Linux Security
    Linux Security
    Linux Security

    Debian: Mozilla fix several vulnerabilities DSA-1118-1

    Date 22 Jul 2006
    Posted By LinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1118-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    July 22nd, 2006               
    - --------------------------------------------------------------------------
    Package        : mozilla
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777
                     CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781
                     CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785
                     CVE-2006-2786 CVE-2006-2787
    CERT advisories: VU#237257 VU#243153 VU#421529 VU#466673 VU#575969
    BugTraq ID     : 18228
    Several security related problems have been discovered in Mozilla.
    The Common Vulnerabilities and Exposures project identifies the
    following vulnerabilities:
        Eric Foley discovered that a user can be tricked to expose a local
        file to a remote attacker by displaying a local file as image in
        connection with other vulnerabilities.  [MFSA-2006-39]
        XUL attributes are associated with the wrong URL under certain
        circumstances, which might allow remote attackers to bypass
        restrictions.  [MFSA-2006-35]
        Paul Nickerson discovered that content-defined setters on an
        object prototype were getting called by privileged user interface
        code, and "moz_bug_r_a4" demonstrated that the higher privilege
        level could be passed along to the content-defined attack code.
        A vulnerability allows remote attackers to execute arbitrary code
        and create notifications that are executed in a privileged
        context.  [MFSA-2006-43]
        Mikolaj Habryn a buffer overflow in the crypto.signText function
        that allows remote attackers to execute arbitrary code via certain
        optional Certificate Authority name arguments.  [MFSA-2006-38]
        Mozilla team members discovered several crashes during testing of
        the browser engine showing evidence of memory corruption which may
        also lead to the execution of arbitrary code.  This problem has
        only partially been corrected.  [MFSA-2006-32]
        An integer overflow allows remote attackers to cause a denial of
        service and may permit the execution of arbitrary code.
        Masatoshi Kimura discovered a double-free vulnerability that
        allows remote attackers to cause a denial of service and possibly
        execute arbitrary code via a VCard.  [MFSA-2006-40]
        Chuck McAuley discovered that a text input box can be pre-filled
        with a filename and then turned into a file-upload control,
        allowing a malicious website to steal any local file whose name
        they can guess.  [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]
        Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM)
        is stripped from UTF-8 pages during the conversion to Unicode
        before the parser sees the web page, which allows remote attackers
        to conduct cross-site scripting (XSS) attacks.  [MFSA-2006-42]
        Paul Nickerson discovered that the fix for CAN-2005-0752 can be
        bypassed using nested javascript: URLs, allowing the attacker to
        execute privileged code.  [MFSA-2005-34, MFSA-2006-36]
        Paul Nickerson demonstrated that if an attacker could convince a
        user to right-click on a broken image and choose "View Image" from
        the context menu then he could get JavaScript to
        run.  [MFSA-2006-34]
        Kazuho Oku discovered that Mozilla's lenient handling of HTTP
        header syntax may allow remote attackers to trick the browser to
        interpret certain responses as if they were responses from two
        different sites.  [MFSA-2006-33]
        The Mozilla researcher "moz_bug_r_a4" discovered that JavaScript
        run via EvalInSandbox can escape the sandbox and gain elevated
        privilege.  [MFSA-2006-31]
    For the stable distribution (sarge) these problems have been fixed in
    version 1.7.8-1sarge7.1
    For the unstable distribution (sid) these problems have been fixed in
    version 1.7.13-0.3.
