Ubuntu 7.04 / 7.10 / 8.04 LTS : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-645-1)

critical Nessus Plugin ID 36243

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. (CVE-2008-0016)

It was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. (CVE-2008-3835)

Several problems were discovered in the JavaScript engine. This could allow an attacker to execute scripts from page content with chrome privileges. (CVE-2008-3836)

Paul Nickerson discovered Firefox did not properly process mouse click events. If a user were tricked into opening a malicious web page, an attacker could move the content window, which could potentially be used to force a user to perform unintended drag and drop operations.
(CVE-2008-3837)

Several problems were discovered in the browser engine. This could allow an attacker to execute code with chrome privileges.
(CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)

Drew Yao, David Maciejak and other Mozilla developers found several problems in the browser engine of Firefox. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064)

Dave Reed discovered a flaw in the JavaScript parsing code when processing certain BOM characters. An attacker could exploit this to bypass script filters and perform cross-site scripting attacks.
(CVE-2008-4065)

Gareth Heyes discovered a flaw in the HTML parser of Firefox. If a user were tricked into opening a malicious web page, an attacker could bypass script filtering and perform cross-site scripting attacks.
(CVE-2008-4066)

Boris Zbarsky and Georgi Guninski independently discovered flaws in the resource: protocol. An attacker could exploit this to perform directory traversal, read information about the system, and prompt the user to save information in a file. (CVE-2008-4067, CVE-2008-4068)

Billy Hoffman discovered a problem in the XBM decoder. If a user were tricked into opening a malicious web page or XBM file, an attacker may be able to cause a denial of service via application crash.
(CVE-2008-4069).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

https://usn.ubuntu.com/645-1/

Plugin Details

Severity: Critical

ID: 36243

File Name: ubuntu_USN-645-1.nasl

Version: 1.17

Type: local

Agent: unix

Published: 4/23/2009

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-gnome-support, p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector, p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support, p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev, p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-venkman, p-cpe:/a:canonical:ubuntu_linux:libnspr4, p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dom-inspector, p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-venkman, p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support, p-cpe:/a:canonical:ubuntu_linux:firefox-dbg, p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dom-inspector, cpe:/o:canonical:ubuntu_linux:7.04, p-cpe:/a:canonical:ubuntu_linux:libnspr-dev, p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support, p-cpe:/a:canonical:ubuntu_linux:firefox-3.0, p-cpe:/a:canonical:ubuntu_linux:firefox-trunk, p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support, p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9, cpe:/o:canonical:ubuntu_linux:8.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:libnss3, p-cpe:/a:canonical:ubuntu_linux:firefox-dev, p-cpe:/a:canonical:ubuntu_linux:libnss-dev, cpe:/o:canonical:ubuntu_linux:7.10, p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev, p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox, p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dom-inspector, p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev, p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector, p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman, p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support, p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dev, p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso, p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev, p-cpe:/a:canonical:ubuntu_linux:firefox-libthai, p-cpe:/a:canonical:ubuntu_linux:firefox, p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/24/2008

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069

BID: 31346

CWE: 119, 189, 200, 22, 264, 399, 79

USN: 645-1