nobinonly-0ubuntu0.9.10.1
  xulrunner-1.9.1                 1.9.1.6+nobinonly-0ubuntu0.9.10.1

After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner to effect the necessary changes.

Details follow:

Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and
David James discovered several flaws in the browser and JavaScript engines
of Firefox. If a user were tricked into viewing a malicious website, a
remote attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986)

Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox.
If an NTLM authenticated user visited a malicious website, a remote
attacker could send requests to other applications, authenticated as the
user. (CVE-2009-3983)

Jonathan Morgan discovered that Firefox did not properly display SSL
indicators under certain circumstances. This could be used by an attacker
to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)

Jordi Chancel discovered that Firefox did not properly display invalid URLs
for a blank page. If a user were tricked into accessing a malicious
website, an attacker could exploit this to spoof the location bar, such as
in a phishing attack. (CVE-2009-3985)

David Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third
party media libraries. If a user were tricked into opening a crafted media
file, a remote attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-3388, CVE-2009-3389)


Updated packages for Ubuntu 9.10:

  Source archives:

    firefox-3.5_3.5.6+nobinonly-0ubuntu0.9.10.1.diff.gz
      Size/MD5:   128283 e6e585514715e6e0ea1f5e427003aba2
    firefox-3.5_3.5.6+nobinonly-0ubuntu0.9.10.1.dsc
      Size/MD5:     2940 277090a9a34de65d4bd9e3007a7b0c3d
    firefox-3.5_3.5.6+nobinonly.orig.tar.gz
      Size/MD5: 44871653 05996e1ba09042927eac601539a8c7b8
    xulrunner-1.9.1_1.9.1.6+nobinonly-0ubuntu0.9.10.1.diff.gz
      Size/MD5:    61296 afbb9a81915423c2ea000066f4f6625c
    xulrunner-1.9.1_1.9.1.6+nobinonly-0ubuntu0.9.10.1.dsc
      Size/MD5:     2910 bff790ef4f78da09fdc85a1f8ebc194e
    xulrunner-1.9.1_1.9.1.6+nobinonly.orig.tar.gz
      Size/MD5: 44411868 b56ec5c4b8c8314f3b7ebf07184da99b

  Architecture independent packages:

    abrowser_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73344 6bb91b215cb7c1ead091f3edfa2c1f9e
    firefox-3.0-dev_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73198 c4107546848d57c0a9a3bb262522cc52
    firefox-3.1-dbg_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73194 c2e5377ff999bcee36dd599200047127
    firefox-3.1-dev_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73194 30c50d5807c87dc169f3fff3c39dd2ea
    firefox-gnome-support_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73262 072e36bbd65e89d425916f2d7aaabf0d
    firefox_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73360 0f75bae5badbfa61aeb0ffb82eefb8b2
    abrowser-3.0-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73220 7b36cd1515fd777378c64c28c4b1613d
    abrowser-3.0_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:     8936 68ab29aa9fdf09502fdc3e741dc13b09
    abrowser-3.1-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73216 9f953bd3a41a1bc421841419c9650744
    abrowser-3.1_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:     8934 1d763e3687427393c201c0de8b67c687
    abrowser-3.5_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73400 ca39fe5b1db93235ad4b3ead5c3fa094
    firefox-3.0-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73204 521fafab126b71d311e6bf80e34f7466
    firefox-3.0-dom-inspector_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73218 d62fff05452351b1aea056c5a51debc9
    firefox-3.0-gnome-support_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73224 fa0388bb5bf340394801bcb6fb3df15f
    firefox-3.0-venkman_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73206 8be962d5c33ad39f8fc572649f231df7
    firefox-3.0_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73186 b0408aa7ccd59562186da946ec6bd83c
    firefox-3.1-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73202 3018b32b3bf7fd85352c810d49f1c2dd
    firefox-3.1-gnome-support_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73220 d0727b00ef738ad4cdfd356d3780b211
    firefox-3.1_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73188 73d296edec799ab1337cd9754f5d8887
    firefox-dom-inspector_3.5.6+nobinonly-0ubuntu0.9.10.1_all.deb
      Size/MD5:    73212 71a0035378073b365fe81bb354dbde30

