Debian: New Mozilla packages fix frame injection spoofing vulnerability

    Date15 Aug 2005
    CategoryDebian
    4059
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 775-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    August 15th, 2005                       http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mozilla
    Vulnerability  : frame injection spoofing
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0718 CAN-2005-1937
    BugTraq ID     : 14242
    
    A vulnerability has been discovered in Mozilla and Mozilla Firefox
    that allows remote attackers to inject arbitrary Javascript from one
    page into the frameset of another site.  Thunderbird is not affected
    by this and Galeon will be automatically fixed as it uses Mozilla
    components.
    
    The old stable distribution (woody) does not contain Mozilla Firefox
    packages.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 1.0.4-2sarge1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.0.6-1.
    
    We recommend that you upgrade your mozilla-firefox package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1.dsc
          Size/MD5 checksum:     1001 248d8f9e82f3cade699588f729b26aba
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1.diff.gz
          Size/MD5 checksum:   227342 b5bff4a3262a6bd69dfb66b654dd1baf
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
          Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_alpha.deb
          Size/MD5 checksum: 11156416 70c32a6e9517462f18bb828a454b3212
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_alpha.deb
          Size/MD5 checksum:   164986 e3b758071d4be7c98bfd8a0540791de6
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_alpha.deb
          Size/MD5 checksum:    56802 a45946418ff52e979d402455eb910a48
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_amd64.deb
          Size/MD5 checksum:  9392060 636d020aff9b205714b45b739110425b
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_amd64.deb
          Size/MD5 checksum:   159748 49544cb67eafedfa22248d7d8fdd8663
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_amd64.deb
          Size/MD5 checksum:    55276 8f948a91991238f70f75e3775c2d0801
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_arm.deb
          Size/MD5 checksum:  8209620 89ecd8c94f4fbbb90300c345dd6c3563
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_arm.deb
          Size/MD5 checksum:   151096 f8fb6c08b9258a1ff01b98ec0a45c2c4
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_arm.deb
          Size/MD5 checksum:    50648 7cf42eb18d94903784c6bccdc5b325e3
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_i386.deb
          Size/MD5 checksum:  8880930 c52905c0b136e7539670c41018b9c9b3
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_i386.deb
          Size/MD5 checksum:   154894 b2a599514fda8a36228ca74cc6e642eb
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_i386.deb
          Size/MD5 checksum:    52186 665e3b76f6303cf62cfaa8673a5c67a3
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_ia64.deb
          Size/MD5 checksum: 11608384 7a4b9639a9cdaf21243ed7a3be74e598
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_ia64.deb
          Size/MD5 checksum:   165308 11a3066857ca62dec1d60dbe8ac14851
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_ia64.deb
          Size/MD5 checksum:    59988 a7465c43cf91cf81fbaa342f027d10c0
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_hppa.deb
          Size/MD5 checksum: 10258426 d5ffabecc48a1a6bfa7d3a8d26980732
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_hppa.deb
          Size/MD5 checksum:   162692 58a4a0a39bafd202a2919a5543a7ab55
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_hppa.deb
          Size/MD5 checksum:    55782 d475a913358c0621373cfaa6759f3858
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_m68k.deb
          Size/MD5 checksum:  8159568 14665ff28f3988e53f27b2a69ac6969e
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_m68k.deb
          Size/MD5 checksum:   153808 0fa57632ae398ffac16a51a7a38ef4aa
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_m68k.deb
          Size/MD5 checksum:    51458 8b05ef20891031341e127772cf467009
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_mips.deb
          Size/MD5 checksum:  9913666 0be44208606d670654eceaf1f0467395
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_mips.deb
          Size/MD5 checksum:   152774 7cb360f46abc025799c9a8ae4b2f195d
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_mips.deb
          Size/MD5 checksum:    52480 921b88b8540a0bb7cfabb68490055d00
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_mipsel.deb
          Size/MD5 checksum:  9794034 f6bc5806b30ba861b45abbd945338f32
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_mipsel.deb
          Size/MD5 checksum:   152272 bf7d062c8aaa7177233069d67849b311
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_mipsel.deb
          Size/MD5 checksum:    52272 d268d7c64ed36ac6c08d0786f0717abf
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_powerpc.deb
          Size/MD5 checksum:  8553770 4867ba093d827168e933ffda4e6919fa
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_powerpc.deb
          Size/MD5 checksum:   153316 cdcc5efb2ab59de06336ad19c19d4f0f
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_powerpc.deb
          Size/MD5 checksum:    54574 96ce5e54ce3d3431430319ed18d185f6
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_s390.deb
          Size/MD5 checksum:  9631110 6e4bfb79847ae61b7e273cc2bb5498a0
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_s390.deb
          Size/MD5 checksum:   160320 60b84a49f19bc3a4b22aa945ccf3e2bf
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_s390.deb
          Size/MD5 checksum:    54716 e7b8bc318ee6bb50e02c5d53246d7d05
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_sparc.deb
          Size/MD5 checksum:  8643914 594b8fb1f240d890bdda7d0a3ad3fc71
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_sparc.deb
          Size/MD5 checksum:   153508 167227e2dccc4264cdc4ba8c20986df8
        http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_sparc.deb
          Size/MD5 checksum:    51014 6a3225585fb9f8a8632e09ba6403b8d9
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.26,"resources":[]},{"id":"88","title":"Should be more technical","votes":"16","type":"x","order":"2","pct":13.68,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.