Linux Security
    Linux Security
    Linux Security

    Debian: Mozilla fix several vulnerabilities DSA-1046-1

    Date 26 Apr 2006
    Posted By LinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1046-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    April 27th, 2006              
    - --------------------------------------------------------------------------
    Package        : mozilla
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293 CVE-2006-0296
                     CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1045 CVE-2006-1529
                     CVE-2006-1530 CVE-2006-1531 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727
                     CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1733
                     CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738
                     CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790
    CERT advisories: VU#179014 VU#252324 VU#329500 VU#350262 VU#488774 VU#492382 VU#592425
                     VU#736934 VU#813230 VU#842094 VU#932734 VU#935556
    BugTraq IDs    : 15773 16476 16476 16770 16881 17516
    Several security related problems have been discovered in Mozilla.
    The Common Vulnerabilities and Exposures project identifies the
    following vulnerabilities:
        The "" script allows local users to create or
        overwrite arbitrary files when debugging is enabled via a symlink
        attack on temporary files.
        Web pages with extremely long titles cause subsequent launches of
        the browser to appear to "hang" for up to a few minutes, or even
        crash if the computer has insufficient memory.  [MFSA-2006-03]
        The Javascript interpreter does not properly dereference objects,
        which allows remote attackers to cause a denial of service or
        execute arbitrary code.  [MFSA-2006-01]
        The function allocation code allows attackers to cause a denial of
        service and possibly execute arbitrary code.  [MFSA-2006-01]
        XULDocument.persist() did not validate the attribute name,
        allowing an attacker to inject arbitrary XML and JavaScript code
        into localstore.rdf that would be read and acted upon during
        startup.  [MFSA-2006-05]
        An anonymous researcher for TippingPoint and the Zero Day
        Initiative reported that an invalid and nonsensical ordering of
        table-related tags can be exploited to execute arbitrary code.
        A particular sequence of HTML tags can cause memory corruption
        that can be exploited to exectute arbitary code.  [MFSA-2006-18]
        Georgi Guninski reports that forwarding mail in-line while using
        the default HTML "rich mail" editor will execute JavaScript
        embedded in the e-mail message with full privileges of the client.
        The HTML rendering engine does not properly block external images
        from inline HTML attachments when "Block loading of remote images
        in mail messages" is enabled, which could allow remote attackers
        to obtain sensitive information.  [MFSA-2006-26]
        A vulnerability potentially allows remote attackers to cause a
        denial of service and possibly execute arbitrary.  [MFSA-2006-20]
        A vulnerability potentially allows remote attackers to cause a
        denial of service and possibly execute arbitrary.  [MFSA-2006-20]
        A vulnerability potentially allows remote attackers to cause a
        denial of service and possibly execute arbitrary.  [MFSA-2006-20]
        A vulnerability potentially allows remote attackers to cause a
        denial of service and possibly execute arbitrary.  [MFSA-2006-20]
        A vulnerability potentially allows remote attackers to cause a
        denial of service and possibly execute arbitrary.  [MFSA-2006-20]
        Due to an interaction between XUL content windows and the history
        mechanism, some windows may to become translucent, which might
        allow remote attackers to execute arbitrary code.  [MFSA-2006-29]
        "shutdown" discovered that the security check of the function
        js_ValueToFunctionObject() can be circumvented and exploited to
        allow the installation of malware.  [MFSA-2006-28]
        Georgi Guninski reported two variants of using scripts in an XBL
        control to gain chrome privileges when the page is viewed under
        "Print Preview".under "Print Preview".  [MFSA-2006-25]
        "shutdown" discovered that the crypto.generateCRMFRequest method
        can be used to run arbitrary code with the privilege of the user
        running the browser, which could enable an attacker to install
        malware.  [MFSA-2006-24]
        Claus J�rgensen reported that a text input box can be pre-filled
        with a filename and then turned into a file-upload control,
        allowing a malicious website to steal any local file whose name
        they can guess.  [MFSA-2006-23]
        An anonymous researcher for TippingPoint and the Zero Day
        Initiative discovered an integer overflow triggered by the CSS
        letter-spacing property, which could be exploited to execute
        arbitrary code.  [MFSA-2006-22]
        "moz_bug_r_a4" discovered that some internal functions return
        prototypes instead of objects, which allows remote attackers to
        conduct cross-site scripting attacks.  [MFSA-2006-19]
        "shutdown" discovered that it is possible to bypass same-origin
        protections, allowing a malicious site to inject script into
        content from another site, which could allow the malicious page to
        steal information such as cookies or passwords from the other
        site, or perform transactions on the user's behalf if the user
        were already logged in.  [MFSA-2006-17]
        "moz_bug_r_a4" discovered that the compilation scope of privileged
        built-in XBL bindings is not fully protected from web content and
        can still be executed which could be used to execute arbitrary
        JavaScript, which could allow an attacker to install malware such
        as viruses and password sniffers.  [MFSA-2006-16]
        "shutdown" discovered that it is possible to access an internal
        function object which could then be used to run arbitrary
        JavaScriptcode with full permissions of the user running the
        browser, which could be used to install spyware or viruses.
