[secure-testing-announce] [DTSA-7-1] New mozilla packages fix frame injection spoofing

Subject: [secure-testing-announce] [DTSA-7-1] New mozilla packages fix frame injection spoofing
From: joey at kitenet.net (Joey Hess)
Date: Sun Aug 28 21:13:35 2005
Message-id: <[🔎] 20050828202410.E01EC6E0BF@dragon.kitenet.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-7-1     http://secure-testing.debian.net
secure-testing-team@lists.alioth.debian.org                          Joey Hess
August 28th, 2005
- ------------------------------------------------------------------------------

Package        : mozilla
Vulnerability  : frame injection spoofing
Problem-Scope  : remote
Debian-specific: No
CVE ID         : CAN-2004-0718 CAN-2005-1937 

A vulnerability has been discovered in Mozilla that allows remote attackers
to inject arbitrary Javascript from one page into the frameset of another
site. Thunderbird is not affected by this and Galeon will be automatically
fixed as it uses Mozilla components. Mozilla Firefox is vulnerable and will
be covered by a separate advisory.

For the testing distribution (etch) this is fixed in version
2:1.7.8-1sarge1

For the unstable distribution (sid) this is fixed in version
2:1.7.10-1

This upgrade is recommended if you use mozilla.

Note that this is the same security fix put into stable in DSA-777.

Upgrade Instructions
- --------------------

To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:

deb http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free
deb-src http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free

The archive signing key can be downloaded from
http://secure-testing.debian.net/ziyi-2005-7.asc

To install the update, run this command as root:

apt-get update && apt-get upgrade

For further information about the Debian testing security team, please refer
to http://secure-testing.debian.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDEh1p2tp5zXiKP0wRAj0vAJ4ypd9Uk+QoIGWcE96uvTEDzMrlzACgiK1b
MagU4/YlT5189qI3/Bt4ZQQ=
=D+Er
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [secure-testing-announce] [DTSA-5-1] New gaim packages fix multiple remote vulnerabilities
Next by Date: [secure-testing-announce] [DTSA-8-1] New mozilla-firefox packages fix several vulnerabilities
Previous by thread: [secure-testing-announce] [DTSA-5-1] New gaim packages fix multiple remote vulnerabilities
Next by thread: [secure-testing-announce] [DTSA-8-1] New mozilla-firefox packages fix several vulnerabilities
Index(es):
- Date
- Thread