    We recommend that you upgrade your Mozilla packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:     1127 473562c669e27793809fd76034b5e9de
          Size/MD5 checksum:   498361 6d4f73fb299451760cbf05974d36753a
          Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a
      Alpha architecture:
          Size/MD5 checksum:   168076 9478bc76f4c4dac2cfa1adc51c599e71
          Size/MD5 checksum:   147050 34ab8e06aeb3d46f150b0099a29b8c2b
          Size/MD5 checksum:   184960 ec9526c058ec2a9629fa16a2c7b0f286
          Size/MD5 checksum:   856618 515d873622c67d0cf1b155f85187935c
          Size/MD5 checksum:     1040 a12e4c5754cf581aa6aab5dd4a1388ec
          Size/MD5 checksum: 11481282 52de66676dea443b4426cb0e24703a57
          Size/MD5 checksum:   403306 efe2822cd3109126a096e4c19bb61f6e
          Size/MD5 checksum:   158336 490cc71ffff457bd6f600ef3d7ab9b4b
          Size/MD5 checksum:  3358246 5bf68f7988b64ef4175768d92829dccc
          Size/MD5 checksum:   122294 6c36e2cec285b6ec28b3115aaa8cfdb1
          Size/MD5 checksum:   204170 d02d474bf40b4a0adc41e58cbb0f71aa
          Size/MD5 checksum:  1937112 be8a8005f99506a3e9188672c3f70e57
          Size/MD5 checksum:   212298 96d4c738772a42501805fd1cfb2a6336
      AMD64 architecture:
          Size/MD5 checksum:   168070 841b4f6d14d55a8e37ea9fe2d4b8508b
          Size/MD5 checksum:   146154 b17bbe57b0a30c4698f5c883984d552e
          Size/MD5 checksum:   184950 342427477e9db97c2d663a3b7620c1ea
          Size/MD5 checksum:   714978 bbf6e26c728df94a6bdb8e19b22dae5b
          Size/MD5 checksum:     1036 4f0379f9ae6b0edf6eb5fbf4977f9d6e
          Size/MD5 checksum: 10946160 f7e344cd5bbcc6f1d06b314be572ffd2
          Size/MD5 checksum:   403294 675c774981cadd3d695cc7fa498d2046
          Size/MD5 checksum:   158330 387195d0b8a6fd9acf4b1a2c8d0d70d8
          Size/MD5 checksum:  3352180 f896a49299904f8082ccc96ff85ac40e
          Size/MD5 checksum:   121192 df4ef46b4940ecd65ae9cdc140cca1bf
          Size/MD5 checksum:   204170 cdd080115be04ac72473181ce622caf1
          Size/MD5 checksum:  1936006 002755bffa9cbb1a943a4a81d04f362b
          Size/MD5 checksum:   204400 61fe98f12d92139d157dd672ca6513c8
      ARM architecture:
          Size/MD5 checksum:   168074 1de16d4b8435fe420a7883dc7d51c910
          Size/MD5 checksum:   124492 d138a37a746f6fa32bd574f34fdaaefe
          Size/MD5 checksum:   184960 30851d8827b6061465d370ba42d4ccff
          Size/MD5 checksum:   632198 79ce23ade76fcc6cb789053d801c904f
          Size/MD5 checksum:     1036 e0a0373f1cdf7ecf8f176bbbc4e23d18
          Size/MD5 checksum:  9212808 1dbb7f756a25a96e9057ef8f96d05805
          Size/MD5 checksum:   403314 07dad23f621d6e3be785ba0fb5a29763
          Size/MD5 checksum:   158366 176eede20a70a9ac2a61282b7bc45b01
          Size/MD5 checksum:  3341712 0904389fef700da0f4664d4bceb28717
          Size/MD5 checksum:   112672 8797efa5f068220b587eaac7818cccdc
          Size/MD5 checksum:   204178 75382868b592a542b00e6b6441591a3b
          Size/MD5 checksum:  1604452 34e908e017cf40549741c227acc78b50
          Size/MD5 checksum:   168866 ed9894b18f51f745750ad28fa47aba1f
      Intel IA-32 architecture:
          Size/MD5 checksum:   170346 5956d005059fd107818f8035fa9ffbf2
          Size/MD5 checksum:   136984 5a5c0d8e7e0614ee02c182983e8d8656
          Size/MD5 checksum:   187138 74f8739619d8ae81b1fe30d0668b8a58
          Size/MD5 checksum:   661744 74ebef87c001e89d4a2e8d45c9910e13
          Size/MD5 checksum:     1032 8f01d06ab6028c5b908dd5594e1d1c14
          Size/MD5 checksum: 10336772 e281b8fb2b04eb6f788654557efb8f94
          Size/MD5 checksum:   403504 5db7402ffdb5b6523fa43d1c89944907
          Size/MD5 checksum:   158352 a8a7f9c96a21287704a76ff3e5455335
          Size/MD5 checksum:  3594164 db6a4633ec5db81ce6e0bd1d9bf95193
          Size/MD5 checksum:   116702 fade783b8720425b0f05004c6d9632ef
          Size/MD5 checksum:   204170 e173db0beb2598ea64ac80262b8043e4
