exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-1306-2

Ubuntu Security Notice USN-1306-2
Posted Jan 7, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1306-2 - USN-1306-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 9. Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665
SHA-256 | fb1b31af3076d871d28a266beb07383380a0af8d461b803c1151a07c03fc997c

Ubuntu Security Notice USN-1306-2

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-1306-2
January 06, 2012

mozvoikko, ubufox update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04

Summary:

This update provides compatible packages for Firefox 9.

Software Description:
- mozvoikko: Finnish spell-checker extension for Firefox (transitional package
- ubufox: Ubuntu Firefox specific configuration defaults and apt support

Details:

USN-1306-1 fixed vulnerabilities in Firefox. This update provides updated
Mozvoikko and ubufox packages for use with Firefox 9.

Original advisory details:

Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler,
David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia
Knous, and Rober Longson discovered several memory safety issues which
could possibly be exploited to crash Firefox or execute arbitrary code as
the user that invoked Firefox. (CVE-2011-3660)

Aki Helin discovered a crash in the YARR regular expression library that
could be triggered by javascript in web content. (CVE-2011-3661)

It was discovered that a flaw in the Mozilla SVG implementation could
result in an out-of-bounds memory access if SVG elements were removed
during a DOMAttrModified event handler. An attacker could potentially
exploit this vulnerability to crash Firefox. (CVE-2011-3658)

Mario Heiderich discovered it was possible to use SVG animation accessKey
events to detect key strokes even when JavaScript was disabled. A malicious
web page could potentially exploit this to trick a user into interacting
with a prompt thinking it came from the browser in a context where the user
believed scripting was disabled. (CVE-2011-3663)

It was discovered that it was possible to crash Firefox when scaling an OGG
<video> element to extreme sizes. (CVE-2011-3665)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
xul-ext-mozvoikko 1.10.0-0ubuntu2.2
xul-ext-ubufox 1.0.2-0ubuntu0.11.10.1

Ubuntu 11.04:
xul-ext-mozvoikko 1.10.0-0ubuntu0.11.04.4
xul-ext-ubufox 0.9.3-0ubuntu0.11.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-1306-2
https://www.ubuntu.com/usn/usn-1306-1
https://launchpad.net/bugs/906389

Package Information:
https://launchpad.net/ubuntu/+source/mozvoikko/1.10.0-0ubuntu2.2
https://launchpad.net/ubuntu/+source/ubufox/1.0.2-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/mozvoikko/1.10.0-0ubuntu0.11.04.4
https://launchpad.net/ubuntu/+source/ubufox/0.9.3-0ubuntu0.11.04.1



Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close