Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-1265-1 mozilla -- several vulnerabilities

Related Vulnerabilities: CVE-2006-6497   CVE-2006-6498   CVE-2006-6499   CVE-2006-6501   CVE-2006-6502   CVE-2006-6503   CVE-2006-6505  

Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-6497 Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] CVE-2006-6498 Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] CVE-2006-6499 A bug in the js_dtoa function allows remote attackers to cause a denial of service. [MFSA 2006-68] CVE-2006-6501 shutdown discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. [MFSA 2006-70] CVE-2006-6502 Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. [MFSA 2006-71] CVE-2006-6503 moz_bug_r_a4 reported that the src attribute of an IMG element could be used to inject JavaScript code. [MFSA 2006-72] CVE-2006-6505 Georgi Guninski discovered several heap-based buffer overflows that allow remote attackers to execute arbitrary code. [MFSA 2006-74] For the stable distribution (sarge) these problems have been fixed in version 1.7.8-1sarge10. For the unstable distribution (sid) these problems have been fixed in version 1.0.7-1 of iceape. We recommend that you upgrade your Mozilla and Iceape packages.

Source

Debian Security Advisory

DSA-1265-1 mozilla -- several vulnerabilities

Date Reported:
10 Mar 2007
Affected Packages:
mozilla
Vulnerable:
Yes
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 21668.
In Mitre's CVE dictionary: CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6505.
CERT's vulnerabilities, advisories and incident notes: VU#263412, VU#405092, VU#427972, VU#428500, VU#447772, VU#606260, VU#887332.
More information:

Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

  • CVE-2006-6497

    Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68]

  • CVE-2006-6498

    Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68]

  • CVE-2006-6499

    A bug in the js_dtoa function allows remote attackers to cause a denial of service. [MFSA 2006-68]

  • CVE-2006-6501

    shutdown discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. [MFSA 2006-70]

  • CVE-2006-6502

    Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. [MFSA 2006-71]

  • CVE-2006-6503

    moz_bug_r_a4 reported that the src attribute of an IMG element could be used to inject JavaScript code. [MFSA 2006-72]

  • CVE-2006-6505

    Georgi Guninski discovered several heap-based buffer overflows that allow remote attackers to execute arbitrary code. [MFSA 2006-74]

For the stable distribution (sarge) these problems have been fixed in version 1.7.8-1sarge10.

For the unstable distribution (sid) these problems have been fixed in version 1.0.7-1 of iceape.

We recommend that you upgrade your Mozilla and Iceape packages.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Source:
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10.dsc
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10.diff.gz
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_alpha.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_amd64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_arm.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_arm.deb
HPPA:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_hppa.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_i386.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_ia64.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_ia64.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_m68k.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_mips.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_s390.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_sparc.deb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started