Debian: Mozilla Firefox fix several vulnerabilities DSA-1258-1

    Date 06 Feb 2007
    3669
    Posted By LinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1258-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                             Martin Schulze
    February 7th, 2007                      https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mozilla-firefox
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501
                     CVE-2006-6502 CVE-2006-6503
    CERT advisories: VU#263412 VU#405092 VU#427972 VU#428500 VU#447772 VU#606260
    BugTraq ID     : 21668
    Debian Bug     : 
    
    Several security related problems have been discovered in Mozilla and
    derived products such as Mozilla Firefox.  The Common Vulnerabilities
    and Exposures project identifies the following vulnerabilities:
    
    CVE-2006-6497
    
        Several vulnerabilities in the layout engine allow remote
        attackers to cause a denial of service and possibly permit them to
        execute arbitrary code. [MFSA 2006-68]
    
    CVE-2006-6498
    
        Several vulnerabilities in the JavaScript engine allow remote
        attackers to cause a denial of service and possibly permit them to
        execute arbitrary code. [MFSA 2006-68]
    
    CVE-2006-6499
    
        A bug in the js_dtoa function allows remote attackers to cause a
        denial of service. [MFSA 2006-68]
    
    CVE-2006-6501
    
        "shutdown" discovered a vulnerability that allows remote attackers
        to gain privileges and install malicious code via the watch
        JavaScript function. [MFSA 2006-70]
    
    CVE-2006-6502
    
        Steven Michaud discovered a programming bug that allows remote
        attackers to cause a denial of service. [MFSA 2006-71]
    
    CVE-2006-6503
    
        "moz_bug_r_a4" reported that the src attribute of an IMG element
        could be used to inject JavaScript code. [MFSA 2006-72]
    
    For the stable distribution (sarge) these problems have been fixed in
    version 1.0.2-2.sarge1.0.8e.2.
    
    For the testing (etch) and unstable (sid) distribution these problems
    have been fixed in version 1.5.0.9.dfsg1-1 of icedove.
    
