Package: mozilla-firefox
Version: 1.0-2.37.200411220627
Severity: grave
Tags: security
Three security vulnerabilities have been found in Firefox:
I'm write a collective bugreport for all three vulnerabilities, as you'll
they're
all fixed in 1.0.2:
CAN-2005-0399:
An GIF processing error when parsing the obsolete Netscape extension 2 can lead
to
an exploitable heap overrun, allowing an attacker to run arbitrary code on the
user's machine.
CAN-2005-0401:
A malicious page that could lure a user into dragging something (such as a fake
scrollbar) can bypass the restriction on opening privileged XUL. The startup
scripts in the XUL will run with enhanced privilege, though the actions taken
upon merely opening most XUL are benign. So far no way to run arbitrary code
supplied by the attacker has been found, but this could be a stepping-stone to
future attacks.
CAN-2005-0402:
If a user bookmarked a malicious page as a Firefox sidebar panel that page could
execute arbitrary programs by opening a privileged page and injecting javascript
into it.
Cheers,
Moritz
-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.29-univention.1 #1 SMP Thu Jan 27 17:08:46 CET 2005 i686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED]
Versions of packages mozilla-firefox depends on:
ii debianutil 2.5.4.1.200308251040 Miscellaneous utilities specific t
ii fontconfig 2.2.1-2.18.200308310006 generic font configuration library
ii libatk1.0- 1.4.1-1.5.200312191610 The ATK accessibility toolkit
ii libc6 2.3.2-9 GNU C Library: Shared libraries an
ii libfontcon 2.2.1-2.18.200308310006 generic font configuration library
ii libfreetyp 2.1.5-2.3.200310081510 FreeType 2 font engine, shared lib
ii libgcc1 1:3.3.2-0pre4.12.200309291809 GCC support library
ii libglib2.0 2.2.2-1.6.200308220957 The GLib library of C routines
ii libgtk2.0- 2.2.2-2.24.200409211203 The GTK+ graphical user interface
ii libidl0 0.8.2-1.4.200308222135 library for parsing CORBA IDL file
ii libjpeg62 6b-5.4.200308222202 The Independent JPEG Group's JPEG
ii libkrb53 1.3-2.5.200308221740 MIT Kerberos runtime libraries
ii libpango1. 1.2.3-1.15.200408231011 Layout and rendering of internatio
ii libpng12-0 1.2.5.0-8.6.200410161035 PNG library - runtime
ii libstdc++5 1:3.3.2-0pre4.12.200309291809 The GNU Standard C++ Library v3
ii libx11-6 4.3.0-0pre1v5.51.200409211658 X Window System protocol client li
ii libxext6 4.3.0-0pre1v5.51.200409211658 X Window System miscellaneous exte
ii libxft2 2.1.2-6.13.200408230823 FreeType-based font drawing librar
ii libxp6 4.3.0-0pre1v5.51.200409211658 X Window System printing extension
ii libxrender 0.8.2-1.3.200308092126 X Rendering Extension client libra
ii libxt6 4.3.0-0pre1v5.51.200409211658 X Toolkit Intrinsics
ii psmisc 20.2-2.1.2.200308231331 Utilities that use the proc filesy
ii xlibs 4.3.0-0pre1v5.51.200409211658 X Window System client libraries m
ii zlib1g 1:1.2.2-4.15.200501191530 compression library - runtime
-- debconf-show failed
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
