Ubuntu Security Notice USN-1149-2
June 29, 2011
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
In rare instances, Firefox could have trouble accessing some websites.
- firefox: safe and easy web browser from Mozilla
USN-1149-1 fixed vulnerabilities in Firefox. Unfortunately, a regression
was introduced that prevented cookies from being stored properly when the
hostname was a single character. This update fixes the problem. We
apologize for the inconvenience.
Original advisory details:
Multiple memory vulnerabilities were discovered in the browser rendering
engine. An attacker could use these to possibly execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2011-2364, CVE-2011-2365,
Martin Barbella discovered that under certain conditions, viewing a XUL
accessed. An attacker could potentially use this to crash Firefox or
execute arbitrary code with the privileges of the user invoking Firefox.
Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace
images due to memory corruption. An attacker could potentially use this to
crash Firefox or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2011-2377)
Chris Rohlf and Yan Ivnitskiy discovered an integer overflow vulnerability
arbitrary code with the privileges of the user invoking Firefox.
Multiple use-after-free vulnerabilities were discovered. An attacker could
potentially use these to execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363)
David Chan discovered that cookies did not honor same-origin conventions.
This could potentially lead to cookie data being leaked to a third party.
The problem can be corrected by updating your system to the following
Ubuntu 10.04 LTS:
After a standard system update you need to restart Firefox to make all the