        It is possible to create JavaScript functions that would get
        compiled with the wrong privileges, allowing an attacker to run
        code of their choice with full permissions of the user running the
        browser, which could be used to install spyware or viruses.
        It is possible to trick users into downloading and saving an
        executable file via an image that is overlaid by a transparent
        image link that points to the executable.  [MFSA-2006-13]
        An integer overflow allows remote attackers to cause a denial of
        service and possibly execute arbitrary bytecode via JavaScript
        with a large regular expression.  [MFSA-2006-11]
        An unspecified vulnerability allows remote attackers to cause a
        denial of service.  [MFSA-2006-11]
        Certain Cascading Style Sheets (CSS) can cause an out-of-bounds
        array write and buffer overflow that could lead to a denial of
        service and the possible execution of arbitrary code.  [MFSA-2006-11]
        It is possible for remote attackers to spoof secure site
        indicators such as the locked icon by opening the trusted site in
        a popup window, then changing the location to a malicious site.
        "shutdown" discovered that it is possible to inject arbitrary
        JavaScript code into a page on another site using a modal alert to
        suspend an event handler while a new page is being loaded.  This
        could be used to steal confidential information.  [MFSA-2006-09]
        Igor Bukanov discovered that the JavaScript engine does not
        properly handle temporary variables, which might allow remote
        attackers to trigger operations on freed memory and cause memory
        corruption, causing memory corruption.  [MFSA-2006-10]
        A regression fix that could lead to memory corruption allows
        remote attackers to cause a denial of service and possibly execute
        arbitrary code.  [MFSA-2006-11]
    For the stable distribution (sarge) these problems have been fixed in
    version 1.7.8-1sarge5.
    For the unstable distribution (sid) these problems will be fixed in
    version 1.7.13-1.
    We recommend that you upgrade your Mozilla packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:     1123 b486e464eae65686c7b15f50f77cb767
          Size/MD5 checksum:   472258 0aa0d6b2edcd13fa83ce9ed271a0724f
          Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a
      Alpha architecture:
          Size/MD5 checksum:   168068 7ed348802218aae8f17044f1938ad609
          Size/MD5 checksum:   146702 f3229e78b1ad87a9c8e2bad153faa5a3
          Size/MD5 checksum:   184934 6f62bafa779c954315d04b385eeded59
          Size/MD5 checksum:   856276 ab399c2ed74a5b13deb58aaad3d49087
          Size/MD5 checksum:     1032 e4569c9693441a0edb94ee11912dad30
          Size/MD5 checksum: 11477828 62b8bda344ef70da1c47de2adc23dd4a
          Size/MD5 checksum:   403276 2978138077e4a2ecad90dd0e8c856709
          Size/MD5 checksum:   158332 364e72f576f30e42fe8bfa8e1fba365c
          Size/MD5 checksum:  3357226 6956cd03cbeda6aa147c984e5fd8317d
          Size/MD5 checksum:   122282 ac007b2334d2c4f61585b9059e2c8ab3
          Size/MD5 checksum:   204160 bb0fc8af6b06e34ac81a32d04c9c3cef
          Size/MD5 checksum:  1937094 f7881427bd1afc9371f2a577a02080e9
          Size/MD5 checksum:   212402 1df52addc8f7c47b6681abd51e331f41
      AMD64 architecture:
          Size/MD5 checksum:   168066 bd11d5d2dcd7e78621de4ae0c03ed6b8
