Re: [SECURITY] [DSA 1055-1] New Mozilla Firefox packages fix arbitrary code execution

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1055-1] New Mozilla Firefox packages fix arbitrary code execution
From: Ernst Kloppenburg <ernst.kloppenburg@gmx.de>
Date: Thu, 11 May 2006 21:59:18 +0200
Message-id: <[🔎] 20060511195918.GB3771@rechner4.zuhause.de>
In-reply-to: <m1Fe364-000oypC@finlandia.Infodrom.North.DE>
References: <m1Fe364-000oypC@finlandia.Infodrom.North.DE>

On Thu, May 11, 2006 at 06:48:20 +0200, Martin Schulze wrote:
[...]
> 
> Package        : mozilla-firefox
> Vulnerability  : programming error
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2006-1993
> CERT advisory  : VU#866300
> BugTraq ID     : 17671
> 
> Martijn Wargers and Nick Mott described crashes of Mozilla due to the
> use of a deleted controller context.  In theory this could be abused to
> execute malicious code.  Since Mozilla and Firefox share the same
> codebase, Firefox may be vulnerable as well.
> 
> For the stable distribution (sarge) this problem has been fixed in
> version 1.7.8-1sarge7.
> 
> For the unstable distribution (sid) this problem has been fixed in
> version 1.5.dfsg+1.5.0.3-1.
> 

the version numbers given above seem to refer to the new mozilla packages
instead of the new mozilla firefox packages, you may want to correct that

Reply to:

Prev by Date: Re: [SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution
Next by Date: How to prevent daemons from ever being started?
Previous by thread: Re: [SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution
Next by thread: How to prevent daemons from ever being started?
Index(es):
- Date
- Thread