Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-1509-1] Firefox vulnerabilities (Tyler Hicks)
2. [USN-1510-1] Thunderbird vulnerabilities (Tyler Hicks)
3. [USN-1509-2] ubufox update (Tyler Hicks)
----------------------------------------------------------------------
Message: 1
Date: Tue, 17 Jul 2012 15:11:50 -0700
From: Tyler Hicks <tyhicks@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1509-1] Firefox vulnerabilities
Message-ID: <20120717221149.GB4464@boyd>
Content-Type: text/plain; charset="iso-8859-1"
==========================================================================
Ubuntu Security Notice USN-1509-1
July 17, 2012
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith,
Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered
memory safety issues affecting Firefox. If the user were tricked into opening a
specially crafted page, an attacker could possibly exploit these to cause a
denial of service via application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2012-1948, CVE-2012-1949)
Mario Gomes discovered that the address bar may be incorrectly updated.
Drag-and-drop events in the address bar may cause the address of the previous
site to be displayed while a new page is loaded. An attacker could exploit this
to conduct phishing attacks. (CVE-2012-1950)
Abhishek Arya discovered four memory safety issues affecting Firefox. If the
user were tricked into opening a specially crafted page, an attacker could
possibly exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)
Mariusz Mlynski discovered that the address bar may be incorrectly updated.
Calls to history.forward and history.back could be used to navigate to a site
while the address bar still displayed the previous site. A remote attacker
could exploit this to conduct phishing attacks. (CVE-2012-1955)
Mario Heiderich discovered that HTML <embed> tags were not filtered out of the
HTML <description> of RSS feeds. A remote attacker could exploit this to
conduct cross-site scripting (XSS) attacks via javascript execution in the HTML
feed view. (CVE-2012-1957)
Arthur Gerkis discovered a use-after-free vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Firefox. (CVE-2012-1958)
Bobby Holley discovered that same-compartment security wrappers (SCSW) could be
bypassed to allow XBL access. If the user were tricked into opening a specially
crafted page, an attacker could possibly exploit this to execute code with the
privileges of the user invoking Firefox. (CVE-2012-1959)
Tony Payne discovered an out-of-bounds memory read in Mozilla's color
management library (QCMS). If the user were tricked into opening a specially
crafted color profile, an attacker could possibly exploit this to cause a
denial of service via application crash. (CVE-2012-1960)
Fr?d?ric Buclin discovered that the X-Frame-Options header was ignored when its
value was specified multiple times. An attacker could exploit this to conduct
clickjacking attacks. (CVE-2012-1961)
Bill Keese discovered a memory corruption vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Firefox. (CVE-2012-1962)
Karthikeyan Bhargavan discovered an information leakage vulnerability in the
Content Security Policy (CSP) 1.0 implementation. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit this to
access a user's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)
Matt McCutchen discovered a clickjacking vulnerability in the certificate
warning page. A remote attacker could trick a user into accepting a malicious
certificate via a crafted certificate warning page. (CVE-2012-1964)
Mario Gomes and Soroush Dalili discovered that javascript was not filtered out
of feed URLs. If the user were tricked into opening a specially crafted URL, an
attacker could possibly exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2012-1965)
A vulnerability was discovered in the context menu of data: URLs. If the user
were tricked into opening a specially crafted URL, an attacker could possibly
exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-1966)
It was discovered that the execution of javascript: URLs was not properly
handled in some cases. A remote attacker could exploit this to execute code
with the privileges of the user invoking Firefox. (CVE-2012-1967)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
firefox 14.0.1+build1-0ubuntu0.12.04.1
Ubuntu 11.10:
firefox 14.0.1+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
firefox 14.0.1+build1-0ubuntu0.11.04.1
Ubuntu 10.04 LTS:
firefox 14.0.1+build1-0ubuntu0.10.04.1
When upgrading, users should be aware of the following:
- In Ubuntu 11.04, unity-2d users may lose the ability to view drop-down menus,
context menus, and perform drag-and-drop operations in Firefox. This is a known
issue being tracked in https://launchpad.net/bugs/1020198 and may be fixed in a
later update.
