- --------------------------------------------------------------------------Debian Security Advisory DSA 1192-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 6th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------Package        : mozilla
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566
                 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571
BugTraq ID     : 20042

Several security related problems have been discovered in Mozilla and
derived products.  The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:

CVE-2006-2788

    Fernando Ribeiro discovered that a vulnerability in the getRawDER
    functionallows remote attackers to cause a denial of service
    (hang) and possibly execute arbitrary code.

CVE-2006-4340

    Daniel Bleichenbacher recently described an implementation error
    in RSA signature verification that cause the application to
    incorrectly trust SSL certificates.

CVE-2006-4565, CVE-2006-4566

    Priit Laes reported that that a JavaScript regular expression can
    trigger a heap-based buffer overflow which allows remote attackers
    to cause a denial of service and possibly execute arbitrary code.

CVE-2006-4568

    A vulnerability has been discovered that allows remote attackers
    to bypass the security model and inject content into the sub-frame
    of another site.

CVE-2006-4570

    Georgi Guninski demonstrated that even with JavaScript disabled in
    mail (the default) an attacker can still execute JavaScript when a
    mail message is viewed, replied to, or forwarded.

CVE-2006-4571

    Multiple unspecified vulnerabilities in Firefox, Thunderbird and
    SeaMonkey allow remote attackers to cause a denial of service,
    corrupt memory, and possibly execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 1.7.8-1sarge7.3.1.

We recommend that you upgrade your Mozilla package.


Upgrade Instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------  Source archives:

          Size/MD5 checksum:     1131 d15b48d8e6d5bb470cffefdb98fd8c58
          Size/MD5 checksum:   565099 9539b911c438e419cee16fdce5ccebb1
          Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

  Alpha architecture:

          Size/MD5 checksum:   168064 ebdd93280990a822fe619b20d2c5651b
          Size/MD5 checksum:   147992 527d6cfc2f148b2b57a5710e927d2f7d
          Size/MD5 checksum:   184944 6b61d08d769e011cbd2c90e8fb45c13b
          Size/MD5 checksum:   857794 f734aa2ccf548cd02f29c41af248191b
          Size/MD5 checksum:     1038 03fa5f515ce9cf9ee8b6909112e67241
          Size/MD5 checksum: 11492210 6370fe9a4502211f03d1c556db10a9a9
          Size/MD5 checksum:   403278 be6c2e243d2690311b9ebd3f39d0699d
          Size/MD5 checksum:   158336 6e0d851b64e2eef0a971ec836bf1d8be
          Size/MD5 checksum:  3358952 739167a1d53ef3fea8d48ac68a0ff985
          Size/MD5 checksum:   122296 6fdf00b74974a4e264d5ad8cc211d10a
          Size/MD5 checksum:   204154 17bc334d8f76a7f53f4e1bf8487dc47a
          Size/MD5 checksum:  1937186 381885d5a06821864c32f351b37dc906
          Size/MD5 checksum:   212632 bb11ae317c16108ca9320317eef099c7

  AMD64 architecture:

          Size/MD5 checksum:   168068 a6ec123adfd2fcbf9408596b5c73b9d4
          Size/MD5 checksum:   147080 9152fff3ba0fbf2a2bf5460d8c96cb5f
          Size/MD5 checksum:   184956 524afa513ee220128c8524c1205ef8f5
          Size/MD5 checksum:   715998 08791e74ecdf20de41e5f19d94a716ca
          Size/MD5 checksum:     1036 6742c0d8e01ba7280ee2517b02a0692a
          Size/MD5 checksum: 10958842 2dd4d59281c666921689dab18cc97a7f
          Size/MD5 checksum:   403286 ae407a2bc00ed600a3e4381bf4b2f5fa
          Size/MD5 checksum:   158332 9dc4bdb8e22d6a43a426768e1159465a
          Size/MD5 checksum:  3352976 007632e26f24148508945746e9b38808
          Size/MD5 checksum:   121182 0b6333f64e2c554b0714ab2300a231f2
          Size/MD5 checksum:   204176 ddf17971c28fb17165bc67136e899437
          Size/MD5 checksum:  1936044 5595ca57ce7bad38f20e8d096e263719
          Size/MD5 checksum:   204450 d2da3c40abbd17b414db5eae5075dbd5

  ARM architecture:

