GoogleOSV:DSA-838-1mozilla-firefox - multiple vulnerabilities
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Multiple security vulnerabilities have been identified in the
mozilla-firefox web browser. These vulnerabilities could allow an
attacker to execute code on the victim’s machine via specially crafted
network resources.
- CAN-2005-2701
Heap overrun in XBM image processing - CAN-2005-2702
Denial of service (crash) and possible execution of arbitrary
code via Unicode sequences with “zero-width non-joiner”
characters. - CAN-2005-2703
XMLHttpRequest header spoofing - CAN-2005-2704
Object spoofing using XBL <implements> - CAN-2005-2705
JavaScript integer overflow - CAN-2005-2706
Privilege escalation using about: scheme - CAN-2005-2707
Chrome window spoofing allowing windows to be created without
UI components such as a URL bar or status bar that could be
used to carry out phishing attacks
For the stable distribution (sarge), these problems have been fixed in
version 1.0.4-2sarge5.
For the unstable distribution (sid), these problems have been fixed in
version 1.0.7-1.
We recommend that you upgrade your mozilla-firefox package.
References
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P