Debian Security Advisory DSA 838-1 (mozilla-firefox)

The remote host is missing an update to mozilla-firefox announced via advisory DSA 838-1. Multiple security vulnerabilities have been identified in the mozilla-firefox web browser. These vulnerabilities could allow an attacker to execute code on the victim's machine via specially crafted network resources. CVE-2005-2701 Heap overrun in XBM image processing CVE-2005-2702 Denial of service (crash) and possible execution of arbitrary code via Unicode sequences with zero-width non-joiner characters. CVE-2005-2703 XMLHttpRequest header spoofing CVE-2005-2704 Object spoofing using XBL <implements> CVE-2005-2705 JavaScript integer overflow CVE-2005-2706 Privilege escalation using about: scheme CVE-2005-2707 Chrome window spoofing allowing windows to be created without UI components such as a URL bar or status bar that could be used to carry out phishing attacks

For the stable distribution (sarge), these problems have been fixed in version 1.0.4-2sarge5 For the unstable distribution (sid), these problems have been fixed in version 1.0.7-1 We recommend that you upgrade your mozilla-firefox package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20838-1