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1509-1
CVE-2012-1948, CVE-2012-1949, CVE-2012-1950, CVE-2012-1951,
CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1955,
CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960,
CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1964,
CVE-2012-1965, CVE-2012-1966, CVE-2012-1967, https://launchpad.net/bugs/1020198,
https://launchpad.net/bugs/1024562
Package Information:
https://launchpad.net/ubuntu/+source/firefox/14.0.1+build1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/firefox/14.0.1+build1-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/firefox/14.0.1+build1-0ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/firefox/14.0.1+build1-0ubuntu0.10.04.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120717/dcde7802/attachment-0001.pgp>
------------------------------
Message: 2
Date: Tue, 17 Jul 2012 15:51:12 -0700
From: Tyler Hicks <tyhicks@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1510-1] Thunderbird vulnerabilities
Message-ID: <20120717225111.GC4464@boyd>
Content-Type: text/plain; charset="iso-8859-1"
==========================================================================
Ubuntu Security Notice USN-1510-1
July 17, 2012
thunderbird vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith,
Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered
memory safety issues affecting Thunderbird. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit these to
cause a denial of service via application crash, or potentially execute code
with the privileges of the user invoking Thunderbird. (CVE-2012-1948,
CVE-2012-1949)
Abhishek Arya discovered four memory safety issues affecting Thunderbird. If
the user were tricked into opening a specially crafted page, an attacker could
possibly exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Thunderbird.
(CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)
Mariusz Mlynski discovered that the address bar may be incorrectly updated.
Calls to history.forward and history.back could be used to navigate to a site
while the address bar still displayed the previous site. A remote attacker
could exploit this to conduct phishing attacks. (CVE-2012-1955)
Mario Heiderich discovered that HTML <embed> tags were not filtered out of the
HTML <description> of RSS feeds. A remote attacker could exploit this to
conduct cross-site scripting (XSS) attacks via javascript execution in the HTML
feed view. (CVE-2012-1957)
Arthur Gerkis discovered a use-after-free vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Thunderbird.
(CVE-2012-1958)
Bobby Holley discovered that same-compartment security wrappers (SCSW) could be
bypassed to allow XBL access. If the user were tricked into opening a specially
crafted page, an attacker could possibly exploit this to execute code with the
privileges of the user invoking Thunderbird. (CVE-2012-1959)
Tony Payne discovered an out-of-bounds memory read in Mozilla's color
management library (QCMS). If the user were tricked into opening a specially
crafted color profile, an attacker could possibly exploit this to cause a
denial of service via application crash. (CVE-2012-1960)
Fr?d?ric Buclin discovered that the X-Frame-Options header was ignored when its
value was specified multiple times. An attacker could exploit this to conduct
clickjacking attacks. (CVE-2012-1961)
Bill Keese discovered a memory corruption vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Thunderbird.
(CVE-2012-1962)
Karthikeyan Bhargavan discovered an information leakage vulnerability in the
Content Security Policy (CSP) 1.0 implementation. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit this to
access a user's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)
It was discovered that the execution of javascript: URLs was not properly
handled in some cases. A remote attacker could exploit this to execute code
with the privileges of the user invoking Thunderbird. (CVE-2012-1967)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
thunderbird 14.0+build1-0ubuntu0.12.04.1
Ubuntu 11.10:
thunderbird 14.0+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
thunderbird 14.0+build1-0ubuntu0.11.04.1
Ubuntu 10.04 LTS:
thunderbird 14.0+build1-0ubuntu0.10.04.1
When upgrading, users should be aware of the following:
- In Ubuntu 11.04, unity-2d users may lose the ability to view drop-down menus,
context menus, and perform drag-and-drop operations in Thunderbird. This is a
known issue being tracked in https://launchpad.net/bugs/1020198 and may be
fixed in a later update.