          Size/MD5 checksum:   145798 518a796a9423412004eed5ac6c756d61
          Size/MD5 checksum:   184930 b6d7c90efdfe1c52bfbb6c47cdcf1244
          Size/MD5 checksum:   714636 086b722ae6d2aa33ebcaa4101fd0751b
          Size/MD5 checksum:     1030 d62e40f94f76fe6780cd517eaceeec7d
          Size/MD5 checksum: 10945270 2abf8d616e8b889e29f4afea01032679
          Size/MD5 checksum:   403266 66e021c850ef757ce9a2a0ebf30e462a
          Size/MD5 checksum:   158326 14b7ddf2988885d66b85bd7458fa98ad
          Size/MD5 checksum:  3351216 9221380d16e886cae475efb410429c3f
          Size/MD5 checksum:   121176 98f3f0e73d27e92d2f951c892b528bbe
          Size/MD5 checksum:   204152 ef08d9bbbb26b9c6bdda0bbf8e698299
          Size/MD5 checksum:  1936008 339c98bcc87876a27b0ca0dacb6ef0cc
          Size/MD5 checksum:   204336 b25851b6c4ae6818918a0b80507eec2d
      ARM architecture:
          Size/MD5 checksum:   168068 863d83042249fbb53cb5570a5fd03f12
          Size/MD5 checksum:   124162 eed0ab266786523a435d87925369370f
          Size/MD5 checksum:   184952 2d6919422ee7aa37b28d2bf6bc942f5f
          Size/MD5 checksum:   631844 c44b2cf0e0ae4ccc927a41ab6eb25380
          Size/MD5 checksum:     1030 4d0eb279d61409bb9bbcaa7e8f785471
          Size/MD5 checksum:  9207420 46aff4f2b0913d187048f19bc59f6e1e
          Size/MD5 checksum:   403314 17d6accdd639278bad64e9e4042013e2
          Size/MD5 checksum:   158382 5f900a4d4627d27289dc53aaa32e90da
          Size/MD5 checksum:  3340838 a4ce703b7b9f05440ba72b7dd177cdd9
          Size/MD5 checksum:   112674 8426b940dab4c2339a2894dc09584028
          Size/MD5 checksum:   204184 e0f3e9a65adb373574cafe68b75a7f57
          Size/MD5 checksum:  1604382 43b950f85fb316f1bc0d773ef25c6a85
          Size/MD5 checksum:   168862 6245436dde393fbb8526d622d6372b96
      Intel IA-32 architecture:
          Size/MD5 checksum:   170350 1890d8f6cf1f6d7d3f24862b8b236d5e
          Size/MD5 checksum:   136640 cb2ab0bf38cc5afff64327cbf4f79fbe
          Size/MD5 checksum:   187128 af578fd816c0534baa15529168dd1170
          Size/MD5 checksum:   661394 3a94641ec0f1b8bebbed0b428f40e3e8
          Size/MD5 checksum:     1030 42b5cb15c988c9d2328e6be2266dda42
          Size/MD5 checksum: 10332780 89748f75d483a5b4905e842cf85081a6
          Size/MD5 checksum:   403506 3b03c89eec36142148548f7cd64e5d12
          Size/MD5 checksum:   158344 d36c1032ddd6ba8051ad27786662525a
          Size/MD5 checksum:  3592688 f30a67ca521067cde834d346b4646c1b
          Size/MD5 checksum:   116678 dda364a06fa45c104c5222988b826a6b
          Size/MD5 checksum:   204156 2a7e71b2393ddee06457536053b6f426
          Size/MD5 checksum:  1816066 cdc0f8d06a00c14337ad20178284685c
          Size/MD5 checksum:   192632 26c12b2f1e572cc70ab80fae0a20d75f
      Intel IA-64 architecture:
          Size/MD5 checksum:   168070 088af473a08b7478a172e483ffe0a3cb
          Size/MD5 checksum:   174160 255499b7e29813343a088957bc4e450e
          Size/MD5 checksum:   184942 6ebb70d67e23a8ff659ec788048c558d
          Size/MD5 checksum:   966574 fa7081da19e2c59b89c5b47d70314a38
          Size/MD5 checksum:     1032 dac2c365bc58d57275205fbecd04d2f2
          Size/MD5 checksum: 12943234 f0e1ea934e597443636be3dc1f8323bc
          Size/MD5 checksum:   403274 d519dfad807b19794742e6723f6872c8
          Size/MD5 checksum:   158334 c729929af3c1879ab058541227487677
          Size/MD5 checksum:  3377040 de356df345ed8ab5ce2a970827990b0d
          Size/MD5 checksum:   125582 9975c43ca6954d98309ab11ac03aadd4
