Referenced CVEs:
CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3371, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3377, CVE-2009-3380, CVE-2009-3381, CVE-2009-3382, CVE-2009-3383


Description:
===========================================================Ubuntu Security Notice USN-853-1 October 31, 2009firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1 vulnerabilitiesCVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3371,CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375,CVE-2009-3376, CVE-2009-3377, CVE-2009-3380, CVE-2009-3381,CVE-2009-3382, CVE-2009-3383===========================================================A security issue affects the following Ubuntu releases:Ubuntu 8.04 LTSUbuntu 8.10Ubuntu 9.04Ubuntu 9.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 8.04 LTS: firefox-3.0 3.0.15+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.15+nobinonly-0ubuntu0.8.04.1Ubuntu 8.10: abrowser 3.0.15+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.15+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.15+nobinonly-0ubuntu0.8.10.1Ubuntu 9.04: abrowser 3.0.15+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.0.15+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9 1.9.0.15+nobinonly-0ubuntu0.9.04.1Ubuntu 9.10: firefox-3.5 3.5.4+nobinonly-0ubuntu0.9.10.1 xulrunner-1.9.1 1.9.1.4+nobinonly-0ubuntu0.9.10.1After a standard system upgrade you need to restart Firefox and anyapplications that use xulrunner, such as Epiphany, to effect the necessarychanges.Details follow:Alin Rad Pop discovered a heap-based buffer overflow in Firefox when itconverted strings to floating point numbers. If a user were tricked intoviewing a malicious website, a remote attacker could cause a denial of serviceor possibly execute arbitrary code with the privileges of the user invoking theprogram. (CVE-2009-1563)Jeremy Brown discovered that the Firefox Download Manager was vulnerable tosymlink attacks. A local attacker could exploit this to create or overwritefiles with the privileges of the user invoking the program. (CVE-2009-3274)Paul Stone discovered a flaw in the Firefox form history. If a user weretricked into viewing a malicious website, a remote attacker could access thisdata to steal confidential information. (CVE-2009-3370)Orlando Berrera discovered that Firefox did not properly free memory when usingweb-workers. If a user were tricked into viewing a malicious website, a remoteattacker could cause a denial of service or possibly execute arbitrary codewith the privileges of the user invoking the program. This issue onlyaffected Ubuntu 9.10. (CVE-2009-3371)A flaw was discovered in the way Firefox processed Proxy Auto-configuration(PAC) files. If a user configured the browser to use PAC files with certainregular expressions, an attacker could cause a denial of service or possiblyexecute arbitrary code with the privileges of the user invoking the program.(CVE-2009-3372)A heap-based buffer overflow was discovered in Mozilla's GIF image parser. If auser were tricked into viewing a malicious website, a remote attacker couldcause a denial of service or possibly execute arbitrary code with theprivileges of the user invoking the program. (CVE-2009-3373)A flaw was discovered in the JavaScript engine of Firefox. An attacker couldexploit this to execute scripts from page content with chrome privileges.(CVE-2009-3374)Gregory Fleischer discovered that the same-origin check in Firefox could bebypassed by utilizing the document.getSelection function. An attacker couldexploit this to read data from other domains. (CVE-2009-3375)Jesse Ruderman and Sid Stamm discovered that Firefox did not properly displayfilenames containing right-to-left (RTL) override characters. If a user weretricked into downloading a malicious file with a crafted filename, an attackercould exploit this to trick the user into opening a different file than theuser expected. (CVE-2009-3376)Several flaws were discovered in third party media libraries. If a user weretricked into opening a crafted media file, a remote attacker could cause adenial of service or possibly execute arbitrary code with the privileges of theuser invoking the program. This issue only affected Ubuntu 9.10.(CVE-2009-3377)Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, DavidKeeler, Boris Zbarsky, Thomas Frederiksen, Marcia Knous, Carsten Book, KevinBrosnan, David Anderson and Jeff Walden discovered various flaws in the browserand JavaScript engines of Firefox. If a user were tricked into viewing amalicious website, a remote attacker could cause a denial of service orpossibly execute arbitrary code with the privileges of the user invoking theprogram. (CVE-2009-3380, CVE-2009-3381, CVE-2009-3382, CVE-2009-3383)





More...