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1510-1
CVE-2012-1948, CVE-2012-1949, CVE-2012-1951, CVE-2012-1952,
CVE-2012-1953, CVE-2012-1954, CVE-2012-1955, CVE-2012-1957,
CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961,
CVE-2012-1962, CVE-2012-1963, CVE-2012-1967, https://launchpad.net/bugs/1020198,
https://launchpad.net/bugs/1024564
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/14.0+build1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/thunderbird/14.0+build1-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/thunderbird/14.0+build1-0ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/thunderbird/14.0+build1-0ubuntu0.10.04.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120717/d8e5d021/attachment-0001.pgp>
------------------------------
Message: 3
Date: Tue, 17 Jul 2012 19:00:24 -0700
From: Tyler Hicks <tyhicks@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1509-2] ubufox update
Message-ID: <20120718020023.GD4464@boyd>
Content-Type: text/plain; charset="iso-8859-1"
==========================================================================
Ubuntu Security Notice USN-1509-2
July 18, 2012
ubufox update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
This update provides compatible ubufox packages for the latest Firefox.
Software Description:
- ubufox: Ubuntu Firefox specific configuration defaults and apt support
Details:
USN-1509-1 fixed vulnerabilities in Firefox. This update provides an updated
ubufox package for use with the lastest Firefox.
Original advisory details:
Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith,
Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered
memory safety issues affecting Firefox. If the user were tricked into opening a
specially crafted page, an attacker could possibly exploit these to cause a
denial of service via application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2012-1948, CVE-2012-1949)
Mario Gomes discovered that the address bar may be incorrectly updated.
Drag-and-drop events in the address bar may cause the address of the previous
site to be displayed while a new page is loaded. An attacker could exploit this
to conduct phishing attacks. (CVE-2012-1950)
Abhishek Arya discovered four memory safety issues affecting Firefox. If the
user were tricked into opening a specially crafted page, an attacker could
possibly exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)
Mariusz Mlynski discovered that the address bar may be incorrectly updated.
Calls to history.forward and history.back could be used to navigate to a site
while the address bar still displayed the previous site. A remote attacker
could exploit this to conduct phishing attacks. (CVE-2012-1955)
Mario Heiderich discovered that HTML <embed> tags were not filtered out of the
HTML <description> of RSS feeds. A remote attacker could exploit this to
conduct cross-site scripting (XSS) attacks via javascript execution in the HTML
feed view. (CVE-2012-1957)
Arthur Gerkis discovered a use-after-free vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Firefox. (CVE-2012-1958)
Bobby Holley discovered that same-compartment security wrappers (SCSW) could be
bypassed to allow XBL access. If the user were tricked into opening a specially
crafted page, an attacker could possibly exploit this to execute code with the
privileges of the user invoking Firefox. (CVE-2012-1959)
Tony Payne discovered an out-of-bounds memory read in Mozilla's color
management library (QCMS). If the user were tricked into opening a specially
crafted color profile, an attacker could possibly exploit this to cause a
denial of service via application crash. (CVE-2012-1960)
Fr?d?ric Buclin discovered that the X-Frame-Options header was ignored when its
value was specified multiple times. An attacker could exploit this to conduct
clickjacking attacks. (CVE-2012-1961)
Bill Keese discovered a memory corruption vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Firefox. (CVE-2012-1962)
Karthikeyan Bhargavan discovered an information leakage vulnerability in the
Content Security Policy (CSP) 1.0 implementation. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit this to
