CVE-2006-2779
CVSS9.3
发布时间 :2006-06-02 15:02:00
修订时间 :2011-03-07 00:00:00
NMCOP    

[原文]Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.


[CNNVD]Mozilla Firefox/Thunderbird 多个拒绝服务攻击漏洞(CNNVD-200606-067)

        Mozilla Firefox 和 Thunderbird ,攻击者可以利用
        (1)嵌套<选项中选择标记标签,
        (2)DOMNodeRemoved突变事件,
        (3)"内容执行的树的意见"
        (4)BoxObjects,
        (5)XBL中的执行情况,
        (6)一个试图删除自身从而导致内存崩溃的iframe,
        造成拒绝服务攻击和可能执行任意代码。

- CVSS (基础分值)

CVSS分值: 9.3 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-94 [对生成代码的控制不恰当(代码注入)]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:thunderbird:1.0.8Mozilla Thunderbird 1.0.8
cpe:/a:mozilla:firefox:0.9Mozilla Firefox 0.9
cpe:/a:mozilla:firefox:1.5:beta1Mozilla Firefox 1.5 Beta 1
cpe:/a:mozilla:thunderbird:1.0.7Mozilla Thunderbird 1.0.7
cpe:/a:mozilla:firefox:0.9.2Mozilla Firefox 0.9.2
cpe:/a:mozilla:thunderbird:1.5.2Mozilla Thunderbird 1.5.2
cpe:/a:mozilla:firefox:0.10Mozilla Firefox 0.10
cpe:/a:mozilla:firefox:1.0.4Mozilla Firefox 1.0.4
cpe:/a:mozilla:firefox:1.0.5Mozilla Firefox 1.0.5
cpe:/a:mozilla:thunderbird:1.5:beta2Mozilla Thunderbird 1.5 Beta 2
cpe:/a:mozilla:thunderbird:0.9Mozilla Thunderbird 0.9
cpe:/a:mozilla:firefox:0.8Mozilla Firefox 0.8
cpe:/a:mozilla:firefox:1.0.6Mozilla Firefox 1.0.6
cpe:/a:mozilla:firefox:1.0.7Mozilla Firefox 1.0.7
cpe:/a:mozilla:firefox:preview_release
cpe:/a:mozilla:firefox:1.5.2Mozilla Firefox 1.5.2
cpe:/a:mozilla:thunderbird:1.0Mozilla Thunderbird 1.0
cpe:/a:mozilla:firefox:1.0.8Mozilla Firefox 1.0.8
cpe:/a:mozilla:firefox:1.0.3Mozilla Firefox 1.0.3
cpe:/a:mozilla:firefox:0.10.1Mozilla Firefox 0.10.1
cpe:/a:mozilla:firefox:1.5.1Mozilla Firefox 1.5.1
cpe:/a:mozilla:thunderbird:1.5Mozilla Thunderbird 1.5
cpe:/a:mozilla:thunderbird:0.7.2Mozilla Thunderbird 0.7.2
cpe:/a:mozilla:thunderbird:0.7Mozilla Thunderbird 0.7
cpe:/a:mozilla:firefox:1.0.1Mozilla Firefox 1.0.1
cpe:/a:mozilla:thunderbird:1.5.1Mozilla Thunderbird 1.5.1
cpe:/a:mozilla:firefox:1.0.2Mozilla Firefox 1.0.2
cpe:/a:mozilla:thunderbird:0.7.1Mozilla Thunderbird 0.7.1
cpe:/a:mozilla:firefox:1.5.3Mozilla Firefox 1.5.3
cpe:/a:mozilla:thunderbird:0.8Mozilla Thunderbird 0.8
cpe:/a:mozilla:firefox:1.5Mozilla Firefox 1.5
cpe:/a:mozilla:thunderbird:1.0.5Mozilla Thunderbird 1.0.5
cpe:/a:mozilla:thunderbird:1.0.1Mozilla Thunderbird 1.0.1
cpe:/a:mozilla:thunderbird:0.6Mozilla Thunderbird 0.6
cpe:/a:mozilla:firefox:0.9.1Mozilla Firefox 0.9.1
cpe:/a:mozilla:thunderbird:0.7.3Mozilla Thunderbird 0.7.3
cpe:/a:mozilla:firefox:1.0Mozilla Firefox 1.0
cpe:/a:mozilla:firefox:0.9.3Mozilla Firefox 0.9.3
cpe:/a:mozilla:firefox:1.5.0.2Mozilla Firefox 1.5.0.2
cpe:/a:mozilla:firefox:1.5:beta2Mozilla Firefox 1.5 Beta 2
cpe:/a:mozilla:thunderbird:1.0.6Mozilla Thunderbird 1.0.6
cpe:/a:mozilla:thunderbird:1.0.2Mozilla Thunderbird 1.0.2
cpe:/a:mozilla:firefox:0.9:rcMozilla Firefox 0.9 rc

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9762Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary co...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2779
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-067
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA06-153A.html
(PATCH)  CERT  TA06-153A
http://www.kb.cert.org/vuls/id/466673
(UNKNOWN)  CERT-VN  VU#466673
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200606-12
http://securitytracker.com/id?1016214
(PATCH)  SECTRACK  1016214
http://securitytracker.com/id?1016202
(PATCH)  SECTRACK  1016202
http://secunia.com/advisories/20561
(VENDOR_ADVISORY)  SECUNIA  20561
http://secunia.com/advisories/20382
(VENDOR_ADVISORY)  SECUNIA  20382
http://secunia.com/advisories/20376
(VENDOR_ADVISORY)  SECUNIA  20376
http://xforce.iss.net/xforce/xfdb/26843
(UNKNOWN)  XF  mozilla-browserengine-memory-corruption(26843)
http://www.vupen.com/english/advisories/2008/0083
(UNKNOWN)  VUPEN  ADV-2008-0083
http://www.vupen.com/english/advisories/2007/3488
(UNKNOWN)  VUPEN  ADV-2007-3488
http://www.vupen.com/english/advisories/2006/3749
(UNKNOWN)  VUPEN  ADV-2006-3749
http://www.vupen.com/english/advisories/2006/3748
(UNKNOWN)  VUPEN  ADV-2006-3748
http://www.vupen.com/english/advisories/2006/2106
(UNKNOWN)  VUPEN  ADV-2006-2106
http://www.ubuntulinux.org/support/documentation/usn/usn-323-1
(UNKNOWN)  UBUNTU  USN-323-1
http://www.ubuntulinux.org/support/documentation/usn/usn-297-3
(UNKNOWN)  UBUNTU  USN-297-3
http://www.ubuntulinux.org/support/documentation/usn/usn-297-1
(UNKNOWN)  UBUNTU  USN-297-1
http://www.ubuntulinux.org/support/documentation/usn/usn-296-2
(UNKNOWN)  UBUNTU  USN-296-2
http://www.ubuntulinux.org/support/documentation/usn/usn-296-1
(UNKNOWN)  UBUNTU  USN-296-1
http://www.securityfocus.com/bid/18228
(UNKNOWN)  BID  18228
http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
(UNKNOWN)  HP  SSRT061181
http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
(UNKNOWN)  HP  HPSBUX02153
http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
(UNKNOWN)  HP  HPSBUX02156
http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
(UNKNOWN)  HP  HPSBUX02156
http://www.securityfocus.com/archive/1/archive/1/435795/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060602 rPSA-2006-0091-1 firefox thunderbird
http://www.redhat.com/support/errata/RHSA-2006-0611.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0611
http://www.redhat.com/support/errata/RHSA-2006-0610.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0610
http://www.redhat.com/support/errata/RHSA-2006-0594.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0594
http://www.redhat.com/support/errata/RHSA-2006-0578.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0578
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
(UNKNOWN)  SUSE  SUSE-SA:2006:035
http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
(UNKNOWN)  CONFIRM  http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
(UNKNOWN)  MANDRIVA  MDKSA-2006:146
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
(UNKNOWN)  MANDRIVA  MDKSA-2006:145
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
(UNKNOWN)  MANDRIVA  MDKSA-2006:143
http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml
(UNKNOWN)  GENTOO  GLSA-200606-21
http://www.debian.org/security/2006/dsa-1160
(UNKNOWN)  DEBIAN  DSA-1160
http://www.debian.org/security/2006/dsa-1159
(UNKNOWN)  DEBIAN  DSA-1159
http://www.debian.org/security/2006/dsa-1134
(UNKNOWN)  DEBIAN  DSA-1134
http://www.debian.org/security/2006/dsa-1120
(UNKNOWN)  DEBIAN  DSA-1120
http://www.debian.org/security/2006/dsa-1118
(UNKNOWN)  DEBIAN  DSA-1118
http://secunia.com/advisories/21654
(VENDOR_ADVISORY)  SECUNIA  21654
http://secunia.com/advisories/21634
(VENDOR_ADVISORY)  SECUNIA  21634
http://secunia.com/advisories/21631
(VENDOR_ADVISORY)  SECUNIA  21631
http://secunia.com/advisories/21607
(VENDOR_ADVISORY)  SECUNIA  21607
http://secunia.com/advisories/21532
(VENDOR_ADVISORY)  SECUNIA  21532
http://secunia.com/advisories/21336
(VENDOR_ADVISORY)  SECUNIA  21336
http://secunia.com/advisories/21324
(VENDOR_ADVISORY)  SECUNIA  21324
http://secunia.com/advisories/21270
(VENDOR_ADVISORY)  SECUNIA  21270
http://secunia.com/advisories/21269
(VENDOR_ADVISORY)  SECUNIA  21269
http://secunia.com/advisories/21210
(VENDOR_ADVISORY)  SECUNIA  21210
http://secunia.com/advisories/21188
(VENDOR_ADVISORY)  SECUNIA  21188
http://secunia.com/advisories/21183
(VENDOR_ADVISORY)  SECUNIA  21183
http://secunia.com/advisories/21178
(VENDOR_ADVISORY)  SECUNIA  21178
http://secunia.com/advisories/21176
(VENDOR_ADVISORY)  SECUNIA  21176
http://secunia.com/advisories/21134
(VENDOR_ADVISORY)  SECUNIA  21134
http://secunia.com/advisories/20709
(UNKNOWN)  SECUNIA  20709
http://rhn.redhat.com/errata/RHSA-2006-0609.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0609
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1
(UNKNOWN)  SUNALERT  200387
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1
(UNKNOWN)  SUNALERT  102943
http://secunia.com/advisories/27216
(UNKNOWN)  SECUNIA  27216
http://secunia.com/advisories/22066
(UNKNOWN)  SECUNIA  22066
http://secunia.com/advisories/22065
(UNKNOWN)  SECUNIA  22065

- 漏洞信息

Mozilla Firefox/Thunderbird 多个拒绝服务攻击漏洞
高危 代码注入
2006-06-02 00:00:00 2009-07-31 00:00:00
远程  
        Mozilla Firefox 和 Thunderbird ,攻击者可以利用
        (1)嵌套<选项中选择标记标签,
        (2)DOMNodeRemoved突变事件,
        (3)"内容执行的树的意见"
        (4)BoxObjects,
        (5)XBL中的执行情况,
        (6)一个试图删除自身从而导致内存崩溃的iframe,
        造成拒绝服务攻击和可能执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://security.gentoo.org/glsa/glsa-200606-12.xml

- 漏洞信息 (F50104)

Debian Linux Security Advisory 1160-2 (PacketStormID:F50104)
2006-09-16 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-2779,CVE-2006-3805,CVE-2006-3806,CVE-2006-3807,CVE-2006-3808,CVE-2006-3809,CVE-2006-3810
[点击下载]

Debian Security Advisory 1160-2 - The latest security updates of Mozilla introduced a regression that led to a disfunctional attachment panel which warrants a correction to fix this issue.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1160-2                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 15th, 2006                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807
                 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
BugTraq IDs    : 18228 19181

The latest security updates of Mozilla introduced a regression that
led to a disfunctional attachment panel which warrants a correction to
fix this issue.  For reference please find below the original advisory
text:

  Several security related problems have been discovered in Mozilla and
  derived products.  The Common Vulnerabilities and Exposures project
  identifies the following vulnerabilities:

  CVE-2006-2779

      Mozilla team members discovered several crashes during testing of
      the browser engine showing evidence of memory corruption which may
      also lead to the execution of arbitrary code.  The last bit of
      this problem will be corrected with the next update.  You can
      prevent any trouble by disabling Javascript.  [MFSA-2006-32]

  CVE-2006-3805

      The Javascript engine might allow remote attackers to execute
      arbitrary code.  [MFSA-2006-50]

  CVE-2006-3806

      Multiple integer overflows in the Javascript engine might allow
      remote attackers to execute arbitrary code.  [MFSA-2006-50]

  CVE-2006-3807

      Specially crafted Javascript allows remote attackers to execute
      arbitrary code.  [MFSA-2006-51]

  CVE-2006-3808

      Remote AutoConfig (PAC) servers could execute code with elevated
      privileges via a specially crafted PAC script.  [MFSA-2006-52]

  CVE-2006-3809

      Scripts with the UniversalBrowserRead privilege could gain
      UniversalXPConnect privileges and possibly execute code or obtain
      sensitive data.  [MFSA-2006-53]

  CVE-2006-3810

      A cross-site scripting vulnerability allows remote attackers to
      inject arbitrary web script or HTML.  [MFSA-2006-54]

For the stable distribution (sarge) these problems have been fixed in
version 1.7.8-1sarge7.2.2.

For the unstable distribution (sid) these problems won't be fixed
since its end of lifetime has been reached and the package will soon
be removed.

