Package : mozilla-firefox Vulnerability : multiple Problem type : remote Debian-specific: no CVE Id(s) : CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
Multiple security vulnerabilities have been identified in the mozilla-firefox web browser. These vulnerabilities could allow an attacker to execute code on the victim's machine via specially crafted network resources.
Heap overrun in XBM image processing
Denial of service (crash) and possible execution of arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
XMLHttpRequest header spoofing
Object spoofing using XBL <implements>
Privilege escalation using about: scheme
Chrome window spoofing allowing windows to be created without UI components such as a URL bar or status bar that could be used to carry out phishing attacks
For the stable distribution (sarge), these problems have been fixed in version 1.0.4-2sarge5
For the unstable distribution (sid), these problems have been fixed in version 1.0.7-1
We recommend that you upgrade your mozilla-firefox package.
Upgrade Instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge - --------------------------------