[USN-546-2] Firefox regression
Ubuntu Security Notice USN-546-2 December 04, 2007 firefox regression https://bugzilla.mozilla.org/show_bug.cgi?idKwetsbare Ubuntu versies:
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
- Ubuntu 6.10
- firefox 2.0.0.11+0nobinonly-0ubuntu0.6.10
- Ubuntu 7.10
- firefox 2.0.0.11+2nobinonly-0ubuntu0.7.10
- Ubuntu 7.04
- firefox 2.0.0.11+1nobinonly-0ubuntu0.7.4
After a standard system upgrade you need to restart Firefox to effect the necessary changes.
USN-546-1 fixed vulnerabilities in Firefox. The upstream update included a faulty patch which caused the drawImage method of the canvas element to fail. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Firefox incorrectly associated redirected sites as the origin of "jar:" contents. A malicious web site could exploit this to modify or steal confidential data (such as passwords) from other web sites. (CVE-2007-5947) Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2007-5959) Gregory Fleischer discovered that it was possible to use JavaScript to manipulate Firefox's Referer header. A malicious web site could exploit this to conduct cross-site request forgeries against sites that relied only on Referer headers for protection from such attacks. (CVE-2007-5960)
Ubuntero van de maand - Mei 2008 - Laacque
01-05-2008
Ooievaar brengt “Ruige Reiger”!
24-04-2008
Hardy Release Parties 2008
15-04-2008
Ubuntu demonstratie 19 april a.s. in Apeldoorn
10-04-2008
Ubuntero van de maand - April 2008 - Eendje
02-04-2008
Onverwachte downtime
01-04-2008
Nu ook chatten via de ubuntu NL website
30-03-2008
Ubuntero van de maand - Maart 2008 - profoX
01-03-2008
Ubuntero van de maand - Februari 2008 - Gandyman
03-02-2008
Ubuntero van de maand - Januari 2008
03-01-2008
Lees het nieuws via RSS