We recommend that you upgrade your mozilla package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2.dsc
      Size/MD5 checksum:     1131 bb39933b4dcb63f6f986f0da3ab9461e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2.diff.gz
      Size/MD5 checksum:   532293 5a86930497b980b25e7f8e5cd6305ad0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   168074 553ba25202552c16c02cfdcf94bbc1c4
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   147582 e953bc1da64aaab9b50ef2bd357279b8
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   184944 18bfed4502c3e8a50cac55bd69cf6f20
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   857148 c9f560d4ad706a1e50dbd2db21978427
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:     1042 9de55ee42dcc1c484a801623ac29c80d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum: 11484766 4b31f8553a2ee93057858b35cdc522d9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   403274 da75d1e0207b660ae42d7d1eb0b99617
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   158338 264975902923a3c4b04f3fb2758cf61e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:  3358874 5728dcb6abe8f43915d0b62cdae5fb78
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   122312 c96ac910fe008c2582d5b33a4abdfdb0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   204152 e262ee393ee0114d19c646520b95a0e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:  1937184 b87b131e3f4da4757b725ebb77a624aa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   212582 e1bb8eb0ea7013d825f1c6368931b9d1

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   168072 0d98ed91660e7fc8d1f4a31ead03b9bf
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   146678 7a8e7068a414213850e54253ebb0d977
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   184950 f428f4a3ef968df80df014a98d747ce5
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   715510 91bd0fcde1c53b6056ea33860c464d90
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:     1042 47e650f92cdafea5dc08d93e37bc7d7e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum: 10948878 e537efe2b7e984f51dc1e187d3f34ac7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   403278 831026525cebf77e1195b9a571127911
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   158334 a1ff9fbaf23292c6d593fe5bed360ecb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:  3352852 d9704f4582d97890a546801df3716782
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   121206 e4687f0678206bc7546786c517771feb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   204158 89914bc3978d7502003529976e381ba8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:  1936056 4bbeba555dbc0b68c8c2ccd45e42d948
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   204432 d9975a7eafd40678112faad81185018f

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   168068 fce9bf7f31bfdfbfe100965648b5fbe1
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   125028 a4bbf5fcb376c008a20a113823b4f528
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   184964 0d46a1f48a783fc781029e9d2b810c9c
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   632708 0d9a60c457fcb65d0100f8e26b79d2ca
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:     1038 da7c79e8962cf7d1c834ebf429d380e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:  9219442 dd73deb6db71af0cdfdf86885d53465d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   403316 c39b47abf0d634e40e42fcbee2ffa1db
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   158380 abe3b5a07b4ff166d7ef3f2c018d8fcf
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:  3342318 b60668be41da0a39844b18d02aa63741
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   112658 231332c5934adafb236d8fde7be70cfb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   204176 d71b44edfe88785428619a51908b5d3b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:  1604478 075ca3db4526f490a3b6a57d52ce4dc7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   169016 0a74bc4e92be3879da2da8d126868299

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   168068 79ff86fa3907e2a53a5dadd5d315b56a
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   157604 12b6abdb4a0d7706c67e6418b4e73f9b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   184962 9364b64efcd74f2a34dabc783c0ce986
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   755438 de9b01a201480a90831d1fbc1fac5c6c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:     1042 2d88d33a47e5a9372d503705b3ace0c9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum: 12167958 1195ed2e4e13a95a04283d04267a48ce
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   403276 53a622d0957c63ef52029b7ea514c4d8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   158348 9dfaf9108f6b53ef2590ed9926922499
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:  3359196 2d74deb88c6808c27b5f820ba723bb6b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   123516 3e4d3c99cb18c8dc619784d9710cb2f6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   204158 742a5f3e3607163909b019fc8199c5b3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:  2135242 ef8c1529ad34a6597fd7881ec97036f5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   216392 b91e9dc35b71766e3c2d866f3597b170

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   170352 40703cb53ee5b7294dc107887569c08b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   137502 f85890195ea91c20d4b8c4992133c9c5
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   187146 35b47880629e7947d510ac659b1dd3d0
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   662276 52c7a3db98c5a97f260bc32d275b2919
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:     1038 96c3fdcc00a3815780d1c852f97a3306
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum: 10346404 0375cc857561973bce9465d44e5c5cd9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   403518 bd1d71b85dc5804a8aa10d2f7b72a932
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   158372 7629bf899b61e3f6e0ce0443eb8afbdb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:  3594582 4e1d44adf416fef07f8f8e3ac8251ea8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   116674 8dc261639f60ae8c63c9fc4dfc172888
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   204172 23721786d112c62e2ab6d79cfe982cd6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:  1816144 8b73736956fd00eab47d3da1b69d52dc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   192752 2750113b2c0b9a9a17294c82ccb1abb8

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   168068 8a8b01bc327c81ac9a35eec2606f0afc
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   175020 7f421d9a83a3645a3e6defcea674eee7
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   184960 9f48269063f614ad7f2452ea5d684582
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   967452 51e6465184e6368d9cd3a5d2dfbb328a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:     1034 c1407f176821f65d05121b9b9fa2be17
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum: 12961330 9afc30c671d79c2820b38d44550a9334
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   403274 97e3733b9ed636dde9f64607a8fd5b31
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   158334 18eb5b155cba3e74c07bd08d60e26b18
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:  3378646 028b0d4dde4a766b856855e96432d0c1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   125610 2b2b7e71175af23fdb4acb766ecb216d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   204146 a85654f4a1e5d6445af59983689ac5b9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:  2302356 f68c5a97ca84e5a8789c7ea8616feda3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   242824 57b969592c8d46f13e42fc45bd2b620f

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   168084 ebaefee3ded203ba02eb42d440d01140
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   126708 639cc0b13f5a259ca255a214e7448cb6
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   184984 bda1a3fb6f94da0fa93caafd8726c4bb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   600782 0da67847bd97a0deeca7221ed6daa762
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:     1044 0e3b52647ec4d1cab0df8133c4183bb6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:  9712800 73f41e356d2d7d7e2b2131c33f3fb865
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   403356 5703ad69f20642dff0b73abaf3b291e9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   158386 15f302f71c73e88c2bdf4599f1a990b7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:  3336818 b8570a6a33a5aaaf9165f9bd7870f3d2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   114446 59dda0bbda07cff9e208e1fad40c5357
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   204192 e0bb7bac75c0e86b972efa750a1170cd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:  1683150 6595c133e2616136f47c44cf595cfcc3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   174924 d1c35762abfe065b9d703960a21a9d99

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   168076 5947b8928a7d52f2d40cc93a0efe95ed
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   141558 dc10a1a91e526e92d22d4585594c0669
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   184958 a7ff18cd5c7522cb46250f970b792541
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   726538 e5cfada69c95b3ff6374c0dde7b755e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:     1044 6fe88cb467a02eb83f1b6cc56cb2ba63
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum: 10735426 b229a0c89d52fed9a6ca47da0630f870
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   403270 7dcffe7aa3853fe206eaf3209809ec59
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   158344 04223592accfc2dfd5a32b00f303c8ac
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:  3358718 43bc8b35c0b1d67ea06ddd4649d36fbc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   117626 cd932bedb3c95f08d612eff4b9bec368
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   204164 5689c8ae6a39dfc735af908e216f4505
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:  1795556 cfa51006dde9b3433f25048b0c562166
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   189938 e7ca25e62753d01a29e668680110fd03

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   168076 fa13db77745d2c3dc3e7a12fc19ad4cd
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   141502 f6a859a3cd7a1f8e8d704a189a72ba8b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   184968 d90edf8a1c7642b76cfea3068efa55d3
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   715976 7a9aea273c635f0ba708f15b887b16c5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:     1042 4ead757bdb7893ddfb5eef4ca12464e1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum: 10610616 0c0aabe84441b9ef639159bc849121e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   403286 6f4b7ee71b7f4927daa64166a5934a14
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   158348 325353631a54b489d4cc0ed578459ba9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:  3359394 f3b7354fe4e390c4ea740e364610d6fd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   117228 2cc3a94499f9504531c1dfbc42bb2987
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   204160 35a12913bf54c279401c34bcaf02f837
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:  1777626 bc1de5ce86cb2947975e2d15368e6ad5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   187518 d2d60cc4b957fb143d89855d51b89b64

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   168068 fe49d18e432e28aa0aa4e06ee720bdb6
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   132040 088cf084ba4f12278a498570de88bda2
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   184950 971800ffb5d07ca71b8a665cb4cdd3c1
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   719746 079df4da7ec5cc46052378464f68bb73
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:     1040 dbe93abdb48856ee45c5c1f31dc74d83
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:  9708238 60c1f1d72c777602d3663bd9f6d66d8c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   403288 3d67e5bbca986f3d493f092de173b986
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   158338 210cb429751cc16741a99a5a501252bd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:  3341180 f0fbd1b7ae8e83a6212f10e210a7afbc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   114582 23b3b328c10d7472f37062d1fb89835a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   204146 8906e4e5938b651da42ecaadf5ede88a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:  1643152 f997b2218228de4a821e1a76ac307a8e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   175706 df8d203557f6c0da764ab163dfd35ba0

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   168070 dbbc50f83250fa4e96ce5fa5aa1f1239
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   157342 9ca3b2ba1392a8e0b9ae312770fa422f
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   184942 64f9ec8255365634cf3e985d78b0a918
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   799736 3a649e5c93b057fb5c49e9614b9c4d48
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:     1034 312e876dd1ada606d872ecc3f5dd1c87
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum: 11332196 ba8e90e85c7e47b1f7d2a0e558572bd0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   403286 84d8aa100b642ddf3e11d25d7cf2e3f4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   158334 eee9734fc27ed2120b19b68f64ed9a47
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:  3353460 94a5f4aeb8e6caf52298ab42ce51925b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   121356 039e4621cc5f1f396f04cce7d936ae20
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   204162 76138f26bcc903413304ecdea530b582
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:  1944774 2a1fc7f1bda7ecb455993706030f3886
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   213602 4b929622e24e962f12715d98ec5184e7

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   168072 41eac7654297e41bb8ea1bcdeb41855e
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   129260 08ca2de15725be7d32b3b2324715a058
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   184956 d4a41f56e9b37ffb60a2c66b30c5471f
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   673524 84378a8cf1d88b597fb6a4cbb815adcc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:     1042 88279f4538a6e215092f5b9bc9e16e68
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:  9381720 4912beeb2cb4a02cc4abf6d5c730180a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   403296 c6346a95715ba44112e46cf80959c503
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   158350 b12497e5a02785d466d1975ea22d4040
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:  3342192 ef8bfe776ee10bbbd7cb2a7fa3754aa6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   112532 b3e1ff572f35ca8a5fa368cf815cb32f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   204164 f376fe7d73e318e1c87e66bd527ef147
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:  1583792 7a9053fa95df17218f140360f69fe05a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   168116 65ecc744a989197668923747d5dfcdde



  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFCi8eW5ql+IAeqTIRAixcAJ9k2r6d7atRXaNm9NAlvLvT6/HPqwCfdI1G
XFoU8PToGJgeQMowkOV+CWw=
=MV56
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F49861)

Debian Linux Security Advisory 1159-2 (PacketStormID:F49861)
2006-09-08 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-2779,CVE-2006-3805,CVE-2006-3806,CVE-2006-3807,CVE-2006-3808,CVE-2006-3809,CVE-2006-3810
[点击下载]

Debian Security Advisory 1159-2 - The latest security updates of Mozilla Thunderbird introduced a regression that led to a disfunctional attachment panel which warrants a correction to fix this issue.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1159-2                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 8th, 2006                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-thunderbird
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807
                 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
BugTraq IDs    : 18228 19181

The latest security updates of Mozilla Thunderbird introduced a
regression that led to a disfunctional attachment panel which warrants
a correction to fix this issue.  For reference please find below the
original advisory text:

  Several security related problems have been discovered in Mozilla and
  derived products such as Mozilla Thunderbird.  The Common
  Vulnerabilities and Exposures project identifies the following
  vulnerabilities:

  CVE-2006-2779

      Mozilla team members discovered several crashes during testing of
      the browser engine showing evidence of memory corruption which may
      also lead to the execution of arbitrary code.  The last bit of
      this problem will be corrected with the next update.  You can
      prevent any trouble by disabling Javascript.  [MFSA-2006-32]

  CVE-2006-3805

      The Javascript engine might allow remote attackers to execute
      arbitrary code.  [MFSA-2006-50]

  CVE-2006-3806

      Multiple integer overflows in the Javascript engine might allow
      remote attackers to execute arbitrary code.  [MFSA-2006-50]

  CVE-2006-3807

      Specially crafted Javascript allows remote attackers to execute
      arbitrary code.  [MFSA-2006-51]

  CVE-2006-3808

      Remote AutoConfig (PAC) servers could execute code with elevated
      privileges via a specially crafted PAC script.  [MFSA-2006-52]

  CVE-2006-3809

      Scripts with the UniversalBrowserRead privilege could gain
      UniversalXPConnect privileges and possibly execute code or obtain
      sensitive data.  [MFSA-2006-53]

  CVE-2006-3810

      A cross-site scripting vulnerability allows remote attackers to
      inject arbitrary web script or HTML.  [MFSA-2006-54]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.8b.2.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.0.5-1.

