seeing is believing

Ubuntu Security Notice 323-1

Ubuntu Security Notice 323-1
Posted Jul 28, 2006
Authored by Ubuntu | Site

Ubuntu Security Notice 323-1 - A massive security update for multiple vulnerabilities in Mozilla has been released.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787
MD5 | fa69ec6a59a30bab3fb4a9ab6577f858

Ubuntu Security Notice 323-1

Change Mirror Download
Ubuntu Security Notice USN-323-1 July 25, 2006
mozilla vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778,
CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782,
CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786,

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
mozilla-browser 2:1.7.13-0ubuntu05.04.1
mozilla-mailnews 2:1.7.13-0ubuntu05.04.1
mozilla-psm 2:1.7.13-0ubuntu05.04.1

Ubuntu 5.10:
mozilla-browser 2:1.7.13-0ubuntu5.10.1
mozilla-mailnews 2:1.7.13-0ubuntu5.10.1
mozilla-psm 2:1.7.13-0ubuntu5.10.1

After a standard system upgrade you need to restart Mozilla to effect
the necessary changes.

Details follow:

Jonas Sicking discovered that under some circumstances persisted XUL
attributes are associated with the wrong URL. A malicious web site
could exploit this to execute arbitrary code with the privileges of
the user. (MFSA 2006-35, CVE-2006-2775)

Paul Nickerson discovered that content-defined setters on an object
prototype were getting called by privileged UI code. It was
demonstrated that this could be exploited to run arbitrary web script
with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar
attack was discovered by moz_bug_r_a4 that leveraged SelectionObject
notifications that were called in privileged context. (MFSA 2006-43,

Mikolaj Habryn discovered a buffer overflow in the crypto.signText()
function. By tricking a user to visit a site with an SSL certificate
with specially crafted optional Certificate Authority name
arguments, this could potentially be exploited to execute arbitrary
code with the user's privileges. (MFSA 2006-38, CVE-2006-2778)

The Mozilla developer team discovered several bugs that lead to
crashes with memory corruption. These might be exploitable by
malicious web sites to execute arbitrary code with the privileges of
the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780)

Masatoshi Kimura discovered a memory corruption (double-free) when
processing a large VCard with invalid base64 characters in it. By
sending a maliciously crafted set of VCards to a user, this could
potentially be exploited to execute arbitrary code with the user's
privileges. (MFSA 2006-40, CVE-2006-2781)

Chuck McAuley reported that the fix for CVE-2006-1729 (file stealing
by changing input type) was not sufficient to prevent all variants of
exploitation. (MFSA 2006-41, CVE-2006-2782)

Masatoshi Kimura found a way to bypass web input sanitizers which
filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)'
characters into the HTML code (e. g. '<scr[BOM]ipt>'), these filters
might not recognize the tags anymore; however, Mozilla would still
execute them since BOM markers are filtered out before processing the
page. (MFSA 2006-42, CVE-2006-2783)

Paul Nickerson noticed that the fix for CVE-2005-0752 (JavaScript
privilege escalation on the plugins page) was not sufficient to
prevent all variants of exploitation. (MFSA 2006-36, CVE-2006-2784)

Paul Nickerson demonstrated that if an attacker could convince a user
to right-click on a broken image and choose "View Image" from the
context menu then he could get JavaScript to run on a site of the
attacker's choosing. This could be used to steal login cookies or
other confidential information from the target site. (MFSA 2006-34,

Kazuho Oku discovered various ways to perform HTTP response smuggling
when used with certain proxy servers. Due to different interpretation
of nonstandard HTTP headers in Mozilla and the proxy server, a
malicious web site can exploit this to send back two responses to one
request. The second response could be used to steal login cookies or
other sensitive data from another opened web site. (MFSA 2006-33,

Updated packages for Ubuntu 5.04:

Source archives:
Size/MD5: 337800 2db7b990124c6c1c1b8e9672ca5d6513
Size/MD5: 1140 dff39e5ce49d9743de85eec224192a32
Size/MD5: 38788839 db906560b5abe488286ad1edc21d52b6

