Debian DSA-1161-2 : mozilla-firefox - several vulnerabilities

high Nessus Plugin ID 22703

Synopsis

The remote Debian host is missing a security-related update.

Description

The latest security updates of Mozilla Firefox introduced a regression that led to a dysfunctional attachment panel which warrants a correction to fix this issue. For reference please find below the original advisory text :

Several security related problems have been discovered in Mozilla and derived products like Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities :

- CVE-2006-3805 The JavaScript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]

- CVE-2006-3806 Multiple integer overflows in the JavaScript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]

- CVE-2006-3807 Specially crafted JavaScript allows remote attackers to execute arbitrary code. [MFSA-2006-51]

- CVE-2006-3808 Remote Proxy AutoConfig (PAC) servers could execute code with elevated privileges via a specially crafted PAC script. [MFSA-2006-52]

- CVE-2006-3809 Scripts with the UniversalBrowserRead privilege could gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data. [MFSA-2006-53]

- CVE-2006-3811 Multiple vulnerabilities allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. [MFSA-2006-55]

Solution

Upgrade the mozilla-firefox package.

For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge11.

See Also

http://www.debian.org/security/2006/dsa-1161

https://security-tracker.debian.org/tracker/CVE-2006-3805

https://security-tracker.debian.org/tracker/CVE-2006-3806

https://security-tracker.debian.org/tracker/CVE-2006-3807

https://security-tracker.debian.org/tracker/CVE-2006-3808

https://security-tracker.debian.org/tracker/CVE-2006-3809

https://security-tracker.debian.org/tracker/CVE-2006-3811

Plugin Details

Severity: High

ID: 22703

File Name: debian_DSA-1161.nasl

Version: 1.25

Type: local

Agent: unix

Published: 10/14/2006

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:mozilla-firefox, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/25/2006

Reference Information

CVE: CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3811

BID: 19181

CERT: 655892, 687396, 876420

DSA: 1161