Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:143-1)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A number of security vulnerabilities have been discovered and
corrected in the latest Mozilla Firefox program.

Previous updates to Firefox were patch fixes to Firefox 1.0.6 that
brought it in sync with 1.0.8 in terms of security fixes. In this
update, Mozilla Firefox 1.5.0.6 is being provided which corrects a
number of vulnerabilities that were previously unpatched, as well as
providing new and enhanced features.

The following CVE names have been corrected with this update:
CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776,
CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780,
CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785,
CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677,
CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807,
CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805,
CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811,
CVE-2006-3812.

Update :

The previous language packages were not correctly tagged for the new
Firefox which resulted in many of them not loading properly. These
updated language packages correct the problem.

See also :

http://www.mozilla.org/security/announce/2006/mfsa2006-31.html
http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
http://www.mozilla.org/security/announce/2006/mfsa2006-33.html
http://www.mozilla.org/security/announce/2006/mfsa2006-34.html
http://www.mozilla.org/security/announce/2006/mfsa2006-35.html
http://www.mozilla.org/security/announce/2006/mfsa2006-36.html
http://www.mozilla.org/security/announce/2006/mfsa2006-37.html
http://www.mozilla.org/security/announce/2006/mfsa2006-38.html
http://www.mozilla.org/security/announce/2006/mfsa2006-39.html
http://www.mozilla.org/security/announce/2006/mfsa2006-41.html
http://www.mozilla.org/security/announce/2006/mfsa2006-42.html
http://www.mozilla.org/security/announce/2006/mfsa2006-43.html
http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
http://www.mozilla.org/security/announce/2006/mfsa2006-56.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true