-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1044-1 security@xxxxxxxxxx http://www.debian.org/security/ Martin Schulze April 26th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : mozilla-firefox Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2006-0293 CVE-2006-0292 CVE-2005-4134 CVE-2006-0296 CVE-2006-1741 CVE-2006-1742 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1790 CVE-2006-1740 CVE-2006-1736 CVE-2006-1735 CVE-2006-1734 CVE-2006-1733 CVE-2006-1732 CVE-2006-0749 CVE-2006-1731 CVE-2006-1730 CVE-2006-1729 CVE-2006-1728 CVE-2006-1727 CVE-2006-0748 CERT advisories: VU#179014 VU#252324 VU#329500 VU#488774 VU#492382 VU#592425 VU#736934 VU#813230 VU#842094 VU#932734 VU#935556 BugTraq IDs : 15773 16476 17516 Debian Bugs : 363935 362656 Several security related problems have been discovered in Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2005-4134 Web pages with extremely long titles cause subsequent launches of the browser to appear to "hang" for up to a few minutes, or even crash if the computer has insufficient memory. [MFSA-2006-03] CVE-2006-0292 The Javascript interpreter does not properly dereference objects, which allows remote attackers to cause a denial of service or execute arbitrary code. [MFSA-2006-01] CVE-2006-0293 The function allocation code allows attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-01] CVE-2006-0296 XULDocument.persist() did not validate the attribute name, allowing an attacker to inject arbitrary XML and JavaScript code into localstore.rdf that would be read and acted upon during startup. [MFSA-2006-05] CVE-2006-0748 An anonymous researcher for TippingPoint and the Zero Day Initiative reported that an invalid and nonsensical ordering of table-related tags can be exploited to execute arbitrary code. [MFSA-2006-27] CVE-2006-0749 A particular sequence of HTML tags can cause memory corruption that can be exploited to exectute arbitary code. [MFSA-2006-18] CVE-2006-1727 Georgi Guninski reported two variants of using scripts in an XBL control to gain chrome privileges when the page is viewed under "Print Preview".under "Print Preview". [MFSA-2006-25] CVE-2006-1728 "shutdown" discovered that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user running the browser, which could enable an attacker to install malware. [MFSA-2006-24] CVE-2006-1729 Claus Jørgensen reported that a text input box can be pre-filled with a filename and then turned into a file-upload control, allowing a malicious website to steal any local file whose name they can guess. [MFSA-2006-23] CVE-2006-1730 An anonymous researcher for TippingPoint and the Zero Day Initiative discovered an integer overflow triggered by the CSS letter-spacing property, which could be exploited to execute arbitrary code. [MFSA-2006-22] CVE-2006-1731 "moz_bug_r_a4" discovered that some internal functions return prototypes instead of objects, which allows remote attackers to conduct cross-site scripting attacks. [MFSA-2006-19] CVE-2006-1732 "shutdown" discovered that it is possible to bypass same-origin protections, allowing a malicious site to inject script into content from another site, which could allow the malicious page to steal information such as cookies or passwords from the other site, or perform transactions on the user's behalf if the user were already logged in. [MFSA-2006-17] CVE-2006-1733 "moz_bug_r_a4" discovered that the compilation scope of privileged built-in XBL bindings is not fully protected from web content and can still be executed which could be used to execute arbitrary JavaScript, which could allow an attacker to install malware such as viruses and password sniffers. [MFSA-2006-16] CVE-2006-1734 "shutdown" discovered that it is possible to access an internal function object which could then be used to run arbitrary JavaScriptcode with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-15] CVE-2006-1735 It is possible to create JavaScript functions that would get compiled with the wrong privileges, allowing an attacker to run code of their choice with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-14] CVE-2006-1736 It is possible to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable. [MFSA-2006-13] CVE-2006-1737 An integer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary bytecode via JavaScript with a large regular expression. [MFSA-2006-11] CVE-2006-1738 An unspecified vulnerability allows remote attackers to cause a denial of service. [MFSA-2006-11] CVE-2006-1739 Certain Cascading Style Sheets (CSS) can cause an out-of-bounds array write and buffer overflow that could lead to a denial of service and the possible execution of arbitrary code. [MFSA-2006-11] CVE-2006-1740 It is possible for remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. [MFSA-2006-12] CVE-2006-1741 "shutdown" discovered that it is possible to inject arbitrary JavaScript code into a page on another site using a modal alert to suspend an event handler while a new page is being loaded. This could be used to steal confidential information. [MFSA-2006-09] CVE-2006-1742 Igor Bukanov discovered that the JavaScript engine does not properly handle temporary variables, which might allow remote attackers to trigger operations on freed memory and cause memory corruption, causing memory corruption. [MFSA-2006-10] CVE-2006-1790 A regression fix that could lead to memory corruption allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-11] For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge6. For the unstable distribution (sid) these problems have been fixed in version 1.5.dfsg+1.5.0.2-2. We recommend that you upgrade your Mozilla Firefox packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6.dsc Size/MD5 checksum: 1001 09c185f1a695fd7b01494c7612e123bf http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6.diff.gz Size/MD5 checksum: 381739 0582bbb1766855b1e82c25a39109480a http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d Alpha architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_alpha.deb Size/MD5 checksum: 11171196 55e56e5a9306f5ea4d1508140836c042 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_alpha.deb Size/MD5 checksum: 168162 9c4d068815e6e6239970f3b248456622 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_alpha.deb Size/MD5 checksum: 60002 532591335d84fc3f28e8c91f829a33c5 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFET5mhW5ql+IAeqTIRAhQiAKCJdrXOfWhgc/ZOuBRgnUHo9wJRagCbB2dy iXGMz9cSYHObcMeNtF8fGac= =glJt -----END PGP SIGNATURE-----