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    abrowser-3.5-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:   207734 1613ca49dd1382cea351a7e996bf1f78
    firefox-3.5-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:   206378 5a21bb8c6fe26c0169f0f9cd5b716d28
    firefox-3.5-dbg_3.5.6+nobinonly-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:   469950 1d7c1c3912cfab80d9dcc19aa112c15a
    firefox-3.5-dev_3.5.6+nobinonly-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:    73286 019d3bf5157850f7a5c5efa75c3bf587
    firefox-3.5-gnome-support_3.5.6+nobinonly-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:    93522 efebd4a31956aa3ff08dc9af11e0d298
    firefox-3.5_3.5.6+nobinonly-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:   960384 a3911256c31c5772860b9d2be8737916
    xulrunner-1.9.1-dbg_1.9.1.6+nobinonly-0ubuntu0.9.10.1_amd64.deb
      Size/MD5: 59835276 690d8bbac079bc5b7cbf27b13c82d060
    xulrunner-1.9.1-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:  4793576 cbb107a37d57d51ce8adf5b1f0f12012
    xulrunner-1.9.1-gnome-support_1.9.1.6+nobinonly-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:    47778 262c6c29cd3c57f73514cc34b5ad6b30
    xulrunner-1.9.1-testsuite-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:    70544 c71cd6dc64312dd40c54687c66838780
    xulrunner-1.9.1_1.9.1.6+nobinonly-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:  9101464 938f246f7ee35152f8187c41d2bd2a34
    xulrunner-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:    26760 6e953abdc55fbd2dc04d90a2248deca8
    xulrunner-1.9.1-testsuite_1.9.1.6+nobinonly-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:  5589612 66824dd66655a95061e38aaeb2fe51c5

  i386 architecture (x86 compatible Intel/AMD):

    abrowser-3.5-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_i386.deb
      Size/MD5:   207738 c039abf03fbc6a753302f5b7fe7ef203
    firefox-3.5-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_i386.deb
      Size/MD5:   206382 3f317de2efe459cd513f4eca3131363f
    firefox-3.5-dbg_3.5.6+nobinonly-0ubuntu0.9.10.1_i386.deb
      Size/MD5:   465552 11ae74231a16c3c3c837b88835857c2b
    firefox-3.5-dev_3.5.6+nobinonly-0ubuntu0.9.10.1_i386.deb
      Size/MD5:    73286 9a26aa11cadca06542127ecf7d98a960
    firefox-3.5-gnome-support_3.5.6+nobinonly-0ubuntu0.9.10.1_i386.deb
      Size/MD5:    89956 0b325c3447dbfe756b881e2f85b74f4f
    firefox-3.5_3.5.6+nobinonly-0ubuntu0.9.10.1_i386.deb
      Size/MD5:   942542 6666eb55ba6f648d3371fc0199db9ead
    xulrunner-1.9.1-dbg_1.9.1.6+nobinonly-0ubuntu0.9.10.1_i386.deb
      Size/MD5: 60238048 a69d17b3ef4f6618d139951a3299aab9
    xulrunner-1.9.1-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_i386.deb
      Size/MD5:  4813856 43563159d4941b7b4e68f07143a25c22
    xulrunner-1.9.1-gnome-support_1.9.1.6+nobinonly-0ubuntu0.9.10.1_i386.deb
      Size/MD5:    40556 bf3bf808d598da3e3712221bab0a735e
    xulrunner-1.9.1-testsuite-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_i386.deb
      Size/MD5:    70542 b44ae0426dc326d96c344d6a906fe5a7
    xulrunner-1.9.1_1.9.1.6+nobinonly-0ubuntu0.9.10.1_i386.deb
      Size/MD5:  7994204 3eb3268ac127925f2b965f75eb952f07
    xulrunner-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_i386.deb
      Size/MD5:    26756 e8222451fcc4aec5343b50d7abe99356
    xulrunner-1.9.1-testsuite_1.9.1.6+nobinonly-0ubuntu0.9.10.1_i386.deb
      Size/MD5:  5431184 4ce2960eaae184dcf85b2965a9d936d6

  lpia architecture (Low Power Intel Architecture):

    abrowser-3.5-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:   207730 15399ee490686fb8018fe06f7fcf719a
    firefox-3.5-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:   206366 5f5be62ebc185edbdb4375744e7965cf
    firefox-3.5-dbg_3.5.6+nobinonly-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:   465096 bb7ecfb8109e162eaa0b223da0b87fc4
    firefox-3.5-dev_3.5.6+nobinonly-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:    73278 3b1e9757a5ac0d18c2b2a9ddbd5f3205
    firefox-3.5-gnome-support_3.5.6+nobinonly-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:    89416 e6d1194cea39a949f894ede9511e261c
    firefox-3.5_3.5.6+nobinonly-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:   940510 c7047cbbc5a8bfa340321c40883e8608
    xulrunner-1.9.1-dbg_1.9.1.6+nobinonly-0ubuntu0.9.10.1_lpia.deb
      Size/MD5: 60262144 851b6755a85308f44e4e32d701346046
    xulrunner-1.9.1-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:  4810046 574fe50a9ba72c9f16952945bb36cb39
    xulrunner-1.9.1-gnome-support_1.9.1.6+nobinonly-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:    39698 0f13b2c6faec451c5d82394b9ce59924
    xulrunner-1.9.1-testsuite-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:    70544 6c4bddbe453e2e274b572c9a7e344f7f
    xulrunner-1.9.1_1.9.1.6+nobinonly-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:  7884616 52ccc22d2411a7debef8a7488dd64e13
    xulrunner-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:    26752 e84a9eee969be6fb220d4776fdf48fb4
    xulrunner-1.9.1-testsuite_1.9.1.6+nobinonly-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:  5423656 efcab77fd487da4a5bc9bb9931fed665