We recommend that you upgrade your mozilla-thunderbird package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2.dsc
      Size/MD5 checksum:     1003 359853df29b29253164e9aef34d18066
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2.diff.gz
      Size/MD5 checksum:   486593 3759fe23473ecb6cee532cb47cdd4e63
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum: 12849016 fdf32dcb741195378d9079231aba21cd
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum:  3279426 879ae924d100517f98ee7f39a84e1bb2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum:   151696 dd6911608eb54bebc7fbcdb58e5d63bb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum:    33138 9581f8f0be21162692672e55d5f00640
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum:    89106 06a2f4752c619fb6a80d15d8fd1741de

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum: 12255346 0ef80084b8dc8f3aeab523b3ce03009e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum:  3280646 de3c980f39e86509f62348d39ffb65f5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum:   150662 369341b36fb2a2bcf3178c5bf788c72c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum:    33132 42ef7496ee17221749feff905c1eb3ce
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum:    88892 15554699cf57f756e7e615910c36e705

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum: 10343074 0716c5639dc5b76dfee6f2aac33378f1
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum:  3271558 0df9cfaf413911576ab6cbda7a366dc5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum:   142846 59248b09ddba4eea5c15f3a8e441c8b8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum:    33160 e0292cee475239b5660a1db8a60e9599
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum:    80938 12eae1b21352bdbe21499d74f2ee3bc7

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum: 13564760 ac59239f3cd97d1ae63616335e86b755
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum:  3284788 9c9ed05edb7b5d15c444347f27d997b6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum:   152898 39997b48bfa96256946015464c4cabb9
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum:    33144 9f7a34db227b65158d2907e7030c0a35
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum:    97012 3b4cf017d74aa8a47d723b4c2f196735

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum: 11564254 30581baff08ebcf78cb7a805078238c3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum:  3507668 46a7e9a8d982b9df0a3ac2c0d0f2f9e6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum:   146348 b8c2a88b083683e63ee7e83846aff346
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum:    33150 5f56019ede768d9132def0798ea1c1fb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum:    87708 c51a3dc04f9bcba7fdfd486474d63966

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum: 14624280 55e21c6d9b9590b7b02646071e3d4881
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum:  3291092 d6cfb0e457c509cfd558b41d6db45e61
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum:   155048 12b7efd38b79c5e152757c1ae2861344
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum:    33144 b941a4303b34f97550744026b347e711
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum:   106840 e5e09e738134c8a7494a2b15e95c40df

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum: 10791360 246f9f51609b2848c2d54f3183e07d5d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum:  3271086 ad5796c388daa8f0965fdb8a353ba90d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum:   144660 486d2b72286e105a670c40c4982857fd
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum:    33174 feca51e39ec459f867e412e788308687
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum:    82198 a2252137e94259eb8e699bf4d7a84ab7

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum: 11943666 7d1fc9df6d4bb496bbed6b5f10353db3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum:  3278862 02a47eea657b6d287a860f98bb54c11e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum:   147602 07157e5a5dd3af8d299f7b4e060b357e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum:    33146 1d945a5ae87a049a5d12f604f5ecf83f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum:    84410 53d48b348d8d62b2aa2a2f03cf92e84d

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum: 11811276 e8b1890107fb3c3e9410d396dd6fee51
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum:  3279782 c0daeff4c21f2bc5a47731cb06ae51aa
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum:   147156 f240918563f055e8da73d60aff27b63f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum:    33132 7d1aa8886a3d0b7857298944b03a55ba
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum:    84270 74cbaa157220d3012e421f9427041216

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum: 10908472 a7120c11e497b2e280562b3611e0ba55
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum:  3269516 58f62e16cbcc5988ef169c44b746e51a
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum:   144672 a62727479a514dbde5394e455a9bf055
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum:    33136 b839ba3f926ac102c3c322e4e140e40f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum:    81046 9251eb44207d2610bef616e409951937

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum: 12702008 ce1773912bae44fdb1473a86b31ffddf
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum:  3280008 d20c17b61ae08aacb9bcf2578ffd2d03
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum:   150980 a7936545066775c99d0cec4cff187ba2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum:    33140 8389760a91f3444c6170d5ed32867bd1
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum:    88926 d237c5c35347449b6695f352f25b112a

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum: 11176470 9d792595c891df352238de0e1b4f7639
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum:  3275230 164f9abf5ca1a11a2ca5d0a69cc4a93f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum:   144318 e79b826ed1d778023f567fee90730446
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum:    33148 7d029003df1ee859d52ceacd8ba1142f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum:    82746 b308910b4e9c4025b0488d44424b85f3


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFAQSjW5ql+IAeqTIRAqTaAKCVHUKzdKVWHpclBH4nt0XskPzRJwCbBzt0
l+vA2DPz5+7JAZ8AwieQOUY=
=1sra
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F49544)

Debian Linux Security Advisory 1160-1 (PacketStormID:F49544)
2006-08-29 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-2779,CVE-2006-3805,CVE-2006-3806,CVE-2006-3807,CVE-2006-3808,CVE-2006-3809,CVE-2006-3810
[点击下载]

Debian Security Advisory 1160-1 - Several security related problems have been discovered in Mozilla and derived products.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1160-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 29th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807
                 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
BugTraq IDs    : 18228 19181

Several security related problems have been discovered in Mozilla and
derived products.  The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:

CVE-2006-2779

    Mozilla team members discovered several crashes during testing of
    the browser engine showing evidence of memory corruption which may
    also lead to the execution of arbitrary code.  The last bit of
    this problem will be corrected with the next update.  You can
    prevent any trouble by disabling Javascript.  [MFSA-2006-32]

CVE-2006-3805

    The Javascript engine might allow remote attackers to execute
    arbitrary code.  [MFSA-2006-50]

CVE-2006-3806

    Multiple integer overflows in the Javascript engine might allow
    remote attackers to execute arbitrary code.  [MFSA-2006-50]

CVE-2006-3807

    Specially crafted Javascript allows remote attackers to execute
    arbitrary code.  [MFSA-2006-51]

CVE-2006-3808

    Remote AutoConfig (PAC) servers could execute code with elevated
    privileges via a specially crafted PAC script.  [MFSA-2006-52]

CVE-2006-3809

    Scripts with the UniversalBrowserRead privilege could gain
    UniversalXPConnect privileges and possibly execute code or obtain
    sensitive data.  [MFSA-2006-53]

CVE-2006-3810

    A cross-site scripting vulnerability allows remote attackers to
    inject arbitrary web script or HTML.  [MFSA-2006-54]

For the stable distribution (sarge) these problems have been fixed in
version 1.7.8-1sarge7.2.1.

For the unstable distribution (sid) these problems won't be fixed
since its end of lifetime has been reached and the package will soon
be removed.

We recommend that you upgrade your mozilla package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1.dsc
      Size/MD5 checksum:     1131 2bd30d0e1391b9705d1c8bcdcb9aa3e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1.diff.gz
      Size/MD5 checksum:   531386 81427d72e82e1117623773ef1d9e0d92
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   168074 eac003641c1939a8b4bef7497c374ba6
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   147532 e0a6fb3ce5c6de10c698cff9b80cc117
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   184942 223249982ca92e440245a6bb9d75d533
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   857098 8b0e75af2905326a5d9e67be91c9aac8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:     1040 66b38827a857248465f223152b80f204
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 11484928 d27d68018193d11fe6781e41feb81678
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   403300 153ac5f793787cefc5ae5678ef844e4b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   158344 245e5dd64c3c328b5c02408e244db629
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:  3358858 aa3043c1f46a6c5bfdc67efb433c7572
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   122304 54105650c2458ff3c29825cbc6295144
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   204164 05fb25c76ab388ffc0cd1930ed7fa780
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:  1937180 0b49f5a4694fa5dccb024ae2d9399077
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   212580 db8f16769dd27e8241dd073225433b74

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   168070 b42a4f421d392323c5ccf78f59a446f9
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   146634 108d35f0e9303db9b5c2d803f33d29fb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   184962 dae604dee94ff87f0883c8bcbaed87de
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   715462 b8a19b3a0729575842ffc45f6cc525ce
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:     1034 2eb59559388c253878b92b4b566d32f5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 10948874 79783e1204731d378de0de64e2e060ff
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   403290 9060ed97202c1419e75511e1117a2e69
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   158342 15fd68de4bd67ece8b11477f4bc813c8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:  3352804 9cd9ee777bca717e736d3eecb4813adf
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   121184 e383a9b3187337765fd635eb75333469
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   204172 3a9ee9ae111fb1f6c8b09860869aedbe
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:  1936078 b973fcfa00570b490e3d4884d9c6e825
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   204426 999ddfb35f3a0b8a974aeae56c22dc65

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   168074 a836b7a5b37b78aaebcb61ff654e3cf2
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   124986 2e2ca9f9bd5665ac32c42952a452796b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   184962 8fb34805a06ab453ba89d0c23e4f9e5b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   632686 6c8279f37ffc94cfd53ed83a5c180a8b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:     1038 7d522787331c0e28b5f7c6c1af24cce9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:  9219618 782774e232a36315020a29df714397a0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   403348 f925ff6457b707657779b5b4fe421cd0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   158366 ac6ba8d892c154c57d71cfe0a208da1a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:  3342412 c4740ddaba9219a6c94ad1d3d2907cbd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   112662 9865794389927f4b199020c5ef66cafe
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   204186 0e66cf4d32d251121edad264c6ed61ae
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:  1604474 c68c19164028881a7e9d190a5a8c73f2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   169044 99d262cc2a412f938fd62dd5cb80d4aa

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   170346 c96f11b70b94d0f7a5dd198ae0270316
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   137444 d5505057ab521c13c9b9df8faf1898ad
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   187130 fbb5013961c323e1a6eac06a972399fb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   662236 11505452778ab2a6f62b8b12690e327a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:     1036 c90cf11f05a6db492676075f10455caa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 10346294 690c7568c81116dc99575e67c02c26c7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   403522 31bf91f8cc9a86f67cce7b1bbbd6bc7b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   158376 ee2658cae1ba55a281b06ebde593659a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:  3594716 f8c1546c3530793960246557fbcf382c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   116690 21d708a27dd00ef6f7143e9f9a6cdf73
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   204178 b6a41c12e4c7008177f8746fab92901a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:  1816154 77f5e242fdc4adb1924be7f975a2405c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   192744 eb2e3a4bc87212eca06c12f1e7d46521

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   168072 7209fb036521f59fd735e703ec79400e
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   174978 10ba506a46b231aeee34dd51510ffee8
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   184954 d3cba059a9c48a693418fd96e791f57e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   967402 052903f29e606cad5e4182773a42d416
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:     1034 152faf535691f3f8ebe217cc0d37422c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 12961084 020b12eb88202d7d3ae166ecfa828878
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   403296 bb77bbcaad98b8a86369c72ccc026011
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   158342 f1f091c558fd2d6075373b9472190cf1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:  3378634 2f3091a1d77aee6324eb818ade2c817d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   125590 53ca1454eebe786c7ff1c3f68940d434
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   204164 68889825552d42960a9c047f5db4ead5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:  2302378 c66ad68e4c2ee6d463dcaa1f7e795463
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   242830 1fa9d4351819c18bc4b773c682ad74de

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   168076 66d61d5be7abd2e8b74a6c96198e9552
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   157562 0104f3dfd071237a5cfa40c5ee433575
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   184960 999ee07a9b0c90f504d00ca54c139198
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   755388 764a9d45fbf49b17d9d5aadb89d85829
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:     1040 c5b34199e97ffc378d3fd2d9dcf72bea
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 12168102 6dec58cb9458522eae398920e9aed844
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   403306 6188aa3503a805bd203c62610c4e3ced
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   158346 44964603e4dbed4635cfb16095665ef7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:  3359148 eb36fb8717e781f36760147898718d94
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   123522 65537d7af21935b0b92749ca351e17be
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   204174 f945cf55aabf0ab174f04e88b4180620
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:  2135256 640e1fbc9bc8a2d5f84ffbbcaee57567
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   216396 1fcca2871418d7411b2c247b31a656f7

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   168092 fe86bb2ca8abc891c409057990732610
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   126642 07e87b835240123e3a0b823a34aabe95
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   184984 6cf1417d36748d1a9b9547174b74d177
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   600730 576d83b5963a8ffc881daed75e6c6f6f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:     1044 e28e82a08d4b72b4eecb426a2c19e4e0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:  9712802 98a468557f08faefcfb386e1b03ce53b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   403368 ab30bf829c00290b4cbc3b63786029c2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   158406 77bc46299d455fe392bd60a3037e205f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:  3337004 297f3a2e48d9375a32e90b93a8763871
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   114468 21fe6664bf23421fcba559396134fcf0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   204184 058b99007e3e3fac132353330c464dea
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:  1683152 8948cd6b6c7e1c0da51264f1d7ffb6a0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   174924 b2da7692c92862df050caeb6060246f1

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   168072 ef741effd5c0d92bfd1006a067fd420f
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   141500 23dcf154e495b937c76b0d08c8ba3af1
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   184950 573206997817d3b0c52f3f74f0f0935e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   726474 b411fb639491df2df5258b3b23cf115f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:     1040 2053ec9d35e7de4ddccbc4bd9e068dd3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 10735382 04afb86059c770780b2c5ed9574b252a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   403278 b33128eba36459050025687c1b97251d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   158356 2eaa19cd569a150fb0888a905dbfdfa6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:  3358818 d1de9be804d868b1cb6b01ff14818bb5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   117622 b9cbc88e07c6ba01713f573099dcac35
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   204164 c24dc616bc0019537a371281b6c5ce21
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:  1795562 294cae49d1f538a2326de93caf90ef2a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   189932 5fc63acfb905a864466afc317ad62764

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   168076 52d5bb8de3bcac5af1b9c7161253fc6e
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   141448 759d76f0c1f1a3141aa7e5b6fa738cd2
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   184952 1613e4a0ebb0b01215c3f50622906953
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   715936 dea4e33f2242680a9f6992a7ebe69f69
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:     1042 a1c3ebbbd7ec67a49483b5ac811ef24d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 10610812 3c6e191ecd90394cc89d5917f88b3811
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   403296 f0fc353a203378cd9051ffca1c333ee7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   158352 98411cf47fe0952686e12f4be46e7d94
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:  3359336 f7afcef1f79da6078e6430af714f952b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   117208 8fcd67e70a26166aec44114139c4d0e0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   204170 a706dca773dd6c03e7d700939fc1e96e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:  1777624 f9ec1c606051df270a0f2335857177ad
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   187520 3c28b28ebc6baff0c9bb847a21372e7e