          Size/MD5 checksum:   168072 ff2516439a6a9142f390711efb348ad8
          Size/MD5 checksum:   125426 a4c096f68b567473cedf980a41b7841e
          Size/MD5 checksum:   184972 958ce2289c9f9001c05c6fcbcb5c8a71
          Size/MD5 checksum:   633292 f9ae3102e3e1db4c7193cc647108affc
          Size/MD5 checksum:     1038 c615211b7d148e6914ccc8206ae72269
          Size/MD5 checksum:  9220338 f018149aeceba69d07abd6ccf40511f8
          Size/MD5 checksum:   403324 791115daa9842a854c101152b2aa53e8
          Size/MD5 checksum:   158364 ea384cea48bab4655a5b155b670dcbbe
          Size/MD5 checksum:  3342410 147a1d3e30e68d492d1606d8f5b75e8b
          Size/MD5 checksum:   112668 151c1100ded9a89a7dca01496f657bde
          Size/MD5 checksum:   204172 ed28f22bc9063cd418041f1212cc3a01
          Size/MD5 checksum:  1604524 311d5cd9eaab1aaa9bb10ec44f1b43b8
          Size/MD5 checksum:   169016 e827fe7370f7f3766230765c66e1b9ed

  HP Precision architecture:

          Size/MD5 checksum:   168070 64581dd9cc92cd679ee2fc0ee61db9f5
          Size/MD5 checksum:   157996 716faceb18fb7018141b84f51c6503a7
          Size/MD5 checksum:   184952 10cf87ce4aac77800d045012455f52b7
          Size/MD5 checksum:   756042 44e58475246ab2da5fce46332b9bed8f
          Size/MD5 checksum:     1042 5cbd847400e085f61ce114727dc400e6
          Size/MD5 checksum: 12176912 0d2a27beadca59f8eb2102d1a032b351
          Size/MD5 checksum:   403290 0640f6da79eab04ce3fb60f52f235763
          Size/MD5 checksum:   158358 c748bbf13608c462fa51a7c200344324
          Size/MD5 checksum:  3359202 f9182415beea6800a2799ef66853f001
          Size/MD5 checksum:   123514 efafd42607f1d4219906f39f1153f56d
          Size/MD5 checksum:   204170 5f500679a2fbb03620fe96e5a9e66615
          Size/MD5 checksum:  2135248 fbdad52922d54cbbd93b2c07435f114b
          Size/MD5 checksum:   216440 bfbe9cda6e01d1f17872512935be0699

  Intel IA-32 architecture:

          Size/MD5 checksum:   170352 93c0132757c2f5927cbcd3edbc6c50e1
          Size/MD5 checksum:   137902 746c7c10db2d40314da82cfbfe68b21b
          Size/MD5 checksum:   187134 448048f13343dd917bf8e5b4aebc9c6c
          Size/MD5 checksum:   662738 c6c6a485eddccd6827e459d5a3ef1802
          Size/MD5 checksum:     1032 7dba2a502de330766b38b3de3415bb96
          Size/MD5 checksum: 10349414 3433a083e8caf92aeccd640fa8e3051c
          Size/MD5 checksum:   403516 f2bf1fe26de0867f652d0279ee09a2ce
          Size/MD5 checksum:   158364 5efe6a701d8ec73f9b68c99f6ed8743a
          Size/MD5 checksum:  3595032 20d25e4e398ee8e061023c051202ead0
          Size/MD5 checksum:   116690 832936b80e72faa976f9b88cf7bbce1e
          Size/MD5 checksum:   204166 8232c7007d5674ec81cadb21e1152192
          Size/MD5 checksum:  1816124 d86ab51a3bae24c0c15812c09a6d5aca
          Size/MD5 checksum:   192792 f6aa69247beb6d659fceeda712570211

  Intel IA-64 architecture:

