Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs

Partner Sites
JustLinux.com
Linux Planet
PHPBuilder
Technology Jobs

Top White Papers

Current Newswire:

More on LinuxToday

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume

Advisories, August 29, 2006

Aug 30, 2006, 03:45 (0 Talkback[s])

Debian GNU/Linux

Debian Security Advisory DSA 1160-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 29th, 2006 http://www.debian.org/security/faq

Package : mozilla
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
BugTraq IDs : 18228 19181

Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2006-2779

Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption which may also lead to the execution of arbitrary code. The last bit of this problem will be corrected with the next update. You can prevent any trouble by disabling Javascript. [MFSA-2006-32]

CVE-2006-3805

The Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]

CVE-2006-3806

Multiple integer overflows in the Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]

CVE-2006-3807

Specially crafted Javascript allows remote attackers to execute arbitrary code. [MFSA-2006-51]

CVE-2006-3808

Remote AutoConfig (PAC) servers could execute code with elevated privileges via a specially crafted PAC script. [MFSA-2006-52]

CVE-2006-3809

Scripts with the UniversalBrowserRead privilege could gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data. [MFSA-2006-53]

CVE-2006-3810

A cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML. [MFSA-2006-54]

For the stable distribution (sarge) these problems have been fixed in version 1.7.8-1sarge7.2.1.

For the unstable distribution (sid) these problems won't be fixed since its end of lifetime has been reached and the package will soon be removed.

We recommend that you upgrade your mozilla package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1.dsc
      Size/MD5 checksum: 1131 2bd30d0e1391b9705d1c8bcdcb9aa3e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1.diff.gz
      Size/MD5 checksum: 531386 81427d72e82e1117623773ef1d9e0d92
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 168074 eac003641c1939a8b4bef7497c374ba6
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 147532 e0a6fb3ce5c6de10c698cff9b80cc117
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 184942 223249982ca92e440245a6bb9d75d533
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 857098 8b0e75af2905326a5d9e67be91c9aac8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 1040 66b38827a857248465f223152b80f204
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 11484928 d27d68018193d11fe6781e41feb81678
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 403300 153ac5f793787cefc5ae5678ef844e4b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 158344 245e5dd64c3c328b5c02408e244db629
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 3358858 aa3043c1f46a6c5bfdc67efb433c7572
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 122304 54105650c2458ff3c29825cbc6295144
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 204164 05fb25c76ab388ffc0cd1930ed7fa780
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 1937180 0b49f5a4694fa5dccb024ae2d9399077
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 212580 db8f16769dd27e8241dd073225433b74

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 168070 b42a4f421d392323c5ccf78f59a446f9
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 146634 108d35f0e9303db9b5c2d803f33d29fb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 184962 dae604dee94ff87f0883c8bcbaed87de
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 715462 b8a19b3a0729575842ffc45f6cc525ce
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 1034 2eb59559388c253878b92b4b566d32f5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 10948874 79783e1204731d378de0de64e2e060ff
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 403290 9060ed97202c1419e75511e1117a2e69
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 158342 15fd68de4bd67ece8b11477f4bc813c8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 3352804 9cd9ee777bca717e736d3eecb4813adf
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 121184 e383a9b3187337765fd635eb75333469
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 204172 3a9ee9ae111fb1f6c8b09860869aedbe
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 1936078 b973fcfa00570b490e3d4884d9c6e825
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 204426 999ddfb35f3a0b8a974aeae56c22dc65

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum: 168074 a836b7a5b37b78aaebcb61ff654e3cf2
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum: 124986 2e2ca9f9bd5665ac32c42952a452796b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum: 184962 8fb34805a06ab453ba89d0c23e4f9e5b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum: 632686 6c8279f37ffc94cfd53ed83a5c180a8b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum: 1038 7d522787331c0e28b5f7c6c1af24cce9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum: 9219618 782774e232a36315020a29df714397a0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum: 403348 f925ff6457b707657779b5b4fe421cd0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum: 158366 ac6ba8d892c154c57d71cfe0a208da1a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum: 3342412 c4740ddaba9219a6c94ad1d3d2907cbd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum: 112662 9865794389927f4b199020c5ef66cafe
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum: 204186 0e66cf4d32d251121edad264c6ed61ae
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum: 1604474 c68c19164028881a7e9d190a5a8c73f2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum: 169044 99d262cc2a412f938fd62dd5cb80d4aa

