copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2005.0678 -- Debian Security Advisory DSA 779-2 -- New Mozilla Firefox packages fix several vulnerabilities

Date: 02 September 2005
References: ESB-2005.0648  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

            ESB-2005.0678 -- Debian Security Advisory DSA 779-2
         New Mozilla Firefox packages fix several vulnerabilities
                             2 September 2005

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           mozilla-firefox
Publisher:         Debian
Operating System:  Debian GNU/Linux 3.1
Impact:            Execute Arbitrary Code/Commands
                   Access Privileged Data
                   Provide Misleading Information
Access:            Remote/Unauthenticated
CVE Names:         CAN-2005-2270 CAN-2005-2269 CAN-2005-2268
                   CAN-2005-2267 CAN-2005-2266 CAN-2005-2265
                   CAN-2005-2264 CAN-2005-2263 CAN-2005-2262
                   CAN-2005-2261 CAN-2005-2260

Ref:               ESB-2005.0648

Original Bulletin: http://www.debian.org/security/2005/dsa-779

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 779-2                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 1st, 2005                     http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : mozilla-firefox
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263
                 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267
                 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 
BugTraq ID     : 14242
Debian Bug     : 318061

We experienced that the update for Mozilla Firefox from DSA 779-1
unfortunately was a regression in several cases.  Since the usual
praxis of backporting apparently does not work, this update is
basically version 1.0.6 with the version number rolled back, and hence
still named 1.0.4-*.  For completeness below is the original advisory
text:

  Several problems have been discovered in Mozilla Firefox, a
  lightweight web browser based on Mozilla.  The Common Vulnerabilities
  and Exposures project identifies the following problems:

  CAN-2005-2260

      The browser user interface does not properly distinguish between
      user-generated events and untrusted synthetic events, which makes
      it easier for remote attackers to perform dangerous actions that
      normally could only be performed manually by the user.

  CAN-2005-2261

      XML scripts ran even when Javascript disabled.

  CAN-2005-2262

      The user can be tricked to executing arbitrary JavaScript code by
      using a JavaScript URL as wallpaper.

  CAN-2005-2263

      It is possible for a remote attacker to execute a callback
      function in the context of another domain (i.e. frame).

  CAN-2005-2264

      By opening a malicious link in the sidebar it is possible for
      remote attackers to steal sensitive information.

  CAN-2005-2265

      Missing input sanitising of InstallVersion.compareTo() can cause
      the application to crash.

  CAN-2005-2266

      Remote attackers could steal sensitive information such as cookies
      and passwords from web sites by accessing data in alien frames.

  CAN-2005-2267

      By using standalone applications such as Flash and QuickTime to
      open a javascript: URL, it is possible for a remote attacker to
      steal sensitive information and possibly execute arbitrary code.

  CAN-2005-2268

      It is possible for a Javascript dialog box to spoof a dialog box
      from a trusted site and facilitates phishing attacks.

  CAN-2005-2269

      Remote attackers could modify certain tag properties of DOM nodes
      that could lead to the execution of arbitrary script or code.

  CAN-2005-2270

      The Mozilla browser familie does not properly clone base objects,
      which allows remote attackers to execute arbitrary code.

The old stable distribution (woody) is not affected by these problems.

For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-2sarge3.

For the unstable distribution (sid) these problems have been fixed in
version 1.0.6-1.

We recommend that you upgrade your Mozilla Firefox packages.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3.dsc
      Size/MD5 checksum:     1001 e9e343d5899bc10b64650464839db1dc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3.diff.gz
      Size/MD5 checksum:   323682 3e07c7d42de155ed01210386bc2f06f7
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_alpha.deb
      Size/MD5 checksum: 11162870 103e4b84e9d2052cb4260b96e41319aa
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_alpha.deb
      Size/MD5 checksum:   166886 906bfa51b6c0cb8966fe06aec2b5816e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_alpha.deb
      Size/MD5 checksum:    58708 1b3025f62bb3cb67b32c73c9f20ac5ba

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_amd64.deb
      Size/MD5 checksum:  9397790 6b14119f896013d55826cb59dac50c3b
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_amd64.deb
      Size/MD5 checksum:   161636 33635aa0e4e18a2f8868bb49969a37a6
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_amd64.deb
      Size/MD5 checksum:    57194 a46c10258c9929c8e9f8001838dc4fe4