          Size/MD5 checksum:   204158 fa835bffaf5008bccdcd62ff2114a481
          Size/MD5 checksum:  2302210 db2d6cd804c0372eafba307436cd9296
          Size/MD5 checksum:   242664 b8a9d7bba6700b6cb700187bbed51102
      HP Precision architecture:
          Size/MD5 checksum:   168076 e744a5d49021e510fa29396332c5490f
          Size/MD5 checksum:   156738 c856122cc9fa2e985882f624ec57df99
          Size/MD5 checksum:   184946 74cb243dddf99e01bc525efebc9fd96b
          Size/MD5 checksum:   754578 b940f076bd46aff2f6418828503a2afc
          Size/MD5 checksum:     1036 37b2840edf5a86c22ba5dab71452f300
          Size/MD5 checksum: 12162800 74b60c8375cc5d2c379fc4e586526bc7
          Size/MD5 checksum:   403282 c138582e5075ee91ffbdba982acce035
          Size/MD5 checksum:   158338 4ad85659f4aae7580c71a8457128e3c4
          Size/MD5 checksum:  3357886 b8891334da36453c8e5619fe0896f2af
          Size/MD5 checksum:   123502 195bf5cd60cabb129d9ed04bf100241d
          Size/MD5 checksum:   204160 c26281b91291c131ad3fb2f1565caa6d
          Size/MD5 checksum:  2135138 b0883259ed740bcd41bf43ae4680e1b8
          Size/MD5 checksum:   216144 d73d1e1d42427175d865021d69422f8b
      Motorola 680x0 architecture:
          Size/MD5 checksum:   168092 398298d8ffad737508ed118d4d69d112
          Size/MD5 checksum:   125818 2099631f9bd235623d98a32fa45b34d6
          Size/MD5 checksum:   184984 542adc7ea5dac9443e87d2b72023fc80
          Size/MD5 checksum:   599936 fada9efe3f62935cbb4ea56cd889e73f
          Size/MD5 checksum:     1046 2de17261893fc2e2697bbe35b59d768e
          Size/MD5 checksum:  9703464 afcf7cec434793064c55e67cfea1f441
          Size/MD5 checksum:   403358 3890cf07cef780ae34a7e294225db0db
          Size/MD5 checksum:   158380 b213d524e1473ab78ee23a556afb48ac
          Size/MD5 checksum:  3335462 13fc8f2927e661e55e6bd63490bbbab8
          Size/MD5 checksum:   114470 14ec6e7861bf73f3b7f82b91b86cf567
          Size/MD5 checksum:   204180 73817862c43af283a652039ba5b45cd1
          Size/MD5 checksum:  1683074 ab15cea98788c380e269a94d2df5472a
          Size/MD5 checksum:   174748 23a6847a17c4d7e3bf6ef072798e8239
      Big endian MIPS architecture:
          Size/MD5 checksum:   168074 958f2c3227b801f01d1166a54187ee41
          Size/MD5 checksum:   140686 2244af2acdc2844be99005e4e3f0d121
          Size/MD5 checksum:   184960 54829d9c8798df955039c7268b25392a
          Size/MD5 checksum:   725672 2310546bc1cbe2df5a6c1fef62ce1ccf
          Size/MD5 checksum:     1032 6a43b5ff3f81433a162dd200ea052fcb
          Size/MD5 checksum: 10728020 4caf72ce0e493eaf1b9a5fdf0ae57d6e
          Size/MD5 checksum:   403274 d4c7bd6d0638bffa0c5d2c23cf080611
          Size/MD5 checksum:   158336 d1d77d961279da110d01de630e53846b
          Size/MD5 checksum:  3357194 94993156be09ad11712075d917d21660
          Size/MD5 checksum:   117610 77ca046034494b735a10028e5af8eed5
          Size/MD5 checksum:   204150 f6b3f0d0bfc84aa27a24beee692c9932
          Size/MD5 checksum:  1795504 2d34d3ff2dd99a2d0089c1eca53b0579
          Size/MD5 checksum:   189880 2cb68bac9a41b14e627426ebb1405fd1
      Little endian MIPS architecture:
          Size/MD5 checksum:   168082 c1eba053c4a1c0421ea508b29fbaa683
          Size/MD5 checksum:   140636 a2474b059a8c1e4845922102cc1d58d8
          Size/MD5 checksum:   184940 4a7289c8753105101fe9b0862e3aad71
          Size/MD5 checksum:   715106 67e1dc2600da37597fb75e22b7875a6d
          Size/MD5 checksum:     1038 d0f622dcb3b5b41b62986c3c7c338370
