=========================================================== Ubuntu Security Notice USN-381-1 November 16, 2006 firefox vulnerabilities CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: firefox 1.5.dfsg+1.5.0.8-0ubuntu0.5.10 firefox-dev 1.5.dfsg+1.5.0.8-0ubuntu0.5.10 Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.8-0ubuntu0.6.06 firefox-dev 1.5.dfsg+1.5.0.8-0ubuntu0.6.06 libnspr-dev 1.5.dfsg+1.5.0.8-0ubuntu0.6.06 libnspr4 1.5.dfsg+1.5.0.8-0ubuntu0.6.06 libnss-dev 1.5.dfsg+1.5.0.8-0ubuntu0.6.06 libnss3 1.5.dfsg+1.5.0.8-0ubuntu0.6.06 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Details follow: USN-351-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. (CVE-2006-5462) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748) Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10.diff.gz Size/MD5: 177335 10b377fae580ae8f70363ffd70e47269 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10.dsc Size/MD5: 1056 5db441b8802f27c49571095404b73bb7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8.orig.tar.gz Size/MD5: 44080423 9716c747d634997ec34dbf5f2e9ed80f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_all.deb Size/MD5: 49586 9c0480fccb28d05f504b4b07811bccc1 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_all.deb Size/MD5: 50476 ad8be2b891ceb1884c64b04057201418 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_amd64.deb Size/MD5: 82786 7c57efcd467f65b5fddb99045f368cde http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_amd64.deb Size/MD5: 10228966 98741e95215a819e389680e91f18e72e http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_amd64.deb Size/MD5: 3152342 e0ab77c6e143bb59b43fd92d34b68900 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_amd64.deb Size/MD5: 216484 8c13b0af86b6f83f5ee92e6367a887d7 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_i386.deb Size/MD5: 210022 38257be6e6a43928bb10802118a264af http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_i386.deb Size/MD5: 75156 0d8a65e5fa64cb0e4230e85e975a05d7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_i386.deb Size/MD5: 3152316 f4b306a5bf76d7788c581ae969a754d0 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_i386.deb Size/MD5: 8651302 6f375546f6d948932f4a1652b3569e70 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_powerpc.deb Size/MD5: 3152444 7293cd7542ea90e41823b76b822a6e8b http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_powerpc.deb Size/MD5: 213430 b274f35517ffb38ce880679d79764a52 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_powerpc.deb Size/MD5: 78406 41578a0497fce59bee796ff4fcdaab3c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_powerpc.deb Size/MD5: 9831168 0aabf7e840fef774adc05edef039caad sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_sparc.deb Size/MD5: 76784 d69cac5024601a5ea20074e9964e288e http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_sparc.deb Size/MD5: 9166628 27f5d52e3c828c8b1604b0982dda7cc3 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_sparc.deb Size/MD5: 210978 4a5ffba99714c584ca8e349b988c4400 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_sparc.deb Size/MD5: 3152400 65ee6a126404960525e73d7c32d587d7 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06.diff.gz Size/MD5: 175871 52f1c28309ee6c7ef8c2f1d43d963cf8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06.dsc Size/MD5: 1113 cd1281da2de45441a5a3e6034a38ab13 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8.orig.tar.gz Size/MD5: 44080423 9716c747d634997ec34dbf5f2e9ed80f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_all.deb Size/MD5: 49602 ab797aec8733b6c3e2280cdb09b64d1a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_all.deb Size/MD5: 50490 1b3e5005f5e3fa797b3682b200cc50d4 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 47328882 934c4351e36288e88e1168c041542f5a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 2798910 7ee44fb3180623ce8a3a1f9efeb0d419 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 216552 92a1743a061e332e080a626dbd399570 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 82776 7d4b77da6a355c5e9f0113aaba778b03 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 9420500 dc95e234fc1c321b64073816aa347550 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 219228 e12302edf6ea04accaf83a8879dff274 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 162300 35187fec0d3be43ef0aa9bd83dfabd6b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 236150 c98d56050fe2e27e3915acf2662aa8d4 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 757954 8ee38f642969b44e7d342d89e0c91dfd i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 43902878 41afd17ae29b433ff26e51ef80e04599 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 2798856 219ca82f455cad14a0021c0f66d6e8c0 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 209962 02b36bc31e994256b74dd3d84dba7254 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 75136 388a11c39a72e0a9a1969a5a1c0a48f8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 7932082 d6b266569d4bf056aa04a760459b8fc8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 219220 38b33e647137f579876b9047657fe390 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 146980 57afd15fd3b17f8d5bf53b72592889e4 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 236146 3936122367330caea7cf573973bdb0a2 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 670102 67a930f2102173f1c84dd0ddf751b388 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 48721788 ad5ed6cebb6c5c97521e8416cbb6ba06 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 2798932 aa5d623d34acb2bea9e7a1dc21e891dc http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 213390 0323fadebfa079e9724e1cf3e930b977 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 78300 fda19c102717648e93f332314c0d8020 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 9031548 360d013efe74f061ba266d4ae7ff9177 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 219224 7385d32cb21f0b83933822c4495a6783 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 159522 ee71fefedbaade594b3b0064524db684 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 236156 8ea5d14656d349724f5b254e035dfc2f http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 768836 19b4c155f8c00ccff6656590d4ffc3be sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 45291164 417432698e5e51ae96d59ac90cc8390a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 2798918 6d3cfdc63c80688263b567e06e876d74 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 210898 d8884f2ae360e55fdcad1b1ef8b3e338 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 76754 68db0c6ff37422083ed5f0a46103a723 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 8425346 ea28be8619f1411eaff2f7fba07a47f5 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 219232 a81a2dedef311f71a8c3ae1b96d7b9d1 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 149470 08152c38d3129bc6bf3164d6f48727cc http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 236140 3b742ce49bbb397b1de45a8371672828 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 682188 d4155e8163fed88108c17a31d0320e69