Package: firefox Version: 1.5.dfsg+1.5.0.1-4 Severity: grave Tags: security Justification: user security hole
It's that time of the year (month?) again: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.2 MFSA 2006-29 Spoofing with translucent windows MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented MFSA 2006-25 Privilege escalation through Print Preview MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest MFSA 2006-23 File stealing by changing input type MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2) Some of those look pretty serious, esp. 2006-23 which I would consider critical. I didn't examine properly the others, that one was enough to trigger this report IMO. This also affects sarge, i think, since 1.0.8 is also affected. Thank you for your work, A. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-686 Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8) Versions of packages firefox depends on: ii debianutils 2.15.3 Miscellaneous utilities specific t ii fontconfig 2.3.2-1.1 generic font configuration library ii libatk1.0-0 1.11.3-1 The ATK accessibility toolkit ii libc6 2.3.6-3 GNU C Library: Shared libraries an ii libcairo2 1.0.2-3 The Cairo 2D vector graphics libra ii libfontconfig1 2.3.2-1.1 generic font configuration library ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib ii libgcc1 1:4.1.0-1 GCC support library ii libglib2.0-0 2.10.1-2 The GLib library of C routines ii libgtk2.0-0 2.8.16-1 The GTK+ graphical user interface ii libidl0 0.8.6-1 library for parsing CORBA IDL file ii libjpeg62 6b-12 The Independent JPEG Group's JPEG ii libpango1.0-0 1.12.0-2 Layout and rendering of internatio ii libpng12-0 1.2.8rel-5 PNG library - runtime ii libstdc++6 4.1.0-1 The GNU Standard C++ Library v3 ii libx11-6 6.9.0.dfsg.1-6 X Window System protocol client li ii libxcursor1 1.1.3-1 X cursor management library ii libxext6 6.9.0.dfsg.1-6 X Window System miscellaneous exte ii libxft2 2.1.8.2-5.1 FreeType-based font drawing librar ii libxi6 6.9.0.dfsg.1-6 X Window System Input extension li ii libxinerama1 6.9.0.dfsg.1-6 X Window System multi-head display ii libxp6 6.9.0.dfsg.1-6 X Window System printing extension ii libxrandr2 6.9.0.dfsg.1-6 X Window System Resize, Rotate and ii libxrender1 1:0.9.0.2-1 X Rendering Extension client libra ii libxt6 6.9.0.dfsg.1-6 X Toolkit Intrinsics ii psmisc 22.2-1 Utilities that use the proc filesy ii zlib1g 1:1.2.3-11 compression library - runtime firefox recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]