          Size/MD5 checksum:  1816096 10fd0769547b8342fcf833182c66f7cd
          Size/MD5 checksum:   192634 9f757a02bfa0e741b4d131191ac3bed1
      Intel IA-64 architecture:
          Size/MD5 checksum:   168076 7caf0acd02827f3259cc523d24882267
          Size/MD5 checksum:   174472 c8fbf63229bf8f13e1e51419a917da78
          Size/MD5 checksum:   184950 8305ace7fb5c15b17da7cbd94ac114be
          Size/MD5 checksum:   966902 6f09c27be295615d6724ec4e82c8682c
          Size/MD5 checksum:     1036 8d0589021091a859a4fe1a8784cf2b84
          Size/MD5 checksum: 12948914 25e2e3b61f3212b5e69fb8db376dea1c
          Size/MD5 checksum:   403298 00cd58b07f32fb9b33cdf3f9138ff48d
          Size/MD5 checksum:   158334 c03b2a84ab5db4574bce186a934bb61c
          Size/MD5 checksum:  3377948 0ae22412a7c6766cc74b84578f029da0
          Size/MD5 checksum:   125598 a853f9be2fef52df2b7537a56a4762ca
          Size/MD5 checksum:   204160 d6c4e9801cb584fa974ec2843d4e7dde
          Size/MD5 checksum:  2302302 8d6e65e606882e9a9f29eae5ecdc0505
          Size/MD5 checksum:   242684 1c59d2b14cf73625549222c27feec305
      HP Precision architecture:
          Size/MD5 checksum:   168076 5626cf0a12a7d9993ab65840ac71b2e4
          Size/MD5 checksum:   157080 ae8769ba33d1f7b1c55db5af74322108
          Size/MD5 checksum:   184966 653cf87074a4392f1103f333b8f385a4
          Size/MD5 checksum:   754910 5c54ed3f028d4fca725c43f17aac7472
          Size/MD5 checksum:     1038 b21e02e210697770a13094757afdb343
          Size/MD5 checksum: 12164938 0710346051d9d6217a938faf1a6c3a5e
          Size/MD5 checksum:   403280 dec179a4a47c40e21b74e1015655a47a
          Size/MD5 checksum:   158346 0fbead0b5adfaf58475f3308ad5c7825
          Size/MD5 checksum:  3358624 8c0cbf705f20e694222dc2a2e558bf25
          Size/MD5 checksum:   123514 7d29aa30c3c525bfb3674200d0853f60
          Size/MD5 checksum:   204152 5f27c072d2b0cf7a88362b0ca86aa91f
          Size/MD5 checksum:  2135198 ca8cf38363e6fa41e3c58e0f6813bcec
          Size/MD5 checksum:   216176 dbf6f4e0538358e675fafb2215215ddb
      Motorola 680x0 architecture:
          Size/MD5 checksum:   168090 2f9923cada81ee2792194134d5c8766c
          Size/MD5 checksum:   126174 a2d29b886d583dfeaecaf9140a98cbb1
          Size/MD5 checksum:   184976 07788d7940bceb772ee38b639fa06c90
          Size/MD5 checksum:   600262 57d23c1825ce20d9fdc7ed3c935e4822
          Size/MD5 checksum:     1044 6865b570c621d2715d90d55e72c18686
          Size/MD5 checksum:  9707812 039664d92d6585080245e56b31a495bc
          Size/MD5 checksum:   403372 80f8ea392f13f4a8615281ad17b45345
          Size/MD5 checksum:   158396 e11aa75979022c10ff540e9cca7da37e
          Size/MD5 checksum:  3336888 253879215a28c9c1611e1eab36739c69
          Size/MD5 checksum:   114490 e32e9948e3e8df554e2314c7e7851c86
          Size/MD5 checksum:   204220 56d85ed9b0439792035300fe5c3745e9
          Size/MD5 checksum:  1683110 5392bc875f07ce277f17a08558223d76
          Size/MD5 checksum:   174758 bd3bb602538e94bb672b67c80056aa51
      Big endian MIPS architecture:
          Size/MD5 checksum:   168078 b716653d10d25308e460c0d15ce8c249
          Size/MD5 checksum:   141006 e192f8087b16f7e17257aa63394def8f
          Size/MD5 checksum:   184962 d2d6aaad54ee894ed00c678a856cd292
          Size/MD5 checksum:   725986 e57f99d19cc017d3273eaa632cef1359
          Size/MD5 checksum:     1040 2574a4694290c9c0b66900214389d13a
          Size/MD5 checksum: 10729826 577b9c004ce4078826f9085cfef3f1b7
          Size/MD5 checksum:   403284 e32ea6716c0102cbd6e7c2c738239555
          Size/MD5 checksum:   158342 ac17f1b907adddaae579376411860fe6
          Size/MD5 checksum:  3358078 c03e05906c6da5b7f06c8adfb9bf1bb5
          Size/MD5 checksum:   117626 027b87aceadf873cadd52f5b5a6cdad2
          Size/MD5 checksum:   204166 04db7ee6b1bcc0a7e286bd7aed2a46af
          Size/MD5 checksum:  1795496 43c24c3da475b571baee65e6f97b3b72
