Home / mailingsPDF  

[USN-1197-3] Firefox and Xulrunner vulnerability

Posted on 07 September 2011
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-1197-3
September 07, 2011

firefox, xulrunner-1.9.2 vulnerability
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

A certificate authority issued fraudulent certificates.

Software Description:
- firefox: Mozilla Open Source web browser
- xulrunner-1.9.2: Mozilla Gecko runtime environment

Details:

USN-1197-1 partially addressed an issue with Dutch Certificate Authority
DigiNotar mis-issuing fraudulent certificates. This update actively
distrusts the DigiNotar root certificate as well as several intermediary
certificates. Also included in this list of distrusted certificates are t=
he
Staat der Nederlanden root certificates.

Original advisory details:

It was discovered that Dutch Certificate Authority DigiNotar, had
mis-issued multiple fraudulent certificates. These certificates could al=
low
an attacker to perform a "man in the middle" (MITM) attack which would m=
ake
the user believe their connection is secure, but is actually being
monitored.
=20
For the protection of its users, Mozilla has removed the DigiNotar
certificate. Sites using certificates issued by DigiNotar will need to s=
eek
another certificate vendor.
=20
We are currently aware of a regression that blocks one of two Staat der
Nederlanden root certificates which are believed to still be secure. Thi=
s
regression is being tracked at https://launchpad.net/bugs/838322.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
firefox 6.0.2+build2+nobinonly-0ubuntu0.11.04.1=


Ubuntu 10.10:
firefox 3.6.22+build2+nobinonly-0ubuntu0.10.10.=
1
xulrunner-1.9.2 1.9.2.22+build2+nobinonly-0ubuntu0.10.1=
0.1

Ubuntu 10.04 LTS:
firefox 3.6.22+build2+nobinonly-0ubuntu0.10.04.=
1
xulrunner-1.9.2 1.9.2.22+build2+nobinonly-0ubuntu0.10.0=
4.1

After a standard system upgrade you need to restart Firefox and any
applications that use Xulrunner to effect the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1197-3
http://www.ubuntu.com/usn/usn-1197-1
https://launchpad.net/bugs/838322

Package Information:
https://launchpad.net/ubuntu/+source/firefox/6.0.2+build2+nobinonly-0ub=
untu0.11.04.1
https://launchpad.net/ubuntu/+source/firefox/3.6.22+build2+nobinonly-0u=
buntu0.10.10.1
https://launchpad.net/ubuntu/+source/xulrunner-1.9.2/1.9.2.22+build2+no=
binonly-0ubuntu0.10.10.1
https://launchpad.net/ubuntu/+source/firefox/3.6.22+build2+nobinonly-0u=
buntu0.10.04.1
https://launchpad.net/ubuntu/+source/xulrunner-1.9.2/1.9.2.22+build2+no=
binonly-0ubuntu0.10.04.1




------------

 

TOP

Mailings :

Exploits :