Ubuntu.com/usn: Referenced CVEs:
CVE-2010-2760, CVE-2010-2762, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169


Description:
===========================================================Ubuntu Security Notice USN-975-1 September 08, 2010firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilitiesCVE-2010-2760, CVE-2010-2762, CVE-2010-2764, CVE-2010-2765,CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769,CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169===========================================================A security issue affects the following Ubuntu releases:Ubuntu 8.04 LTSUbuntu 9.04Ubuntu 9.10Ubuntu 10.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 8.04 LTS: firefox-3.0 3.6.9+build1+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9.2 1.9.2.9+build1+nobinonly-0ubuntu0.8.04.1Ubuntu 9.04: abrowser 3.6.9+build1+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.6.9+build1+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9.2 1.9.2.9+build1+nobinonly-0ubuntu0.9.04.1Ubuntu 9.10: firefox-3.5 3.6.9+build1+nobinonly-0ubuntu0.9.10.2 xulrunner-1.9.1 1.9.1.12+build1+nobinonly-0ubuntu0.9.10.2 xulrunner-1.9.2 1.9.2.9+build1+nobinonly-0ubuntu0.9.10.1Ubuntu 10.04 LTS: abrowser 3.6.9+build1+nobinonly-0ubuntu0.10.04.1 firefox 3.6.9+build1+nobinonly-0ubuntu0.10.04.1 xulrunner-1.9.2 1.9.2.9+build1+nobinonly-0ubuntu0.10.04.1After a standard system update you need to restart Firefox and anyapplication that use Xulrunner to make all the necessary changes.Details follow:Several dangling pointer vulnerabilities were discovered in Firefox. Anattacker could exploit this to crash the browser or possibly run arbitrarycode as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,CVE-2010-3167)Blake Kaplan and Michal Zalewski discovered several weaknesses in theXPCSafeJSObjectWrapper (SJOW) security wrapper. If a user were tricked intoviewing a malicious site, a remote attacker could use this to run arbitraryJavaScript with chrome privileges. (CVE-2010-2762)Matt Haggard discovered that Firefox did not honor same-origin policy whenprocessing the statusText property of an XMLHttpRequest object. If a userwere tricked into viewing a malicious site, a remote attacker could usethis to gather information about servers on internal private networks.(CVE-2010-2764)Chris Rohlf discovered an integer overflow when Firefox processed the HTMLframeset element. If a user were tricked into viewing a malicious site, aremote attacker could use this to crash the browser or possibly runarbitrary code as the user invoking the program. (CVE-2010-2765)Several issues were discovered in the browser engine. If a user weretricked into viewing a malicious site, a remote attacker could use this tocrash the browser or possibly run arbitrary code as the user invoking theprogram. (CVE-2010-2766, CVE-2010-3168)David Huang and Collin Jackson discovered that the tag couldoverride the charset of a framed HTML document in another origin. Anattacker could utilize this to perform cross-site scripting attacks.(CVE-2010-2768)Paul Stone discovered that with designMode enabled an HTML selectioncontaining JavaScript could be copied and pasted into a document and havethe JavaScript execute within the context of the site where the code wasdropped. An attacker could utilize this to perform cross-site scriptingattacks. (CVE-2010-2769)A buffer overflow was discovered in Firefox when processing text runs. If auser were tricked into viewing a malicious site, a remote attacker coulduse this to crash the browser or possibly run arbitrary code as the userinvoking the program. (CVE-2010-3166)Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, JeffWalden, Gary Kwong and Olli Pettay discovered several flaws in thebrowser engine. If a user were tricked into viewing a malicious site, aremote attacker could use this to crash the browser or possibly runarbitrary code as the user invoking the program. (CVE-2010-3169)





More...