User: Password:
Subscribe / Log in / New account

Debian alert DSA-779-1 (mozilla-firefox)

From: (Martin Schulze)
To: (Debian Security Announcements)
Subject:  [SECURITY] [DSA 779-1] New Mozilla Firefox packages fix several vulnerabilities
Date:  Sat, 20 Aug 2005 15:35:34 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 779-1 Martin Schulze August 20th, 2005 - -------------------------------------------------------------------------- Package : mozilla-firefox Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270 BugTraq ID : 14242 Debian Bug : 318061 Several problems have been discovered in Mozilla Firefox, a lightweight web browser based on Mozilla. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-2260 The browser user interface does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. CAN-2005-2261 XML scripts ran even when Javascript disabled. CAN-2005-2262 The user can be tricked to executing arbitrary JavaScript code by using a JavaScript URL as wallpaper. CAN-2005-2263 It is possible for a remote attacker to execute a callback function in the context of another domain (i.e. frame). CAN-2005-2264 By opening a malicious link in the sidebar it is possible for remote attackers to steal sensitive information. CAN-2005-2265 Missing input sanitising of InstallVersion.compareTo() can cause the application to crash. CAN-2005-2266 Remote attackers could steal sensitive information such as cookies and passwords from web sites by accessing data in alien frames. CAN-2005-2267 By using standalone applications such as Flash and QuickTime to open a javascript: URL, it is possible for a remote attacker to steal sensitive information and possibly execute arbitrary code. CAN-2005-2268 It is possible for a Javascript dialog box to spoof a dialog box from a trusted site and facilitates phishing attacks. CAN-2005-2269 Remote attackers could modify certain tag properties of DOM nodes that could lead to the execution of arbitrary script or code. CAN-2005-2270 The Mozilla browser familie does not properly clone base objects, which allows remote attackers to execute arbitrary code. The old stable distribution (woody) is not affected by these problems. For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge2. For the unstable distribution (sid) these problems have been fixed in version 1.0.6-1. We recommend that you upgrade your Mozilla Firefox packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 1001 a5cf2fc8bc04662e6c192c15666011e4 Size/MD5 checksum: 285974 45e66f5ddde0d5c016fd15268da0e522 Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d Alpha architecture: Size/MD5 checksum: 11162656 4c8e579214a7bd4030303c6e33ec95f7 Size/MD5 checksum: 166698 027d4c7fddb899faff3ef9928864bb71 Size/MD5 checksum: 58528 2cff714da9bf45d1112621132f9fc940 AMD64 architecture: Size/MD5 checksum: 9396736 0a28ce7a8f6f783f16c201fc0daf6e0a Size/MD5 checksum: 161458 f9384873ae04a233001b37088abc510a Size/MD5 checksum: 57012 b09a95b0f7587001540398f1a5fce173 ARM architecture: Size/MD5 checksum: 8216228 9ca98872228db6ba98cf5123d642fc4b Size/MD5 checksum: 152944 e0dc5a23ec713373753bcdf4e774c6f7 Size/MD5 checksum: 52362 decd529d18ee714bcf2dbe5a82e53e37 Intel IA-32 architecture: Size/MD5 checksum: 8887610 54e66239bff8195d09a76a8b0c65e096 Size/MD5 checksum: 156664 e40d4387cdf627df5706e8a83f39640d Size/MD5 checksum: 53906 3bc7062690df1334a92eeeae36819ea0 Intel IA-64 architecture: Size/MD5 checksum: 11615046 5b41f9a2f87e8bc9017c94cd5b24b180 Size/MD5 checksum: 167044 67972c83f83c325861b21ff6486519e9 Size/MD5 checksum: 61720 86ecafea4b179e1739ea521402d2e53b HP Precision architecture: Size/MD5 checksum: 10264776 822d581c33a2628807fd955c1a72a66a Size/MD5 checksum: 164432 bf6da3e624453a2b9669f889e56c0a76 Size/MD5 checksum: 57512 aa8ee4e91cdead5a455a70c3608ba85e Motorola 680x0 architecture: Size/MD5 checksum: 8166186 6ae9415318e2156f420b1926936f28b6 Size/MD5 checksum: 155562 54c6667bd665e961b5bd45c2b44df43d Size/MD5 checksum: 53176 7c3a5484eb5d7155181653d25f927af1 Big endian MIPS architecture: Size/MD5 checksum: 9917724 bc430e659978ea1114dc38c0982a5917 Size/MD5 checksum: 154452 84399a208bda215a7983bc2f35f30bd2 Size/MD5 checksum: 54188 f6ea0de213759e27da7dc5c06c6a5e57 Little endian MIPS architecture: Size/MD5 checksum: 9802342 7e995ec5e6ee01d2ebc86d8e6e77d58a Size/MD5 checksum: 154006 110274d1994cfe33062244e28ee04fd6 Size/MD5 checksum: 54012 83610c805d36e4cea229cab960a06e32 PowerPC architecture: Size/MD5 checksum: 8560170 ac40dd1ebef525009556eac5f5dbeff3 Size/MD5 checksum: 155046 ab31c9d12c13b9e63a4af5f8babcb6ad Size/MD5 checksum: 56300 dab2c4918f383416a2418c2327988cc1 IBM S/390 architecture: Size/MD5 checksum: 9635642 2514b2a60f87aedff82c0d5c29f53f25 Size/MD5 checksum: 162076 2a3fe0537ebeebc2ea9f1a3aa952279c Size/MD5 checksum: 56488 a914c752690bc8abcb6ad247d73dc041 Sun Sparc architecture: Size/MD5 checksum: 8649734 60765d2a2480a9aa5b45d288a2d6df65 Size/MD5 checksum: 155298 9aab4bf6a3a7187243b60b044ed4d80c Size/MD5 checksum: 52734 5af8d15d55aa1d13e80776e1079c2007 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: Package info: `apt-cache show <pkg>' and<pkg>> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDBzGlW5ql+IAeqTIRAts4AKCWr8HJM0OMD1owrJnTK8Tp//+kkgCePaRv AZJnTiHLIzbaxDV8362FXzA= =+ShV -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to with a subject of "unsubscribe". Trouble? Contact

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds