=========================================================== Ubuntu Security Notice USN-398-2 January 03, 2007 firefox vulnerabilities CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: firefox 1.5.dfsg+1.5.0.9-0ubuntu0.5.10 firefox-dev 1.5.dfsg+1.5.0.9-0ubuntu0.5.10 Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.9-0ubuntu0.6.06 firefox-dev 1.5.dfsg+1.5.0.9-0ubuntu0.6.06 libnspr-dev 1.5.dfsg+1.5.0.9-0ubuntu0.6.06 libnspr4 1.5.dfsg+1.5.0.9-0ubuntu0.6.06 libnss-dev 1.5.dfsg+1.5.0.9-0ubuntu0.6.06 libnss3 1.5.dfsg+1.5.0.9-0ubuntu0.6.06 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Details follow: USN-398-1 fixed vulnerabilities in Firefox 2.0. This update provides the corresponding updates for Firefox 1.5. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504) Various flaws have been reported that allow an attacker to bypass Firefox's internal XSS protections by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-6503) Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.diff.gz Size/MD5: 177350 f25badcde69aee85eb82330d0daf4417 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10.dsc Size/MD5: 1056 9ae774570929de1c68168e410e608e3a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9.orig.tar.gz Size/MD5: 44874639 3a812560d4b85bf878bba9ca961b26b7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_all.deb Size/MD5: 49746 84497ea1bbd2840a37503b5e38886d67 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_all.deb Size/MD5: 50632 9639b6c6241c35e840384a5ecd0d057d amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb Size/MD5: 3155112 e5f077de48261c34807f677bc662091e http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb Size/MD5: 216646 f1c933298c42c3b66ffb04f7bc2d7ea1 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb Size/MD5: 82948 83870eb321a81a8dad6a0a6f2d3d8e1a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_amd64.deb Size/MD5: 10236150 c17e84ae66c45ac0fbcbda65c7c2f42e i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb Size/MD5: 3155084 d0a3d80a4f31162766cdf9fc1a7efd6d http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb Size/MD5: 210186 2f367ee0291586942ce9f59d98f7819f http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb Size/MD5: 75374 a09eb76531b5ae26b885ac81d3474aa1 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_i386.deb Size/MD5: 8665274 5751674cb5ba9b5834d1fc25dea64f19 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb Size/MD5: 3155162 d6a5c0576de5c87dd4efe14decd72b64 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb Size/MD5: 213588 3aa264bcd755a87de5482218a58fa8da http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb Size/MD5: 78570 f640333523dd410eb9c48e67da42d223 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_powerpc.deb Size/MD5: 9846102 127532fa6ba779840ef82f644f682f26 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb Size/MD5: 3155148 8a43a11a33232ec238084cfb2f10d8a2 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb Size/MD5: 211138 6d7ffa6baa8b66dd62537f7fe2212fb9 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb Size/MD5: 76946 b848074711b2db139bedfbf21a0b222b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.5.10_sparc.deb Size/MD5: 9178266 7c0dc78fb50b1f49d5410f774e112e92 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.diff.gz Size/MD5: 177734 bb37d65ee1e10592a985b10c7212bc2b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06.dsc Size/MD5: 1113 57c738f08983536c35222d634a19c54f http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9.orig.tar.gz Size/MD5: 44874639 3a812560d4b85bf878bba9ca961b26b7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_all.deb Size/MD5: 49760 722b1406fca3ce894b8d2a99aeef1c4d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_all.deb Size/MD5: 50646 fddb4ef03e948f9d1f831ebd10f82ff7 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb Size/MD5: 47406762 81e1e328d3132ae6b6e689e7dc6e925c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb Size/MD5: 2801586 fc5564e969c5f124d4d1caa0c7729587 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb Size/MD5: 216702 4cbd97efd2e01a06aa8eec24e0d3ccae http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb Size/MD5: 82932 509cea191c58287577c416468438420b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb Size/MD5: 9428520 a5ef3bf48aacd88d37db5c1f0b042ac2 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb Size/MD5: 219376 d599f9cf370e33e07a777e383a4aea59 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb Size/MD5: 162426 595ca13ae337bc0d80fbef0c617cfb3d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb Size/MD5: 236304 6333f01d8320b203213891bfc1aea045 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_amd64.deb Size/MD5: 758106 479c1e43b140959ce0253ccbd5931186 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb Size/MD5: 43973946 cbc8c149302cd85aa3340f1c6fb6556a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb Size/MD5: 2801606 fe19bd6f5f497621eab0b8fee4f9156f http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb Size/MD5: 210120 3518227623d7d06342ab07ea67dcbcc0 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb Size/MD5: 75348 dbeffcf2a2c58201eed2f1a84d6cb617 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb Size/MD5: 7944068 9f02d1712680eadfd058c4590c26d173 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb Size/MD5: 219386 1501d84bd496b41dba93e406e5568eef http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb Size/MD5: 147126 cbb87b272c50e7a3e646d2460a40d974 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb Size/MD5: 236296 0746795b91d883f50fb8b280c58658ab http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_i386.deb Size/MD5: 670250 4639cb05497532e4117bd1955f9c21db powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb Size/MD5: 48787984 efb1774fb5bba3d9714647571c8591fe http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb Size/MD5: 2801640 2e62374f3c50fead822f01e9712fcf5f http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb Size/MD5: 213568 9197ba5be37eb905fe72b6768e7db181 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb Size/MD5: 78456 b5eda90c93ca5b64cf32e87aeb2001c0 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb Size/MD5: 9047798 3f69986dc6b187c8818604a02a60d1a3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb Size/MD5: 219386 e217097185da1e749b462096958dc159 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb Size/MD5: 159720 a026903f12a1bb284125d3844277ab3f http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb Size/MD5: 236290 39f0a869a3f24dd5fe7d443f59af29d9 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_powerpc.deb Size/MD5: 769050 0cd9d7fd052b5da45529447c39dec812 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb Size/MD5: 45364958 6feca8379273bfcd93509d273c80bb3d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb Size/MD5: 2801706 bcc563e78b0f45de039730d1cd1518e8 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb Size/MD5: 211060 e7c737cd2fbf96ca80fe3b5da8ab265c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb Size/MD5: 76914 42d57032d8a2f5428b2026597fa50957 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb Size/MD5: 8437612 48829e7c5fd375db1debd36b2d929efd http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb Size/MD5: 219398 b0a9ee505873fbf1c1f1b9839b8ff4a2 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb Size/MD5: 149624 0b21b6362773ee675bef15dd04cf289c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb Size/MD5: 236290 93a968fc6b14988b4ed9ea53fbddaabe http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.9-0ubuntu0.6.06_sparc.deb Size/MD5: 682330 88de775e621fa00e144797d8512c8dad