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   168082 13e1e7545eed58e1270a0ab2c2d433ca
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   131994 24dde066f00f91ed7c303768bf5219fe
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   184964 21eff711bbb483906b64e5e168095ed9
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   719692 68fd6243189e634a4b0139384efca743
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:     1046 85e2ca21bc46e736215b4419deaaaeb8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:  9708312 ae32ace9e83f069280dd57e345e9c951
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   403294 713943ac3d06f4b151389688b9344f26
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   158358 e298f882d70323a87942d2a110105336
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:  3341090 64ea6ce84a115bdc20bfa3dcd5b61bfd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   114598 912e6c2dddf4835bcd5458d8142b012b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   204174 5961f2538d92304d808bdeb36ebfd43b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:  1643146 cffb2e9d9a2dfeccd12e469525e73e21
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   175724 2a597fcb96bd9e8b119f96fc813615e7

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   168068 192a90d8302aba56c5188562e43c11c1
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   157298 12d3bf42c74ef7a00c9d33fa92393e2f
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   184942 849cdda4f8860506bb79f316b89ea365
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   799696 713c51045254abf3d96d55884ee51a6c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:     1034 bcafed934a00cdec70c2f62e083e2bf3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 11332328 b869c3b55f45383a4f050d6190c5d979
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   403292 ef466f1e923cc970a1f6edc5695efe49
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   158348 ffbc21fcb1ee262942f775d04b318d93
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:  3353464 705a66aa8deafe87aaa9d2509358002d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   121344 6b04648d824b662bca6841bd305b50d5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   204164 b56489b01c9992f25ad694d85e7cc4cc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:  1944778 cc4551e2cb4e07c26843245de31ed270
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   213600 be9c36068e6449c0e30a233887ea1d07

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   168076 08f44358b647bf2c2ea7f0da859e8ac9
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   129208 18b77b286bfba205e942a72eb2baffab
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   184942 864ce609343d141ade3c922d138f6f78
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   673486 e87272fe32ca15edc9ea340737aa3e0e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:     1042 7ec6b04120c98b7ab47143fe1141d8d7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:  9381788 34105262fdd068aafce32b54d5f45236
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   403296 ec09417da44a128602cb441462b28816
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   158350 bbda61175cf8fc0e9cb5ae24da55b9a4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:  3342214 e160009ac134ebd9ff0209176a320429
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   112516 20e88571138978994c7c05528610a790
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   204168 b7b3949f1d80b750efa8f8c2f40c2c6d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:  1583812 48afe1f55a7d4fd35eb4a42619941979
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   168118 35333e0fd86439304bc49d1eded1c4ae


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE89AKW5ql+IAeqTIRAh+CAJwKZdZNcE27+T4elhU08IZDuaBFHgCffnIp
0lMBTqTg5RcxbmmQrQQ/mLo=
=SzIZ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F49515)

Debian Linux Security Advisory 1159-1 (PacketStormID:F49515)
2006-08-28 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-2779,CVE-2006-3805,CVE-2006-3806,CVE-2006-3807,CVE-2006-3808,CVE-2006-3809,CVE-2006-3810
[点击下载]

Debian Security Advisory 1159-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1159-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 28th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-thunderbird
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807
                 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
BugTraq IDs    : 18228 19181

Several security related problems have been discovered in Mozilla and
derived products such as Mozilla Thunderbird.  The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:

CVE-2006-2779

    Mozilla team members discovered several crashes during testing of
    the browser engine showing evidence of memory corruption which may
    also lead to the execution of arbitrary code.  The last bit of
    this problem will be corrected with the next update.  You can
    prevent any trouble by disabling Javascript.  [MFSA-2006-32]

CVE-2006-3805

    The Javascript engine might allow remote attackers to execute
    arbitrary code.  [MFSA-2006-50]

CVE-2006-3806

    Multiple integer overflows in the Javascript engine might allow
    remote attackers to execute arbitrary code.  [MFSA-2006-50]

CVE-2006-3807

    Specially crafted Javascript allows remote attackers to execute
    arbitrary code.  [MFSA-2006-51]

CVE-2006-3808

    Remote AutoConfig (PAC) servers could execute code with elevated
    privileges via a specially crafted PAC script.  [MFSA-2006-52]

CVE-2006-3809

    Scripts with the UniversalBrowserRead privilege could gain
    UniversalXPConnect privileges and possibly execute code or obtain
    sensitive data.  [MFSA-2006-53]

CVE-2006-3810

    A cross-site scripting vulnerability allows remote attackers to
    inject arbitrary web script or HTML.  [MFSA-2006-54]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.8b.1.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.0.5-1.

We recommend that you upgrade your mozilla-thunderbird package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1.dsc
      Size/MD5 checksum:     1003 04d64af96e791f70b148b47369e78fa8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1.diff.gz
      Size/MD5 checksum:   485519 ee4edfac117a53c5af08ed97fe85fe55
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum: 12848642 4c5bcb9649ff7eec7d4ad6409fccfbce
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum:  3279330 5de619881da404d6846a64e1ab100198
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum:   151606 aca457a945d7a89cc5ad25952db6d32b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum:    33038 f219f0a68ebce04be1a448d582330e36
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum:    88998 349021463f3a1fca2c269044cf3e66ca

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum: 12255144 bacce34b5bc0e00ae8dfdcb6db7effee
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum:  3280524 68041a19610600cd691914971d72e915
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum:   150580 d4cd554373b8cf9695e11b172ccd018c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum:    33032 5c7cc39d0f91f8cbd7dfbcd62f5233ea
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum:    88794 ef6eb382de91c862944b1486e5c343a7

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum: 10342700 42ebac688dbc2943768353f381c48af5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum:  3271408 8d1d920dbc27c50d3cef51653ae67571
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum:   142784 14df28e047604532f99d28d57fd66555
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum:    33052 441a28a0673a0b4a341ea3d2685ef7a7
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum:    80852 608e1e053e2bfd73099f6e853cdc3b11

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum: 11563882 b41abc362fc0ed424a3a4cd6c4fa8ca6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum:  3507108 6c5268e655733613500ee2173f1012ec
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum:   146250 ba9d20e519d188c237b4b7cef17d3bbe
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum:    33052 ef87f87b1ec09d8b1e66591e69895233
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum:    87606 925e4a236ba4230a8e32216a064c3f06

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum: 14624106 a3b234485952ea02ccfdd68133a2cf35
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum:  3291038 a15a8ff3fbc471ed4969bb86e67c3c4c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum:   154934 96ab243eb1e9340a6c04743d761febe8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum:    33034 ef4ff45411db444879bd8171814989e0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum:   106730 975838d769c3c4e9821ee2f2db1f180a

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum: 13565080 e4e770db9c3257e4082f6ba9a4b17942
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum:  3284790 cd7b3d8fa65712084108545b06bf5cf8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum:   152812 a850d4bbfc5412356adb8999e4afd3a2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum:    33046 4b2d523df0b35eaf49c2ee670040a746
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum:    96926 49c2664125f88dcbcf8fc370490f1783

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum: 10791242 efe7adeef2105ee962f60eb09d32be04
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum:  3270798 a64399e4e34ec761ddb064e650432d47
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum:   144566 c368a1f6bda4a639c799903d3bed7c86
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum:    33066 3992b0cab96e959ecea687899f8ef05f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum:    82094 b13852c78fa4f46ff993f3c1e98680dc

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum: 11943796 cb93a2f2fc4dd706defeaea3c18a6b6f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum:  3278794 9acf4f9583972ed1fe2d453e8330233b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum:   147496 07472047d17dabe204412c357bb21169
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum:    33042 b7f0219fc847c1a52b3336aea10b1523
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum:    84296 de6058169bdcaac13f4e44e50d86fcfa

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum: 11811180 7a90700b755f8a9628743c00c5658e01
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum:  3279738 b7599c5e7cb743cfe02f60402beeef4c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum:   147050 e648ba4dcabf8cd85415d259d19f9dc5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum:    33034 9892f5d7755b7b013b825acf7d239b9a
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum:    84184 08802c45278f5d135118b15c261d60ff

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum: 10908332 b4899f52b0b1555eef1a52e29f7ccff0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum:  3269376 138a349de0a5a33317fb12e38fa7048d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum:   144570 8a5fbabc69454577f95fca69d6922183
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum:    33046 eab66e527293d35eeec5a2aa21e34988
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum:    80956 110bbacc7e5b85d32966e8b095d18e49

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum: 12701528 e77cc46c7784b4678e00158c4067fb13
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum:  3279814 9f614f520b7d24b584b4dfdde4d6856c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum:   150872 8ec4f9059a17b2e75afd8cb472dfd7d4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum:    33030 1a9dd5360add1b5c7d3940e44efc72f4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum:    88798 c1fc3eda5995f50df821da0913447ffa

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum: 11176418 d9291799bae4c157fe7f0a9dd86ebcf4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum:  3275086 2a78bb9f76059b034dd1232cdd82dee6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum:   144214 0f03b8b13d7cb6ae6c0eebbec1da6d2b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum:    33056 4b9864766f12b2328b9e6fdfd98a4d0e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum:    82648 c02d426a3ab8f7e704f946d0b0fee7c8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE8n9lW5ql+IAeqTIRAgpiAKCTSJG8bf98rWgKM1d1zfQY78HNCQCghAW6
yE3zyT2KfVUR036bLnDdZo0=
=bqG2
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F49350)

Mandriva Linux Security Advisory 2006.143 (PacketStormID:F49350)
2006-08-27 00:00:00
Mandriva  mandriva.com
advisory,vulnerability
linux,mandriva
CVE-2006-2613,CVE-2006-2894,CVE-2006-2775,CVE-2006-2776,CVE-2006-2777,CVE-2006-2778,CVE-2006-2779,CVE-2006-2780,CVE-2006-2782,CVE-2006-2783,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788,CVE-2006-3677,CVE-2006-3803,CVE-2006-3804
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-143 - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:143
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mozilla-firefox
 Date    : August 16, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of security vulnerabilities have been discovered and corrected
 in the latest Mozilla Firefox program.
 
 Previous updates to Firefox were patch fixes to Firefox 1.0.6 that
 brought it in sync with 1.0.8 in terms of security fixes.  In this
 update, Mozilla Firefox 1.5.0.6 is being provided which corrects a
 number of vulnerabilities that were previously unpatched, as well as
 providing new and enhanced features.
 
 The following CVE names have been corrected with this update:
 CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776,
 CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780,
 CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, 
 CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677,
 CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807,
 CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805,
 CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811,
 CVE-2006-3812.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2613
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2777
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2780
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2784
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2788
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812
 http://www.mozilla.org/security/announce/2006/mfsa2006-31.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-33.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-34.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-35.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-36.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-37.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-38.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-39.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-41.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-42.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-43.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-56.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 76ef1a2e7338c08e485ab2c19a1ce691  2006.0/RPMS/devhelp-0.10-7.1.20060mdk.i586.rpm
 d44f02b82df9f404f899ad8bc4bdd6a2  2006.0/RPMS/epiphany-1.8.5-4.1.20060mdk.i586.rpm
 29efc065aeb4a53a105b2c27be816758  2006.0/RPMS/epiphany-devel-1.8.5-4.1.20060mdk.i586.rpm
 caad34c0d4c16a50ec4b05820e6d01db  2006.0/RPMS/galeon-2.0.1-1.1.20060mdk.i586.rpm
 d0e75938f4e129936351f015bd90a37a  2006.0/RPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.noarch.rpm
 652044ff7d9c3170df845011ec696393  2006.0/RPMS/libdevhelp-1_0-0.10-7.1.20060mdk.i586.rpm
 bf6dcf87f409d06b42234dbca387b922  2006.0/RPMS/libdevhelp-1_0-devel-0.10-7.1.20060mdk.i586.rpm
 e9aaff3090a4459b57367f4903b0458a  2006.0/RPMS/libnspr4-1.5.0.6-1.4.20060mdk.i586.rpm
 fa99cbc159722cc0ff9e5710f24ca599  2006.0/RPMS/libnspr4-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 d4d45b797ca2f2347c0409d9f956ff25  2006.0/RPMS/libnspr4-static-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 8d33e72703090a911f7fd171ad9dd719  2006.0/RPMS/libnss3-1.5.0.6-1.4.20060mdk.i586.rpm
 23afd287c042c5492c210255554a6893  2006.0/RPMS/libnss3-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 4a188f54230b943ea9c8930eb2e0cfe1  2006.0/RPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.i586.rpm
 5bec4690547fd733ca97cb2933ebe427  2006.0/RPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.i586.rpm
 55836595e5cba3828a9a5a27e5aa1825  2006.0/RPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.i586.rpm
 0faf5ee7022ee0b70915d2c845865cae  2006.0/RPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.i586.rpm
 312a89317692b3bd86060a1995365d86  2006.0/RPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.i586.rpm
 38215dccbee8a169bcbac2af2897c2f7  2006.0/RPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.i586.rpm
 aaba2fa72f8de960a3a757b3010027d3  2006.0/RPMS/mozilla-firefox-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 d8d59a55974f6fa20d99fb30f126638f  2006.0/RPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.i586.rpm
 946e6a76c71dbbee3340f1a96ae25a1d  2006.0/RPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.i586.rpm
 9a14c31a41c2bac3942caa3d1fb5daee  2006.0/RPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.i586.rpm
 b5074c27d1cb719bf9f8fabe8aebf628  2006.0/RPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.i586.rpm
 7a225cdfdf0c17c0f4a72ad27907fc07  2006.0/RPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.i586.rpm
 06526a054d108d3c9b5f66313151ecc2  2006.0/RPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.i586.rpm
 8f721bd3914c31e04359def6272db929  2006.0/RPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.i586.rpm
 a704ed726e6db4ba59592563cd2c48b0  2006.0/RPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.i586.rpm
 0ef6729b05e013a364e847e4a1b7b3e3  2006.0/RPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.i586.rpm
 570b19872de676414b399ff970024b78  2006.0/RPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.i586.rpm
 dee38f0bbe3870d3bd8ad02ea968c57a  2006.0/RPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.i586.rpm
 92916e155ec38b5078234728593d72a2  2006.0/RPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.i586.rpm
 c808f2f32fc9e514ffb097eeeb226a96  2006.0/RPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.i586.rpm
 6dda5771d062eae75f8f04b7dab8d6cc  2006.0/RPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.i586.rpm
 c4ac8441170504cc5ec05cf5c8e6e9f9  2006.0/RPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.i586.rpm
 2765008afd4c0ba1d702eda9627a7690  2006.0/RPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.i586.rpm
 15b600977b07651f1c3568f4d7f1f9ac  2006.0/RPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.i586.rpm
 6f1fae6befe608fc841fcc71e15852c0  2006.0/RPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.i586.rpm
 81f412da40ea14bcc23d420d7a5724f9  2006.0/RPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.i586.rpm
 76e0ece3c0b6f507340871a168a57e36  2006.0/RPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.i586.rpm
 6ded58e85ed113718cfb3484ae420bb9  2006.0/RPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.i586.rpm
 c76f6648e88de4a63991eac66c3fba04  2006.0/RPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.i586.rpm
 1c7ab93275bcdcf30ed9ec2ddb4893df  2006.0/RPMS/yelp-2.10.0-6.1.20060mdk.i586.rpm
 60279919aa5f17c2ecd9f64db87cb952  2006.0/SRPMS/devhelp-0.10-7.1.20060mdk.src.rpm
 c446c046409b6697a863868fe5c64222  2006.0/SRPMS/epiphany-1.8.5-4.1.20060mdk.src.rpm
 e726300336f737c8952f664bf1866d6f  2006.0/SRPMS/galeon-2.0.1-1.1.20060mdk.src.rpm
 e9e30596eceb0bc9a03f7880cd7d14ea  2006.0/SRPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.src.rpm
 4168c73cba97276fa4868b4ac2c7eb19  2006.0/SRPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.src.rpm
 6a7df29f5af703d10d7ea1fee160ac00  2006.0/SRPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.src.rpm
 e56e14c28051ec4332cbde8dbee7bb6a  2006.0/SRPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.src.rpm
 1a144c86fd8db39e2801117296e15d2b  2006.0/SRPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.src.rpm
 f4889d2ee6e07c0141b57ab9aaccae64  2006.0/SRPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.src.rpm
 dee0f7bc91c797e880fff19e1cb05a63  2006.0/SRPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.src.rpm
 45724f6ceed66701392bd131feaf1f6d  2006.0/SRPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.src.rpm
 cc680cac7fea3f7f8a48a5daf86db088  2006.0/SRPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.src.rpm
 69b04335c21313262af4253863109cc8  2006.0/SRPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.src.rpm
 2aab89244a535afcbc25271df5d6b33f  2006.0/SRPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.src.rpm
 f1c7f71d5484c5047b1b38fc16888ae3  2006.0/SRPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.src.rpm
 3963e3c3a2c38c41d9d3bc5250b124a6  2006.0/SRPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.src.rpm
 bb54aed17a126a9e8568d49866db99ea  2006.0/SRPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.src.rpm
 2a1b11f2c8944bc1fc0d313d54a903cf  2006.0/SRPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.src.rpm
 783c5b3c0fb9916e07f220110155476d  2006.0/SRPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.src.rpm
 895e315731fa0b453045cc39da4f5358  2006.0/SRPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.src.rpm
 daa0a127d2a1a3641d4e97bfb95f1647  2006.0/SRPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.src.rpm
 0c778b0738b11dfd5d68be48fa6316ed  2006.0/SRPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.src.rpm
 7025d0118cf29e39117bd87c586e84a3  2006.0/SRPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.src.rpm
 5d8b8e869f588c0f5751e9ce7addba45  2006.0/SRPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.src.rpm
 c5148674a8c7dd1f88c5729293f899ba  2006.0/SRPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.src.rpm
 91d490c075473e2443e383201b961cb8  2006.0/SRPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.src.rpm
 622ae4619d151bb1634113e50b30fbac  2006.0/SRPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.src.rpm
 e6d64c14929d299e2fb52e334ae6641a  2006.0/SRPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.src.rpm
 20f64c6dfd6aa1450cba5002d42f53d8  2006.0/SRPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.src.rpm
 b93a6b548bb1cf0f8cc46dec133e81a3  2006.0/SRPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.src.rpm
 f5603b65b3d10fa5083934e08d2d4560  2006.0/SRPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.src.rpm
 c0e978ea92b4a8f3aa75dad5ab7588b9  2006.0/SRPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.src.rpm
 93cb0acaeddb095d13b37aeb0ab4dd49  2006.0/SRPMS/yelp-2.10.0-6.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 d52f4955f15f99137dd9a0b2f360c8b2  x86_64/2006.0/RPMS/devhelp-0.10-7.1.20060mdk.x86_64.rpm
 369457b4a09c07ba18ee5bb18fb2ffa1  x86_64/2006.0/RPMS/epiphany-1.8.5-4.1.20060mdk.x86_64.rpm
 76735684f3ff493770e374a90fd359c7  x86_64/2006.0/RPMS/epiphany-devel-1.8.5-4.1.20060mdk.x86_64.rpm
 5da75ab6624f8c8f0c212ce2299d645f  x86_64/2006.0/RPMS/galeon-2.0.1-1.1.20060mdk.x86_64.rpm
 945059b9456c9ff2ccd40ff4a6d8ae70  x86_64/2006.0/RPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.noarch.rpm
 193f97760bb46e16051ba7b6b968f340  x86_64/2006.0/RPMS/lib64devhelp-1_0-0.10-7.1.20060mdk.x86_64.rpm
 1b67733b0450cd6572c9879c0eb38640  x86_64/2006.0/RPMS/lib64devhelp-1_0-devel-0.10-7.1.20060mdk.x86_64.rpm
 115fcbc6c99bf063cd1768d2b08e9d89  x86_64/2006.0/RPMS/lib64nspr4-1.5.0.6-1.4.20060mdk.x86_64.rpm
 686404fa32e2625f23b19e11c548bbe5  x86_64/2006.0/RPMS/lib64nspr4-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm
 f0886b330d3f5af566af6cf5572ca671  x86_64/2006.0/RPMS/lib64nspr4-static-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm
 10e9abdcb3f952c4db35c85fe58ad8ad  x86_64/2006.0/RPMS/lib64nss3-1.5.0.6-1.4.20060mdk.x86_64.rpm
 202bab2742f162d1cbd6d36720e6f7fb  x86_64/2006.0/RPMS/lib64nss3-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm
 e9aaff3090a4459b57367f4903b0458a  x86_64/2006.0/RPMS/libnspr4-1.5.0.6-1.4.20060mdk.i586.rpm
 fa99cbc159722cc0ff9e5710f24ca599  x86_64/2006.0/RPMS/libnspr4-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 d4d45b797ca2f2347c0409d9f956ff25  x86_64/2006.0/RPMS/libnspr4-static-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 8d33e72703090a911f7fd171ad9dd719  x86_64/2006.0/RPMS/libnss3-1.5.0.6-1.4.20060mdk.i586.rpm
 23afd287c042c5492c210255554a6893  x86_64/2006.0/RPMS/libnss3-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 74811077c91dde3bc8c8bae45e5862a7  x86_64/2006.0/RPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.x86_64.rpm
 75711988a67bf3f36fc08823561bb2b7  x86_64/2006.0/RPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.x86_64.rpm
 5bd9ad43769390549ab3c4549c971db7  x86_64/2006.0/RPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.x86_64.rpm
 dfdd808e2ec0866c15db5f1ea6a5b5bd  x86_64/2006.0/RPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.x86_64.rpm
 1fad19f458ce0aa50e86710ed3b7fe04  x86_64/2006.0/RPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.x86_64.rpm
 743e8d4f009ab2d2fc2e8c131244fb57  x86_64/2006.0/RPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.x86_64.rpm
 476ee9a87f650a0ef3523a9619f9f611  x86_64/2006.0/RPMS/mozilla-firefox-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm
 be48721cbc6e5634b50ce5b6cfe4a951  x86_64/2006.0/RPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.x86_64.rpm
 e56ce18466e20db3189e035329c606ce  x86_64/2006.0/RPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.x86_64.rpm
 489e5940c9ac9573842888ff07436e4c  x86_64/2006.0/RPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.x86_64.rpm
 73d2eb2fc6ec99a1d3eeb94d9ddff36e  x86_64/2006.0/RPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.x86_64.rpm
 acbd3cd5f82b47a6c6cb03ebd6ca25ae  x86_64/2006.0/RPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.x86_64.rpm
 362807f9da1130dd8da606b9ded06311  x86_64/2006.0/RPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.x86_64.rpm
 e48c991fa555d22d1f382baa83dfcae9  x86_64/2006.0/RPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.x86_64.rpm
 0d954f47de6d2cc58e36cd2c9ddae09c  x86_64/2006.0/RPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.x86_64.rpm
 8f615598d04985a0d60a3469ea3044ed  x86_64/2006.0/RPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.x86_64.rpm
 f4810510feb31e6195358c5ddd87252f  x86_64/2006.0/RPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.x86_64.rpm
 537d53b7805ac84009f2ff99e3282b91  x86_64/2006.0/RPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.x86_64.rpm
 afbc9ee04902213758bbf262b732de21  x86_64/2006.0/RPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.x86_64.rpm
 dcef8c7676529394e5fbd4168f8e2cd6  x86_64/2006.0/RPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.x86_64.rpm
 f4ee0e7ecba430fd3ce5e8ebeda9b5c1  x86_64/2006.0/RPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.x86_64.rpm
 778261355184ca73cbf1aab1ce56644d  x86_64/2006.0/RPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.x86_64.rpm
 10ca4e7f4cf10c380849ced0bf83e08b  x86_64/2006.0/RPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.x86_64.rpm
 427cabc08ec66e1a45bc27e5625f49bb  x86_64/2006.0/RPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.x86_64.rpm
 de4e61d4fce7cd286bb4a3778cb8499f  x86_64/2006.0/RPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.x86_64.rpm
 86e9af4c42b59e32d4e5ac0a8d1afe30  x86_64/2006.0/RPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.x86_64.rpm
 126b1e0826330986fbf485eabade949d  x86_64/2006.0/RPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.x86_64.rpm
 d2e6da2db277b7f5dabed3e95d4b818b  x86_64/2006.0/RPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.x86_64.rpm
 a83edee07d2465cf55024ed1b7aa779f  x86_64/2006.0/RPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.x86_64.rpm
 9e33e2a0c3d4a92a0b420c417fcd3469  x86_64/2006.0/RPMS/yelp-2.10.0-6.1.20060mdk.x86_64.rpm
 60279919aa5f17c2ecd9f64db87cb952  x86_64/2006.0/SRPMS/devhelp-0.10-7.1.20060mdk.src.rpm
 c446c046409b6697a863868fe5c64222  x86_64/2006.0/SRPMS/epiphany-1.8.5-4.1.20060mdk.src.rpm
 e726300336f737c8952f664bf1866d6f  x86_64/2006.0/SRPMS/galeon-2.0.1-1.1.20060mdk.src.rpm
 e9e30596eceb0bc9a03f7880cd7d14ea  x86_64/2006.0/SRPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.src.rpm
 4168c73cba97276fa4868b4ac2c7eb19  x86_64/2006.0/SRPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.src.rpm
 6a7df29f5af703d10d7ea1fee160ac00  x86_64/2006.0/SRPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.src.rpm
 e56e14c28051ec4332cbde8dbee7bb6a  x86_64/2006.0/SRPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.src.rpm
 1a144c86fd8db39e2801117296e15d2b  x86_64/2006.0/SRPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.src.rpm
 f4889d2ee6e07c0141b57ab9aaccae64  x86_64/2006.0/SRPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.src.rpm
 dee0f7bc91c797e880fff19e1cb05a63  x86_64/2006.0/SRPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.src.rpm
 45724f6ceed66701392bd131feaf1f6d  x86_64/2006.0/SRPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.src.rpm
 cc680cac7fea3f7f8a48a5daf86db088  x86_64/2006.0/SRPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.src.rpm
 69b04335c21313262af4253863109cc8  x86_64/2006.0/SRPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.src.rpm
 2aab89244a535afcbc25271df5d6b33f  x86_64/2006.0/SRPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.src.rpm
 f1c7f71d5484c5047b1b38fc16888ae3  x86_64/2006.0/SRPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.src.rpm
 3963e3c3a2c38c41d9d3bc5250b124a6  x86_64/2006.0/SRPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.src.rpm
 bb54aed17a126a9e8568d49866db99ea  x86_64/2006.0/SRPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.src.rpm
 2a1b11f2c8944bc1fc0d313d54a903cf  x86_64/2006.0/SRPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.src.rpm
 783c5b3c0fb9916e07f220110155476d  x86_64/2006.0/SRPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.src.rpm
 895e315731fa0b453045cc39da4f5358  x86_64/2006.0/SRPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.src.rpm
 daa0a127d2a1a3641d4e97bfb95f1647  x86_64/2006.0/SRPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.src.rpm
 0c778b0738b11dfd5d68be48fa6316ed  x86_64/2006.0/SRPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.src.rpm
 7025d0118cf29e39117bd87c586e84a3  x86_64/2006.0/SRPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.src.rpm
 5d8b8e869f588c0f5751e9ce7addba45  x86_64/2006.0/SRPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.src.rpm
 c5148674a8c7dd1f88c5729293f899ba  x86_64/2006.0/SRPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.src.rpm
 91d490c075473e2443e383201b961cb8  x86_64/2006.0/SRPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.src.rpm
 622ae4619d151bb1634113e50b30fbac  x86_64/2006.0/SRPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.src.rpm
 e6d64c14929d299e2fb52e334ae6641a  x86_64/2006.0/SRPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.src.rpm
 20f64c6dfd6aa1450cba5002d42f53d8  x86_64/2006.0/SRPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.src.rpm
 b93a6b548bb1cf0f8cc46dec133e81a3  x86_64/2006.0/SRPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.src.rpm
 f5603b65b3d10fa5083934e08d2d4560  x86_64/2006.0/SRPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.src.rpm
 c0e978ea92b4a8f3aa75dad5ab7588b9  x86_64/2006.0/SRPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.src.rpm
 93cb0acaeddb095d13b37aeb0ab4dd49  x86_64/2006.0/SRPMS/yelp-2.10.0-6.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE41l0mqjQ0CJFipgRAu1DAJ90MqoteYoIfAj0Gqim5fxrvOw7BACg0xq5
L8QZWCg0xY3ZRacFzNTgusw=
=gl6u
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F48629)

Ubuntu Security Notice 323-1 (PacketStormID:F48629)
2006-07-28 00:00:00
Ubuntu  security.ubuntu.com
advisory,vulnerability
linux,ubuntu
CVE-2006-2775,CVE-2006-2776,CVE-2006-2777,CVE-2006-2778,CVE-2006-2779,CVE-2006-2780,CVE-2006-2781,CVE-2006-2782,CVE-2006-2783,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787
[点击下载]

Ubuntu Security Notice 323-1 - A massive security update for multiple vulnerabilities in Mozilla has been released.

=========================================================== 
Ubuntu Security Notice USN-323-1              July 25, 2006
mozilla vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778,
CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782,
CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786,
CVE-2006-2787
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  mozilla-browser                          2:1.7.13-0ubuntu05.04.1
  mozilla-mailnews                         2:1.7.13-0ubuntu05.04.1
  mozilla-psm                              2:1.7.13-0ubuntu05.04.1

Ubuntu 5.10:
  mozilla-browser                          2:1.7.13-0ubuntu5.10.1
  mozilla-mailnews                         2:1.7.13-0ubuntu5.10.1
  mozilla-psm                              2:1.7.13-0ubuntu5.10.1

After a standard system upgrade you need to restart Mozilla to effect
the necessary changes.

Details follow:

Jonas Sicking discovered that under some circumstances persisted XUL
attributes are associated with the wrong URL. A malicious web site
could exploit this to execute arbitrary code with the privileges of
the user. (MFSA 2006-35, CVE-2006-2775)

Paul Nickerson discovered that content-defined setters on an object
prototype were getting called by privileged UI code. It was
demonstrated that this could be exploited to run arbitrary web script
with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar
attack was discovered by moz_bug_r_a4 that leveraged SelectionObject
notifications that were called in privileged context. (MFSA 2006-43,
CVE-2006-2777)

Mikolaj Habryn discovered a buffer overflow in the crypto.signText()
function. By tricking a user to visit a site with an SSL certificate
with specially crafted optional Certificate Authority name
arguments, this could potentially be exploited to execute arbitrary
code with the user's privileges. (MFSA 2006-38, CVE-2006-2778)

The Mozilla developer team discovered several bugs that lead to
crashes with memory corruption. These might be exploitable by
malicious web sites to execute arbitrary code with the privileges of
the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780)

Masatoshi Kimura discovered a memory corruption (double-free) when
processing a large VCard with invalid base64 characters in it. By
sending a maliciously crafted set of VCards to a user, this could
potentially be exploited to execute arbitrary code with the user's
privileges. (MFSA 2006-40, CVE-2006-2781)

Chuck McAuley reported that the fix for CVE-2006-1729 (file stealing
by changing input type) was not sufficient to prevent all variants of
exploitation. (MFSA 2006-41, CVE-2006-2782)

Masatoshi Kimura found a way to bypass web input sanitizers which
filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)'
characters into the HTML code (e. g. '<scr[BOM]ipt>'), these filters
might not recognize the tags anymore; however, Mozilla would still
execute them since BOM markers are filtered out before processing the
page. (MFSA 2006-42, CVE-2006-2783)

Paul Nickerson noticed that the fix for CVE-2005-0752 (JavaScript
privilege escalation on the plugins page) was not sufficient to
prevent all variants of exploitation. (MFSA 2006-36, CVE-2006-2784)

Paul Nickerson demonstrated that if an attacker could convince a user
to right-click on a broken image and choose "View Image" from the
context menu then he could get JavaScript to run on a site of the
attacker's choosing. This could be used to steal login cookies or
other confidential information from the target site. (MFSA 2006-34,
CVE-2006-2785)

Kazuho Oku discovered various ways to perform HTTP response smuggling
when used with certain proxy servers. Due to different interpretation
of nonstandard HTTP headers in Mozilla and the proxy server, a
malicious web site can exploit this to send back two responses to one
request. The second response could be used to steal login cookies or
other sensitive data from another opened web site. (MFSA 2006-33,
CVE-2006-2786)


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu05.04.1.diff.gz
      Size/MD5:   337800 2db7b990124c6c1c1b8e9672ca5d6513
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu05.04.1.dsc
      Size/MD5:     1140 dff39e5ce49d9743de85eec224192a32
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13.orig.tar.gz
      Size/MD5: 38788839 db906560b5abe488286ad1edc21d52b6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   168074 ad1b6c33075e971bbda9f2b1fb105acd
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   141800 26fe9cb2a488851d5a08f008eccb1286
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   184958 e70af6a5c0c0ebd475977cede7dd2d0e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   710626 8a7cb0a2c698fbb25a19cb372012cc25
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5: 10610980 33b6ff77510c97ad410648acfa60969d
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   403276 503bd265002378861042e9145adca4e5
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   158328 a3a78547d1739fa489b5eaf06e2bb775
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:  3352288 f136491aa7a81cafefbb3c7ecdc5f358
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   121188 9047e6b7ddc935e553ef96869a0697b1
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   204152 5ddbdbe777cf61007db5946793386778
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:  1935856 e72372370e4e6ad8f232649faab04c1e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   204518 694f522af956a4e0450fc40c0fec1681
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:     1042 e6281edcb4a65fa6d05ea72eb83b6cc6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   168070 81c685cd991f0ff3b109be63f80130c5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   128448 77877720eaad8970b2675ead1eeaaf76
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   184934 cf8811d7050bd397343b9a6f16e43be6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   640510 4919807173e6d2e47a9d3c04ba7ba2b8
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:  9625412 8b357311b8d2ca54dec002ab45c8be2a
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   403294 b32aca483d56c4ce22e7c985b29e2fc4
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   158332 8186f8e0eed294d42d40deaa635620df
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:  3344850 258d820d93386ad62ef54a6427dc80a8
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   115832 cb1f8880d0afe7e6d7c7a62df15817ed
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   204160 6631b13c4025bbe77715589c86c28de7
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:  1780842 e2d26ad17ed1ee60cf7b3dcadff9080a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   188486 7722d3ca28defc86236a0a24ec0a31bb
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:     1038 3122a3872c2860bf08471a77215a539f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   168076 2df31cb514546f26e4dda5a13f234c55
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   127186 f68d8a52426231ba404610958394f786
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   184950 2f0a1db9364ce06f9c5b0a5b984d2167
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   714848 8f18e6495b88346a54b806af6bbea813
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:  9177718 3d1e82b88c35c967c210b88ff54970dc
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   403298 1c4691bde820ec913f3bbddf13c9cef6
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   158338 407c8d0d588edb5dd6742ec47b912472
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:  3340480 80710d7291666df1ce959410928bbec4
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   114584 a3c957dc3151e896ff18e9bd2710e6fa
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   204166 f4a827dd3800896f1dd36c9a0e563ff9
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:  1643010 06882ef0b556a5db1adec008cd609370
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   175714 a1f98dd0b17c838723cd06b4a4167a21
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:     1046 3fff2d11475b3d408cb007f79583b486

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu5.10.1.diff.gz
      Size/MD5:   339739 f3417c36cc2f4edf0f56f2a3d291186f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu5.10.1.dsc
      Size/MD5:     1080 6633c093477fe6313ea31a05626c74fa
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13.orig.tar.gz
      Size/MD5: 38788839 db906560b5abe488286ad1edc21d52b6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   168042 e7c77d1568c6c46f083ab05f038464ff
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   143820 446658c0da7878eca5977486d5aa71c8
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   184942 8fc2cf6a6d115e63715f5c54b82c2d4a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   719348 fd2b0f552c07995dc65906b56b12a5bc
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5: 10666540 3b661ff62d97846c23e422fdb0f87bc8
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   403282 ab2167239e57b61676dc3fbd296a2ffc
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   158322 d0e08f0196752784b50d87191d878d0a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:  3347976 344d169cf65cb66bb67af5dbb4c19048
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   122358 9db2a1a2d412846a541a5b113357a65b
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   204154 9e2f774e0c8b0bc75f60899b9ea518dd
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:  1962852 1baa399dd55eaccda81c2f707f225817
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   204202 e6f84c6501268f8cd8680d55ca8bc673
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:     1032 875ac9a3fccb0f396f537560047ca9e6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   168048 257bbb4473be7bdfff3ded89b9d8a12b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   129200 eda6af1ceb30b9594442702ad99152ed
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   184932 f05d44d79b74e7887af887e6a9b09f1e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   635378 a7808a9e8f431a16cc60baddc68b8139
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:  9185932 85d2251d70e3488a0cc388e0db41a4fc
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   403280 7034e103d8a30f986ec57fe31160e487
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   158324 a29a00a6e450d7d998d6e874987f10ba
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:  3337576 7094cd9a4464d4645d92489c371c6cab
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   115304 87dd3fb83b695986dda9ddeaedf47781
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   204152 09352de0004e77e96ca17cb21d0715e3
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:  1691482 6df8075f514d49d7f5411891bbc0e7f5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   178782 d2d5d1aa46de77fb2b54ec98ef3a7a14
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:     1032 a3f4871c955138dd6d6e759ea114e4c8

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   168048 852ade578c01f279b8aff0a794a268a3
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   130906 df3dd2deffe59449bf2442cf00f6689e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   184932 4e6345c82ae5563193e1b5b201ef3043
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   696888 902ed7ec1cf327ea9931948f756d60e6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:  9263244 87d38e3da8f8e9174e87552155add753
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   403284 3a37460373177133ba2c687501b574a1
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   158326 092102dfb58bfe5ea20ff0969f7f56f2
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:  3336540 8f37d1620049b2fefc1b651fd51c43b7
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   115348 bef4e6c32a92c26fa06395801657e367
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   204158 60731a37272e50a8660ecb2cfae9aabf
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:  1671422 3b3f3bedfbba4263f26773d93436e769
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   175906 c6b918fa89cd2423d47b018f279c4d68
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:     1032 cc69d04f87b79ff659067186cab9cfd9

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   168054 0d954bebca6ea4131c28e11337bba7ad
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   127450 521963b1b21999ff9f42d35b884c23ed
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   184948 74d53204904bf8bf02928f6cb0b3e787
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   630704 0987af2fe353aff94cefddc61ac1c8e6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:  9013886 08e90ea95c75c3eb03d8533532314fdb
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   403286 f5a6f817c9926829a4012da7973b3fcc
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   158328 2b884313c4bd382d1609d01568b7013e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:  3336286 f1a166252e7c78d5d90a7ef91b7b6eb0
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   113834 8df1183b10a5d69c1087634f81178a41
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   204152 e0177e963461936592387a9e6d5171bd
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:  1629816 a02204343afa9a872f99f63e85170096
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   170382 010d945bfd8636541e8202c036668e18
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:     1032 5d9b7b8e12b9746c44fd3fd41dec9f13
    

- 漏洞信息 (F48488)

Debian Linux Security Advisory 1120-1 (PacketStormID:F48488)
2006-07-24 00:00:00
Debian  debian.org
advisory,vulnerability
linux,debian
CVE-2006-1942,CVE-2006-2775,CVE-2006-2776,CVE-2006-2777,CVE-2006-2778,CVE-2006-2779,CVE-2006-2780,CVE-2006-2781,CVE-2006-2782,CVE-2006-2783,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787
[点击下载]

Debian Security Advisory 1118-1 - A massive slew of vulnerabilities have been patched in mozilla-firefox for Debian.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1120-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 23rd, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-firefox
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777
                 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782
                 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786
                 CVE-2006-2787
CERT advisories: VU#237257 VU#243153 VU#421529 VU#466673 VU#575969
BugTraq ID     : 18228

Several security related problems have been discovered in Mozilla.
The Common Vulnerabilities and Exposures project identifies the
following vulnerabilities:

CVE-2006-1942

    Eric Foley discovered that a user can be tricked to expose a local
    file to a remote attacker by displaying a local file as image in
    connection with other vulnerabilities.  [MFSA-2006-39]

CVE-2006-2775

    XUL attributes are associated with the wrong URL under certain
    circumstances, which might allow remote attackers to bypass
    restrictions.  [MFSA-2006-35]

CVE-2006-2776

    Paul Nickerson discovered that content-defined setters on an
    object prototype were getting called by privileged user interface
    code, and "moz_bug_r_a4" demonstrated that the higher privilege
    level could be passed along to the content-defined attack code.
    [MFSA-2006-37]

CVE-2006-2777

    A vulnerability allows remote attackers to execute arbitrary code
    and create notifications that are executed in a privileged
    context.  [MFSA-2006-43]

CVE-2006-2778

    Mikolaj Habryn a buffer overflow in the crypto.signText function
    that allows remote attackers to execute arbitrary code via certain
    optional Certificate Authority name arguments.  [MFSA-2006-38]

CVE-2006-2779

    Mozilla team members discovered several crashes during testing of
    the browser engine showing evidence of memory corruption which may
    also lead to the execution of arbitrary code.  This problem has
    only partially been corrected.  [MFSA-2006-32]

CVE-2006-2780

    An integer overflow allows remote attackers to cause a denial of
    service and may permit the execution of arbitrary code.
    [MFSA-2006-32]

CVE-2006-2782

    Chuck McAuley discovered that a text input box can be pre-filled
    with a filename and then turned into a file-upload control,
    allowing a malicious website to steal any local file whose name
    they can guess.  [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]

CVE-2006-2783

    Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM)
    is stripped from UTF-8 pages during the conversion to Unicode
    before the parser sees the web page, which allows remote attackers
    to conduct cross-site scripting (XSS) attacks.  [MFSA-2006-42]

CVE-2006-2784

    Paul Nickerson discovered that the fix for CAN-2005-0752 can be
    bypassed using nested javascript: URLs, allowing the attacker to
    execute privileged code.  [MFSA-2005-34, MFSA-2006-36]

CVE-2006-2785

    Paul Nickerson demonstrated that if an attacker could convince a
    user to right-click on a broken image and choose "View Image" from
    the context menu then he could get JavaScript to
    run.  [MFSA-2006-34]

CVE-2006-2786

    Kazuho Oku discovered that Mozilla's lenient handling of HTTP
    header syntax may allow remote attackers to trick the browser to
    interpret certain responses as if they were responses from two
    different sites.  [MFSA-2006-33]

CVE-2006-2787

    The Mozilla researcher "moz_bug_r_a4" discovered that JavaScript
    run via EvalInSandbox can escape the sandbox and gain elevated
    privilege.  [MFSA-2006-31]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-2sarge9.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.dfsg+1.5.0.4-1.