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 168074 ad1b6c33075e971bbda9f2b1fb105acd
Size/MD5: 141800 26fe9cb2a488851d5a08f008eccb1286
Size/MD5: 184958 e70af6a5c0c0ebd475977cede7dd2d0e
Size/MD5: 710626 8a7cb0a2c698fbb25a19cb372012cc25
Size/MD5: 10610980 33b6ff77510c97ad410648acfa60969d
Size/MD5: 403276 503bd265002378861042e9145adca4e5
Size/MD5: 158328 a3a78547d1739fa489b5eaf06e2bb775
Size/MD5: 3352288 f136491aa7a81cafefbb3c7ecdc5f358
Size/MD5: 121188 9047e6b7ddc935e553ef96869a0697b1
Size/MD5: 204152 5ddbdbe777cf61007db5946793386778
Size/MD5: 1935856 e72372370e4e6ad8f232649faab04c1e
Size/MD5: 204518 694f522af956a4e0450fc40c0fec1681
Size/MD5: 1042 e6281edcb4a65fa6d05ea72eb83b6cc6

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 168070 81c685cd991f0ff3b109be63f80130c5
Size/MD5: 128448 77877720eaad8970b2675ead1eeaaf76
Size/MD5: 184934 cf8811d7050bd397343b9a6f16e43be6
Size/MD5: 640510 4919807173e6d2e47a9d3c04ba7ba2b8
Size/MD5: 9625412 8b357311b8d2ca54dec002ab45c8be2a
Size/MD5: 403294 b32aca483d56c4ce22e7c985b29e2fc4
Size/MD5: 158332 8186f8e0eed294d42d40deaa635620df
Size/MD5: 3344850 258d820d93386ad62ef54a6427dc80a8
Size/MD5: 115832 cb1f8880d0afe7e6d7c7a62df15817ed
Size/MD5: 204160 6631b13c4025bbe77715589c86c28de7
Size/MD5: 1780842 e2d26ad17ed1ee60cf7b3dcadff9080a
Size/MD5: 188486 7722d3ca28defc86236a0a24ec0a31bb
Size/MD5: 1038 3122a3872c2860bf08471a77215a539f

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 168076 2df31cb514546f26e4dda5a13f234c55
Size/MD5: 127186 f68d8a52426231ba404610958394f786
Size/MD5: 184950 2f0a1db9364ce06f9c5b0a5b984d2167
Size/MD5: 714848 8f18e6495b88346a54b806af6bbea813
Size/MD5: 9177718 3d1e82b88c35c967c210b88ff54970dc
Size/MD5: 403298 1c4691bde820ec913f3bbddf13c9cef6
Size/MD5: 158338 407c8d0d588edb5dd6742ec47b912472
Size/MD5: 3340480 80710d7291666df1ce959410928bbec4
Size/MD5: 114584 a3c957dc3151e896ff18e9bd2710e6fa
Size/MD5: 204166 f4a827dd3800896f1dd36c9a0e563ff9
Size/MD5: 1643010 06882ef0b556a5db1adec008cd609370
Size/MD5: 175714 a1f98dd0b17c838723cd06b4a4167a21
Size/MD5: 1046 3fff2d11475b3d408cb007f79583b486

Updated packages for Ubuntu 5.10:

Source archives:
Size/MD5: 339739 f3417c36cc2f4edf0f56f2a3d291186f
Size/MD5: 1080 6633c093477fe6313ea31a05626c74fa
Size/MD5: 38788839 db906560b5abe488286ad1edc21d52b6

