LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-17-2009, 07:18 AM   #121
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371

Quote:
Originally Posted by win32sux View Post
Bugtraq

NOTE: I can confirm the exploit works on Firefox 3.0.6 (Ubuntu 8.10).
FYI: It also works on Firefox 3.0.7, which is the latest version.
 
Old 03-26-2009, 05:17 PM   #122
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Mozilla Firefox XSL Parsing 'root' XML Tag Remote Memory Corruption Vulnerability

Quote:
Mozilla Firefox is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition.
Bugtraq
 
Old 03-27-2009, 07:17 PM   #123
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Firefox 3.0.8 has been released.

It addresses two security vulnerabilities, both of which are rated as critical.

Last edited by win32sux; 03-27-2009 at 07:18 PM.
 
Old 04-18-2009, 11:15 PM   #124
boryi
LQ Newbie
 
Registered: Apr 2009
Location: China
Posts: 1

Rep: Reputation: 0
Thanks
 
Old 04-22-2009, 06:00 AM   #125
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Exclamation Mozilla Firefox Memory Corruption and Security Bypass Vulnerabilities

Quote:
Multiple vulnerabilities have been identified in Mozilla Firefox, which could be exploited by attackers to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service or compromise a vulnerable system.
VUPEN Security Advisory

These are fixed in 3.0.9. You can get the full release notes here.
 
Old 04-26-2009, 12:05 PM   #126
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
The word on the street is that 3.0.10 will be out shortly to fix a couple more vulnerabilities.

Anyone got any links to reliable information about this?

Last edited by win32sux; 04-27-2009 at 09:40 AM.
 
Old 04-28-2009, 05:17 AM   #127
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Firefox 3.0.10 has been released.

And here it is, folks. It fixes two bugs, one of which is rated as critical.

Last edited by win32sux; 04-28-2009 at 05:18 AM.
 
Old 06-11-2009, 06:44 PM   #128
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Firefox 3.0.11 has been released.

It includes fixes for several critical security issues.
 
Old 06-30-2009, 12:46 PM   #129
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Firefox 3.5 has been released.

I think a notification here doesn't hurt, considering it brings many security and privacy improvements.

Last edited by win32sux; 06-30-2009 at 12:48 PM.
 
Old 07-14-2009, 09:11 AM   #130
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Exclamation Mozilla Firefox 3.5 Vulnerability (Critical)

Quote:
US-CERT is aware of reports of a vulnerability affecting Mozilla Firefox 3.5. This vulnerability is due to an error in the way JavaScript code is processed. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. Additionally, exploit code is publicly available for this vulnerability.
US-CERT | VUPEN | Secunia

Last edited by win32sux; 07-14-2009 at 09:17 AM.
 
Old 07-17-2009, 09:39 AM   #131
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Firefox 3.5.1 was released yesterday to address the above vulnerability, as well as some non-security issues.
 
Old 07-21-2009, 07:25 PM   #132
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Firefox 3.0.12 has been released.

It includes fixes for several security issues, almost all of which have a rating of Critical.
 
Old 07-25-2009, 04:47 AM   #133
Harry83
LQ Newbie
 
Registered: Jul 2009
Posts: 3

Rep: Reputation: 0
Quote:
Originally Posted by win32sux View Post
This thread serves as a discussion place for any current security vulnerabilities in Mozilla Firefox. LQ members are encouraged to subscribe to this thread in order to stay informed about the latest Mozilla Firefox security fixes and workarounds. If this is your first time stopping by this thread, get the latest info by jumping to the last page.

I will try this very soon.
Nice work mate.

Regards

Harry
 
Old 07-29-2009, 05:04 PM   #134
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Mozilla Firefox URL Spoofing Security Issue

Quote:
Juan Pablo Lopez Yacubian has discovered a security issue in Mozilla Firefox, which can be exploited by malicious people to display a fake URL in the address bar.

The security issue is caused due to an error when opening a new window for a malformed domain. This can be exploited to display an arbitrary URL in the address bar of a child window by issuing a "window.open()" call with a domain containing e.g. "%20" characters.

The security issue is confirmed in version 3.0.12 and 3.5.1. Other versions may also be affected.
Secunia Advisory
 
Old 08-03-2009, 03:39 AM   #135
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Mozilla Firefox Network Security Services Multiple Vulnerabilities

Quote:
Some vulnerabilities have been reported in Mozilla Firefox, which can potentially be exploited by malicious people to bypass certain security restrictions or to compromise a vulnerable system.
Secunia Advisory


Quote:
IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions.
MFSA 2009-42


Quote:
Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw.
MFSA 2009-43

Last edited by win32sux; 08-03-2009 at 03:42 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Mozilla Thunderbird to Find New Home as Mozilla Foundation Focuses on Mozilla Firefox LXer Syndicated Linux News 0 07-27-2007 09:16 AM
LXer: Mozilla Firefox 1.5.0.8 and Mozilla Thunderbird 1.5.0.8 Released LXer Syndicated Linux News 0 11-09-2006 05:21 PM
LXer: Mozilla Corporation Signs Mozilla Firefox Distribution Deal with RealNetworks LXer Syndicated Linux News 0 08-03-2006 03:21 PM
LXer: Mozilla Firefox and Mozilla Thunderbird 1.5.0.5 Community Test Day LXer Syndicated Linux News 0 07-14-2006 08:54 AM
Mozilla flaws could allow attacks, data access into Firefox & Mozilla web browsers! t3gah Linux - Security 6 04-09-2006 04:00 AM


All times are GMT -5. The time now is 10:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration