WINDOWS CENTER: ubuntu-security-announce Digest, Vol 48, Issue 9

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."

Today's Topics:

1. [USN-645-3] Firefox and xulrunner regression (Jamie Strandboge)
2. [USN-647-1] Thunderbird vulnerabilities (Jamie Strandboge)

----------------------------------------------------------------------

Message: 1
Date: Thu, 25 Sep 2008 13:32:04 -0500
From: Jamie Strandboge <jamie@canonical.com>
Subject: [USN-645-3] Firefox and xulrunner regression
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20080925183203.GC8797@severus.strandboge.com>
Content-Type: text/plain; charset="us-ascii"

===========================================================
Ubuntu Security Notice USN-645-3 September 25, 2008
firefox-3.0, xulrunner-1.9 regression
https://launchpad.net/bugs/270429
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
firefox 3.0.3+build1+nobinonly-0ubuntu0.8.04.1
xulrunner-1.9 1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1

After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner, such as Epiphany, to effect the
necessary changes.

Details follow:

USN-645-1 fixed vulnerabilities in Firefox and xulrunner. The upstream
patches introduced a regression in the saved password handling. While
password data was not lost, if a user had saved any passwords with
non-ASCII characters, Firefox could not access the password database.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Justin Schuh, Tom Cross and Peter Williams discovered errors in the
Firefox URL parsing routines. If a user were tricked into opening a
crafted hyperlink, an attacker could overflow a stack buffer and
execute arbitrary code. (CVE-2008-0016)

It was discovered that the same-origin check in Firefox could be
bypassed. If a user were tricked into opening a malicious website,
an attacker may be able to execute JavaScript in the context of a
different website. (CVE-2008-3835)

Several problems were discovered in the JavaScript engine. This
could allow an attacker to execute scripts from page content with
chrome privileges. (CVE-2008-3836)

Paul Nickerson discovered Firefox did not properly process mouse
click events. If a user were tricked into opening a malicious web
page, an attacker could move the content window, which could
potentially be used to force a user to perform unintended drag and
drop operations. (CVE-2008-3837)

Several problems were discovered in the browser engine. This could
allow an attacker to execute code with chrome privileges.
(CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)

Drew Yao, David Maciejak and other Mozilla developers found several
problems in the browser engine of Firefox. If a user were tricked
into opening a malicious web page, an attacker could cause a denial
of service or possibly execute arbitrary code with the privileges
of the user invoking the program. (CVE-2008-4061, CVE-2008-4062,
CVE-2008-4063, CVE-2008-4064)

Dave Reed discovered a flaw in the JavaScript parsing code when
processing certain BOM characters. An attacker could exploit this
to bypass script filters and perform cross-site scripting attacks.
(CVE-2008-4065)

Gareth Heyes discovered a flaw in the HTML parser of Firefox. If a
user were tricked into opening a malicious web page, an attacker
could bypass script filtering and perform cross-site scripting
attacks. (CVE-2008-4066)

Boris Zbarsky and Georgi Guninski independently discovered flaws in
the resource: protocol. An attacker could exploit this to perform
directory traversal, read information about the system, and prompt
the user to save information in a file. (CVE-2008-4067,
CVE-2008-4068)

Billy Hoffman discovered a problem in the XBM decoder. If a user were
tricked into opening a malicious web page or XBM file, an attacker
may be able to cause a denial of service via application crash.
(CVE-2008-4069)

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly-0ubuntu0.8.04.1.diff.gz
Size/MD5: 105898 8e9d91766d1673d85b4e2e60f09ffbb6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly-0ubuntu0.8.04.1.dsc
Size/MD5: 2760 57a929804f986040bc7227fe3009156c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly.orig.tar.gz
Size/MD5: 11573662 bcf09e18019b2f2cbb8517932c891485
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1.diff.gz
Size/MD5: 77467 f5a62ff3d325e95c5120cc22bda2d554
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1.dsc
Size/MD5: 2825 ab55f7ea35f9ee735528805831854977
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly.orig.tar.gz
Size/MD5: 40164202 72a5e40dda74d050021677f1b3ebabcc

Architecture independent packages:

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 9028 45557a5d8f43797bebb0ee77783bdc87
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 29576 78c9677804c24f5b6d95e0eb6c7a7f38
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 1086672 7399df1205d00bd6124d03fc63cf6592
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 4035336 eaff46064356cea1e966ab221e45eb30
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 48656 41dc8e708b4972e61b2e12ab54c0c4fc
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 9031700 f608db020679c1a062deaf017d5defd2

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 9028 a8fd22201b420b5b0fa11fab1c9466d3
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 25726 823066888e006035bbe5f1eb790eccfa
http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 1065018 32827a47e8cd521d89391879a3d84d5c
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 4016914 4285536cc152b65fa881946890b44185
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 38514 04869df4ca726ad6c59d2e43383bf4f6
http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 7763786 685dc1eb5dce09d60c56ffa1c059735b

