USN-493-1: Firefox vulnerabilities

1 August 2007

Firefox vulnerabilities

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Details

A flaw was discovered in handling of "about:blank" windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)

Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3845)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.04
  • firefox - 2.0.0.6+1-0ubuntu1
Ubuntu 6.10
  • firefox - 2.0.0.6+0dfsg-0ubuntu0.6.10
Ubuntu 6.06
  • firefox - 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Related notices