We recommend that you upgrade your Mozilla Firefox packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9.dsc
      Size/MD5 checksum:     1001 21424c5ba440f16f6abea37711d66aa9
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9.diff.gz
      Size/MD5 checksum:   398646 2eff76a21650ad05f52b5fdf73bd3f7e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_alpha.deb
      Size/MD5 checksum: 11173304 3a940907dc9761c8f509bb4c985db436
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_alpha.deb
      Size/MD5 checksum:   169032 05d7a00140abdf880b41c4fa28114068
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_alpha.deb
      Size/MD5 checksum:    60866 de85fa33566f2fbfcc86501ee62b2a1b

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_amd64.deb
      Size/MD5 checksum:  9401816 963bc07e9bad81b56674d2e87fcc2074
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_amd64.deb
      Size/MD5 checksum:   163774 782e55322d790e206be62b7c973cf4ee
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_amd64.deb
      Size/MD5 checksum:    59390 62063c4dc7dfb9dd977b2a019bd37946

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_arm.deb
      Size/MD5 checksum:  8223298 0a3854d01bb66b8251a6fd0f6f6acf1d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_arm.deb
      Size/MD5 checksum:   155248 04b4755e60835717a7b5ed0025f00f0c
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_arm.deb
      Size/MD5 checksum:    54702 93f66e628ad9327de4ed14acdfec4395

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_i386.deb
      Size/MD5 checksum:  8899786 395567e782da4a1d6e0ef10367ba57cc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_i386.deb
      Size/MD5 checksum:   159032 5225bca73b84ed3e8a1c4e06bdd6cd69
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_i386.deb
      Size/MD5 checksum:    56250 f8baa460416bd34c28e347b371c2ac72

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_ia64.deb
      Size/MD5 checksum: 11632562 3fc46e9c4a4575594c610c7ff85146ce
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_ia64.deb
      Size/MD5 checksum:   169362 aad3f6f89760080eca86f9988c690532
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_ia64.deb
      Size/MD5 checksum:    64062 0973673b6e56cc6d26db14a0170c4a1a

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_hppa.deb
      Size/MD5 checksum: 10275134 dbdcf7d07ead3c046ec5a604922bd853
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_hppa.deb
      Size/MD5 checksum:   166732 ff51c0f78f3bb6ee011c85e850e67230
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_hppa.deb
      Size/MD5 checksum:    59840 856193bc316aecbcce4f88aae4404240

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_m68k.deb
      Size/MD5 checksum:  8175302 d60841a0292077f4635ca9b68c45cd8a
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_m68k.deb
      Size/MD5 checksum:   157932 5559512572a0493c336f46e67dc6163d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_m68k.deb
      Size/MD5 checksum:    55524 f04387c9e24e76965342227983327a03

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_mips.deb
      Size/MD5 checksum:  9932150 56eefc3ec8a8832645ec1316929f4411
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_mips.deb
      Size/MD5 checksum:   156774 696dca1ed57d6c13fd80bcd6fc4364cd
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_mips.deb
      Size/MD5 checksum:    56506 af7303ff23599cf25224df22f5b92e05

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_mipsel.deb
      Size/MD5 checksum:  9810314 3673c61e049c42c7ea21ed58e06b2acc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_mipsel.deb
      Size/MD5 checksum:   156350 9d3f411c8372b54775ab5ba90c10d0da
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_mipsel.deb
      Size/MD5 checksum:    56336 ccc11bdf50a4b0809fe7ed2dbdf44006

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_powerpc.deb
      Size/MD5 checksum:  8571660 cf198d98db5695e5c423c567ebfdba38
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_powerpc.deb
      Size/MD5 checksum:   157448 d96866bfc3e74f73d6cf4a3f71aa50cb
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_powerpc.deb
      Size/MD5 checksum:    58628 e3a6722463006bb379c9548318784af8

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_s390.deb
      Size/MD5 checksum:  9641400 c935ca331cf22eab9f311fc65c69e227
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_s390.deb
      Size/MD5 checksum:   164392 342aeb1f6362565bac9cd8f9a34e6711
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_s390.deb
      Size/MD5 checksum:    58816 3199d08b5c64c05d4c9f3600fd1a9927

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_sparc.deb
      Size/MD5 checksum:  8662210 a25db0f4ce57b47898d633b2512cd0b4
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_sparc.deb
      Size/MD5 checksum:   157632 5d0f66746bcbb48269e1e4e0efa71067
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_sparc.deb
      Size/MD5 checksum:    55062 99d09b78f6efa23c02d1e9076185f105


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD4DBQFEwxuaW5ql+IAeqTIRAph6AJigs7vAqUX4Kff4L09LciD7GjfGAJ9oSjEi
YKqqcIwtb4nh4LCbn5fKcw==
=zfrY
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F48485)

Debian Linux Security Advisory 1118-1 (PacketStormID:F48485)
2006-07-24 00:00:00
Debian  debian.org
advisory,vulnerability
linux,debian
CVE-2006-1942,CVE-2006-2775,CVE-2006-2776,CVE-2006-2777,CVE-2006-2778,CVE-2006-2779,CVE-2006-2780,CVE-2006-2781,CVE-2006-2782,CVE-2006-2783,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787
[点击下载]

Debian Security Advisory 1118-1 - A massive slew of vulnerabilities have been patched in Mozilla for Debian.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1118-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 22nd, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777
                 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781
                 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785
                 CVE-2006-2786 CVE-2006-2787
CERT advisories: VU#237257 VU#243153 VU#421529 VU#466673 VU#575969
BugTraq ID     : 18228

Several security related problems have been discovered in Mozilla.
The Common Vulnerabilities and Exposures project identifies the
following vulnerabilities:

CVE-2006-1942

    Eric Foley discovered that a user can be tricked to expose a local
    file to a remote attacker by displaying a local file as image in
    connection with other vulnerabilities.  [MFSA-2006-39]

CVE-2006-2775

    XUL attributes are associated with the wrong URL under certain
    circumstances, which might allow remote attackers to bypass
    restrictions.  [MFSA-2006-35]

CVE-2006-2776

    Paul Nickerson discovered that content-defined setters on an
    object prototype were getting called by privileged user interface
    code, and "moz_bug_r_a4" demonstrated that the higher privilege
    level could be passed along to the content-defined attack code.
    [MFSA-2006-37]

CVE-2006-2777

    A vulnerability allows remote attackers to execute arbitrary code
    and create notifications that are executed in a privileged
    context.  [MFSA-2006-43]

CVE-2006-2778

    Mikolaj Habryn a buffer overflow in the crypto.signText function
    that allows remote attackers to execute arbitrary code via certain
    optional Certificate Authority name arguments.  [MFSA-2006-38]

CVE-2006-2779

    Mozilla team members discovered several crashes during testing of
    the browser engine showing evidence of memory corruption which may
    also lead to the execution of arbitrary code.  This problem has
    only partially been corrected.  [MFSA-2006-32]

CVE-2006-2780

    An integer overflow allows remote attackers to cause a denial of
    service and may permit the execution of arbitrary code.
    [MFSA-2006-32]

CVE-2006-2781

    Masatoshi Kimura discovered a double-free vulnerability that
    allows remote attackers to cause a denial of service and possibly
    execute arbitrary code via a VCard.  [MFSA-2006-40]

CVE-2006-2782

    Chuck McAuley discovered that a text input box can be pre-filled
    with a filename and then turned into a file-upload control,
    allowing a malicious website to steal any local file whose name
    they can guess.  [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]

CVE-2006-2783

    Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM)
    is stripped from UTF-8 pages during the conversion to Unicode
    before the parser sees the web page, which allows remote attackers
    to conduct cross-site scripting (XSS) attacks.  [MFSA-2006-42]

CVE-2006-2784

    Paul Nickerson discovered that the fix for CAN-2005-0752 can be
    bypassed using nested javascript: URLs, allowing the attacker to
    execute privileged code.  [MFSA-2005-34, MFSA-2006-36]

CVE-2006-2785

    Paul Nickerson demonstrated that if an attacker could convince a
    user to right-click on a broken image and choose "View Image" from
    the context menu then he could get JavaScript to
    run.  [MFSA-2006-34]

CVE-2006-2786

    Kazuho Oku discovered that Mozilla's lenient handling of HTTP
    header syntax may allow remote attackers to trick the browser to
    interpret certain responses as if they were responses from two
    different sites.  [MFSA-2006-33]

CVE-2006-2787

    The Mozilla researcher "moz_bug_r_a4" discovered that JavaScript
    run via EvalInSandbox can escape the sandbox and gain elevated
    privilege.  [MFSA-2006-31]

For the stable distribution (sarge) these problems have been fixed in
version 1.7.8-1sarge7.1

For the unstable distribution (sid) these problems have been fixed in
version 1.7.13-0.3.

We recommend that you upgrade your Mozilla packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1.dsc
      Size/MD5 checksum:     1127 473562c669e27793809fd76034b5e9de
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1.diff.gz
      Size/MD5 checksum:   498361 6d4f73fb299451760cbf05974d36753a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   168076 9478bc76f4c4dac2cfa1adc51c599e71
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   147050 34ab8e06aeb3d46f150b0099a29b8c2b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   184960 ec9526c058ec2a9629fa16a2c7b0f286
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   856618 515d873622c67d0cf1b155f85187935c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:     1040 a12e4c5754cf581aa6aab5dd4a1388ec
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum: 11481282 52de66676dea443b4426cb0e24703a57
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   403306 efe2822cd3109126a096e4c19bb61f6e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   158336 490cc71ffff457bd6f600ef3d7ab9b4b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:  3358246 5bf68f7988b64ef4175768d92829dccc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   122294 6c36e2cec285b6ec28b3115aaa8cfdb1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   204170 d02d474bf40b4a0adc41e58cbb0f71aa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:  1937112 be8a8005f99506a3e9188672c3f70e57
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   212298 96d4c738772a42501805fd1cfb2a6336

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   168070 841b4f6d14d55a8e37ea9fe2d4b8508b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   146154 b17bbe57b0a30c4698f5c883984d552e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   184950 342427477e9db97c2d663a3b7620c1ea
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   714978 bbf6e26c728df94a6bdb8e19b22dae5b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:     1036 4f0379f9ae6b0edf6eb5fbf4977f9d6e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum: 10946160 f7e344cd5bbcc6f1d06b314be572ffd2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   403294 675c774981cadd3d695cc7fa498d2046
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   158330 387195d0b8a6fd9acf4b1a2c8d0d70d8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:  3352180 f896a49299904f8082ccc96ff85ac40e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   121192 df4ef46b4940ecd65ae9cdc140cca1bf
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   204170 cdd080115be04ac72473181ce622caf1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:  1936006 002755bffa9cbb1a943a4a81d04f362b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   204400 61fe98f12d92139d157dd672ca6513c8

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   168074 1de16d4b8435fe420a7883dc7d51c910
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   124492 d138a37a746f6fa32bd574f34fdaaefe
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   184960 30851d8827b6061465d370ba42d4ccff
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   632198 79ce23ade76fcc6cb789053d801c904f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:     1036 e0a0373f1cdf7ecf8f176bbbc4e23d18
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:  9212808 1dbb7f756a25a96e9057ef8f96d05805
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   403314 07dad23f621d6e3be785ba0fb5a29763
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   158366 176eede20a70a9ac2a61282b7bc45b01
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:  3341712 0904389fef700da0f4664d4bceb28717
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   112672 8797efa5f068220b587eaac7818cccdc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   204178 75382868b592a542b00e6b6441591a3b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:  1604452 34e908e017cf40549741c227acc78b50
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   168866 ed9894b18f51f745750ad28fa47aba1f

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   170346 5956d005059fd107818f8035fa9ffbf2
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   136984 5a5c0d8e7e0614ee02c182983e8d8656
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   187138 74f8739619d8ae81b1fe30d0668b8a58
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   661744 74ebef87c001e89d4a2e8d45c9910e13
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:     1032 8f01d06ab6028c5b908dd5594e1d1c14
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum: 10336772 e281b8fb2b04eb6f788654557efb8f94
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   403504 5db7402ffdb5b6523fa43d1c89944907
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   158352 a8a7f9c96a21287704a76ff3e5455335
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:  3594164 db6a4633ec5db81ce6e0bd1d9bf95193
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   116702 fade783b8720425b0f05004c6d9632ef
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   204170 e173db0beb2598ea64ac80262b8043e4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:  1816096 10fd0769547b8342fcf833182c66f7cd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   192634 9f757a02bfa0e741b4d131191ac3bed1