          Size/MD5 checksum:   168064 c7e380c8c28cb27c75f0eb4f5308ce0f
          Size/MD5 checksum:   175418 51df9210069ec76233e987faf7332f73
          Size/MD5 checksum:   184940 fa8414c133c69fcbc757eb5a973fd619
          Size/MD5 checksum:   968238 1325acd2d3c6cd55da5862c4cc37c7e7
          Size/MD5 checksum:     1034 7cb96d17eca85528e75571e908eea762
          Size/MD5 checksum: 12965968 c806fe57cad11be3e517ae32a9bf8a74
          Size/MD5 checksum:   403278 38b8e1dee5235aba18f4481e8358e17a
          Size/MD5 checksum:   158342 92e3349223f0ce8018df4a5e3dd3d284
          Size/MD5 checksum:  3378668 afbbe0a2a0388afa336f0fa5b2e9b375
          Size/MD5 checksum:   125586 f628ec3a2a0e9ffd882349a4748b5bb5
          Size/MD5 checksum:   204164 b64822e5541dbf9ce18c25c3c57a727c
          Size/MD5 checksum:  2302358 89a93b8c9f670c25508881335159d695
          Size/MD5 checksum:   242930 62fc9a87649de2ecef2a39542c470857

  Motorola 680x0 architecture:

          Size/MD5 checksum:   168078 c3b7aa1b816f29a98e4a111cb8eee55b
          Size/MD5 checksum:   127086 70b2e18c48d5fa16a42ea2c230841434
          Size/MD5 checksum:   184992 b243567f7524c97f6d32ef7acfd419cd
          Size/MD5 checksum:   601300 39d6c017e68ea837f0ce4da5fed30499
          Size/MD5 checksum:     1044 70236bff1f5c7409fa727dbb9125aaa0
          Size/MD5 checksum:  9717226 5ba4f9b972b837b6007874872dd3b352
          Size/MD5 checksum:   403386 fff7cf6c197cb493e92daf6d41d26e34
          Size/MD5 checksum:   158420 701da929538dad73aec9fdc68cdcf749
          Size/MD5 checksum:  3338098 a046f1d0df0784228383a9e8406d7a65
          Size/MD5 checksum:   114484 669b9051c0991e44bda2db410c91cb95
          Size/MD5 checksum:   204216 99c53a9c2f2350a4a1a9d39c78054047
          Size/MD5 checksum:  1683242 aa2ed286b86606c51481d4a51729b1f9
          Size/MD5 checksum:   175022 504150e924b5ad04892b29e06646d9e5

  Big endian MIPS architecture:

          Size/MD5 checksum:   168068 986e98f644a1ce7e41c8b66ea64a78d3
          Size/MD5 checksum:   141958 9d48c8ead5b703ec59e151fe015017a9
          Size/MD5 checksum:   184944 8c22e740e0f30065e3e2555470a7400e
          Size/MD5 checksum:   727008 4eb13d18c10aba6970877152605932d6
          Size/MD5 checksum:     1042 a03a2cb21c195c0be9fddc05bc36ae2a
          Size/MD5 checksum: 10738234 765f082c174e71fcf336a1a05d4da21e
          Size/MD5 checksum:   403294 321aad797e8afc4d201f2e2f5b2aa451
          Size/MD5 checksum:   158346 83a396e806b4d7d0f488081d0f573adf
          Size/MD5 checksum:  3358822 e9c2a6ec923da290335ca1251b871ea3
          Size/MD5 checksum:   117644 1b60a2916cd066c5e8ee1bc615b549ba
          Size/MD5 checksum:   204164 0b7ec0de758949ede920d1fda470b406
          Size/MD5 checksum:  1795554 1ecdca7f3d0175d64d1320cccb3e4c97
          Size/MD5 checksum:   190110 d507d038190177f2a07a236770596b43

  Little endian MIPS architecture:

          Size/MD5 checksum:   168076 daeb11c43fcdae32f8107fc870d413ea
          Size/MD5 checksum:   141908 58052e46884d461b22cf6308183d8104
          Size/MD5 checksum:   184954 793c3b33874d48779520cbb302ccf07d
          Size/MD5 checksum:   716464 ca48760ff0f4621ee9562aa839358520
          Size/MD5 checksum:     1042 9f3f22a5debbcc2e8dfc009d97e35d2e
          Size/MD5 checksum: 10617798 9fde4aa43c30493758af5c0d27248a85
          Size/MD5 checksum:   403288 15fd9ac211379c4a53d1a00002f1954d
          Size/MD5 checksum:   158330 62e83130300fef744be42b911f872701
          Size/MD5 checksum:  3359560 9af2ab0f437e08b5936c7cd56a181b63
          Size/MD5 checksum:   117204 2c2503930b8b58af5e74ad2d1270591d
          Size/MD5 checksum:   204156 0bb224941755465b55ff6df8cec8cfcb
          Size/MD5 checksum:  1777612 cbcf8085e6ec3a7ba97b0e751b5345c4
          Size/MD5 checksum:   187622 9bc6ba814ade0445aff6d5a9c4d3a696