          Size/MD5 checksum:   189876 4515f5447d4d74104bac1b98a21741a9
      Little endian MIPS architecture:
          Size/MD5 checksum:   168080 6b20701ae2005724d525421407997b34
          Size/MD5 checksum:   140964 20d773802c88e422796b2b0d8657f269
          Size/MD5 checksum:   184956 e696e6afa300237c1fe8bf9d24c25341
          Size/MD5 checksum:   715454 ba7d908f470f0fe10912263bd88ffe27
          Size/MD5 checksum:     1042 e660b635921248505a19c5bc4ad57698
          Size/MD5 checksum: 10606956 9c45e8272bec9b1e40d18a577283d270
          Size/MD5 checksum:   403302 fc7449f1c1aca3e3beb41743d5ddce15
          Size/MD5 checksum:   158342 b357c21424e98e72a150cdc7ef285f36
          Size/MD5 checksum:  3358814 9384ee1ae88d0ce5bfb9cf7419cf1fc4
          Size/MD5 checksum:   117192 6cee62bb29d207039072c1f66b15693d
          Size/MD5 checksum:   204166 02d9a75229f18b8222cbde0809763968
          Size/MD5 checksum:  1777564 812da33649005f3e9c602b92e5198d0f
          Size/MD5 checksum:   187450 50a81db8d3f8fb747b9641ebab1e44c2
      PowerPC architecture:
          Size/MD5 checksum:   168076 3ec22b357709447796939d749ee01918
          Size/MD5 checksum:   131506 b23d3cb1d96dd102ea8e1a317611d9cf
          Size/MD5 checksum:   184962 47e118b6e43ab5dd68edaaebb61a14a5
          Size/MD5 checksum:   719212 2eb46acfdb0984316af95544d2a26586
          Size/MD5 checksum:     1040 da38d40720821ab284ff921f8d14ac7b
          Size/MD5 checksum:  9706108 c273d7531e0510262497b2b665025009
          Size/MD5 checksum:   403278 909516b0d9bfbc46f3c0dd438bb02c29
          Size/MD5 checksum:   158338 2de3e64ff4391b9db98838fac617dbf6
          Size/MD5 checksum:  3340554 4253026847bdceca40ba1f7f8a77150a
          Size/MD5 checksum:   114590 cf73e13daee899efb5d6cefb3e85c461
          Size/MD5 checksum:   204148 3de97db7ab79ee5b688b62dc1132859c
          Size/MD5 checksum:  1643042 52b9f55a9507da86f34ebda24e25ec12
          Size/MD5 checksum:   175652 d7538c95e4ea1efaf76737a24b5e0388
      IBM S/390 architecture:
          Size/MD5 checksum:   168070 97ce8fcc52d581aa9608dbc327abbe8b
          Size/MD5 checksum:   156822 008799a0d79ca556d878a20b96028354
          Size/MD5 checksum:   184962 a3241679a42c7f8fe899e34ae7516981
          Size/MD5 checksum:   799202 fbbf02a9624d975a1eaafdfaf025f885
          Size/MD5 checksum:     1042 12f767e93775437d702d9ea31bed575c
          Size/MD5 checksum: 11330344 442b98dd32a88fd33efa22d5d13bdd3e
          Size/MD5 checksum:   403320 aa21f60bfc070223d8a6f5c78c4b0faf
          Size/MD5 checksum:   158350 b0981f49d6b5639a4712e2a115599d6b
          Size/MD5 checksum:  3353136 4576af9688c6fc5b4e7fe64deb11aead
          Size/MD5 checksum:   121352 1c1672d0d0f3752a0195ee1ff33d8ec4
          Size/MD5 checksum:   204158 a0a82c9fa992b839aaf60f9484fd9bc8
          Size/MD5 checksum:  1944746 432f3f0fb2e1a429a51ddda422cc21cc
          Size/MD5 checksum:   213482 f8bc5f9fa1e79b26ba22bb891e5b9b46
      Sun Sparc architecture:
          Size/MD5 checksum:   168082 98bec9b3ad75652b9fa7f0c425a2deb2
          Size/MD5 checksum:   128722 9947038f2936e62834bfdd1b2672d497
          Size/MD5 checksum:   184962 4ffe137e0baebd3335718ac6936ca52b
          Size/MD5 checksum:   673000 696296101aefad3cdc6e41c39320f85a
          Size/MD5 checksum:     1038 e1e482e36d09311de2fb0416e068e070
          Size/MD5 checksum:  9376650 7b791062063db30e3a2f25436f410c01
          Size/MD5 checksum:   403280 15a8a8616423b988387abcf2a3089b93
          Size/MD5 checksum:   158336 2481b4d5956c4219f33a5c29d3125ed3
          Size/MD5 checksum:  3341556 4765e3947b3045730fb35f128ec8b30c
          Size/MD5 checksum:   112532 8b9d8d6fb0469b333837653684508c68
          Size/MD5 checksum:   204158 a46509b3f314a48cf5d0365dd999688a
          Size/MD5 checksum:  1583728 57ca973e877b3a718e5534537c94e468
          Size/MD5 checksum:   168012 2a402caa207ced1ede92416141a37ab9
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.