mozilla-firefox -- several vulnerabilities

ID DSA-1225
Type debian
Reporter Debian
Modified 2006-12-03T00:00:00


This update covers packages for the little endian MIPS architecture missing in the original advisory. For reference please find below the original advisory text:

> Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: > > * CVE-2006-4310 > > Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service. > > * CVE-2006-5462 > > Ulrich Kühn discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. > > * CVE-2006-5463 > > shutdown discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. > > * CVE-2006-5464 > > Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. > > * CVE-2006-5748 > > Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code. > > This update also addresses several crashes, which could be triggered by malicious websites and fixes a regression introduced in the previous Mozilla update.

For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge13.

For the unstable distribution (sid) these problems have been fixed in the current iceweasel package 2.0+dfsg-1.

We recommend that you upgrade your mozilla-firefox package.