Linux Security
    Linux Security
    Linux Security

    Debian: New mozilla-firefox packages fox multiple vulnerabilities

    Date 02 Oct 2005
    7247
    Posted By Joe Shakespeare
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 838-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                              Michael Stone
    October 2nd, 2005                       https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mozilla-firefox
    Vulnerability  : multiple
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704 
    		 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
    
    Multiple security vulnerabilities have been identified in the
    mozilla-firefox web browser.  These vulnerabilities could allow an
    attacker to execute code on the victim's machine via specially crafted
    network resources.
    
    CAN-2005-2701
    
    	Heap overrun in XBM image processing
    
    CAN-2005-2702
    
    	Denial of service (crash) and possible execution of arbitrary
    	code via Unicode sequences with "zero-width non-joiner"
    	characters.
    
    CAN-2005-2703
    
    	XMLHttpRequest header spoofing
    
    CAN-2005-2704
    
    	Object spoofing using XBL 
    
    CAN-2005-2705
    
    	JavaScript integer overflow
    
    CAN-2005-2706
    
    	Privilege escalation using about: scheme
    
    CAN-2005-2707
    
    	Chrome window spoofing allowing windows to be created without
    	UI components such as a URL bar or status bar that could be
    	used to carry out phishing attacks
    
    For the stable distribution (sarge), these problems have been fixed in
    version 1.0.4-2sarge5
    
    For the unstable distribution (sid), these problems have been fixed in
    version 1.0.7-1
    
    We recommend that you upgrade your mozilla-firefox package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.dsc
          Size/MD5 checksum:     1001 bf9cf2b7106335cccc2afb10f6386c57
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.diff.gz
          Size/MD5 checksum:   332598 d3f81e09a762be3c51aa20655ada5d32
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
          Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_alpha.deb
          Size/MD5 checksum: 11167102 e970a996296228bd2af2cb8006a86398
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_alpha.deb
          Size/MD5 checksum:   167592 d446479007005f2d27d079ccedf51d7d
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_alpha.deb
          Size/MD5 checksum:    59416 7bf500b4f181df6ab4aa6dc831a23338
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_amd64.deb
          Size/MD5 checksum:  9399402 d94263433669cae93749d3f0d378839c
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_amd64.deb
          Size/MD5 checksum:   162334 4ffdc291bacf5b604deeaf8d6efd96eb
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_amd64.deb
          Size/MD5 checksum:    57946 7d7472b0fb90ed789c4f84dbcdd14687
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_arm.deb
          Size/MD5 checksum:  8217720 3e0ce81e8d78fbca6d38d6a7e90791f3
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_arm.deb
          Size/MD5 checksum:   153792 662f8f96e75cc109541bf141e79a2714
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_arm.deb
          Size/MD5 checksum:    53280 b3517ce11632b3adbf5970d8f4c35b8c
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_i386.deb
          Size/MD5 checksum:  8891730 795a6aa3ca33a5e328e863612ceb0ac3
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_i386.deb
          Size/MD5 checksum:   157566 5e5d92e6c30a1d677edcc2fd9beb1861
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_i386.deb
          Size/MD5 checksum:    54820 885991c2f4580f06f12ba1cc6ff456ac
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_ia64.deb
          Size/MD5 checksum: 11618922 f02ebe51045adc2008ebba0a7355f58c
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_ia64.deb
          Size/MD5 checksum:   167924 863962943669b737773e716bb45560b7
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_ia64.deb
          Size/MD5 checksum:    62602 01f5675efee57e112e1734306580e43b
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_hppa.deb
          Size/MD5 checksum: 10267086 7fb5e359ae146c7306def5b0a7ba48b4
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_hppa.deb
          Size/MD5 checksum:   165300 cf86dfe338ca9bfde77a402690db15ae
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_hppa.deb
          Size/MD5 checksum:    58402 f98081adb227cf6a12dc267bbf9c7689
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_m68k.deb
          Size/MD5 checksum:  8167708 d5d4eadda39add959235921126b5db4b
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_m68k.deb
          Size/MD5 checksum:   156434 01a518572787d1e5505eb393c4670cd9
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_m68k.deb
          Size/MD5 checksum:    54070 b50c79ee5b2b3fd61ccb3848ad201f29
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_mips.deb
          Size/MD5 checksum:  9922382 384196380da339cc6c381afd18c8d0e8
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_mips.deb
          Size/MD5 checksum:   155362 38e914d95e0b2d38b2d34f09988218c9
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_mips.deb
          Size/MD5 checksum:    55078 343647c905cf9792d53eb67b4e11df02
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_mipsel.deb
          Size/MD5 checksum:  9804868 cfe93fb808ecfc8e9a2bf359af772069
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_mipsel.deb
          Size/MD5 checksum:   154892 9321e20f831ad309fc214c8130223103
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_mipsel.deb
          Size/MD5 checksum:    54904 74a6c0efaa41729a646d5f5762ab637d
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_powerpc.deb
          Size/MD5 checksum:  8563444 7c373a381a8ba34307e59f2cd47fcc43
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_powerpc.deb
          Size/MD5 checksum:   155948 a764030b0841e225c5a89e6366bb88e5
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_powerpc.deb
          Size/MD5 checksum:    57186 39cb6349c6ef1bc0e9e62365e7beeebf
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_sparc.deb
          Size/MD5 checksum:  8652776 fa0fdecf5fb5ed186ade4d987b8920cb
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_sparc.deb
          Size/MD5 checksum:   156204 84483f5fa63c2da5f6e8de90f462edbe
        https://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_sparc.deb
          Size/MD5 checksum:    53640 d43b2dbd4fd362e7fd01b4985c0ff3d0
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.