Re: [SECURITY] [DSA 1055-1] New Mozilla Firefox packages fix arbitrary code execution
On Thu, May 11, 2006 at 06:48:20 +0200, Martin Schulze wrote:
[...]
>
> Package : mozilla-firefox
> Vulnerability : programming error
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2006-1993
> CERT advisory : VU#866300
> BugTraq ID : 17671
>
> Martijn Wargers and Nick Mott described crashes of Mozilla due to the
> use of a deleted controller context. In theory this could be abused to
> execute malicious code. Since Mozilla and Firefox share the same
> codebase, Firefox may be vulnerable as well.
>
> For the stable distribution (sarge) this problem has been fixed in
> version 1.7.8-1sarge7.
>
> For the unstable distribution (sid) this problem has been fixed in
> version 1.5.dfsg+1.5.0.3-1.
>
the version numbers given above seem to refer to the new mozilla packages
instead of the new mozilla firefox packages, you may want to correct that
Reply to: