Debian: New Mozilla Firefox packages fix arbitrary code execution

    Date10 May 2006
    CategoryDebian
    7359
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1055-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    May 11th, 2006                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mozilla-firefox
    Vulnerability  : programming error
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-1993
    CERT advisory  : VU#866300
    BugTraq ID     : 17671
    
    Martijn Wargers and Nick Mott described crashes of Mozilla due to the
    use of a deleted controller context.  In theory this could be abused to
    execute malicious code.  Since Mozilla and Firefox share the same
    codebase, Firefox may be vulnerable as well.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 1.7.8-1sarge7.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.5.dfsg+1.5.0.3-1.
    
    We recommend that you upgrade your Mozilla Firefox packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7.dsc
          Size/MD5 checksum:     1001 b182197490af4a8c07faa21ec3178291
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7.diff.gz
          Size/MD5 checksum:   382272 eae0832fc7a4d408c33ff598859b95c3
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
          Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_alpha.deb
          Size/MD5 checksum: 11170108 35d0f530d00b9760f9b37b6d59a7b98c
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_alpha.deb
          Size/MD5 checksum:   168254 27b2e718d091dcff900a878dd352e2eb
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_alpha.deb
          Size/MD5 checksum:    60066 c8f22cf9f8971e69e6cc69d52ceb033a
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_amd64.deb
          Size/MD5 checksum:  9401164 9b9f42d600ca975265e57c51e0fe420b
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_amd64.deb
          Size/MD5 checksum:   162980 ae57927c8905ca478c9aaac05fd77679
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_amd64.deb
          Size/MD5 checksum:    58588 bbe086cded328a79afc3a5b5e04f1447
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_arm.deb
          Size/MD5 checksum:  8220434 d63fdf2bc771e7903e18fc95c03d21b4
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_arm.deb
          Size/MD5 checksum:   154458 10bee95fe87228a9107215d643b68cf7
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_arm.deb
          Size/MD5 checksum:    53918 3a1ffa2d6a7e115bc1e778dd0077044a
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_i386.deb
          Size/MD5 checksum:  8896786 b4905b847321b7731c1288c9d0122789
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_i386.deb
          Size/MD5 checksum:   158256 476a15b546d7b1254cc008cb1a844ef3
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_i386.deb
          Size/MD5 checksum:    55464 fb9c72d1b12b5aa5d2dc361b77726cd7
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_ia64.deb
          Size/MD5 checksum: 11629186 3e1248f0329f167f5bc8eed406b06420
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_ia64.deb
          Size/MD5 checksum:   168566 330d75c658d1223910417aee513d5a23
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_ia64.deb
          Size/MD5 checksum:    63240 4e346f99587fa558c5ad4d85289ba370
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_hppa.deb
          Size/MD5 checksum: 10273196 ffe9299d71a54b492ef877bd257dc03e
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_hppa.deb
          Size/MD5 checksum:   165962 bae1954b7d4890212b6b2b9a3d19b0f1
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_hppa.deb
          Size/MD5 checksum:    59044 099a56aea5ac814d73c64ebb9908212c
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_m68k.deb
          Size/MD5 checksum:  8171346 b9757d714b8fb34a7e97932bf0051ea6
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_m68k.deb
          Size/MD5 checksum:   157066 6726876e93ddec7b9769cd8c61bc16b4
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_m68k.deb
          Size/MD5 checksum:    54714 a33fecb05d28dda42c769cecec91565b
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_mips.deb
          Size/MD5 checksum:  9927864 4c70937659ebe4d7fc7ae13a5309007c
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_mips.deb
          Size/MD5 checksum:   155976 78d61083b2c02dbd379b6636ebbc2cbb
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_mips.deb
          Size/MD5 checksum:    55732 edfba6b5447f47d96c98c3db4f0cf52e
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_mipsel.deb
          Size/MD5 checksum:  9807630 a0c05595aa8e1468750bd3ff0ae670fb
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_mipsel.deb
          Size/MD5 checksum:   155546 ff7579d18436e60494704248cc5b1903
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_mipsel.deb
          Size/MD5 checksum:    55542 9e5b366836347ea73ffc69bd73426950
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_powerpc.deb
          Size/MD5 checksum:  8567490 c978e68620c8723ab1ec2362a2da55db
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_powerpc.deb
          Size/MD5 checksum:   156650 36577e400def2520244ed10477e835ac
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_powerpc.deb
          Size/MD5 checksum:    57838 71d25d8679a89959f2a3940b506d132b
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_s390.deb
          Size/MD5 checksum:  9639082 74a78e821f228e9e1e666989a20cb3c2
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_s390.deb
          Size/MD5 checksum:   163604 bd61659892deb545cd5f8d951f76cc9d
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_s390.deb
          Size/MD5 checksum:    58020 da2faef8dedb60e007645f3e337c66ca
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_sparc.deb
          Size/MD5 checksum:  8659776 381305a5710ff4246c38548cfa0716cc
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_sparc.deb
          Size/MD5 checksum:   156856 d648cb8107adf03e2754db2cb2f6a55d
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_sparc.deb
          Size/MD5 checksum:    54282 ab2a47c10e3c6fab92d7e1c1bd94f4f6
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.