← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

Candidate: CVE-2010-3182
PublicDate: 2010-10-21
PublicDateAtUSN: 2010-10-19
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182
 http://www.ubuntu.com/usn/usn-998-1
 http://www.ubuntu.com/usn/usn-997-1
Description:
 A certain application-launch script in Mozilla Firefox before 3.5.14 and
 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
 SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the
 LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan
 horse shared library in the current working directory.
Ubuntu-Description: 
Notes: 
 jdstrand> CVEs in Firefox are tracked in the xulrunner source packages for
  builds that use the system xulrunner, and firefox source packages for those
  that use a static build
   xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS (system xul)
   xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system xul)
   xulrunner-1.9: (ignored) reverse dependencies no longer process web content
   xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content
   xulrunner-1.9.2: system xul for reverese dependencies that process web content
   firefox: Ubuntu 6.06 LTS (static build)
   firefox: Ubuntu 10.04 LTS and higher (static build of 3.6.x or higher)
   firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x)
   firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead)
   firefox-3.5: Ubuntu 9.10 (static build of 3.6.x)
Bugs: 
Priority: low
Discovered-by:
Assigned-to: chriscoulson

Patches_firefox:
upstream_firefox: released (3.6.11)
dapper_firefox: ignored (reached end-of-life)
hardy_firefox: ignored (uses system xulrunner)
jaunty_firefox: DNE
karmic_firefox: DNE
lucid_firefox: released (3.6.11+build3+nobinonly-0ubuntu0.10.04.1)
maverick_firefox: released (3.6.11+build3+nobinonly-0ubuntu0.10.10.1)
natty_firefox: released (3.6.11+build3+nobinonly-0ubuntu0.10.10.1)
devel_firefox: released (3.6.11+build3+nobinonly-0ubuntu0.10.10.1)

Patches_firefox-3.0:
upstream_firefox-3.0: needs-triage (Ubuntu source uses 3.6.x)
dapper_firefox-3.0: DNE
hardy_firefox-3.0: released (3.6.11+build3+nobinonly-0ubuntu0.8.04.1)
jaunty_firefox-3.0: released (3.6.11+build3+nobinonly-0ubuntu0.9.04.1)
karmic_firefox-3.0: DNE
lucid_firefox-3.0: DNE
maverick_firefox-3.0: DNE
natty_firefox-3.0: DNE
devel_firefox-3.0: DNE

Patches_firefox-3.5:
upstream_firefox-3.5: needs-triage (Ubuntu source uses 3.6.x)
dapper_firefox-3.5: DNE
hardy_firefox-3.5: DNE
jaunty_firefox-3.5: released (3.5.14+build3+nobinonly-0ubuntu0.9.04.1)
karmic_firefox-3.5: released (3.6.11+build3+nobinonly-0ubuntu0.9.10.1)
lucid_firefox-3.5: DNE
maverick_firefox-3.5: DNE
natty_firefox-3.5: DNE
devel_firefox-3.5: DNE


Patches_xulrunner-1.9.1:
upstream_xulrunner-1.9.1: released (1.9.1.14)
dapper_xulrunner-1.9.1: DNE
hardy_xulrunner-1.9.1: DNE
jaunty_xulrunner-1.9.1: released (1.9.1.14+build4+nobinonly-0ubuntu0.9.04.1)
karmic_xulrunner-1.9.1: released (1.9.1.14+build4+nobinonly-0ubuntu0.9.10.1)
lucid_xulrunner-1.9.1: DNE
maverick_xulrunner-1.9.1: DNE
natty_xulrunner-1.9.1: DNE
devel_xulrunner-1.9.1: DNE


Patches_xulrunner-1.9.2:
upstream_xulrunner-1.9.2: released (1.9.2.11)
dapper_xulrunner-1.9.2: DNE
hardy_xulrunner-1.9.2: released (1.9.2.11+build3+nobinonly-0ubuntu0.8.04.1)
jaunty_xulrunner-1.9.2: released (1.9.2.11+build3+nobinonly-0ubuntu0.9.04.1)
karmic_xulrunner-1.9.2: released (1.9.2.11+build3+nobinonly-0ubuntu0.9.10.1)
lucid_xulrunner-1.9.2: released (1.9.2.11+build3+nobinonly-0ubuntu0.10.04.1)
maverick_xulrunner-1.9.2: released (1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1)
natty_xulrunner-1.9.2: released (1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1)
devel_xulrunner-1.9.2: released (1.9.2.11+build3+nobinonly-0ubuntu0.10.10.1)


Patches_seamonkey:
upstream_seamonkey: released (2.0.9)
dapper_seamonkey: DNE
hardy_seamonkey: released (2.0.9+build1+nobinonly-0ubuntu0.8.04.1)
jaunty_seamonkey: released (2.0.9+build1+nobinonly-0ubuntu0.9.04.1)
karmic_seamonkey: released (2.0.9+build1+nobinonly-0ubuntu0.9.10.1)
lucid_seamonkey: released (2.0.9+build1+nobinonly-0ubuntu0.10.04.1)
maverick_seamonkey: released (2.0.9+build1+nobinonly-0ubuntu0.10.10.1)
natty_seamonkey: released (2.0.9+build1+nobinonly-0ubuntu0.10.10.1)
devel_seamonkey: released (2.0.9+build1+nobinonly-0ubuntu0.10.10.1)


Patches_thunderbird:
upstream_thunderbird: released (3.0.9, 3.1.5)
dapper_thunderbird: DNE
hardy_thunderbird: ignored (reached end-of-life)
jaunty_thunderbird: ignored (reached end-of-life)
karmic_thunderbird: ignored (reached end-of-life)
lucid_thunderbird: released (3.0.9+build1+nobinonly-0ubuntu0.10.04.1)
maverick_thunderbird: released (3.1.5+build1+nobinonly-0ubuntu0.10.10.1)
natty_thunderbird: released (3.1.5+build1+nobinonly-0ubuntu0.10.10.1)
devel_thunderbird: released (3.1.5+build1+nobinonly-0ubuntu0.10.10.1)