Debian Security Advisory

DSA-1192-1 mozilla -- several vulnerabilities

Date Reported:
06 Oct 2006
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 20042.
In Mitre's CVE dictionary: CVE-2006-2788, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4570, CVE-2006-4571.
More information:

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

  • CVE-2006-2788

    Fernando Ribeiro discovered that a vulnerability in the getRawDER function allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code.

  • CVE-2006-4340

    Daniel Bleichenbacher recently described an implementation error in RSA signature verification that cause the application to incorrectly trust SSL certificates.

  • CVE-2006-4565, CVE-2006-4566

    Priit Laes reported that a JavaScript regular expression can trigger a heap-based buffer overflow which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2006-4568

    A vulnerability has been discovered that allows remote attackers to bypass the security model and inject content into the sub-frame of another site.

  • CVE-2006-4570

    Georgi Guninski demonstrated that even with JavaScript disabled in mail (the default) an attacker can still execute JavaScript when a mail message is viewed, replied to, or forwarded.

  • CVE-2006-4571

    Multiple unspecified vulnerabilities in Firefox, Thunderbird and SeaMonkey allow remote attackers to cause a denial of service, corrupt memory, and possibly execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 1.7.8-1sarge7.3.1.

We recommend that you upgrade your Mozilla packages.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.