Packages
Details
Glenn Randers-Pehrson discovered that the embedded libpng in Firefox
did not properly initialize pointers. If a user were tricked into
viewing a malicious website with a crafted PNG file, a remote attacker
could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2009-0040)
Martijn Wargers, Jesse Ruderman, Josh Soref, Gary Kwong, and Timothee
Groleau discovered flaws in the browser engine. If a user were tricked
into viewing a malicious website, a remote attacker could cause a
denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-0771,
CVE-2009-0772, CVE-2009-0773, CVE-2009-0774)
A flaw was discovered in Firefox's...
Glenn Randers-Pehrson discovered that the embedded libpng in Firefox
did not properly initialize pointers. If a user were tricked into
viewing a malicious website with a crafted PNG file, a remote attacker
could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2009-0040)
Martijn Wargers, Jesse Ruderman, Josh Soref, Gary Kwong, and Timothee
Groleau discovered flaws in the browser engine. If a user were tricked
into viewing a malicious website, a remote attacker could cause a
denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-0771,
CVE-2009-0772, CVE-2009-0773, CVE-2009-0774)
A flaw was discovered in Firefox's garbage collection process. Under
certain circumstances a remote attacker could exploit this to cause a
denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-0775)
Georgi Guninski discovered a flaw when Firefox performed a
cross-domain redirect. An attacker could bypass the same-origin policy
in Firefox by utilizing nsIRDFService and steal private data from
users authenticated to the redirected website. (CVE-2009-0776)
Masahiro Yamada discovered that Firefox did not display control
characters in the location bar. An attacker could exploit this to
spoof the location bar, such as in a phishing attack. (CVE-2009-0777)
Update instructions
After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 8.10 intrepid | firefox-3.0 – 3.0.7+nobinonly-0ubuntu0.8.10.1 | ||
| abrowser – 3.0.7+nobinonly-0ubuntu0.8.10.1 | |||
| xulrunner-1.9 – 1.9.0.7+nobinonly-0ubuntu0.8.10.1 | |||
| 8.04 hardy | firefox-3.0 – 3.0.7+nobinonly-0ubuntu0.8.04.1 | ||
| xulrunner-1.9 – 1.9.0.7+nobinonly-0ubuntu0.8.04.1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.