Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1 vulnerabilities (USN-853-1)

Ubuntu Security Notice (C) 2009-2014 Canonical, Inc. / NASL script (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Alin Rad Pop discovered a heap-based buffer overflow in Firefox when
it converted strings to floating point numbers. If a user were tricked
into viewing a malicious website, a remote attacker could cause a
denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-1563)

Jeremy Brown discovered that the Firefox Download Manager was
vulnerable to symlink attacks. A local attacker could exploit this to
create or overwrite files with the privileges of the user invoking the
program. (CVE-2009-3274)

Paul Stone discovered a flaw in the Firefox form history. If a user
were tricked into viewing a malicious website, a remote attacker could
access this data to steal confidential information. (CVE-2009-3370)

Orlando Berrera discovered that Firefox did not properly free memory
when using web-workers. If a user were tricked into viewing a
malicious website, a remote attacker could cause a denial of service
or possibly execute arbitrary code with the privileges of the user
invoking the program. This issue only affected Ubuntu 9.10.
(CVE-2009-3371)

A flaw was discovered in the way Firefox processed Proxy
Auto-configuration (PAC) files. If a user configured the browser to
use PAC files with certain regular expressions, an attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-3372)

A heap-based buffer overflow was discovered in Mozilla's GIF image
parser. If a user were tricked into viewing a malicious website, a
remote attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-3373)

A flaw was discovered in the JavaScript engine of Firefox. An attacker
could exploit this to execute scripts from page content with chrome
privileges. (CVE-2009-3374)

Gregory Fleischer discovered that the same-origin check in Firefox
could be bypassed by utilizing the document.getSelection function. An
attacker could exploit this to read data from other domains.
(CVE-2009-3375)

Jesse Ruderman and Sid Stamm discovered that Firefox did not properly
display filenames containing right-to-left (RTL) override characters.
If a user were tricked into downloading a malicious file with a
crafted filename, an attacker could exploit this to trick the user
into opening a different file than the user expected. (CVE-2009-3376)

Several flaws were discovered in third-party media libraries. If a
user were tricked into opening a crafted media file, a remote attacker
could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. This issue only
affected Ubuntu 9.10. (CVE-2009-3377)

Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero,
David Keeler, Boris Zbarsky, Thomas Frederiksen, Marcia Knous, Carsten
Book, Kevin Brosnan, David Anderson and Jeff Walden discovered various
flaws in the browser and JavaScript engines of Firefox. If a user were
tricked into viewing a malicious website, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-3380,
CVE-2009-3381, CVE-2009-3382, CVE-2009-3383).

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)