Package : mozilla-firefox Vulnerability : multiple Problem type : remote Debian-specific: no CVE Id(s) : CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
Multiple security vulnerabilities have been identified in the mozilla-firefox web browser. These vulnerabilities could allow an attacker to execute code on the victim's machine via specially crafted network resources.
CAN-2005-2701
Heap overrun in XBM image processing
CAN-2005-2702
Denial of service (crash) and possible execution of arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
CAN-2005-2703
XMLHttpRequest header spoofing
CAN-2005-2704
Object spoofing using XBL <implements>
CAN-2005-2705
JavaScript integer overflow
CAN-2005-2706
Privilege escalation using about: scheme
CAN-2005-2707
Chrome window spoofing allowing windows to be created without UI components such as a URL bar or status bar that could be used to carry out phishing attacks
For the stable distribution (sarge), these problems have been fixed in version 1.0.4-2sarge5
For the unstable distribution (sid), these problems have been fixed in version 1.0.7-1
We recommend that you upgrade your mozilla-firefox package.
Upgrade Instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge - --------------------------------