Debian DSA-1161-2 : mozilla-firefox - several vulnerabilities
High Nessus Plugin ID 22703
Synopsis
The remote Debian host is missing a security-related update.
Description
The latest security updates of Mozilla Firefox introduced a regression that led to a dysfunctional attachment panel which warrants a correction to fix this issue. For reference please find below the original advisory text :
Several security related problems have been discovered in Mozilla and derived products like Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities :
- CVE-2006-3805 The JavaScript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]
- CVE-2006-3806 Multiple integer overflows in the JavaScript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]
- CVE-2006-3807 Specially crafted JavaScript allows remote attackers to execute arbitrary code. [MFSA-2006-51]
- CVE-2006-3808 Remote Proxy AutoConfig (PAC) servers could execute code with elevated privileges via a specially crafted PAC script. [MFSA-2006-52]
- CVE-2006-3809 Scripts with the UniversalBrowserRead privilege could gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data. [MFSA-2006-53]
- CVE-2006-3811 Multiple vulnerabilities allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. [MFSA-2006-55]
Solution
Upgrade the mozilla-firefox package.
For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge11.