Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

firefox-3.0, xulrunner-1.9 vulnerabilities

Related Vulnerabilities: CVE-2010-0174   CVE-2010-0175   CVE-2010-0176   CVE-2010-0177   CVE-2010-0178   CVE-2010-0179  

Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0174)

It was discovered that Firefox could be made to access previously freed memory. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)

Source

9 April 2010

firefox-3.0, xulrunner-1.9 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04 LTS

Software Description

  • firefox-3.0
  • xulrunner-1.9

Details

Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0174)

It was discovered that Firefox could be made to access previously freed memory. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)

Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. If the user could be tricked into performing this action twice on a crafted website, an attacker could execute arbitrary JavaScript with chrome privileges. (CVE-2010-0178)

It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser. If the user had the Firebug add-on installed and were tricked into viewing a malicious website, an attacker could potentially run arbitrary JavaScript. (CVE-2010-0179)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.04
abrowser - 3.0.19+nobinonly-0ubuntu0.9.04.1
firefox-3.0 - 3.0.19+nobinonly-0ubuntu0.9.04.1
xulrunner-1.9 - 1.9.0.19+nobinonly-0ubuntu0.9.04.1
Ubuntu 8.10
abrowser - 3.0.19+nobinonly-0ubuntu0.8.10.1
firefox-3.0 - 3.0.19+nobinonly-0ubuntu0.8.10.1
xulrunner-1.9 - 1.9.0.19+nobinonly-0ubuntu0.8.10.1
Ubuntu 8.04 LTS
firefox-3.0 - 3.0.19+nobinonly-0ubuntu0.8.04.1
xulrunner-1.9 - 1.9.0.19+nobinonly-0ubuntu0.8.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart Firefox and any applications that use Xulrunner to effect the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started