Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 838-1 (mozilla-firefox)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

5 years ago

Summary

The remote host is missing an update to mozilla-firefox announced via advisory DSA 838-1. Multiple security vulnerabilities have been identified in the mozilla-firefox web browser. These vulnerabilities could allow an attacker to execute code on the victim's machine via specially crafted network resources. CVE-2005-2701 Heap overrun in XBM image processing CVE-2005-2702 Denial of service (crash) and possible execution of arbitrary code via Unicode sequences with zero-width non-joiner characters. CVE-2005-2703 XMLHttpRequest header spoofing CVE-2005-2704 Object spoofing using XBL <implements> CVE-2005-2705 JavaScript integer overflow CVE-2005-2706 Privilege escalation using about: scheme CVE-2005-2707 Chrome window spoofing allowing windows to be created without UI components such as a URL bar or status bar that could be used to carry out phishing attacks

Solution

Solution

For the stable distribution (sarge), these problems have been fixed in version 1.0.4-2sarge5 For the unstable distribution (sid), these problems have been fixed in version 1.0.7-1 We recommend that you upgrade your mozilla-firefox package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20838-1