Debian DSA-838-1 : mozilla-firefox - multiple vulnerabilities
High Nessus Plugin ID 19807
SynopsisThe remote Debian host is missing a security-related update.
DescriptionMultiple security vulnerabilities have been identified in the mozilla-firefox web browser. These vulnerabilities could allow an attacker to execute code on the victim's machine via specially crafted network resources.
- CAN-2005-2701 Heap overrun in XBM image processing
Denial of service (crash) and possible execution of arbitrary code via Unicode sequences with 'zero-width non-joiner' characters.
XMLHttpRequest header spoofing
Object spoofing using XBL <implements>
Privilege escalation using about: scheme
Chrome window spoofing allowing windows to be created without UI components such as a URL bar or status bar that could be used to carry out phishing attacks
SolutionUpgrade the mozilla-firefox package.
For the stable distribution (sarge), these problems have been fixed in version 1.0.4-2sarge5.