gnewsense-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gNewSense-users] Firefox crashes on cnet.com due to security vulnerabil


From: Daniel Dickinson
Subject: [gNewSense-users] Firefox crashes on cnet.com due to security vulnerability in Dapper 6.06 (since updated in Ubuntu)
Date: Wed, 8 Nov 2006 02:52:34 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Firefox has issues with certain websites, noteably cnet.com which, at
the least results in a corrupted display and frequently crashes the
display and freezes the keyboard resulting in the need for a reboot.
Fortunately a clean reset can be had on the machine I'm testing on
because of soft poweroff.  On an older system it'd be a hard power
cycle.

On doing some research, it seems that the version of firefox delivered
with ubuntu 6.06 has a bug in privileged(!) ui code.  It is treated as
a security vulnerability and has been fixed in ubuntu.

## quoted text follows ##

Ubuntu 6.06 LTS:
  firefox                        1.5.dfsg+1.5.0.4-0ubuntu6.06

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Please note that Firefox 1.0.8 in Ubuntu 5.10 and Ubuntu 5.04 are also
affected by these problems. Updates for these Ubuntu releases will be
delayed due to upstream dropping support for this Firefox version. We
strongly advise that you disable JavaScript to disable the attack
vectors for most vulnerabilities if you use one of these Ubuntu
versions.

The Mozilla developer team discovered several bugs that lead to
crashes with memory corruption. These might be exploitable by
malicious web sites to execute arbitrary code with the privileges of
the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780, CVE-2006-2788)


- -- 
GnuPG Key Fingerprint 86 F5 81 A5 D4 2E 1F 1C      http://gnupg.org
And that's my crabbing done for the day.  Got it out of the way early, 
now I have the rest of the afternoon to sniff fragrant tea-roses or 
strangle cute bunnies or something.   -- Michael Devore
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFUYzThvWBpdQuHxwRAg3LAJsEUh62UaUBNMbrhrggn9/Scu9MKACgsP3t
eyKFFbGs4RG7ZHOLv48DGew=
=m5Z+
-----END PGP SIGNATURE-----

reply via email to

[Prev in Thread] Current Thread [Next in Thread]