USN-398-1: Firefox vulnerabilities

3 January 2007

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.10

Software Description

Details

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504)

Various flaws have been reported that allow an attacker to bypass Firefox’s internal XSS protections by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-6503, CVE-2006-6507)

Jared Breland discovered that the “Feed Preview” feature could leak referrer information to remote servers. (CVE-2006-6506)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.10
firefox - 2.0.0.1+0dfsg-0ubuntu0.6.10
firefox-dev - 2.0.0.1+0dfsg-0ubuntu0.6.10
libnspr-dev - 2.0.0.1+0dfsg-0ubuntu0.6.10
libnspr4 - 2.0.0.1+0dfsg-0ubuntu0.6.10
libnss-dev - 2.0.0.1+0dfsg-0ubuntu0.6.10
libnss3 - 2.0.0.1+0dfsg-0ubuntu0.6.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart Firefox to effect the necessary changes.

References