CVE-2009-3376
Publication date 29 October 2009
Last updated 24 July 2024
Ubuntu priority
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox-3.0 | 9.10 karmic | Not in release |
9.04 jaunty |
Fixed 3.0.15+nobinonly-0ubuntu0.9.04.1
|
|
8.10 intrepid |
Fixed 3.0.15+nobinonly-0ubuntu0.8.10.1
|
|
8.04 LTS hardy |
Fixed 3.0.15+nobinonly-0ubuntu0.8.04.1
|
|
6.06 LTS dapper | Not in release | |
firefox-3.5 | 9.10 karmic |
Fixed 3.5.4+nobinonly-0ubuntu0.9.10.1
|
9.04 jaunty |
Fixed 3.5.4+nobinonly-0ubuntu0.9.04.1
|
|
8.10 intrepid | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Not in release | |
thunderbird | 9.10 karmic |
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1
|
9.04 jaunty |
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1
|
|
8.10 intrepid |
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1
|
|
8.04 LTS hardy |
Fixed 2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1
|
|
6.06 LTS dapper | Not in release | |
xulrunner-1.9 | 9.10 karmic | Not in release |
9.04 jaunty |
Fixed 1.9.0.15+nobinonly-0ubuntu0.9.04.1
|
|
8.10 intrepid |
Fixed 1.9.0.15+nobinonly-0ubuntu0.8.10.1
|
|
8.04 LTS hardy |
Fixed 1.9.0.15+nobinonly-0ubuntu0.8.04.1
|
|
6.06 LTS dapper | Not in release | |
xulrunner-1.9.1 | 9.10 karmic |
Fixed 1.9.1.4+nobinonly-0ubuntu0.9.10.1
|
9.04 jaunty |
Fixed 1.9.1.4+nobinonly-0ubuntu0.9.04.3
|
|
8.10 intrepid | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Not in release |