Referenced CVEs:
CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069


Description:
=========================================================== Ubuntu Security Notice USN-645-1 September 24, 2008firefox, firefox-3.0, xulrunner-1.9 vulnerabilitiesCVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837,CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065,CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069===========================================================A security issue affects the following Ubuntu releases:Ubuntu 7.04Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 7.04: firefox 2.0.0.17+0nobinonly-0ubuntu0.7.4Ubuntu 7.10: firefox 2.0.0.17+1nobinonly-0ubuntu0.7.10Ubuntu 8.04 LTS: firefox-3.0 3.0.2+build6+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.2+build6+nobinonly-0ubuntu0.8.04.1After a standard system upgrade you need to restart Firefox and anyapplications that use xulrunner, such as Epiphany, to effect thenecessary changes.Details follow:Justin Schuh, Tom Cross and Peter Williams discovered errors in theFirefox URL parsing routines. If a user were tricked into opening acrafted hyperlink, an attacker could overflow a stack buffer andexecute arbitrary code. (CVE-2008-0016)It was discovered that the same-origin check in Firefox could bebypassed. If a user were tricked into opening a malicious website,an attacker may be able to execute JavaScript in the context of adifferent website. (CVE-2008-3835)Several problems were discovered in the JavaScript engine. Thiscould allow an attacker to execute scripts from page content withchrome privileges. (CVE-2008-3836)Paul Nickerson discovered Firefox did not properly process mouseclick events. If a user were tricked into opening a malicious webpage, an attacker could move the content window, which couldpotentially be used to force a user to perform unintended drag anddrop operations. (CVE-2008-3837)Several problems were discovered in the browser engine. This couldallow an attacker to execute code with chrome privileges.(CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)Drew Yao, David Maciejak and other Mozilla developers found severalproblems in the browser engine of Firefox. If a user were trickedinto opening a malicious web page, an attacker could cause a denialof service or possibly execute arbitrary code with the privilegesof the user invoking the program. (CVE-2008-4061, CVE-2008-4062,CVE-2008-4063, CVE-2008-4064)Dave Reed discovered a flaw in the JavaScript parsing code whenprocessing certain BOM characters. An attacker could exploit thisto bypass script filters and perform cross-site scripting attacks.(CVE-2008-4065)Gareth Heyes discovered a flaw in the HTML parser of Firefox. If auser were tricked into opening a malicious web page, an attackercould bypass script filtering and perform cross-site scriptingattacks. (CVE-2008-4066)Boris Zbarsky and Georgi Guninski independently discovered flaws inthe resource: protocol. An attacker could exploit this to performdirectory traversal, read information about the system, and promptthe user to save information in a file. (CVE-2008-4067,CVE-2008-4068)Billy Hoffman discovered a problem in the XBM decoder. If a user weretricked into opening a malicious web page or XBM file, an attackermay be able to cause a denial of service via application crash.(CVE-2008-4069)





More...