          Size/MD5 checksum: 10603070 6a6966022c2f8a8ab2807e656043e39a
          Size/MD5 checksum:   403296 6b7722ec5a34cae5f221c3958dc65bc1
          Size/MD5 checksum:   158342 87c0d4a874ca1aa5e3be85e2249dbe6b
          Size/MD5 checksum:  3357982 a7258380f1f7fcc380d2a8161cc1b803
          Size/MD5 checksum:   117204 e77b1061daa3c8a762b9bd0a58f340ee
          Size/MD5 checksum:   204162 b2e72e6b19f1092e84f2977291e782bf
          Size/MD5 checksum:  1777610 f88abea35dc9ac1c7760d2ae8761303a
          Size/MD5 checksum:   187444 37c35256b507720467747edfd7ad6606
      PowerPC architecture:
          Size/MD5 checksum:   168078 e8a320169dd21bd2653f2e1cceacaea8
          Size/MD5 checksum:   131146 01deac585f851b2b22d117db76271f69
          Size/MD5 checksum:   184928 69c925958815b6a0b66d67660e530d21
          Size/MD5 checksum:   718850 182c8077cedbd4b17e519bf9d4340ddf
          Size/MD5 checksum:     1038 8492a6da8120bcd6498c1cf5b5e7bb29
          Size/MD5 checksum:  9703116 df00589069a7994886b37154a83ba48a
          Size/MD5 checksum:   403294 3530285f43e66537f891885855b56a4a
          Size/MD5 checksum:   158344 f0158562b460aa36a08f24b3c6a828c5
          Size/MD5 checksum:  3339658 0d6d999cd0559fd93be3257664ad9165
          Size/MD5 checksum:   114598 bf235995c329c00a51416cb6d9996fad
          Size/MD5 checksum:   204166 2156c81a5e15e4444d2c5be22ee066a8
          Size/MD5 checksum:  1642978 409eb5485153365138f9d130db5a0bf5
          Size/MD5 checksum:   175672 d148c3a307177bd5a88d211c554c515f
      IBM S/390 architecture:
          Size/MD5 checksum:   168062 f336a2de372d02f5dad5673afd3b6e19
          Size/MD5 checksum:   156458 71cc856f65e80354b508799a720d2223
          Size/MD5 checksum:   184956 46fe112fa61e011e2fb79cff847378cb
          Size/MD5 checksum:   798872 7d02d09328a985bed9aaa3f603c56b72
          Size/MD5 checksum:     1036 7d25a776a8f9e3467060085df346a772
          Size/MD5 checksum: 11325484 cad88ede93803739d98498f4b43c74c2
          Size/MD5 checksum:   403292 fc353648cb5e5fabf0b07211729fb8c7
          Size/MD5 checksum:   158346 e173c32ab6b9a1904f0236fb00ce836f
          Size/MD5 checksum:  3352214 ca96b4f7ee3c1498904a567a6462778d
          Size/MD5 checksum:   121378 c33f1b9d5907dd6422a0ecb38c6f714a
          Size/MD5 checksum:   204166 e4f8a67148cf7b703c280ec91f289298
          Size/MD5 checksum:  1944742 31da3121c50c27f4df3be7939cbe7324
          Size/MD5 checksum:   213446 4d431a25410f0e6039f4032c9acf3378
      Sun Sparc architecture:
          Size/MD5 checksum:   168070 0005424068108c85553255259aea5f5b
          Size/MD5 checksum:   128364 0988e532f8ef63759610a007d07bf60b
          Size/MD5 checksum:   184942 62e592a514e25e3c7c5420c5c53f3d8e
          Size/MD5 checksum:   672638 f35942f6694b22af40973af8fb9058a5
          Size/MD5 checksum:     1030 771b441d8c662e3db4c45646f4e6a99b
          Size/MD5 checksum:  9373440 a4560f2a4bc80bbf93829f7bf0a1bc5d
          Size/MD5 checksum:   403276 440bcce7ec880544cff5bba723239473
          Size/MD5 checksum:   158336 d0ecad8b66d39437bec068ee8e182397
          Size/MD5 checksum:  3340588 5f44ff3da184961882044aef4a46e696
          Size/MD5 checksum:   112516 83e39c205c5098b2e0b58c1301a39705
          Size/MD5 checksum:   204156 ae1c34bb6889e7912fb210d120f5d7f8
          Size/MD5 checksum:  1583742 fa8be53ec188d2471269ea2b88142e51
          Size/MD5 checksum:   168022 e8bd471a692f313db05316ecf5e4c7b8
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.