[Bug 160895] Re: upgrade to firefox 2.0.0.9
medigeek
vicedar+launchpad at gmail.com
Sun Nov 25 16:15:06 UTC 2007
this was in an earlier version of @risk newsletter:
(November 5th 2007)
@RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 45
(4) HIGH: Mozilla Firefox Arbitrary Script Execution Vulnerability
Affected:
Mozilla Firefox versions 2.0.0.8 and prior
Description: Mozilla Firefox contains a vulnerability in its handling
of JavaScript. A specially crafted web page could bypass domain
restrictions an allow an attacker to execute arbitrary JavaScript in a
security domain different from that in which it was loaded. This could
allow an attacker to alter the user interface or potentially execute
arbitrary code with the privileges of the current user. Some technical
details and a proof-of-concept are available for this vulnerability.
Additionally, technical details may be available via source code
analysis. Other Mozilla products, such as Thunderbird and SeaMonkey may
also be affected.
Status: Mozilla has not confirmed, no updates available.
References:
Posting by The Hacker Webzine
http://www.0x000000.com/index.php?i=465
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/26283.html
SecurityFocus BID
http://www.securityfocus.com/bid/26283
It's not confirmed though, 2.0.0.9 is just a stability update:
Firefox 2.0.0.9 stability update now available for download
Nevertheless, it's widely used as a default browser, Ubuntu should support a stability update in order to be more efficient.
Or at least put it in backports :)
--
upgrade to firefox 2.0.0.9
https://bugs.launchpad.net/bugs/160895
You received this bug notification because you are a member of Mozilla
Bugs, which is a bug contact for firefox in ubuntu.
More information about the Ubuntu-mozillateam-bugs
mailing list