Debian Security Advisory

DSA-1046-1 mozilla -- several vulnerabilities

Date Reported:
27 Apr 2006
Affected Packages:
mozilla
Vulnerable:
Yes
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 15773, BugTraq ID 16476, BugTraq ID 16476, BugTraq ID 16770, BugTraq ID 16881, BugTraq ID 17516.
In Mitre's CVE dictionary: CVE-2005-2353, CVE-2005-4134, CVE-2006-0292, CVE-2006-0293, CVE-2006-0296, CVE-2006-0748, CVE-2006-0749, CVE-2006-0884, CVE-2006-1045, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, CVE-2006-1723, CVE-2006-1724, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1736, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1740, CVE-2006-1741, CVE-2006-1742, CVE-2006-1790.
CERT's vulnerabilities, advisories and incident notes: VU#179014, VU#252324, VU#329500, VU#350262, VU#488774, VU#492382, VU#592425, VU#736934, VU#813230, VU#842094, VU#932734, VU#935556.
More information:

Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

  • CVE-2005-2353

    The "run-mozilla.sh" script allows local users to create or overwrite arbitrary files when debugging is enabled via a symlink attack on temporary files.

  • CVE-2005-4134

    Web pages with extremely long titles cause subsequent launches of the browser to appear to "hang" for up to a few minutes, or even crash if the computer has insufficient memory. [MFSA-2006-03]

  • CVE-2006-0292

    The JavaScript interpreter does not properly dereference objects, which allows remote attackers to cause a denial of service or execute arbitrary code. [MFSA-2006-01]

  • CVE-2006-0293

    The function allocation code allows attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-01]

  • CVE-2006-0296

    XULDocument.persist() did not validate the attribute name, allowing an attacker to inject arbitrary XML and JavaScript code into localstore.rdf that would be read and acted upon during startup. [MFSA-2006-05]

  • CVE-2006-0748

    An anonymous researcher for TippingPoint and the Zero Day Initiative reported that an invalid and nonsensical ordering of table-related tags can be exploited to execute arbitrary code. [MFSA-2006-27]

  • CVE-2006-0749

    A particular sequence of HTML tags can cause memory corruption that can be exploited to execute arbitrary code. [MFSA-2006-18]

  • CVE-2006-0884

    Georgi Guninski reports that forwarding mail in-line while using the default HTML "rich mail" editor will execute JavaScript embedded in the e-mail message with full privileges of the client. [MFSA-2006-21]

  • CVE-2006-1045

    The HTML rendering engine does not properly block external images from inline HTML attachments when "Block loading of remote images in mail messages" is enabled, which could allow remote attackers to obtain sensitive information. [MFSA-2006-26]

  • CVE-2006-1529

    A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]

  • CVE-2006-1530

    A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]

  • CVE-2006-1531

    A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]

  • CVE-2006-1723

    A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]

  • CVE-2006-1724

    A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-20]

  • CVE-2006-1725

    Due to an interaction between XUL content windows and the history mechanism, some windows may to become translucent, which might allow remote attackers to execute arbitrary code. [MFSA-2006-29]

  • CVE-2006-1726

    "shutdown" discovered that the security check of the function js_ValueToFunctionObject() can be circumvented and exploited to allow the installation of malware. [MFSA-2006-28]

  • CVE-2006-1727

    Georgi Guninski reported two variants of using scripts in an XBL control to gain chrome privileges when the page is viewed under "Print Preview". [MFSA-2006-25]

  • CVE-2006-1728

    "shutdown" discovered that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user running the browser, which could enable an attacker to install malware. [MFSA-2006-24]

  • CVE-2006-1729

    Claus Jørgensen reported that a text input box can be pre-filled with a filename and then turned into a file-upload control, allowing a malicious website to steal any local file whose name they can guess. [MFSA-2006-23]

  • CVE-2006-1730

    An anonymous researcher for TippingPoint and the Zero Day Initiative discovered an integer overflow triggered by the CSS letter-spacing property, which could be exploited to execute arbitrary code. [MFSA-2006-22]

  • CVE-2006-1731

    "moz_bug_r_a4" discovered that some internal functions return prototypes instead of objects, which allows remote attackers to conduct cross-site scripting attacks. [MFSA-2006-19]

  • CVE-2006-1732

    "shutdown" discovered that it is possible to bypass same-origin protections, allowing a malicious site to inject script into content from another site, which could allow the malicious page to steal information such as cookies or passwords from the other site, or perform transactions on the user's behalf if the user were already logged in. [MFSA-2006-17]

  • CVE-2006-1733

    "moz_bug_r_a4" discovered that the compilation scope of privileged built-in XBL bindings is not fully protected from web content and can still be executed which could be used to execute arbitrary JavaScript, which could allow an attacker to install malware such as viruses and password sniffers. [MFSA-2006-16]

  • CVE-2006-1734

    "shutdown" discovered that it is possible to access an internal function object which could then be used to run arbitrary JavaScript code with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-15]

  • CVE-2006-1735

    It is possible to create JavaScript functions that would get compiled with the wrong privileges, allowing an attacker to run code of their choice with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-14]

  • CVE-2006-1736

    It is possible to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable. [MFSA-2006-13]

  • CVE-2006-1737

    An integer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary bytecode via JavaScript with a large regular expression. [MFSA-2006-11]

  • CVE-2006-1738

    An unspecified vulnerability allows remote attackers to cause a denial of service. [MFSA-2006-11]

  • CVE-2006-1739

    Certain Cascading Style Sheets (CSS) can cause an out-of-bounds array write and buffer overflow that could lead to a denial of service and the possible execution of arbitrary code. [MFSA-2006-11]

  • CVE-2006-1740

    It is possible for remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. [MFSA-2006-12]

  • CVE-2006-1741

    "shutdown" discovered that it is possible to inject arbitrary JavaScript code into a page on another site using a modal alert to suspend an event handler while a new page is being loaded. This could be used to steal confidential information. [MFSA-2006-09]

  • CVE-2006-1742

    Igor Bukanov discovered that the JavaScript engine does not properly handle temporary variables, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. [MFSA-2006-10]

  • CVE-2006-1790

    A regression fix that could lead to memory corruption allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-11]

For the stable distribution (sarge) these problems have been fixed in version 1.7.8-1sarge5.

For the unstable distribution (sid) these problems will be fixed in version 1.7.13-1.

We recommend that you upgrade your Mozilla packages.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Source:
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5.dsc
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5.diff.gz
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_sparc.deb

MD5 checksums of the listed files are available in the original advisory.