Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-1282 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-0981 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0778 CVE-2007-0045 CVE-2006-6077
Several remote vulnerabilities have been discovered in Mozilla Firefox.
This will be the last security update of Mozilla-based products for the oldstable (sarge) distribution of Debian. We recommend to upgrade to stable (etch) as soon as possible.
The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CVE-2007-1282
It was discovered that an integer overflow in text/enhanced message
parsing allows the execution of arbitrary code.
CVE-2007-0994
It was discovered that a regression in the Javascript engine allows
the execution of Javascript with elevated privileges.
CVE-2007-0995
It was discovered that incorrect parsing of invalid HTML characters
allows the bypass of content filters.
CVE-2007-0996
It was discovered that insecure child frame handling allows cross-site
scripting.
CVE-2007-0981
It was discovered that Firefox handles URI withs a null byte in the
hostname insecurely.
CVE-2007-0008
It was discovered that a buffer overflow in the NSS code allows the
execution of arbitrary code.
CVE-2007-0009
It was discovered that a buffer overflow in the NSS code allows the
execution of arbitrary code.
CVE-2007-0775
It was discovered that multiple programming errors in the layout engine
allow the execution of arbitrary code.
CVE-2007-0778
It was discovered that the page cache calculates hashes in an insecure
manner.
CVE-2006-6077
It was discovered that the password manager allows the disclosure of
passwords.
1.0.4-2sarge17