mozilla-firefox

This update covers packages for the little endian MIPS architecture
missing in the original advisory. For reference please find below the
original advisory text:

>
> Several security related problems have been discovered in Mozilla and
> derived products such as Mozilla Firefox. The Common Vulnerabilities
> and Exposures project identifies the following vulnerabilities:
>
>
> * CVE-2006-4310
> Tomas Kempinsky discovered that malformed FTP server responses
> could lead to denial of service.
> * CVE-2006-5462
> Ulrich KĂźhn discovered that the correction for a cryptographic
> flaw in the handling of PKCS-1 certificates was incomplete, which
> allows the forgery of certificates.
> * CVE-2006-5463
> shutdown discovered that modification of JavaScript objects
> during execution could lead to the execution of arbitrary
> JavaScript bytecode.
> * CVE-2006-5464
> Jesse Ruderman and Martijn Wargers discovered several crashes in
> the layout engine, which might also allow execution of arbitrary
> code.
> * CVE-2006-5748
> Igor Bukanov and Jesse Ruderman discovered several crashes in the
> JavaScript engine, which might allow execution of arbitrary code.
>
>
> This update also addresses several crashes, which could be triggered by
> malicious websites and fixes a regression introduced in the previous
> Mozilla update.
>
>
>

For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-2sarge13.

For the unstable distribution (sid) these problems have been fixed in
the current iceweasel package 2.0+dfsg-1.

We recommend that you upgrade your mozilla-firefox package.