---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Ubuntu update for firefox and xulrunner SECUNIA ADVISORY ID: SA31270 VERIFY ADVISORY: http://secunia.com/advisories/31270/ CRITICAL: Highly critical IMPACT: Security Bypass, Spoofing, DoS, System access WHERE: >From remote OPERATING SYSTEM: Ubuntu Linux 8.04 http://secunia.com/product/18611/ DESCRIPTION: Ubuntu has issued an update for firefox and xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, potentially conduct spoofing attacks, or compromise a user's system. For more information: SA30761 SA31106 SOLUTION: Apply updated packages. -- Ubuntu 8.04 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3.diff.gz Size/MD5: 105875 20bf75de131b805b31602d03f76edcdb http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3.dsc Size/MD5: 1605 0a4c85fb6f3771e494cb2596eb174f42 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly.orig.tar.gz Size/MD5: 10830088 546304d00e486587023418bef4c8c17e http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3.diff.gz Size/MD5: 77642 dd673f6d7523c5129df6775c369f55b1 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3.dsc Size/MD5: 1669 7fbd2e794a99288141e6c5fd6ca7bb8b http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly.orig.tar.gz Size/MD5: 40083410 802b0c07675ba0d1cc1819a6dac22c94 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65808 9fb1bd4f57c4ddaf255dec745cfb6394 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65824 9352e1cba510bcaed37478516413e41a http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65784 3ef3e033acca41bf431e196289ff3075 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65776 30a60ceed5a490065dddb86dcbc44917 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65926 093d9772c250695694846c4a862151e4 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65832 2f47d1abc1cfee76a537e665c2a961e3 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65782 852eac738d3bf243f6f3ab707cab7de1 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 8978 4ee6943368ba1582827914b014aa0b12 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 8964 9df1e05f125072a41decae2f03ed796d http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65808 4cdc3a9a27af41bd6fadf4f9f1271af0 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65774 a12883abab5cdc8fd1be41abec1d2553 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65768 d30e21a3afcf4897450a2220b0448c52 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 8944 ddb77e423b0d2fa01775998de6d16074 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65792 662c3740f2451030de9dbeef8915cd53 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 8938 19647a69ea1a19fb20c3d832efb3f667 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65762 2948beefbc937ce8014246761aa5c42f http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 125048 61ddef6346ed04823e4e08cb8b5915ad http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 235166 7dcc225d1e6a35d1c72d83478b264b03 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 9030 51c56b6eb17a90596664e5de1efcfaf0 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 29598 bdb8fd33fbb551fba94829b6de8f48c8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 1086692 9e85d93762021da9663079eb43a806ec http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 4034992 ded5cd52011190445b8cdbbc387dbb0e http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 48708 63a365a1ed33bdd9f3e86c704639c54b http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 9020046 ce8df3e6a4d09ac7c1429f63a69bb164 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 9032 9655df6f35d580fcd316fdbe35b25c44 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 25740 b449c8c524b7cb50e05a5092bb1692ad http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 1064456 58ffa05cc64086c5c51ff694beca780d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 4016584 3c8e123c09ff04f63cde52effc867f0d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 38500 8934fc3c6cdfa988ad9dee140be7373d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 7749536 7ef6da6f25b7e0878419acccc052da3f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 9028 fdd61fb530a3339c1fffbd9ece833d8e http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 25344 7666413c6a56eb14c3708ad2e16470c7 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 1062684 ec46a573876b24eb4748bd01a2bb5435 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 4012106 243d516f2dc244758d3568e4ead4839f http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 37592 d9c551a6e990c7e63b457d7c6166113a http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 7639310 ff4c7144795f6fa0a38b0f065c04db8e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 9032 5ffb1ce496a65cc0cfa57405a249426c http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 27506 ee4f59f65df53fdf3e09fa271e290dbc http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 1078404 8ee97515994e3deac2fe7aabbbbe15ab http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 4023136 5342ffc1f46ff68174dca7b3621eeab0 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 43654 649fa96e5214857fff22b53455e99bac http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 8595530 7a92e064fe96a000b0d9a507c0827555 ORIGINAL ADVISORY: https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-July/000735.html OTHER REFERENCES: SA30761: http://secunia.com/advisories/30761/ SA31106: http://secunia.com/advisories/31106/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------