Linux Security
Linux Security
Linux Security

Debian: New mozilla-firefox packages fox multiple vulnerabilities

Date 02 Oct 2005
7279
Posted By Joe Shakespeare
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 838-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                              Michael Stone
October 2nd, 2005                       https://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-firefox
Vulnerability  : multiple
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704 
		 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707

Multiple security vulnerabilities have been identified in the
mozilla-firefox web browser.  These vulnerabilities could allow an
attacker to execute code on the victim's machine via specially crafted
network resources.

CAN-2005-2701

	Heap overrun in XBM image processing

CAN-2005-2702

	Denial of service (crash) and possible execution of arbitrary
	code via Unicode sequences with "zero-width non-joiner"
	characters.

CAN-2005-2703

	XMLHttpRequest header spoofing

CAN-2005-2704

	Object spoofing using XBL 

CAN-2005-2705

	JavaScript integer overflow

CAN-2005-2706

	Privilege escalation using about: scheme

CAN-2005-2707

	Chrome window spoofing allowing windows to be created without
	UI components such as a URL bar or status bar that could be
	used to carry out phishing attacks

For the stable distribution (sarge), these problems have been fixed in
version 1.0.4-2sarge5

For the unstable distribution (sid), these problems have been fixed in
version 1.0.7-1

We recommend that you upgrade your mozilla-firefox package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.dsc
      Size/MD5 checksum:     1001 bf9cf2b7106335cccc2afb10f6386c57
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.diff.gz
      Size/MD5 checksum:   332598 d3f81e09a762be3c51aa20655ada5d32
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

  Alpha architecture:

    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_alpha.deb
      Size/MD5 checksum: 11167102 e970a996296228bd2af2cb8006a86398
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_alpha.deb
      Size/MD5 checksum:   167592 d446479007005f2d27d079ccedf51d7d
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_alpha.deb
      Size/MD5 checksum:    59416 7bf500b4f181df6ab4aa6dc831a23338

  AMD64 architecture:

    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_amd64.deb
      Size/MD5 checksum:  9399402 d94263433669cae93749d3f0d378839c
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_amd64.deb
      Size/MD5 checksum:   162334 4ffdc291bacf5b604deeaf8d6efd96eb
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_amd64.deb
      Size/MD5 checksum:    57946 7d7472b0fb90ed789c4f84dbcdd14687

  ARM architecture:

    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_arm.deb
      Size/MD5 checksum:  8217720 3e0ce81e8d78fbca6d38d6a7e90791f3
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_arm.deb
      Size/MD5 checksum:   153792 662f8f96e75cc109541bf141e79a2714
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_arm.deb
      Size/MD5 checksum:    53280 b3517ce11632b3adbf5970d8f4c35b8c

  Intel IA-32 architecture:

    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_i386.deb
      Size/MD5 checksum:  8891730 795a6aa3ca33a5e328e863612ceb0ac3
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_i386.deb
      Size/MD5 checksum:   157566 5e5d92e6c30a1d677edcc2fd9beb1861
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_i386.deb
      Size/MD5 checksum:    54820 885991c2f4580f06f12ba1cc6ff456ac

  Intel IA-64 architecture:

    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_ia64.deb
      Size/MD5 checksum: 11618922 f02ebe51045adc2008ebba0a7355f58c
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_ia64.deb
      Size/MD5 checksum:   167924 863962943669b737773e716bb45560b7
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_ia64.deb
      Size/MD5 checksum:    62602 01f5675efee57e112e1734306580e43b

  HP Precision architecture:

    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_hppa.deb
      Size/MD5 checksum: 10267086 7fb5e359ae146c7306def5b0a7ba48b4
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_hppa.deb
      Size/MD5 checksum:   165300 cf86dfe338ca9bfde77a402690db15ae
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_hppa.deb
      Size/MD5 checksum:    58402 f98081adb227cf6a12dc267bbf9c7689

  Motorola 680x0 architecture:

    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_m68k.deb
      Size/MD5 checksum:  8167708 d5d4eadda39add959235921126b5db4b
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_m68k.deb
      Size/MD5 checksum:   156434 01a518572787d1e5505eb393c4670cd9
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_m68k.deb
      Size/MD5 checksum:    54070 b50c79ee5b2b3fd61ccb3848ad201f29

  Big endian MIPS architecture:

    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_mips.deb
      Size/MD5 checksum:  9922382 384196380da339cc6c381afd18c8d0e8
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_mips.deb
      Size/MD5 checksum:   155362 38e914d95e0b2d38b2d34f09988218c9
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_mips.deb
      Size/MD5 checksum:    55078 343647c905cf9792d53eb67b4e11df02

  Little endian MIPS architecture:

    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_mipsel.deb
      Size/MD5 checksum:  9804868 cfe93fb808ecfc8e9a2bf359af772069
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_mipsel.deb
      Size/MD5 checksum:   154892 9321e20f831ad309fc214c8130223103
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_mipsel.deb
      Size/MD5 checksum:    54904 74a6c0efaa41729a646d5f5762ab637d

  PowerPC architecture:

    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_powerpc.deb
      Size/MD5 checksum:  8563444 7c373a381a8ba34307e59f2cd47fcc43
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_powerpc.deb
      Size/MD5 checksum:   155948 a764030b0841e225c5a89e6366bb88e5
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_powerpc.deb
      Size/MD5 checksum:    57186 39cb6349c6ef1bc0e9e62365e7beeebf

  Sun Sparc architecture:

    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_sparc.deb
      Size/MD5 checksum:  8652776 fa0fdecf5fb5ed186ade4d987b8920cb
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_sparc.deb
      Size/MD5 checksum:   156204 84483f5fa63c2da5f6e8de90f462edbe
    https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_sparc.deb
      Size/MD5 checksum:    53640 d43b2dbd4fd362e7fd01b4985c0ff3d0


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"43","type":"x","order":"1","pct":82.69,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":7.69,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":9.62,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.