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 168042 e7c77d1568c6c46f083ab05f038464ff
Size/MD5: 143820 446658c0da7878eca5977486d5aa71c8
Size/MD5: 184942 8fc2cf6a6d115e63715f5c54b82c2d4a
Size/MD5: 719348 fd2b0f552c07995dc65906b56b12a5bc
Size/MD5: 10666540 3b661ff62d97846c23e422fdb0f87bc8
Size/MD5: 403282 ab2167239e57b61676dc3fbd296a2ffc
Size/MD5: 158322 d0e08f0196752784b50d87191d878d0a
Size/MD5: 3347976 344d169cf65cb66bb67af5dbb4c19048
Size/MD5: 122358 9db2a1a2d412846a541a5b113357a65b
Size/MD5: 204154 9e2f774e0c8b0bc75f60899b9ea518dd
Size/MD5: 1962852 1baa399dd55eaccda81c2f707f225817
Size/MD5: 204202 e6f84c6501268f8cd8680d55ca8bc673
Size/MD5: 1032 875ac9a3fccb0f396f537560047ca9e6

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 168048 257bbb4473be7bdfff3ded89b9d8a12b
Size/MD5: 129200 eda6af1ceb30b9594442702ad99152ed
Size/MD5: 184932 f05d44d79b74e7887af887e6a9b09f1e
Size/MD5: 635378 a7808a9e8f431a16cc60baddc68b8139
Size/MD5: 9185932 85d2251d70e3488a0cc388e0db41a4fc
Size/MD5: 403280 7034e103d8a30f986ec57fe31160e487
Size/MD5: 158324 a29a00a6e450d7d998d6e874987f10ba
Size/MD5: 3337576 7094cd9a4464d4645d92489c371c6cab
Size/MD5: 115304 87dd3fb83b695986dda9ddeaedf47781
Size/MD5: 204152 09352de0004e77e96ca17cb21d0715e3
Size/MD5: 1691482 6df8075f514d49d7f5411891bbc0e7f5
Size/MD5: 178782 d2d5d1aa46de77fb2b54ec98ef3a7a14
Size/MD5: 1032 a3f4871c955138dd6d6e759ea114e4c8

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 168048 852ade578c01f279b8aff0a794a268a3
Size/MD5: 130906 df3dd2deffe59449bf2442cf00f6689e
Size/MD5: 184932 4e6345c82ae5563193e1b5b201ef3043
Size/MD5: 696888 902ed7ec1cf327ea9931948f756d60e6
Size/MD5: 9263244 87d38e3da8f8e9174e87552155add753
Size/MD5: 403284 3a37460373177133ba2c687501b574a1
Size/MD5: 158326 092102dfb58bfe5ea20ff0969f7f56f2
Size/MD5: 3336540 8f37d1620049b2fefc1b651fd51c43b7
Size/MD5: 115348 bef4e6c32a92c26fa06395801657e367
Size/MD5: 204158 60731a37272e50a8660ecb2cfae9aabf
Size/MD5: 1671422 3b3f3bedfbba4263f26773d93436e769
Size/MD5: 175906 c6b918fa89cd2423d47b018f279c4d68
Size/MD5: 1032 cc69d04f87b79ff659067186cab9cfd9

sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5: 168054 0d954bebca6ea4131c28e11337bba7ad
Size/MD5: 127450 521963b1b21999ff9f42d35b884c23ed
Size/MD5: 184948 74d53204904bf8bf02928f6cb0b3e787
Size/MD5: 630704 0987af2fe353aff94cefddc61ac1c8e6
Size/MD5: 9013886 08e90ea95c75c3eb03d8533532314fdb
Size/MD5: 403286 f5a6f817c9926829a4012da7973b3fcc
Size/MD5: 158328 2b884313c4bd382d1609d01568b7013e
Size/MD5: 3336286 f1a166252e7c78d5d90a7ef91b7b6eb0
Size/MD5: 113834 8df1183b10a5d69c1087634f81178a41
Size/MD5: 204152 e0177e963461936592387a9e6d5171bd
Size/MD5: 1629816 a02204343afa9a872f99f63e85170096
Size/MD5: 170382 010d945bfd8636541e8202c036668e18
Size/MD5: 1032 5d9b7b8e12b9746c44fd3fd41dec9f13


RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By