Home / mailings [USN-1355-1] Firefox vulnerabilities
Posted on 03 February 2012
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1355-1
February 03, 2012
firefox vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
It was discovered that if a user chose to export their Firefox Sync key
the "Firefox Recovery Key.html" file is saved with incorrect permissions,=
making the file contents potentially readable by other users.
(CVE-2012-0450)
Nicolas Gregoire and Aki Helin discovered that when processing a malforme=
d
embedded XSLT stylesheet, Firefox can crash due to memory corruption. If
the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or=
potentially execute code with the privileges of the user invoking Firefox=
=2E
(CVE-2012-0449)
It was discovered that memory corruption could occur during the decoding =
of
Ogg Vorbis files. If the user were tricked into opening a specially craft=
ed
file, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the=
user invoking Firefox. (CVE-2012-0444)
Tim Abraldes discovered that when encoding certain images types the
resulting data was always a fixed size. There is the possibility of
sensitive data from uninitialized memory being appended to these images.
(CVE-2012-0447)
It was discovered that Firefox did not properly perform XPConnect securit=
y
checks. An attacker could exploit this to conduct cross-site scripting
(XSS) attacks through web pages and Firefox extensions. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a speciall=
y
crafted page, a remote attacker could exploit this to modify the contents=
,
or steal confidential data, within the same domain. (CVE-2012-0446)
It was discovered that Firefox did not properly handle node removal in th=
e
DOM. If the user were tricked into opening a specially crafted page, an
attacker could exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoki=
ng
Firefox. (CVE-2011-3659)
Alex Dvorov discovered that Firefox did not properly handle sub-frames in=
form submissions. An attacker could exploit this to conduct phishing
attacks using HTML5 frames. (CVE-2012-0445)
Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse
Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey=
discovered memory safety issues affecting Firefox. If the user were trick=
ed
into opening a specially crafted page, an attacker could exploit these to=
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0442,
CVE-2012-0443)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
firefox 10.0+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
firefox 10.0+build1-0ubuntu0.11.04.1
Ubuntu 10.10:
firefox 10.0+build1-0ubuntu0.10.10.1
Ubuntu 10.04 LTS:
firefox 10.0+build1-0ubuntu0.10.04.2
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1355-1
CVE-2011-3659, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444,
CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449,
CVE-2012-0450, https://launchpad.net/bugs/923319
Package Information:
https://launchpad.net/ubuntu/+source/firefox/10.0+build1-0ubuntu0.11.10=
=2E1
https://launchpad.net/ubuntu/+source/firefox/10.0+build1-0ubuntu0.11.04=
=2E1
https://launchpad.net/ubuntu/+source/firefox/10.0+build1-0ubuntu0.10.10=
=2E1
https://launchpad.net/ubuntu/+source/firefox/10.0+build1-0ubuntu0.10.04=
=2E2
------------
