USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when auto-filling saved-password login forms without a username field, Firefox would crash. This update fixes the problem.
We apologize for the inconvenience.
27 January 2007
A security issue affects these releases of Ubuntu and its derivatives:
USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when auto-filling saved-password login forms without a username field, Firefox would crash. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504)
Various flaws have been reported that allow an attacker to bypass Firefox’s internal XSS protections by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-6503)
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart Firefox to effect the necessary changes.
Vulmon