access a user's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)
Matt McCutchen discovered a clickjacking vulnerability in the certificate
warning page. A remote attacker could trick a user into accepting a malicious
certificate via a crafted certificate warning page. (CVE-2012-1964)
Mario Gomes and Soroush Dalili discovered that javascript was not filtered out
of feed URLs. If the user were tricked into opening a specially crafted URL, an
attacker could possibly exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2012-1965)
A vulnerability was discovered in the context menu of data: URLs. If the user
were tricked into opening a specially crafted URL, an attacker could possibly
exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-1966)
It was discovered that the execution of javascript: URLs was not properly
handled in some cases. A remote attacker could exploit this to execute code
with the privileges of the user invoking Firefox. (CVE-2012-1967)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
ubufox 2.1.1-0ubuntu0.12.04.1
xul-ext-ubufox 2.1.1-0ubuntu0.12.04.1
Ubuntu 11.10:
ubufox 2.1.1-0ubuntu0.11.10.1
xul-ext-ubufox 2.1.1-0ubuntu0.11.10.1
Ubuntu 11.04:
ubufox 2.1.1-0ubuntu0.11.04.1
xul-ext-ubufox 2.1.1-0ubuntu0.11.04.1
Ubuntu 10.04 LTS:
ubufox 2.1.1-0ubuntu0.10.04.1
xul-ext-ubufox 2.1.1-0ubuntu0.10.04.1
When upgrading, users should be aware of the following:
- In Ubuntu 11.04, unity-2d users may lose the ability to view drop-down menus,
context menus, and perform drag-and-drop operations in Firefox. This is a known
issue being tracked in https://launchpad.net/bugs/1020198 and may be fixed in a
later update.
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1509-2
http://www.ubuntu.com/usn/usn-1509-1
https://launchpad.net/bugs/1024562
Package Information:
https://launchpad.net/ubuntu/+source/ubufox/2.1.1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/ubufox/2.1.1-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/ubufox/2.1.1-0ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/ubufox/2.1.1-0ubuntu0.10.04.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120717/f286ad19/attachment-0001.pgp>
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 94, Issue 9
*******************************************************
News
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2012
(533)
-
▼
July
(37)
- ubuntu-security-announce Digest, Vol 94, Issue 13
- ubuntu-security-announce Digest, Vol 94, Issue 11
- ubuntu-security-announce Digest, Vol 94, Issue 10
- ubuntu-security-announce Digest, Vol 94, Issue 9
- ubuntu-security-announce Digest, Vol 94, Issue 7
- The case of new smartphone platforms
- The five most connected cars
- Hackers post 450K credentials pilfered from Yahoo
- ubuntu-security-announce Digest, Vol 94, Issue 6
- Simplified Active Directory Upgrades and Deployments
- Thinnest ultrabook is NOT an Air
- How important is TV sound to you?
- Dell XPS 14z Core i5 Laptop $679, Samsung Core i3 ...
- Media wars: Streaming boxes compared
- ubuntu-security-announce Digest, Vol 94, Issue 5
- 5 game-changing wireless routers
- Dirt-cheap dSLRs
- FBI kills DNSChanger network, but how many will be...
- Arctic Pro Portable AC $197, DVD's $5, Skagen Mens...
- ubuntu-security-announce Digest, Vol 94, Issue 4
- Torque turns BitTorrent into a Web app
- Bentley Continental: Old-world luxury meets tech
- Why the new Droid Incredible isn't
- REI Summer Sale 30%-OFF, New Balance Women's 506 $...
- ubuntu-security-announce Digest, Vol 94, Issue 3
- RIM denies looming 'death spiral'
- Dirt-cheap dSLRs
- Call of Duty Add-Ons PS3/Xbox 360 $7, HP g7 Core i...
- ubuntu-security-announce Digest, Vol 94, Issue 2
- Manage BYOD Security
- High-res screen gone bad
- ubuntu-security-announce Digest, Vol 94, Issue 1
- Google Analytics Product Update: Mobile Analytics,...
- Build Legos in Chrome with Google Build
- Latest hacker dump looks like Comcast, AT&T data
- Important account update from ZDNet
- GE Front-Load Washer & Dryer Set $948, Buy Two Use...
-
▼
July
(37)
No comments:
Post a Comment