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 170346 c96f11b70b94d0f7a5dd198ae0270316
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 137444 d5505057ab521c13c9b9df8faf1898ad
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 187130 fbb5013961c323e1a6eac06a972399fb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 662236 11505452778ab2a6f62b8b12690e327a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 1036 c90cf11f05a6db492676075f10455caa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 10346294 690c7568c81116dc99575e67c02c26c7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 403522 31bf91f8cc9a86f67cce7b1bbbd6bc7b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 158376 ee2658cae1ba55a281b06ebde593659a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 3594716 f8c1546c3530793960246557fbcf382c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 116690 21d708a27dd00ef6f7143e9f9a6cdf73
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 204178 b6a41c12e4c7008177f8746fab92901a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 1816154 77f5e242fdc4adb1924be7f975a2405c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 192744 eb2e3a4bc87212eca06c12f1e7d46521

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 168072 7209fb036521f59fd735e703ec79400e
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 174978 10ba506a46b231aeee34dd51510ffee8
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 184954 d3cba059a9c48a693418fd96e791f57e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 967402 052903f29e606cad5e4182773a42d416
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 1034 152faf535691f3f8ebe217cc0d37422c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 12961084 020b12eb88202d7d3ae166ecfa828878
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 403296 bb77bbcaad98b8a86369c72ccc026011
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 158342 f1f091c558fd2d6075373b9472190cf1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 3378634 2f3091a1d77aee6324eb818ade2c817d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 125590 53ca1454eebe786c7ff1c3f68940d434
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 204164 68889825552d42960a9c047f5db4ead5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 2302378 c66ad68e4c2ee6d463dcaa1f7e795463
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 242830 1fa9d4351819c18bc4b773c682ad74de

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 168076 66d61d5be7abd2e8b74a6c96198e9552
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 157562 0104f3dfd071237a5cfa40c5ee433575
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 184960 999ee07a9b0c90f504d00ca54c139198
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 755388 764a9d45fbf49b17d9d5aadb89d85829
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 1040 c5b34199e97ffc378d3fd2d9dcf72bea
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 12168102 6dec58cb9458522eae398920e9aed844
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 403306 6188aa3503a805bd203c62610c4e3ced
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 158346 44964603e4dbed4635cfb16095665ef7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 3359148 eb36fb8717e781f36760147898718d94
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 123522 65537d7af21935b0b92749ca351e17be
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 204174 f945cf55aabf0ab174f04e88b4180620
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 2135256 640e1fbc9bc8a2d5f84ffbbcaee57567
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 216396 1fcca2871418d7411b2c247b31a656f7

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum: 168092 fe86bb2ca8abc891c409057990732610
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum: 126642 07e87b835240123e3a0b823a34aabe95
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum: 184984 6cf1417d36748d1a9b9547174b74d177
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum: 600730 576d83b5963a8ffc881daed75e6c6f6f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum: 1044 e28e82a08d4b72b4eecb426a2c19e4e0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum: 9712802 98a468557f08faefcfb386e1b03ce53b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum: 403368 ab30bf829c00290b4cbc3b63786029c2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum: 158406 77bc46299d455fe392bd60a3037e205f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum: 3337004 297f3a2e48d9375a32e90b93a8763871
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum: 114468 21fe6664bf23421fcba559396134fcf0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum: 204184 058b99007e3e3fac132353330c464dea
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum: 1683152 8948cd6b6c7e1c0da51264f1d7ffb6a0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum: 174924 b2da7692c92862df050caeb6060246f1

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 168072 ef741effd5c0d92bfd1006a067fd420f
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 141500 23dcf154e495b937c76b0d08c8ba3af1
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 184950 573206997817d3b0c52f3f74f0f0935e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 726474 b411fb639491df2df5258b3b23cf115f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 1040 2053ec9d35e7de4ddccbc4bd9e068dd3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 10735382 04afb86059c770780b2c5ed9574b252a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 403278 b33128eba36459050025687c1b97251d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 158356 2eaa19cd569a150fb0888a905dbfdfa6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 3358818 d1de9be804d868b1cb6b01ff14818bb5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 117622 b9cbc88e07c6ba01713f573099dcac35
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 204164 c24dc616bc0019537a371281b6c5ce21
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 1795562 294cae49d1f538a2326de93caf90ef2a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 189932 5fc63acfb905a864466afc317ad62764