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 9028 2de0d8feb75644816867deec8668ec34
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 25342 5e70051d1c36fa4115ad1b569a57b290
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 1063126 4e9a3f4c3adaacb731b9d715e38fd3e2
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 4012342 92f97468c8260b9980d348024b3b6971
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 37610 88681831e70f2c7ab81da01928fcf09f
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 7650950 80ab78a657265b9cad8ec759ac8864e9

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 9026 c90a944ecbc4366a54001c769d29e35b
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 27502 d140872135657f26a214585501d48c8c
http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.3+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 1079210 2594afd5cad19bc4bee8f0bad4483c5c
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 4023426 cb239f374f28f6b90ae9289240acf871
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 43686 d176b974055a33ede0065b4c9f2047fd
http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 8609908 8e66fdbd3106ee310b9e8591d5fc35ad

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20080925/9e810cff/attachment-0001.pgp

------------------------------

Message: 2
Date: Thu, 25 Sep 2008 21:34:25 -0500
From: Jamie Strandboge <jamie@canonical.com>
Subject: [USN-647-1] Thunderbird vulnerabilities
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20080926023425.GG8797@severus.strandboge.com>
Content-Type: text/plain; charset="us-ascii"

===========================================================
Ubuntu Security Notice USN-647-1 September 26, 2008
mozilla-thunderbird, thunderbird vulnerabilities
CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,
CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064,
CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068,
CVE-2008-4070
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1

Ubuntu 7.04:
mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1

Ubuntu 7.10:
thunderbird 2.0.0.17+nobinonly-0ubuntu0.7.10.1

Ubuntu 8.04 LTS:
thunderbird 2.0.0.17+nobinonly-0ubuntu0.8.04.1

After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.

Details follow:

It was discovered that the same-origin check in Thunderbird could
be bypassed. If a user had JavaScript enabled and were tricked into
opening a malicious website, an attacker may be able to execute
JavaScript in the context of a different website. (CVE-2008-3835)

Several problems were discovered in the browser engine of
Thunderbird. If a user had JavaScript enabled, this could allow an
attacker to execute code with chrome privileges. (CVE-2008-4058,
CVE-2008-4059, CVE-2008-4060)

Drew Yao, David Maciejak and other Mozilla developers found several
problems in the browser engine of Thunderbird. If a user had
JavaScript enabled and were tricked into opening a malicious web
page, an attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064)

Dave Reed discovered a flaw in the JavaScript parsing code when
processing certain BOM characters. An attacker could exploit this
to bypass script filters and perform cross-site scripting attacks
if a user had JavaScript enabled. (CVE-2008-4065)

Gareth Heyes discovered a flaw in the HTML parser of Thunderbird. If
a user had JavaScript enabled and were tricked into opening a
malicious web page, an attacker could bypass script filtering and
perform cross-site scripting attacks. (CVE-2008-4066)

Boris Zbarsky and Georgi Guninski independently discovered flaws in
the resource: protocol. An attacker could exploit this to perform
directory traversal, read information about the system, and prompt
the user to save information in a file. (CVE-2008-4067,
CVE-2008-4068)

Georgi Guninski discovered that Thunderbird improperly handled
cancelled newsgroup messages. If a user opened a crafted newsgroup
message, an attacker could cause a buffer overrun and potentially
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-4070)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1.diff.gz
Size/MD5: 457690 6d3b4e43ba967ab95fc6ad85fe595e12
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1.dsc
Size/MD5: 1688 9ed773039d32a90e73c6bd4e211f723e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614g.orig.tar.gz
Size/MD5: 38029718 4ae446c58ccde45cb8f156b395968d2b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 3593958 4f8eb1f994751de1541bd53c7b3f8236
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 194972 9e89bd92215c471d5265d3866fdd8c52
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 60218 b30948cbd58517559134ad18a0d7f95e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 12118598 f13001d92a989bc023fe16e3c02a0149

i386 architecture (x86 compatible Intel/AMD):

powerpc architecture (Apple Macintosh G3/G4/G5):

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 3589568 820731692c8f9302538f38cefaeac3f9
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 189140 dac62e9cab6dee27d9f71500b77db030
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 57212 06bc96f9d4826515ffe1f6c2099399d3
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 10866068 15aa61ac5c6a4ad04b802a8db9c3c50a

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1.diff.gz
Size/MD5: 126911 8ea6b26003fc64eeb6266772629a06bb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1.dsc
Size/MD5: 2260 6b480908f2478bea5c1c92ca70899da4
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614g.orig.tar.gz
Size/MD5: 38029718 4ae446c58ccde45cb8f156b395968d2b