Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-{3.0,3.5}, xulrunner-1.9.2 regression (USN-1049-2)

Ubuntu Security Notice (C) 2011-2014 Canonical, Inc. / NASL script (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update
introduced a regression where some Java applets would fail to load.
This update fixes the problem.

We apologize for the inconvenience.

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden,
Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous
discovered several memory issues in the browser engine. An attacker
could exploit these to crash the browser or possibly run arbitrary
code as the user invoking the program. (CVE-2011-0053, CVE-2011-0062)

Zach Hoffman discovered that a recursive call to eval()
wrapped in a try/catch statement places the browser into a
inconsistent state. An attacker could exploit this to force
a user to accept any dialog. (CVE-2011-0051)

It was discovered that memory was used after being freed in
a method used by JSON.stringify. An attacker could exploit
this to crash the browser or possibly run arbitrary code as
the user invoking the program. (CVE-2011-0055)

Christian Holler discovered multiple buffer overflows in the
JavaScript engine. An attacker could exploit these to crash
the browser or possibly run arbitrary code as the user
invoking the program. (CVE-2011-0054, CVE-2011-0056)

Daniel Kozlowski discovered that a JavaScript Worker kept a
reference to memory after it was freed. An attacker could
exploit this to crash the browser or possibly run arbitrary
code as the user invoking the program. (CVE-2011-0057)

Alex Miller discovered a buffer overflow in the browser
rendering engine. An attacker could exploit this to crash
the browser or possibly run arbitrary code as the user
invoking the program. (CVE-2011-0058)

Roberto Suggi Liverani discovered a possible issue with
unsafe JavaScript execution in chrome documents. A malicious
extension could exploit this to execute arbitrary code with
chrome privlieges. (CVE-2010-1585)

Jordi Chancel discovered a buffer overlow in the JPEG
decoding engine. An attacker could exploit this to crash the
browser or possibly run arbitrary code as the user invoking
the program. (CVE-2011-0061)

Peleus Uhley discovered a CSRF vulnerability in the plugin
code related to 307 redirects. This could allow custom
headers to be forwarded across origins. (CVE-2011-0059).

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false