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 168076 52d5bb8de3bcac5af1b9c7161253fc6e
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 141448 759d76f0c1f1a3141aa7e5b6fa738cd2
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 184952 1613e4a0ebb0b01215c3f50622906953
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 715936 dea4e33f2242680a9f6992a7ebe69f69
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 1042 a1c3ebbbd7ec67a49483b5ac811ef24d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 10610812 3c6e191ecd90394cc89d5917f88b3811
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 403296 f0fc353a203378cd9051ffca1c333ee7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 158352 98411cf47fe0952686e12f4be46e7d94
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 3359336 f7afcef1f79da6078e6430af714f952b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 117208 8fcd67e70a26166aec44114139c4d0e0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 204170 a706dca773dd6c03e7d700939fc1e96e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 1777624 f9ec1c606051df270a0f2335857177ad
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 187520 3c28b28ebc6baff0c9bb847a21372e7e

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum: 168082 13e1e7545eed58e1270a0ab2c2d433ca
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum: 131994 24dde066f00f91ed7c303768bf5219fe
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum: 184964 21eff711bbb483906b64e5e168095ed9
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum: 719692 68fd6243189e634a4b0139384efca743
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum: 1046 85e2ca21bc46e736215b4419deaaaeb8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum: 9708312 ae32ace9e83f069280dd57e345e9c951
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum: 403294 713943ac3d06f4b151389688b9344f26
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum: 158358 e298f882d70323a87942d2a110105336
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum: 3341090 64ea6ce84a115bdc20bfa3dcd5b61bfd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum: 114598 912e6c2dddf4835bcd5458d8142b012b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum: 204174 5961f2538d92304d808bdeb36ebfd43b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum: 1643146 cffb2e9d9a2dfeccd12e469525e73e21
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum: 175724 2a597fcb96bd9e8b119f96fc813615e7

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 168068 192a90d8302aba56c5188562e43c11c1
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 157298 12d3bf42c74ef7a00c9d33fa92393e2f
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 184942 849cdda4f8860506bb79f316b89ea365
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 799696 713c51045254abf3d96d55884ee51a6c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 1034 bcafed934a00cdec70c2f62e083e2bf3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 11332328 b869c3b55f45383a4f050d6190c5d979
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 403292 ef466f1e923cc970a1f6edc5695efe49
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 158348 ffbc21fcb1ee262942f775d04b318d93
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 3353464 705a66aa8deafe87aaa9d2509358002d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 121344 6b04648d824b662bca6841bd305b50d5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 204164 b56489b01c9992f25ad694d85e7cc4cc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 1944778 cc4551e2cb4e07c26843245de31ed270
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 213600 be9c36068e6449c0e30a233887ea1d07

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum: 168076 08f44358b647bf2c2ea7f0da859e8ac9
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum: 129208 18b77b286bfba205e942a72eb2baffab
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum: 184942 864ce609343d141ade3c922d138f6f78
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum: 673486 e87272fe32ca15edc9ea340737aa3e0e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum: 1042 7ec6b04120c98b7ab47143fe1141d8d7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum: 9381788 34105262fdd068aafce32b54d5f45236
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum: 403296 ec09417da44a128602cb441462b28816
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum: 158350 bbda61175cf8fc0e9cb5ae24da55b9a4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum: 3342214 e160009ac134ebd9ff0209176a320429
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum: 112516 20e88571138978994c7c05528610a790
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum: 204168 b7b3949f1d80b750efa8f8c2f40c2c6d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum: 1583812 48afe1f55a7d4fd35eb4a42619941979
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum: 168118 35333e0fd86439304bc49d1eded1c4ae

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1161-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 29th, 2006 http://www.debian.org/security/faq

Package : mozilla-firefox
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3811
CERT advisories: VU#655892 VU#687396 VU#876420
BugTraq ID : 19181

Several security related problems have been discovered in Mozilla and derived products like Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2006-3805

The Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]

CVE-2006-3806

Multiple integer overflows in the Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]

CVE-2006-3807

Specially crafted Javascript allows remote attackers to execute arbitrary code. [MFSA-2006-51]

CVE-2006-3808

Remote AutoConfig (PAC) servers could execute code with elevated privileges via a specially crafted PAC script. [MFSA-2006-52]

CVE-2006-3809

Scripts with the UniversalBrowserRead privilege could gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data. [MFSA-2006-53]

CVE-2006-3811

Multiple vulnerabilities allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. [MFSA-2006-55]

For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge10.

For the unstable distribution (sid) these problems have been fixed in version 1.5.dfsg+1.5.0.5-1.

We recommend that you upgrade your mozilla-firefox package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10.dsc
      Size/MD5 checksum: 1003 09583ca7a6bd470e092c5226528ae80c
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10.diff.gz
      Size/MD5 checksum: 419119 3618884176a92d3ac97022e074188e77
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10_alpha.deb
      Size/MD5 checksum: 11