  PowerPC architecture:

          Size/MD5 checksum:   168074 d7b4a7c5bbe3baac5133c3fa1a265e07
          Size/MD5 checksum:   132428 774701aa5761a72b48719cc3c90b95e7
          Size/MD5 checksum:   184956 7b79f2e6d9d4cba7c9b8ab88b2232604
          Size/MD5 checksum:   720214 ef13301949fb2cb87c0f2464220bfad0
          Size/MD5 checksum:     1042 b11e9180cd97514ea791541dc51c6e5d
          Size/MD5 checksum:  9711648 8c107826f2ec6cca249be5f1042dea0e
          Size/MD5 checksum:   403292 12e27826c444ab1f8c5afd88f154fbcb
          Size/MD5 checksum:   158356 affeb35493057105a7dfd89bba5d40dd
          Size/MD5 checksum:  3341204 ad03912ca42d8d14ab7b269e30c444b1
          Size/MD5 checksum:   114582 3c198af3d33673a9d6f2e7c1cec00e4f
          Size/MD5 checksum:   204176 a6d09e9b630d9210a1cf1ffbc81c8569
          Size/MD5 checksum:  1643154 2d343f903c492177885ee167aa89eb7a
          Size/MD5 checksum:   175816 8e2eddbd5631017cb725b69e1e493143

  IBM S/390 architecture:

          Size/MD5 checksum:   168072 181bd53f98bae36e2c65617f7d19d3dd
          Size/MD5 checksum:   157706 4841fbcddea3c973c0e58f650b02be0a
          Size/MD5 checksum:   184944 3676098265fe184b29eeaeb5600fb0b0
          Size/MD5 checksum:   800404 d59043ee3f8de6109ded310eb2676caa
          Size/MD5 checksum:     1038 f2edb972286fb96d781b6eedda318047
          Size/MD5 checksum: 11339772 1d4d0d4737b0da240db0aa3d64f740de
          Size/MD5 checksum:   403280 4a628c6906de57be839683efc0e75385
          Size/MD5 checksum:   158330 d948a64b56af65bcef8ea69095d2c7f0
          Size/MD5 checksum:  3353612 fdd6c8b25715b6bd4a19afa9a1f6d6de
          Size/MD5 checksum:   121366 c9a927eaf8fdd5e81ec5e4ccd65cbfcc
          Size/MD5 checksum:   204170 db1baf6a69237d2ad992312f7e49e06f
          Size/MD5 checksum:  1944792 7c2ccc266fed2030012e957b1e8468b5
          Size/MD5 checksum:   213644 610bee894928b26d2b807525e5cae97e

  Sun Sparc architecture:

          Size/MD5 checksum:   168068 6fcfd42726a291edb1cfd61e2f11a984
          Size/MD5 checksum:   129660 f339731cd85d092184e8d645692b6a46
          Size/MD5 checksum:   184956 753e6c5c8897c8b295069be4aedcc55b
          Size/MD5 checksum:   674042 57126ff0e746ea6353e94c9cd12f19de
          Size/MD5 checksum:     1040 c67300bde176389372c7fc1c165f5976
          Size/MD5 checksum:  9384000 d747594bfa533f6df4021ec0230289f2
          Size/MD5 checksum:   403286 4be3db86d8867bb882fee94008bc5246
          Size/MD5 checksum:   158348 549784d01068073683bc83977403e545
          Size/MD5 checksum:  3342172 b6572f524ddc2f0a90cb1b57ef53066a
          Size/MD5 checksum:   112514 8dfad0f1400d292cafe84da604f849d8
          Size/MD5 checksum:   204154 a09ecfc644a8bbb0f8a6d333afbc6b59
          Size/MD5 checksum:  1583764 1d3bca34a075297f04f503831eea979c
          Size/MD5 checksum:   168194 ad23c724cea9ef75bde64e0d5565e791


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: Mozilla fix several vulnerabilities DSA-1192-1

October 6, 2006
Several security related problems have been discovered in Mozilla and derived products

Summary

Severity

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved