---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Ubuntu update for firefox SECUNIA ADVISORY ID: SA21188 VERIFY ADVISORY: http://secunia.com/advisories/21188/ CRITICAL: Highly critical IMPACT: Cross Site Scripting, Exposure of sensitive information, System access WHERE: >From remote OPERATING SYSTEM: Ubuntu Linux 6.06 http://secunia.com/product/10611/ Ubuntu Linux 5.10 http://secunia.com/product/6606/ Ubuntu Linux 5.04 http://secunia.com/product/5036/ DESCRIPTION: Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response smuggling attacks, disclose sensitive information, and potentially compromise a user's system. For more information: SA19631 SA20376 SOLUTION: Apply updated packages. -- Ubuntu 5.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.8-0ubuntu5.04.1.diff.gz Size/MD5: 824134 dcdb07a69073007d24bafca99044b67f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.8-0ubuntu5.04.1.dsc Size/MD5: 1064 fec5050f2d3a55468ffa489df440e07a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.8.orig.tar.gz Size/MD5: 41545571 74feb5a7af741bc5e24f1a622ce698c8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.8-0ubuntu5.04.1_amd64.deb Size/MD5: 2634972 29670d8ce13ce01319c4dfa0009c943c http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.8-0ubuntu5.04.1_amd64.deb Size/MD5: 159452 19c92b8c44b09ba5566424c9dca25181 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.8-0ubuntu5.04.1_amd64.deb Size/MD5: 58774 fba87d0618e820bfaa6c095cc05b73e8 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.8-0ubuntu5.04.1_amd64.deb Size/MD5: 9774476 29fc78e28762ae04e4b0447b5cb67e90 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.8-0ubuntu5.04.1_i386.deb Size/MD5: 2634950 96e7d92df452823fdcf54facd4591f30 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.8-0ubuntu5.04.1_i386.deb Size/MD5: 154374 d01cd697cb356a76dc20c5e84e0bcd09 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.8-0ubuntu5.04.1_i386.deb Size/MD5: 55326 7c5fed632313cb61e00b6431cda22370 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.8-0ubuntu5.04.1_i386.deb Size/MD5: 8815362 3b63a5e9188176dca3f0d1d9aef125ad powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.8-0ubuntu5.04.1_powerpc.deb Size/MD5: 2635040 92897e505ae04fb166a823b92d44b5d4 http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.8-0ubuntu5.04.1_powerpc.deb Size/MD5: 153142 232c5da447abdb373509d68fa3c98711 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.8-0ubuntu5.04.1_powerpc.deb Size/MD5: 57966 442eb47adc53d75aa0b38a19307bbce5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.8-0ubuntu5.04.1_powerpc.deb Size/MD5: 8469444 af78400e1b10af129d2b0a91a03eb4cb -- Ubuntu 5.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.0.8-0ubuntu5.10.1.diff.gz Size/MD5: 855177 c4709e9b56823acd62ff451fe83d4f50 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.0.8-0ubuntu5.10.1.dsc Size/MD5: 998 b5de07530b5ac72d071b5719e2dfe7f7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.0.8.orig.tar.gz Size/MD5: 41545571 74feb5a7af741bc5e24f1a622ce698c8 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.0.8-0ubuntu5.10.1_all.deb Size/MD5: 39520 6f8d264576c9404f6e09daef01510f13 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.0.8-0ubuntu5.10.1_all.deb Size/MD5: 39522 2f0bc8f219bf61d48c6d9adc2de0a0aa amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.0.8-0ubuntu5.10.1_amd64.deb Size/MD5: 2636568 5adcc3d93ba3a39931cfbaa5a30884e8 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.0.8-0ubuntu5.10.1_amd64.deb Size/MD5: 161594 768a85089b1b997c56c464b800eeb186 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.0.8-0ubuntu5.10.1_amd64.deb Size/MD5: 78446 e43c7c7bd9854e8ce915a13572bab0a7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.0.8-0ubuntu5.10.1_amd64.deb Size/MD5: 9927172 b66ab4105d546c275f318b51a39de8c5 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.0.8-0ubuntu5.10.1_i386.deb Size/MD5: 2636574 f762d3f11848e844e52e78d62aa00450 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.0.8-0ubuntu5.10.1_i386.deb Size/MD5: 154832 6e9812b20308cdbbb78e8ff1dbd915b8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.0.8-0ubuntu5.10.1_i386.deb Size/MD5: 70940 0111e64f62d33a39f82e5a6abca5837d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.0.8-0ubuntu5.10.1_i386.deb Size/MD5: 8473026 bc6a58b43ef24ce53bdf10889bc75525 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.0.8-0ubuntu5.10.1_powerpc.deb Size/MD5: 2636650 4d49c2ed4a88ee4f1089162e0e7f960c http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.0.8-0ubuntu5.10.1_powerpc.deb Size/MD5: 154858 7b25ded8bf15f0cbdc06d5966981a3f4 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.0.8-0ubuntu5.10.1_powerpc.deb Size/MD5: 76182 888b699b12ff6e940367d8c90bf1cb9b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.0.8-0ubuntu5.10.1_powerpc.deb Size/MD5: 8606402 4c5b3db3c0bd461c03609835dd0631fa sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.0.8-0ubuntu5.10.1_sparc.deb Size/MD5: 2636636 f098f75bfbe200c80a669a9d63966160 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.0.8-0ubuntu5.10.1_sparc.deb Size/MD5: 155238 33b086289591de62d5a8336e6e732418 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.0.8-0ubuntu5.10.1_sparc.deb Size/MD5: 71960 27d9eaf8ec8280027462f067575188d2 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.0.8-0ubuntu5.10.1_sparc.deb Size/MD5: 8827730 1cd392e3c505d59983b43b60b5e29c7e -- Ubuntu 6.06 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06.diff.gz Size/MD5: 167298 f47b780d96935c7ec982abf3d1cb23fa http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06.dsc Size/MD5: 1109 af86fe956f6cbe2d03bdac43920e8f67 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4.orig.tar.gz Size/MD5: 42942490 2ac9d43529710e49b06ad6c358716ea4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.4-0ubuntu6.06_all.deb Size/MD5: 48814 29b5ce2c38dae8510506cbe2d10f9cd3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06_all.deb Size/MD5: 49706 26c239c98e4ecd26f1b25cb3a9111b02 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 47215364 a69b194be686538156d4c0513dfb527b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 2795932 265477059f8e1e6ecc9fdf22ececa362 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 215752 9927725795f7f49ecde3903c408912b3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 82014 e6b1d0bdc7f8ec61f4047d6a07664835 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 9395266 b1dbbc159e3407381323e4ddfd82188f http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 218436 389a755efbd959c55c6311d8d6decb0e http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 161480 7a567a40560ea00f03ab279dfe591e05 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 235386 66c1434f1c0c86c13948c8519000234e http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_amd64.deb Size/MD5: 757072 16b86b81d8815aa7dd0fe8da0680cc71 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 43799038 231446d3a93c66a92a5686d2011180fa http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 2795898 58ce3a92e6bc32a1f277568a1aefb157 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 209168 3d78487a1ec843de5c968daac5774a2c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 74348 a9da42db19117d43ae6eb40aa1bb5270 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 7910938 226b0db56dfec4f84eb51fe23c35b8d3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 218436 c4ea086ae992aefacc940c9944897009 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 146190 1a47ce6da183f2b4299525f38dc6b397 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 235380 63465b4ffdd74bc86d7327b0a1fe2d7a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_i386.deb Size/MD5: 669186 07308fb95fd53becb506ef179fa91666 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 48597138 374792224c05b7baf406ff88409b3b51 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 2795908 1c1a036cc9bbeeaee4b9c629e2f27106 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 212602 5223d8d37deca276a6a61fa1f39dfebf http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 77522 b8d6a6d80f297397ad9e95dd2a19b0c1 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 9011932 702eb283fa9cfb68cd682166ec42f1fc http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 218436 08b7248b0dee668dcd2296538ed10ba7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 158722 2761f24a70c304680a47a100abf07029 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 235396 983d844a1b9f56543c59b618f051cc7f http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_powerpc.deb Size/MD5: 767948 495c253eca9a842c913ff0299c57c632 ORIGINAL ADVISORY: http://www.ubuntu.com/usn/usn-296-2 OTHER REFERENCES: SA19631: http://secunia.com/advisories/19631/ SA20376: http://secunia.com/advisories/20376/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------