[Security Preview] mozilla 1.7.8-1sarge3 fixes various security bugs

Tuesday, September 27. 2005

Posted by asac (Alexander Sack) in Debian OS at 12:25 | Comments (0) | Trackbacks (0)

[Security Preview] mozilla 1.7.8-1sarge3 fixes various security bugs

Just uploaded mozilla 1.7.8-1sarge3 to my This package should address all currently disclosed issues. Please provide feedback if you encounter any regressions. Beside plain mozilla its important to test depending apps like galeon, kazehakase too.

Here the hunk from the changelog that gives you a brief overview of issues addressed with this upload:

CODE:

mozilla (2:1.7.8-1sarge3) stable-security; urgency=critical
   + MFSA-2005-56a.debian: Regressions introduced by mozilla 1.7.9.
     Summary: Regressions introduced by mozilla 1.7.9 bugfix. There was no
              advisory for it (debian/patches/001_mfsa_2005-56a.patch)
     Closes: 321427
     Bugzilla: 294307 301917 300749
     Issues addressed:
       + Regressions introduced by mozilla 1.7.9 bugfix.
   + MFSA-2005-57: IDN heap overrun
     Summary: Tom Ferris reported a Firefox crash when processing a domain
             name consisting solely of soft-hyphen characters.
             (debian/patches/001_mfsa-2005-57.patch)
     Closes: 327366
     CVE-Ids: CAN-2005-2871
     Bugzilla: 307259 308281
     Issues addressed:
       + CAN-2005-2871 - IDN heap overrun
   + MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
     Summary: Fixes for multiple vulnerabilities with an overall severity
             of ”critical” have been released in Mozilla Firefox 1.0.7 and
             the Mozilla Suite 1.7.12 (debian/patches/001_mfsa-2005-58.patch)
     Closes: 329778
     CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
             CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
     Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
              306804 291178 300853 301180 302100
     Issues addressed:
       + CAN-2005-2701 - Heap overrun in XBM image processing
       + CAN-2005-2702 - Crash on ”zero-width non-joiner” sequence
       + CAN-2005-2703 - XMLHttpRequest header spoofing
       + CAN-2005-2704 - Object spoofing using XBL <implements>
       + CAN-2005-2705 - JavaScript integer overflow
       + CAN-2005-2706 - Privilege escalation using about: scheme
       + CAN-2005-2707 - Chrome window spoofing
       + Regression fixes
   + MFSA-2005-59: Command-line handling on Linux allows shell execution
     Summary: URLs passed to Linux versions of Firefox on the command-line
             are not correctly protected against interpretation by the
             shell. As a result a malicious URL can result in the execution
             of shell commands with the privileges of the user. If Firefox
             is set as the default handler for web URLs then opening a URL
             in another program (for example, links in a mail or chat
             client) can result in shell command execution.
             (debian/patches/001_mfsa-2005-59.patch)
     Closes: -
     CVE-Ids: CAN-2005-2968
     Bugzilla: 307185
     Issues addressed:
       + CAN-2005-2968 - Command-line handling on Linux allows shell execution

Edit: You can get this package from my security preview archives. See http://www.asoftsite.org/apt-archives.html for the lines you need to apt-get this package.

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: BBCode format allowed Enclosing asterisks marks text as bold (word), underscore are made via _word_. Textile-formatting allowed Standard emoticons like :-) and ;-) are converted to images.
	Remember Information? Subscribe to this entry