mozilla-firefox - several

Several security related problems have been discovered in Mozilla
Firefox. The Common Vulnerabilities and Exposures project identifies
the following vulnerabilities:

• CVE-2005-4134
  Web pages with extremely long titles cause subsequent launches of
  the browser to appear to “hang” for up to a few minutes, or even
  crash if the computer has insufficient memory. [MFSA-2006-03]
• CVE-2006-0292
  The JavaScript interpreter does not properly dereference objects,
  which allows remote attackers to cause a denial of service or
  execute arbitrary code. [MFSA-2006-01]
• CVE-2006-0293
  The function allocation code allows attackers to cause a denial of
  service and possibly execute arbitrary code. [MFSA-2006-01]
• CVE-2006-0296
  XULDocument.persist() did not validate the attribute name,
  allowing an attacker to inject arbitrary XML and JavaScript code
  into localstore.rdf that would be read and acted upon during
  startup. [MFSA-2006-05]
• CVE-2006-0748
  An anonymous researcher for TippingPoint and the Zero Day
  Initiative reported that an invalid and nonsensical ordering of
  table-related tags can be exploited to execute arbitrary code.
  [MFSA-2006-27]
• CVE-2006-0749
  A particular sequence of HTML tags can cause memory corruption
  that can be exploited to execute arbitrary code. [MFSA-2006-18]
• CVE-2006-1727
  Georgi Guninski reported two variants of using scripts in an XBL
  control to gain chrome privileges when the page is viewed under
  “Print Preview”. [MFSA-2006-25]
• CVE-2006-1728
  “shutdown” discovered that the crypto.generateCRMFRequest method
  can be used to run arbitrary code with the privilege of the user
  running the browser, which could enable an attacker to install
  malware. [MFSA-2006-24]
• CVE-2006-1729
  Claus Jørgensen reported that a text input box can be pre-filled
  with a filename and then turned into a file-upload control,
  allowing a malicious website to steal any local file whose name
  they can guess. [MFSA-2006-23]
• CVE-2006-1730
  An anonymous researcher for TippingPoint and the Zero Day
  Initiative discovered an integer overflow triggered by the CSS
  letter-spacing property, which could be exploited to execute
  arbitrary code. [MFSA-2006-22]
• CVE-2006-1731
  “moz_bug_r_a4” discovered that some internal functions return
  prototypes instead of objects, which allows remote attackers to
  conduct cross-site scripting attacks. [MFSA-2006-19]
• CVE-2006-1732
  “shutdown” discovered that it is possible to bypass same-origin
  protections, allowing a malicious site to inject script into
  content from another site, which could allow the malicious page to
  steal information such as cookies or passwords from the other
  site, or perform transactions on the user’s behalf if the user
  were already logged in. [MFSA-2006-17]
• CVE-2006-1733
  “moz_bug_r_a4” discovered that the compilation scope of privileged
  built-in XBL bindings is not fully protected from web content and
  can still be executed which could be used to execute arbitrary
  JavaScript, which could allow an attacker to install malware such
  as viruses and password sniffers. [MFSA-2006-16]
• CVE-2006-1734
  “shutdown” discovered that it is possible to access an internal
  function object which could then be used to run arbitrary
  JavaScript code with full permissions of the user running the
  browser, which could be used to install spyware or viruses.
  [MFSA-2006-15]
• CVE-2006-1735
  It is possible to create JavaScript functions that would get
  compiled with the wrong privileges, allowing an attacker to run
  code of their choice with full permissions of the user running the
  browser, which could be used to install spyware or viruses.
  [MFSA-2006-14]
• CVE-2006-1736
  It is possible to trick users into downloading and saving an
  executable file via an image that is overlaid by a transparent
  image link that points to the executable. [MFSA-2006-13]
• CVE-2006-1737
  An integer overflow allows remote attackers to cause a denial of
  service and possibly execute arbitrary bytecode via JavaScript
  with a large regular expression. [MFSA-2006-11]
• CVE-2006-1738
  An unspecified vulnerability allows remote attackers to cause a
  denial of service. [MFSA-2006-11]
• CVE-2006-1739
  Certain Cascading Style Sheets (CSS) can cause an out-of-bounds
  array write and buffer overflow that could lead to a denial of
  service and the possible execution of arbitrary code. [MFSA-2006-11]
• CVE-2006-1740
  It is possible for remote attackers to spoof secure site
  indicators such as the locked icon by opening the trusted site in
  a popup window, then changing the location to a malicious site.
  [MFSA-2006-12]
• CVE-2006-1741
  “shutdown” discovered that it is possible to inject arbitrary
  JavaScript code into a page on another site using a modal alert to
  suspend an event handler while a new page is being loaded. This
  could be used to steal confidential information. [MFSA-2006-09]
• CVE-2006-1742
  Igor Bukanov discovered that the JavaScript engine does not
  properly handle temporary variables, which might allow remote
  attackers to trigger operations on freed memory and cause memory
  corruption. [MFSA-2006-10]
• CVE-2006-1790
  A regression fix that could lead to memory corruption allows
  remote attackers to cause a denial of service and possibly execute
  arbitrary code. [MFSA-2006-11]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-2sarge6.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.dfsg+1.5.0.2-2.

We recommend that you upgrade your Mozilla Firefox packages.