Package: mozilla-firefox Version: 1.0.3-2 Severity: grave Tags: security I'm sure you already know of these, but for the record, firefox is vulnerale to a pair of new security holes:
CAN-2005-1477 The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CAN-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. CAN-2005-1476 Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CAN-2005-1477. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.4.27 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages mozilla-firefox depends on: ii debianutils 2.13.2 Miscellaneous utilities specific t ii fontconfig 2.3.2-1 generic font configuration library ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an ii libfontconfig1 2.3.2-1 generic font configuration library ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib ii libgcc1 1:3.4.3-13 GCC support library ii libglib2.0-0 2.6.4-1 The GLib library of C routines ii libgtk2.0-0 2.6.4-1 The GTK+ graphical user interface ii libidl0 0.8.5-1 library for parsing CORBA IDL file ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii libkrb53 1.3.6-3 MIT Kerberos runtime libraries ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libstdc++5 1:3.3.6-3.0.1 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte ii libxft2 2.1.7-1 FreeType-based font drawing librar ii libxp6 4.3.0.dfsg.1-12.0.1 X Window System printing extension ii libxt6 4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics ii psmisc 21.6-1 Utilities that use the proc filesy ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4 compression library - runtime -- no debconf information -- see shy jo
signature.asc
Description: Digital signature