Debian Security Advisory DSA 1161-1 (mozilla-firefox)

The remote host is missing an update to mozilla-firefox announced via advisory DSA 1161-1. Several security related problems have been discovered in Mozilla and derived products like Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-3805 The Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50] CVE-2006-3806 Multiple integer overflows in the Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50] CVE-2006-3807 Specially crafted Javascript allows remote attackers to execute arbitrary code. [MFSA-2006-51] CVE-2006-3808 Remote AutoConfig (PAC) servers could execute code with elevated privileges via a specially crafted PAC script. [MFSA-2006-52] CVE-2006-3809 Scripts with the UniversalBrowserRead privilege could gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data. [MFSA-2006-53] CVE-2006-3811 Multiple vulnerabilities allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. [MFSA-2006-55]

For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge10. For the unstable distribution (sid) these problems have been fixed in version 1.5.dfsg+1.5.0.5-1. We recommend that you upgrade your mozilla-firefox package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201161-1