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   168076 7caf0acd02827f3259cc523d24882267
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   174472 c8fbf63229bf8f13e1e51419a917da78
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   184950 8305ace7fb5c15b17da7cbd94ac114be
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   966902 6f09c27be295615d6724ec4e82c8682c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:     1036 8d0589021091a859a4fe1a8784cf2b84
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum: 12948914 25e2e3b61f3212b5e69fb8db376dea1c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   403298 00cd58b07f32fb9b33cdf3f9138ff48d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   158334 c03b2a84ab5db4574bce186a934bb61c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:  3377948 0ae22412a7c6766cc74b84578f029da0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   125598 a853f9be2fef52df2b7537a56a4762ca
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   204160 d6c4e9801cb584fa974ec2843d4e7dde
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:  2302302 8d6e65e606882e9a9f29eae5ecdc0505
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   242684 1c59d2b14cf73625549222c27feec305

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   168076 5626cf0a12a7d9993ab65840ac71b2e4
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   157080 ae8769ba33d1f7b1c55db5af74322108
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   184966 653cf87074a4392f1103f333b8f385a4
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   754910 5c54ed3f028d4fca725c43f17aac7472
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:     1038 b21e02e210697770a13094757afdb343
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum: 12164938 0710346051d9d6217a938faf1a6c3a5e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   403280 dec179a4a47c40e21b74e1015655a47a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   158346 0fbead0b5adfaf58475f3308ad5c7825
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:  3358624 8c0cbf705f20e694222dc2a2e558bf25
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   123514 7d29aa30c3c525bfb3674200d0853f60
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   204152 5f27c072d2b0cf7a88362b0ca86aa91f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:  2135198 ca8cf38363e6fa41e3c58e0f6813bcec
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   216176 dbf6f4e0538358e675fafb2215215ddb

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   168090 2f9923cada81ee2792194134d5c8766c
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   126174 a2d29b886d583dfeaecaf9140a98cbb1
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   184976 07788d7940bceb772ee38b639fa06c90
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   600262 57d23c1825ce20d9fdc7ed3c935e4822
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:     1044 6865b570c621d2715d90d55e72c18686
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:  9707812 039664d92d6585080245e56b31a495bc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   403372 80f8ea392f13f4a8615281ad17b45345
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   158396 e11aa75979022c10ff540e9cca7da37e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:  3336888 253879215a28c9c1611e1eab36739c69
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   114490 e32e9948e3e8df554e2314c7e7851c86
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   204220 56d85ed9b0439792035300fe5c3745e9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:  1683110 5392bc875f07ce277f17a08558223d76
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   174758 bd3bb602538e94bb672b67c80056aa51

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   168078 b716653d10d25308e460c0d15ce8c249
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   141006 e192f8087b16f7e17257aa63394def8f
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   184962 d2d6aaad54ee894ed00c678a856cd292
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   725986 e57f99d19cc017d3273eaa632cef1359
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:     1040 2574a4694290c9c0b66900214389d13a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum: 10729826 577b9c004ce4078826f9085cfef3f1b7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   403284 e32ea6716c0102cbd6e7c2c738239555
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   158342 ac17f1b907adddaae579376411860fe6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:  3358078 c03e05906c6da5b7f06c8adfb9bf1bb5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   117626 027b87aceadf873cadd52f5b5a6cdad2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   204166 04db7ee6b1bcc0a7e286bd7aed2a46af
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:  1795496 43c24c3da475b571baee65e6f97b3b72
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   189876 4515f5447d4d74104bac1b98a21741a9

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   168080 6b20701ae2005724d525421407997b34
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   140964 20d773802c88e422796b2b0d8657f269
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   184956 e696e6afa300237c1fe8bf9d24c25341
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   715454 ba7d908f470f0fe10912263bd88ffe27
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:     1042 e660b635921248505a19c5bc4ad57698
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum: 10606956 9c45e8272bec9b1e40d18a577283d270
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   403302 fc7449f1c1aca3e3beb41743d5ddce15
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   158342 b357c21424e98e72a150cdc7ef285f36
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:  3358814 9384ee1ae88d0ce5bfb9cf7419cf1fc4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   117192 6cee62bb29d207039072c1f66b15693d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   204166 02d9a75229f18b8222cbde0809763968
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:  1777564 812da33649005f3e9c602b92e5198d0f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   187450 50a81db8d3f8fb747b9641ebab1e44c2

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   168076 3ec22b357709447796939d749ee01918
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   131506 b23d3cb1d96dd102ea8e1a317611d9cf
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   184962 47e118b6e43ab5dd68edaaebb61a14a5
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   719212 2eb46acfdb0984316af95544d2a26586
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:     1040 da38d40720821ab284ff921f8d14ac7b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:  9706108 c273d7531e0510262497b2b665025009
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   403278 909516b0d9bfbc46f3c0dd438bb02c29
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   158338 2de3e64ff4391b9db98838fac617dbf6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:  3340554 4253026847bdceca40ba1f7f8a77150a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   114590 cf73e13daee899efb5d6cefb3e85c461
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   204148 3de97db7ab79ee5b688b62dc1132859c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:  1643042 52b9f55a9507da86f34ebda24e25ec12
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   175652 d7538c95e4ea1efaf76737a24b5e0388

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   168070 97ce8fcc52d581aa9608dbc327abbe8b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   156822 008799a0d79ca556d878a20b96028354
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   184962 a3241679a42c7f8fe899e34ae7516981
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   799202 fbbf02a9624d975a1eaafdfaf025f885
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:     1042 12f767e93775437d702d9ea31bed575c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum: 11330344 442b98dd32a88fd33efa22d5d13bdd3e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   403320 aa21f60bfc070223d8a6f5c78c4b0faf
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   158350 b0981f49d6b5639a4712e2a115599d6b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:  3353136 4576af9688c6fc5b4e7fe64deb11aead
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   121352 1c1672d0d0f3752a0195ee1ff33d8ec4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   204158 a0a82c9fa992b839aaf60f9484fd9bc8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:  1944746 432f3f0fb2e1a429a51ddda422cc21cc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   213482 f8bc5f9fa1e79b26ba22bb891e5b9b46

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   168082 98bec9b3ad75652b9fa7f0c425a2deb2
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   128722 9947038f2936e62834bfdd1b2672d497
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   184962 4ffe137e0baebd3335718ac6936ca52b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   673000 696296101aefad3cdc6e41c39320f85a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:     1038 e1e482e36d09311de2fb0416e068e070
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:  9376650 7b791062063db30e3a2f25436f410c01
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   403280 15a8a8616423b988387abcf2a3089b93
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   158336 2481b4d5956c4219f33a5c29d3125ed3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:  3341556 4765e3947b3045730fb35f128ec8b30c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   112532 8b9d8d6fb0469b333837653684508c68
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   204158 a46509b3f314a48cf5d0365dd999688a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:  1583728 57ca973e877b3a718e5534537c94e468
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   168012 2a402caa207ced1ede92416141a37ab9


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEwibVW5ql+IAeqTIRAgCjAKCTna7EXWnfCae8ORnFtPat+ZZZjQCgqMIj
JsY39Lz2s/UBFnxveD7ud+8=
=ySjN
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F47531)

Ubuntu Security Notice 297-1 (PacketStormID:F47531)
2006-06-21 00:00:00
Ubuntu  ubuntu.com
advisory,vulnerability
linux,ubuntu
CVE-2006-2775,CVE-2006-2776,CVE-2006-2778,CVE-2006-2779,CVE-2006-2780,CVE-2006-2781,CVE-2006-2783,CVE-2006-2786,CVE-2006-2787
[点击下载]

Ubuntu Security Notice 297-1 - Multiple Thunderbird vulnerabilities are discussed in this advisory.

=========================================================== 
Ubuntu Security Notice USN-297-1              June 13, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779,
CVE-2006-2780, CVE-2006-2781, CVE-2006-2783, CVE-2006-2786,
CVE-2006-2787
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  mozilla-thunderbird            1.5.0.4-0ubuntu6.06
  mozilla-thunderbird-enigmail   2:0.94-0ubuntu4.1

After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.

Please note that Thunderbird 1.0.8 in Ubuntu 5.10 and Ubuntu 5.04 are
also affected by these problems. Updates for these Ubuntu releases
will be delayed due to upstream dropping support for this Thunderbird
version. We strongly advise that you disable JavaScript to disable the
attack vectors for most vulnerabilities if you use one of these Ubuntu
versions.

Details follow:

Jonas Sicking discovered that under some circumstances persisted XUL
attributes are associated with the wrong URL. A malicious web site
could exploit this to execute arbitrary code with the privileges of
the user. (MFSA 2006-35, CVE-2006-2775)

Paul Nickerson discovered that content-defined setters on an object
prototype were getting called by privileged UI code. It was
demonstrated that this could be exploited to run arbitrary web script
with full user privileges (MFSA 2006-37, CVE-2006-2776).

Mikolaj Habryn discovered a buffer overflow in the crypto.signText()
function. By sending an email with malicious JavaScript to an user,
and that user enabled JavaScript in Thunderbird (which is not the
default and not recommended), this could potentially be exploited to
execute arbitrary code with the user's privileges. (MFSA 2006-38,
CVE-2006-2778)

The Mozilla developer team discovered several bugs that lead to
crashes with memory corruption. These might be exploitable by
malicious web sites to execute arbitrary code with the privileges of
the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780)

Masatoshi Kimura discovered a memory corruption (double-free) when
processing a large VCard with invalid base64 characters in it. By
sending a maliciously crafted set of VCards to a user, this could
potentially be exploited to execute arbitrary code with the user's
privileges. (MFSA 2006-40, CVE-2006-2781)

Masatoshi Kimura found a way to bypass web input sanitizers which
filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)'
characters into the HTML code (e. g. '<scr[BOM]ipt>'), these filters
might not recognize the tags anymore; however, Thunderbird would still
execute them since BOM markers are filtered out before processing a
mail containing JavaScript. (MFSA 2006-42, CVE-2006-2783)

Kazuho Oku discovered various ways to perform HTTP response smuggling
when used with certain proxy servers. Due to different interpretation
of nonstandard HTTP headers in Thunderbird and the proxy server, a
malicious HTML email can exploit this to send back two responses to one
request. The second response could be used to steal login cookies or
other sensitive data from another opened web site. (MFSA 2006-33,
CVE-2006-2786)

It was discovered that JavaScript run via EvalInSandbox() can escape
the sandbox. Malicious scripts received in emails containing
JavaScript could use these privileges to execute arbitrary code with
the user's privileges. (MFSA 2006-31, CVE-2006-2787)

The "enigmail" plugin has been updated to work with the new
Thunderbird version.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.4-0ubuntu6.06.diff.gz
      Size/MD5:   454199 909966693eff8a078ba864ad117ce739
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.4-0ubuntu6.06.dsc
      Size/MD5:      958 e4f852b4bab77b9623cc341c20bc09d9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.4.orig.tar.gz
      Size/MD5: 35231284 243305d4d6723a45fcb1028caa3abca6
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94-0ubuntu4.1.diff.gz
      Size/MD5:    20665 cdfe87eb65540f718072e34e02934992
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94-0ubuntu4.1.dsc
      Size/MD5:      782 8fb6b5df3c43f49a66ccf53ba5668b30
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.94.orig.tar.gz
      Size/MD5:  3126659 7e34cbe51f5a1faca2e26fa0edfd6a06

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.4-0ubuntu6.06_amd64.deb
      Size/MD5:  3524682 33dc00f09c6696c30931de5d6ac3c0a4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.4-0ubuntu6.06_amd64.deb
      Size/MD5:   193242 b8590336a65d0291a23f867b82b26c3f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.4-0ubuntu6.06_amd64.deb
      Size/MD5:    58462 b01403276bf1092b1ccf0cad7baa72f9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.4-0ubuntu6.06_amd64.deb
      Size/MD5: 11962546 0ddac2ea690038906b1ffcd6344b7f39
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu4.1_amd64.deb
      Size/MD5:   335026 b1b887ea96c5e241bbe5467ff496afbc

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.4-0ubuntu6.06_i386.deb
      Size/MD5:  3516762 0d23ea5ccb664172eae44f152e68ccea
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.4-0ubuntu6.06_i386.deb
      Size/MD5:   186610 53006a42e988e1f6094c3205a94a70ec
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.4-0ubuntu6.06_i386.deb
      Size/MD5:    53966 d30216cff318235c7111983113c55f0e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.4-0ubuntu6.06_i386.deb
      Size/MD5: 10269436 515e159ef36b150458d9fe96a839fab1
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu4.1_i386.deb
      Size/MD5:   322588 8f6e39daed993d2f8aec8fd50878847d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.4-0ubuntu6.06_powerpc.deb
      Size/MD5:  3521642 e1ac4e93a87b4ddaa6176da12c927884
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.4-0ubuntu6.06_powerpc.deb
      Size/MD5:   189958 6eae0743502e13782001bc3979388e83
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.4-0ubuntu6.06_powerpc.deb
      Size/MD5:    57556 660594aff823a3a77abeb2ee87693c4c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.4-0ubuntu6.06_powerpc.deb
      Size/MD5: 11536352 128dbafe11cebc0b64233272e351be9c
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.94-0ubuntu4.1_powerpc.deb
      Size/MD5:   326082 5f737efbb2625db219376e7ade40a731
    

- 漏洞信息

26302
Mozilla Multiple Products Select Tag Nested Option Memory Corruption
Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-06-01 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站