Debian Security Advisory
DSA-1161-2 mozilla-firefox -- several vulnerabilities
- Date Reported:
- 29 Aug 2006
- Affected Packages:
- mozilla-firefox
- Vulnerable:
- Yes
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 19181.
In Mitre's CVE dictionary: CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3811.
CERT's vulnerabilities, advisories and incident notes: VU#655892, VU#687396, VU#876420. - More information:
-
The latest security updates of Mozilla Firefox introduced a regression that led to a dysfunctional attachment panel which warrants a correction to fix this issue. For reference please find below the original advisory text:
Several security related problems have been discovered in Mozilla and derived products like Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
- CVE-2006-3805
The Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]
- CVE-2006-3806
Multiple integer overflows in the Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]
- CVE-2006-3807
Specially crafted Javascript allows remote attackers to execute arbitrary code. [MFSA-2006-51]
- CVE-2006-3808
Remote Proxy AutoConfig (PAC) servers could execute code with elevated privileges via a specially crafted PAC script. [MFSA-2006-52]
- CVE-2006-3809
Scripts with the UniversalBrowserRead privilege could gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data. [MFSA-2006-53]
- CVE-2006-3811
Multiple vulnerabilities allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. [MFSA-2006-55]
For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge11.
For the unstable distribution (sid) these problems have been fixed in version 1.5.dfsg+1.5.0.5-1.
We recommend that you upgrade your mozilla-firefox package.
- CVE-2006-3805
- Fixed in:
-
Debian GNU/Linux 3.1 (sarge)
- Source:
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11.dsc
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11.diff.gz
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_sparc.deb
MD5 checksums of the listed files are available in the original advisory.
MD5 checksums of the listed files are available in the revised advisory.