Your submission was sent successfully! Close

USN-398-1: Firefox vulnerabilities

3 January 2007

Firefox vulnerabilities

Releases

Details

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)

Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
malicious web page containing JavaScript. (CVE-2006-6503,
CVE-2006-6507)

Jared Breland discovered that the "Feed Preview" feature could leak
referrer information to remote servers. (CVE-2006-6506)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.10
  • firefox - 2.0.0.1+0dfsg-0ubuntu0.6.10
  • firefox-dev - 2.0.0.1+0dfsg-0ubuntu0.6.10
  • libnss-dev - 2.0.0.1+0dfsg-0ubuntu0.6.10
  • libnss3 - 2.0.0.1+0dfsg-0ubuntu0.6.10
  • libnspr-dev - 2.0.0.1+0dfsg-0ubuntu0.6.10
  • libnspr4 - 2.0.0.1+0dfsg-0ubuntu0.6.10

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Related notices

  • USN-400-1: mozilla-thunderbird-dev, mozilla-thunderbird
  • USN-398-2: libnspr-dev, firefox-dev, libnss-dev, firefox, libnspr4, libnss3