  powerpc architecture (Apple Macintosh G3/G4/G5):

    abrowser-3.5-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:   207744 07d5286d7a18daf031896ccb65919173
    firefox-3.5-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:   206392 ce024bdfb55ff776d5bf86ad23423ad3
    firefox-3.5-dbg_3.5.6+nobinonly-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:   483932 85b6745d35638c9d52831a828272d86d
    firefox-3.5-dev_3.5.6+nobinonly-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:    73286 181437d6bbc39dcb4c2b00cb83eb5e88
    firefox-3.5-gnome-support_3.5.6+nobinonly-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:    92946 93d9aa9c78c7aed338fd2e8d7e8fd773
    firefox-3.5_3.5.6+nobinonly-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:   963670 a88bda7c8d3392a1ee5850a740bb1a0c
    xulrunner-1.9.1-dbg_1.9.1.6+nobinonly-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5: 64984046 3bb584848dbbbacd9ef871eb77d7f66a
    xulrunner-1.9.1-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:  4799684 5d5f58b1a95290551cd2b01fedef10d0
    xulrunner-1.9.1-gnome-support_1.9.1.6+nobinonly-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:    47228 bfb33e8383dec81fb23304ffc28da2a3
    xulrunner-1.9.1-testsuite-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:    70550 fda2ec1ee66bb5e37cad8908e154eefc
    xulrunner-1.9.1_1.9.1.6+nobinonly-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:  9731978 aee78cdc472f8ecd3c7540d440aa2519
    xulrunner-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:    26758 40c8b4208ee853aa58145cbfe8a4bfc0
    xulrunner-1.9.1-testsuite_1.9.1.6+nobinonly-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:  5677152 8fa877f76e0bf6851ff1518c5953c0b8

  sparc architecture (Sun SPARC/UltraSPARC):

    abrowser-3.5-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:   207738 5e739eb29adde9acff9d126a24cda1a9
    firefox-3.5-branding_3.5.6+nobinonly-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:   206378 fe5fe728fa3ee9cb2b22e1758b2eb50b
    firefox-3.5-dbg_3.5.6+nobinonly-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:   458598 f14f121df951e8dfb5b2f0d86ef37f70
    firefox-3.5-dev_3.5.6+nobinonly-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:    73280 b9e59ae2c1b122e643b03027b99338e5
    firefox-3.5-gnome-support_3.5.6+nobinonly-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:    88618 1fcfdce155d4345a0180ed26b4b22de0
    firefox-3.5_3.5.6+nobinonly-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:   941490 bfddb26ec184c08f581113a97395b40f
    xulrunner-1.9.1-dbg_1.9.1.6+nobinonly-0ubuntu0.9.10.1_sparc.deb
      Size/MD5: 59349048 14e2474623aca5024bda53fe189eeb2b
    xulrunner-1.9.1-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:  4776708 999dc443f02df7551a9f1174a31d454b
    xulrunner-1.9.1-gnome-support_1.9.1.6+nobinonly-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:    39118 617fbca067d180ec8ad4bb96d0d01462
    xulrunner-1.9.1-testsuite-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:    70548 334e92204957611650785befe66de3da
    xulrunner-1.9.1_1.9.1.6+nobinonly-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:  8489668 489e67413a254f2fa6f5981b87278c0f
    xulrunner-dev_1.9.1.6+nobinonly-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:    26760 94ae36a7bf88255fddabedf7427f1063
    xulrunner-1.9.1-testsuite_1.9.1.6+nobinonly-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:  5400564 dd0934c63625b4afd9105618eb8cec66



--Qrgsu6vtpU/OV/zm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkssA0YACgkQW0JvuRdL8BqehACfTwfPkrtvZ3lbqXRqrkOrr5RH
yS0An2VUWGFVSnMattpbIhLw956Wn0+1
=KYdx
-----END PGP SIGNATURE-----

--Qrgsu6vtpU/OV/zm--


--===============5297818450762054702==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5297818450762054702==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung