Your submission was sent successfully! Close

USN-351-1: firefox vulnerabilities

23 September 2006

firefox vulnerabilities



Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript. (CVE-2006-4253,
CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4569

The NSS library did not sufficiently check the padding of PKCS #1 v1.5
signatures if the exponent of the public key is 3 (which is widely
used for CAs). This could be exploited to forge valid signatures
without the need of the secret key. (CVE-2006-4340)

Jon Oberheide reported a way how a remote attacker could trick users
into downloading arbitrary extensions with circumventing the normal
SSL certificate check. The attacker would have to be in a position to
spoof the victim's DNS, causing them to connect to sites of the
attacker's choosing rather than the sites intended by the victim. If
they gained that control and the victim accepted the attacker's cert
for the Mozilla update site, then the next update check could be
hijacked and redirected to the attacker's site without
detection. (CVE-2006-4567)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06
  • firefox - 1.5.dfsg+
  • libnss3 - 1.5.dfsg+

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Please note that Firefox 1.0.8 in Ubuntu 5.10 and Ubuntu 5.04 are also
affected by these problems. Updates for these Ubuntu releases will be
delayed due to upstream dropping support for this Firefox version. We
strongly advise that you disable JavaScript to disable the attack
vectors for most vulnerabilities if you use one of these Ubuntu
versions. An update is currently in progress.

Related notices

  • USN-361-1: mozilla-mailnews, mozilla-browser, libnspr4, libnss3, mozilla-psm
  • USN-350-1: mozilla-thunderbird-locale-uk, mozilla-thunderbird-locale-nl, mozilla-thunderbird-enigmail, mozilla-thunderbird-locale-it, mozilla-thunderbird, mozilla-thunderbird-locale-de, mozilla-thunderbird-locale-fr, mozilla-thunderbird-typeaheadfind, mozilla-thunderbird-locale-ca, mozilla-thunderbird-inspector, mozilla-thunderbird-locale-pl
  • USN-352-1: mozilla-thunderbird