Synopsis :

The remote Debian host is missing a security-related update.

Description :

Several security related problems have been discovered in Mozilla. The
Common Vulnerabilities and Exposures project identifies the following
vulnerabilities :

- CVE-2006-1942
Eric Foley discovered that a user can be tricked to
expose a local file to a remote attacker by displaying a
local file as image in connection with other
vulnerabilities. [MFSA-2006-39]

- CVE-2006-2775
XUL attributes are associated with the wrong URL under
certain circumstances, which might allow remote
attackers to bypass restrictions. [MFSA-2006-35]

- CVE-2006-2776
Paul Nickerson discovered that content-defined setters
on an object prototype were getting called by privileged
user interface code, and 'moz_bug_r_a4' demonstrated
that the higher privilege level could be passed along to
the content-defined attack code. [MFSA-2006-37]

- CVE-2006-2777
A vulnerability allows remote attackers to execute
arbitrary code and create notifications that are
executed in a privileged context. [MFSA-2006-43]

- CVE-2006-2778
Mikolaj Habryn discovered a buffer overflow in the
crypto.signText function that allows remote attackers to
execute arbitrary code via certain optional Certificate
Authority name arguments. [MFSA-2006-38]

- CVE-2006-2779
Mozilla team members discovered several crashes during
testing of the browser engine showing evidence of memory
corruption which may also lead to the execution of
arbitrary code. This problem has only partially been
corrected. [MFSA-2006-32]

- CVE-2006-2780
An integer overflow allows remote attackers to cause a
denial of service and may permit the execution of
arbitrary code. [MFSA-2006-32]

- CVE-2006-2782
Chuck McAuley discovered that a text input box can be
pre-filled with a filename and then turned into a
file-upload control, allowing a malicious website to
steal any local file whose name they can guess.
[MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]

- CVE-2006-2783
Masatoshi Kimura discovered that the Unicode
Byte-order-Mark (BOM) is stripped from UTF-8 pages
during the conversion to Unicode before the parser sees
the web page, which allows remote attackers to conduct
cross-site scripting (XSS) attacks. [MFSA-2006-42]

- CVE-2006-2784
Paul Nickerson discovered that the fix for CVE-2005-0752
can be bypassed using nested javascript: URLs, allowing
the attacker to execute privileged code. [MFSA-2005-34,
MFSA-2006-36]

- CVE-2006-2785
Paul Nickerson demonstrated that if an attacker could
convince a user to right-click on a broken image and
choose 'View Image' from the context menu then he could
get JavaScript to run. [MFSA-2006-34]

- CVE-2006-2786
Kazuho Oku discovered that Mozilla's lenient handling of
HTTP header syntax may allow remote attackers to trick
the browser to interpret certain responses as if they
were responses from two different sites. [MFSA-2006-33]

- CVE-2006-2787
The Mozilla researcher 'moz_bug_r_a4' discovered that
JavaScript run via EvalInSandbox can escape the sandbox
and gain elevated privilege. [MFSA-2006-31]

See also :

http://security-tracker.debian.org/tracker/CVE-2006-1942
http://security-tracker.debian.org/tracker/CVE-2006-2775
http://security-tracker.debian.org/tracker/CVE-2006-2776
http://security-tracker.debian.org/tracker/CVE-2006-2777
http://security-tracker.debian.org/tracker/CVE-2006-2778
http://security-tracker.debian.org/tracker/CVE-2006-2779
http://security-tracker.debian.org/tracker/CVE-2006-2780
http://security-tracker.debian.org/tracker/CVE-2006-2782
http://security-tracker.debian.org/tracker/CVE-2006-1729
http://security-tracker.debian.org/tracker/CVE-2006-2783
http://security-tracker.debian.org/tracker/CVE-2006-2784
http://security-tracker.debian.org/tracker/CVE-2005-0752
http://security-tracker.debian.org/tracker/CVE-2006-2785
http://security-tracker.debian.org/tracker/CVE-2006-2786
http://security-tracker.debian.org/tracker/CVE-2006-2787
http://www.debian.org/security/2006/dsa-1120

Solution :

Upgrade the Mozilla Firefox packages.

For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-2sarge9.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true