OVAL Reference oval:org.mitre.oval:def:13029

Oval Definition:

oval:org.mitre.oval:def:13029

Revision Date:	2014-06-30	Version:	19
Title:	USN-821-1 -- firefox-3.0, xulrunner-1.9 vulnerabilities
Description:	Several flaws were discovered in the Firefox browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Jesse Ruderman and Dan Kaminsky discovered that Firefox did not adequately inform users when security modules were added or removed via PKCS11. If a user visited a malicious website, an attacker could exploit this to trick the user into installing a malicious PKCS11 module. It was discovered that Firefox did not properly manage memory when using XUL tree elements. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Juan Pablo Lopez Yacubian discovered that Firefox did properly display certain Unicode characters in the location bar and other text fields when using a certain non-Ubuntu font. If a user configured Firefox to use this font, an attacker could exploit this to spoof the location bar, such as in a phishing attack. It was discovered that the BrowserFeedWriter in Firefox could be subverted to run JavaScript code from web content with elevated chrome privileges. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program
Family:	unix	Class:	patch
Status:	ACCEPTED	Reference(s):	CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 USN-821-1 USN-821-1
Platform(s):	Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.04	Product(s):	firefox-3.0 xulrunner-1.9
Definition Synopsis
Release section Ubuntu 8.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section abrowser DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-granparadiso-dev DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-granparadiso-dom-inspector DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-gnome-support DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-dev DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-granparadiso DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-trunk-gnome-support DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-trunk-dom-inspector DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR xulrunner-1.9-venkman DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-granparadiso-gnome-support DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-trunk-venkman DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-3.0-dom-inspector DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR xulrunner-1.9-dom-inspector DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-trunk DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-3.0-venkman DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-libthai DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-trunk-dev DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-dom-inspector DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 OR Installed architecture is i386 OR Installed architecture is powerpc OR Installed architecture is sparc OR Installed architecture is lpia AND Packages section firefox-3.0 DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR xulrunner-1.9-dev DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-3.0-branding DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR xulrunner-1.9-gnome-support DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR xulrunner-1.9 DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-3.0-gnome-support DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR abrowser-3.0-branding DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR firefox-3.0-dev DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR xulrunner-dev DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1 OR Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section firefox-trunk DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-granparadiso-dev DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-granparadiso-dom-inspector DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-gnome-support DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-dev DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-granparadiso DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-trunk-gnome-support DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-trunk-dom-inspector DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR xulrunner-1.9-venkman DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-granparadiso-gnome-support DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-trunk-venkman DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-3.0-dom-inspector DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR xulrunner-1.9-dom-inspector DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-3.0-venkman DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-libthai DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-trunk-dev DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-dom-inspector DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR Architecture depended section Supported architectures section Installed architecture is powerpc OR Installed architecture is amd64 OR Installed architecture is lpia OR Installed architecture is i386 AND Packages section firefox-3.0 DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR xulrunner-1.9-dev DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR xulrunner-1.9-gnome-support DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR xulrunner-1.9 DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-3.0-gnome-support DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR firefox-3.0-dev DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section abrowser DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-granparadiso-dev DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-granparadiso-dom-inspector DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-gnome-support DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-dev DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-granparadiso DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-trunk-gnome-support DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-trunk-dom-inspector DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR xulrunner-1.9-venkman DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-granparadiso-gnome-support DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-trunk-venkman DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-3.0-dom-inspector DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR xulrunner-1.9-dom-inspector DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-trunk DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-3.0-venkman DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-libthai DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-trunk-dev DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-dom-inspector DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 OR Installed architecture is i386 OR Installed architecture is powerpc OR Installed architecture is sparc OR Installed architecture is lpia AND Packages section firefox-3.0 DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR xulrunner-1.9-dev DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-3.0-branding DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR xulrunner-1.9-gnome-support DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR xulrunner-1.9 DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-3.0-gnome-support DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR abrowser-3.0-branding DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR firefox-3.0-dev DPKG is earlier than 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 OR xulrunner-dev DPKG is earlier than 1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1

BACK