Debians sikkerhedsbulletin
DSA-1265-1 mozilla -- flere sårbarheder
- Rapporteret den:
- 10. mar 2007
- Berørte pakker:
- mozilla
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 21668.
I Mitres CVE-ordbog: CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6505.
CERTs noter om sårbarheder, bulletiner og hændelser: VU#263412, VU#405092, VU#427972, VU#428500, VU#447772, VU#606260, VU#887332. - Yderligere oplysninger:
-
Flere sikkerhedsrelaterede problemer er opdaget i Mozilla og afledte produkter. Projektet Common Vulnerabilities and Exposures har fundet frem til følgende sårbarheder:
- CVE-2006-6497
Flere sårbarheder i layoutmaskinen tillod fjernangribere at forårsage et lammelsesangreb (denial of service) og muligvis tillod sårbarhederne dem at udføre vilkårlig kode. [MFSA 2006-68]
- CVE-2006-6498
Flere sårbarheder i JavaScript-maskinen tillod fjernangribere at forårsage lammelsesangreb og muligvis tillod en sårbarhederne dem at udføre vilkårlig kode. [MFSA 2006-68]
- CVE-2006-6499
En fejl i funktionen js_dtoa gjorde det muligt for fjernangribere at forårsage et lammelsesangreb. [MFSA 2006-68]
- CVE-2006-6501
shutdown
opdagede en sårbarhed, der gjorde det muligt for fjernangribere at opnå rettigheder og installere ondsindet kode gennem en watch-JavaScript-funktion. [MFSA 2006-70] - CVE-2006-6502
Steven Michaud opdagede en programmeringsfejl, der gjorde det muligt for fjernangribere at forårsage et lammelsesangreb. [MFSA 2006-71]
- CVE-2006-6503
moz_bug_r_a4
rapporterede at src-attributten til et IMG-element kunne anvendes til at indsprøjte JavaScript-kode. [MFSA 2006-72] - CVE-2006-6505
Georgi Guninski opdagede flere head-baserede bufferoverløb, der gjorde det muligt for fjernangribere at udføre vilkårlig kode. [MFSA 2006-74]
I den stabile distribution (sarge) er disse problemer rettet i version 1.7.8-1sarge10.
I den ustabile distribution (sid) er disse problemer rettet i version 1.0.7-1 of iceape.
Vi anbefaler at du opgraderer dine Mozilla- og Iceape-pakker.
- CVE-2006-6497
- Rettet i:
-
Debian GNU/Linux 3.1 (sarge)
- Kildekode:
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10.dsc
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10.diff.gz
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_alpha.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_amd64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_arm.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_arm.deb
- HPPA:
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_hppa.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_i386.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_ia64.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_ia64.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_m68k.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_mips.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_s390.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_sparc.deb
- http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.