Debian: New Mozilla Firefox packages fix several vulnerabilities

    Date13 Sep 2006
    CategoryDebian
    2486
    Posted ByLinuxSecurity Advisories
    The latest security updates of Mozilla Firefox introduced a regression that led to a disfunctional attachment panel which warrants a correction to fix this issue. For reference please find below the original advisory text: Several security related problems have been discovered in Mozilla and derived products like Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3811
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1161-2                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    September 13th, 2006                    http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mozilla-firefox
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808
                     CVE-2006-3809 CVE-2006-3811
    CERT advisories: VU#655892 VU#687396 VU#876420
    BugTraq ID     : 19181
    
    The latest security updates of Mozilla Firefox introduced a regression
    that led to a disfunctional attachment panel which warrants a
    correction to fix this issue.  For reference please find below the
    original advisory text:
    
      Several security related problems have been discovered in Mozilla and
      derived products like Mozilla Firefox.  The Common Vulnerabilities and
      Exposures project identifies the following vulnerabilities:
    
      CVE-2006-3805
    
          The Javascript engine might allow remote attackers to execute
          arbitrary code.  [MFSA-2006-50]
    
      CVE-2006-3806
    
          Multiple integer overflows in the Javascript engine might allow
          remote attackers to execute arbitrary code.  [MFSA-2006-50]
    
      CVE-2006-3807
    
          Specially crafted Javascript allows remote attackers to execute
          arbitrary code.  [MFSA-2006-51]
    
      CVE-2006-3808
    
          Remote AutoConfig (PAC) servers could execute code with elevated
          privileges via a specially crafted PAC script.  [MFSA-2006-52]
    
      CVE-2006-3809
    
          Scripts with the UniversalBrowserRead privilege could gain
          UniversalXPConnect privileges and possibly execute code or obtain
          sensitive data.  [MFSA-2006-53]
    
      CVE-2006-3811
    
          Multiple vulnerabilities allow remote attackers to cause a denial
          of service (crash) and possibly execute arbitrary code.
          [MFSA-2006-55]
    
    For the stable distribution (sarge) these problems have been fixed in
    version 1.0.4-2sarge11.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 1.5.dfsg+1.5.0.5-1.
    
    We recommend that you upgrade your mozilla-firefox package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11.dsc
          Size/MD5 checksum:     1003 fcb7947248bc53a236134e59a7e9673a
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11.diff.gz
          Size/MD5 checksum:   419204 417893bc76c1a0f772e6c6eff7571c98
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
          Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_alpha.deb
          Size/MD5 checksum: 11176846 0f8f7a2dfe4758092806312b92c0fa16
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_alpha.deb
          Size/MD5 checksum:   169842 7bc6af501357d15416aa39a731ad84a7
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_alpha.deb
          Size/MD5 checksum:    61674 6746719356df15955ad4cadfee8a44ae
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_amd64.deb
          Size/MD5 checksum:  9405320 6cb1704571922ccc445aa3b54cfee6b1
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_amd64.deb
          Size/MD5 checksum:   164636 81725e9973607ef36dd732a2e7ef40a1
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_amd64.deb
          Size/MD5 checksum:    60204 2eb1e134427f4f4dc94233c42aadc295
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_arm.deb
          Size/MD5 checksum:  8228072 fd099e40cc4ab7475f9b9ee5edbaf224
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_arm.deb
          Size/MD5 checksum:   156064 10ce619e39bc6b2731114786e1cb9c93
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_arm.deb
          Size/MD5 checksum:    55518 da686a241720a55b9f444c2d00da3fb8
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_hppa.deb
          Size/MD5 checksum: 10281878 47dd66ed0e3f65b784257a3a7124b669
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_hppa.deb
          Size/MD5 checksum:   167584 b795910270c5244dce878ede41b1bf4e
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_hppa.deb
          Size/MD5 checksum:    60656 e2735db17f1c50937886821f5c682325
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_i386.deb
          Size/MD5 checksum:  8905260 78f91ed5ea64d8401f81c881bf197318
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_i386.deb
          Size/MD5 checksum:   159842 39c39cc385ece1da80d7129ad5d91073
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_i386.deb
          Size/MD5 checksum:    57062 54ca183ad099a3d172a03433fb9bae77
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_ia64.deb
          Size/MD5 checksum: 11638550 b7c8dca5be087b63b0c9cb99a5406ee6
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_ia64.deb
          Size/MD5 checksum:   170184 ebba92837650a1af655a24b3196510cd
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_ia64.deb
          Size/MD5 checksum:    64872 0da252d7693a0c55a7f1e9e92e8bfd93
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_m68k.deb
          Size/MD5 checksum:  8180246 a55c8120cfc2da1df53dc65ecd6fce91
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_m68k.deb
          Size/MD5 checksum:   158684 746c12952165ac9375d63b5ae8ba34f1
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_m68k.deb
          Size/MD5 checksum:    56318 e1b1e85cf556c71d425403b0177aa871
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_mips.deb
          Size/MD5 checksum:  9939250 9e86d61f30f4057e59dc7f310cbb5cf5
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_mips.deb
          Size/MD5 checksum:   157634 e5f8214f60849ae5ac4be6967719d2cd
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_mips.deb
          Size/MD5 checksum:    57332 aec13be187d73ef17e173594f6476b5a
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_mipsel.deb
          Size/MD5 checksum:  9814448 412c4ae8bf5c53d0d6eb151a13f5be65
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_mipsel.deb
          Size/MD5 checksum:   157198 a7ef40abac781f64a43fb6bfd5013785
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_mipsel.deb
          Size/MD5 checksum:    57148 50378fe99784dd4e0612f2339843345a
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_powerpc.deb
          Size/MD5 checksum:  8576000 845d7e9726dfe677b3e7e788b3c4daa7
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_powerpc.deb
          Size/MD5 checksum:   158278 cee79f6031004b1d26287c1766acc8c0
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_powerpc.deb
          Size/MD5 checksum:    59444 3cede4cc2ffbb21a460a87ae6da4c443
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_s390.deb
          Size/MD5 checksum:  9644388 4cdc4fba0ff2f749509e0162eac50ab1
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_s390.deb
          Size/MD5 checksum:   165190 285d75aa1d10c558cf56de3917777ab4
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_s390.deb
          Size/MD5 checksum:    59630 686ad114f29bce70ebeef7744ac140a9
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_sparc.deb
          Size/MD5 checksum:  8667892 cac220d156fdb0d0a307ccbec6e648af
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_sparc.deb
          Size/MD5 checksum:   158460 fa572a3d6e045fd7faca38d96ad0d529
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_sparc.deb
          Size/MD5 checksum:    55882 e70bf88e151ba6e56a9bc4239bc519c8
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.