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_arm.deb
      Size/MD5 checksum:  8216696 f39cae6e1e57a572c316c14cc6c0b3d6
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_arm.deb
      Size/MD5 checksum:   153076 c634b6a8d6f42008526607877071bcaa
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_arm.deb
      Size/MD5 checksum:    52548 04b5b1e840e77b56837e1991c11a9ff6

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_i386.deb
      Size/MD5 checksum:  8889628 c7730b4e3df2f6a0bb12186a52884a9e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_i386.deb
      Size/MD5 checksum:   156844 806fd550f9a5283e4fab73443c73fbcd
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_i386.deb
      Size/MD5 checksum:    54096 9eb9d71896406a619bd186bfe10ed0f2

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_ia64.deb
      Size/MD5 checksum: 11617476 564858f6b1f36f84a1fa9e8c7cb71316
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_ia64.deb
      Size/MD5 checksum:   167224 b574fe291d5537628022434ef13c9587
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_ia64.deb
      Size/MD5 checksum:    61876 4625f067b0cdb1a0de04829a9edbc6d7

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_hppa.deb
      Size/MD5 checksum: 10266194 05ebaf745a3854b8a4dc8dd0e1cff53c
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_hppa.deb
      Size/MD5 checksum:   164592 902df65efa25b497b99a62d1a38acc2e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_hppa.deb
      Size/MD5 checksum:    57692 2221b941de975d360a6f2123d83a73ea

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_m68k.deb
      Size/MD5 checksum:  8167252 23f5666813a7118b5a1e841337b2b9aa
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_m68k.deb
      Size/MD5 checksum:   155742 f46394239362846cfdbe2f2d316bbc18
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_m68k.deb
      Size/MD5 checksum:    53352 619ac605ca4c6d0b449f6b2652b76463

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_mips.deb
      Size/MD5 checksum:  9919620 0f246fc3335b23e9975d78b0f86a2682
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_mips.deb
      Size/MD5 checksum:   154596 90a7786ea46368235be9b052b07eb7d0
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_mips.deb
      Size/MD5 checksum:    54366 ccec0a41faf2945c6ec426311fe4bf77

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_mipsel.deb
      Size/MD5 checksum:  9803502 117b7e5ea7a0d7b78518218009024eaa
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_mipsel.deb
      Size/MD5 checksum:   154172 a090df008b2336d500d772cf538dbe3e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_mipsel.deb
      Size/MD5 checksum:    54180 1dde88657a7740f8261f8804a5bc3a13

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_powerpc.deb
      Size/MD5 checksum:  8561832 f6dd2ad6a53d96b8779fcecd022733ae
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_powerpc.deb
      Size/MD5 checksum:   155236 88e76f256f6aa39c93ca73b95141e6fc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_powerpc.deb
      Size/MD5 checksum:    56482 1525d1b14855694f62110a8fd2ad4b61

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_s390.deb
      Size/MD5 checksum:  9635736 770eca99436ee1646cc9af8eb1f4bce4
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_s390.deb
      Size/MD5 checksum:   162228 c17de607a44ebdd3838d07a8d784f9b8
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_s390.deb
      Size/MD5 checksum:    56664 ead0e97932f0bc9ad8c756d46cf6540f

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_sparc.deb
      Size/MD5 checksum:  8651242 7b87e6d2fca175b70259035c0d5506cf
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_sparc.deb
      Size/MD5 checksum:   155458 2ae1ce848a6ea81a485f2f1240f894cc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_sparc.deb
      Size/MD5 checksum:    52906 89b1bb81288c9fa1f156ba6354292484


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDFwr2W5ql+IAeqTIRAuUgAJ9tADDDG5bAs/7JFYyKGVorgVVWWACguPDZ
kF3Del30TP+JorLBalLMo84=
=ku3v
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQxew5ih9+71yA2DNAQL81AP8CoZCR9xYjyUNpQwA9YI+PA4DX8wfw+zO
TPuya5+zI7aHHSZlXbjR1YEeBOqD1/WROyRmzYDdjHUIcspQa5nJ1EJqQ2nM0TY1
V3vcHnw+PoHO7IjRoO+WlZ3Irfc7uT8U8qhI21BTbLeZO08vRIXy7kbeSO4Z4Tcx
GZ7DFqYBexc=
=lPVu
-----END PGP SIGNATURE-----