Firefox - new version for repositories?
Charles E "RIck" Taylor IV
rick at rickandpatty.com
Tue Feb 7 18:44:17 UTC 2006
A question I'd ask is simply this: The latest Firefox update was a
security update. Is the Firefox browser currently available in Ubuntu
also vulnerable?
(I could care less about 1.5 ... I *do* care about browsers running
arbitrary code fed to them by malicious web sites...)
[From Fedora's recent Firefox security update]
Igor Bukanov discovered a bug in the way Firefox's
JavaScript interpreter dereferences objects. If a user
visits a malicious web page, Firefox could crash or execute
arbitrary code as the user running Firefox. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2006-0292 to this issue.
moz_bug_r_a4 discovered a bug in Firefox's
XULDocument.persist() function. A malicious web page could
inject arbitrary RDF data into a user's localstore.rdf file,
which can cause Firefox to execute arbitrary JavaScript when
a user runs Firefox. (CVE-2006-0296)
A denial of service bug was found in the way Firefox saves
history information. If a user visits a web page with a very
long title, it is possible Firefox will crash or take a very
long time to start the next time it is run. (CVE-2005-4134)
--
--------------------------------------------------------------------
* Charles E. "Rick" Taylor, IV <rick at rickandpatty.com>
--------------------------------------------------------------------
* Web: http://www.rickandpatty.com
* Blog: http://shrimpandgrits.rickandpatty.com
--------------------------------------------------------------------
More information about the ubuntu-users
mailing list