Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-667-1)

critical Nessus Plugin ID 36711

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

Liu Die Yu discovered an information disclosure vulnerability in Firefox when using saved .url shortcut files. If a user were tricked into downloading a crafted .url file and a crafted HTML file, an attacker could steal information from the user's cache.
(CVE-2008-4582)

Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on the user's computer. This issue only affects Firefox 2. (CVE-2008-5012)

It was discovered that Firefox did not properly check if the Flash module was properly unloaded. By tricking a user into opening a crafted SWF file, an attacker could cause Firefox to crash and possibly execute arbitrary code with user privileges. This issue only affects Firefox 2. (CVE-2008-5013)

Jesse Ruderman discovered that Firefox did not properly guard locks on non-native objects. If a user were tricked into opening a malicious website, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. This issue only affects Firefox 2. (CVE-2008-5014)

Luke Bryan discovered that Firefox sometimes opened file URIs with chrome privileges. If a user saved malicious code locally, then opened the file in the same tab as a privileged document, an attacker could run arbitrary JavaScript code with chrome privileges. This issue only affects Firefox 3.0. (CVE-2008-5015)

Several problems were discovered in the browser, layout and JavaScript engines. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges.
(CVE-2008-5016, CVE-2008-5017, CVE-2008-5018)

David Bloom discovered that the same-origin check in Firefox could be bypassed by utilizing the session restore feature. An attacker could exploit this to run JavaScript in the context of another site or execute arbitrary JavaScript code with chrome privileges.
(CVE-2008-5019)

Justin Schuh discovered a flaw in Firefox's mime-type parsing. If a user were tricked into opening a malicious website, an attacker could send a crafted header in the HTTP index response, causing a browser crash and execute arbitrary code with user privileges. (CVE-2008-0017)

A flaw was discovered in Firefox's DOM constructing code. If a user were tricked into opening a malicious website, an attacker could cause the browser to crash and potentially execute arbitrary code with user privileges. (CVE-2008-5021)

It was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker could execute JavaScript in the context of a different website. (CVE-2008-5022)

Collin Jackson discovered various flaws in Firefox when processing stylesheets which allowed JavaScript to be injected into signed JAR files. If a user were tricked into opening malicious web content, an attacker could execute arbitrary code with the privileges of the signed JAR or of a different website. (CVE-2008-5023)

Chris Evans discovered that Firefox did not properly parse E4X documents, leading to quote characters in the namespace not being properly escaped. (CVE-2008-5024).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

https://usn.ubuntu.com/667-1/

Plugin Details

Severity: Critical

ID: 36711

File Name: ubuntu_USN-667-1.nasl

Version: 1.14

Type: local

Agent: unix

Published: 4/23/2009

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:libnspr4, p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dom-inspector, p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-venkman, p-cpe:/a:canonical:ubuntu_linux:firefox-2-dom-inspector, p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support, p-cpe:/a:canonical:ubuntu_linux:firefox-2-gnome-support, p-cpe:/a:canonical:ubuntu_linux:firefox-dbg, p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dom-inspector, p-cpe:/a:canonical:ubuntu_linux:firefox-2-dev, p-cpe:/a:canonical:ubuntu_linux:libnspr-dev, p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding, p-cpe:/a:canonical:ubuntu_linux:firefox-3.0, cpe:/o:canonical:ubuntu_linux:6.06:-:lts, p-cpe:/a:canonical:ubuntu_linux:firefox-trunk, p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support, p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9, cpe:/o:canonical:ubuntu_linux:8.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:libnss3, p-cpe:/a:canonical:ubuntu_linux:firefox-dev, p-cpe:/a:canonical:ubuntu_linux:firefox-2-dbg, p-cpe:/a:canonical:ubuntu_linux:libnss-dev, p-cpe:/a:canonical:ubuntu_linux:firefox-2-libthai, cpe:/o:canonical:ubuntu_linux:7.10, p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev, p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox, p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dom-inspector, p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev, p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev, p-cpe:/a:canonical:ubuntu_linux:firefox, p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding, p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman, p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support, p-cpe:/a:canonical:ubuntu_linux:abrowser, p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-dev, p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso, p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev, p-cpe:/a:canonical:ubuntu_linux:firefox-libthai, p-cpe:/a:canonical:ubuntu_linux:firefox-2, cpe:/o:canonical:ubuntu_linux:8.10, p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9-gnome-support, p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector, p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support, p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev, p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-venkman, p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Patch Publication Date: 11/17/2008

Reference Information

CVE: CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024

CWE: 119, 189, 20, 200, 264, 287, 399, 79, 94

USN: 667-1