    We recommend that you upgrade your Mozilla Thunderbird and Icedove packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2.dsc
          Size/MD5 checksum:     1003 98589a4dcffac076c95e1d3aa3aebadf
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2.diff.gz
          Size/MD5 checksum:   565274 897aa9e909e426a86d23314b34979440
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
          Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_alpha.deb
          Size/MD5 checksum: 12887452 7fae4782cf5821d6d95ccde5d6649ccb
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_alpha.deb
          Size/MD5 checksum:  3519306 849e410705ca14e5f295b345083f70f0
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_alpha.deb
          Size/MD5 checksum:   154092 e3018444e2cb9d14f95c79c77a854281
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_alpha.deb
          Size/MD5 checksum:    35098 153cb6752ca559a48eda9f330137a11a
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_alpha.deb
          Size/MD5 checksum:    91436 362b189e0b8020bc4a1d97c78e8d83ab
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_amd64.deb
          Size/MD5 checksum: 12273698 114e74f8fa22b052605343d805363a0a
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_amd64.deb
          Size/MD5 checksum:  3285226 00c01353f18b817960c1bb69e4d8184c
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_amd64.deb
          Size/MD5 checksum:   152186 2699607eb92737a5b199642562dc245a
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_amd64.deb
          Size/MD5 checksum:    34622 1884509c2052b9410bfcc2edc0889b4b
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_amd64.deb
          Size/MD5 checksum:    90410 ae62e9342e916565d5c61e10f5726d6b
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_arm.deb
          Size/MD5 checksum: 10353110 f16deab7a50d4825ed607e6e288f2fae
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_arm.deb
          Size/MD5 checksum:  3277278 b6012b40deb470e8997a8a8b4bed63c3
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_arm.deb
          Size/MD5 checksum:   144322 e9f1a4f97dcdc2500f11893df4a83090
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_arm.deb
          Size/MD5 checksum:    34634 f6097688447e83bb89e32f43f02bbe76
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_arm.deb
          Size/MD5 checksum:    82372 d548ef5e6c5168dea0ebcfd487bf538a
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_hppa.deb
          Size/MD5 checksum: 13585836 22bf188382e0b9eeab3e8668a7829313
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_hppa.deb
          Size/MD5 checksum:  3288674 1b5ec46286ea477290c18e168a6275ef
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_hppa.deb
          Size/MD5 checksum:   154352 c6729cc890884a0eca77f05ccd6bab0b
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_hppa.deb
          Size/MD5 checksum:    34628 3f84dfddd9efddaaa4f21d58a3653df4
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_hppa.deb
          Size/MD5 checksum:    98454 6e6decf81bddd8ea00c1368fa2b5e723
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_i386.deb
          Size/MD5 checksum: 11586880 f38dd2061ea093c4b6cbc0a080d1c40e
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_i386.deb
          Size/MD5 checksum:  3512118 61c00c5bccc32bd011e274249d921696
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_i386.deb
          Size/MD5 checksum:   147880 80d5872d2028eb50208cf8eea839abe7
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_i386.deb
          Size/MD5 checksum:    34624 3338dcfb4c556496ac4a4ca7d3ab2a2d
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_i386.deb
          Size/MD5 checksum:    89148 9ebbc2a0746e072cdeab95fd5c89f09d
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_ia64.deb
          Size/MD5 checksum: 14647370 452343151d070c164e7974fe2ee7a5c2
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_ia64.deb
          Size/MD5 checksum:  3294046 088221d0e1a94ab9ff9a85abf0c9dce0
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_ia64.deb
          Size/MD5 checksum:   156478 c1f0352991dda272adc4e98a01f6da04
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_ia64.deb
          Size/MD5 checksum:    34622 01497338dcbd76afba7b6f92ab600218
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_ia64.deb
          Size/MD5 checksum:   108286 5e996c3ce7ebb544fce21ee4a0b3be3e
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_m68k.deb
          Size/MD5 checksum: 10805538 1cd3d59f940e597ae5ea9db2b500b397
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_m68k.deb
          Size/MD5 checksum:  3276902 3b842492ea6b0510d0f866a1f6cd35c5
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_m68k.deb
          Size/MD5 checksum:   146114 fa6030acf9a09eaa56642dcd0a83d168
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_m68k.deb
          Size/MD5 checksum:    34644 3e8274232a5009226ecd918b5109dd9a
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_m68k.deb
          Size/MD5 checksum:    83626 90453c4ceba1fef2d6606114d86baf7e
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_mips.deb
          Size/MD5 checksum: 11964534 d8d5e25f49f281f37dee2bdab77ff4fa
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_mips.deb
          Size/MD5 checksum:  3284032 92daac0ef32ad9b1eebfb991c7e106b7
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_mips.deb
          Size/MD5 checksum:   149104 d27168040c767a4769cae0cbebd1e724
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_mips.deb
          Size/MD5 checksum:    34628 96b3a511bde2f35bd66af2aa1ec26591
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_mips.deb
          Size/MD5 checksum:    85876 48c7aed4c0150b96e6ef362c695d16ef
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_mipsel.deb
          Size/MD5 checksum: 11828974 24d07d5a509ca53e118a3fac51038100
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_mipsel.deb
          Size/MD5 checksum:  3284932 1bcabe31b86be5d62ba10f5b61b32e2f
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_mipsel.deb
          Size/MD5 checksum:   148662 4cef87b6244040b75c319209f1ee6b41
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_mipsel.deb
          Size/MD5 checksum:    34632 7e3347013b497d60b00732831412a6b6
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_mipsel.deb
          Size/MD5 checksum:    85756 246a85ef8a1f4757524bacd1c3f0a8ad
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_powerpc.deb
          Size/MD5 checksum: 10925170 b65fa19b09ee136eae77143c5375809e
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_powerpc.deb
          Size/MD5 checksum:  3274902 9fd696884a285d20aca2042e652d2c03
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_powerpc.deb
          Size/MD5 checksum:   146098 72c75a293110e574660fc29ccfac63d7
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_powerpc.deb
          Size/MD5 checksum:    34622 3010036628ed737082f983a4fc94c766
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_powerpc.deb
          Size/MD5 checksum:    82550 bf8330d7bce0096b4fe2e34f8d820b80
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_s390.deb
          Size/MD5 checksum: 12716512 c5657cead6d10fe6234e5887853859c5
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_s390.deb
          Size/MD5 checksum:  3284924 3b6f541bebc35dcf3e840496bd3f04d4
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_s390.deb
          Size/MD5 checksum:   152464 7036fdf6dbf83b7b746c6cb63b33371c
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_s390.deb
          Size/MD5 checksum:    34616 2ac4013bd1c1bc9c6fd95b20acb482d8
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_s390.deb
          Size/MD5 checksum:    90350 f1609d45f781904ef39c22524c1c5f89
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_sparc.deb
          Size/MD5 checksum: 11189638 da0895ee2088ec6f98968a316cc97900
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_sparc.deb
          Size/MD5 checksum:  3280572 c7f2f6fe78c799311b859104ec50eb85
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_sparc.deb
          Size/MD5 checksum:   145772 c58173582e57d067196cec38f08ce9a4
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_sparc.deb
          Size/MD5 checksum:    34630 4b01decb81ef2a3834a8ac38205c4d74
        https://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_sparc.deb
          Size/MD5 checksum:    84174 07a7408437bf4a4049dcc1edf35937a5
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"13","type":"x","order":"1","pct":61.9,"resources":[]},{"id":"121","title":"No ","votes":"8","type":"x","order":"2","pct":38.1,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.