CVE-2006-2782
CVSS4.3
发布时间 :2006-06-02 15:02:00
修订时间 :2011-03-07 21:37:00
NMCOP    

[原文]Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control.


[CNNVD]Mozilla Firefox 输入验证漏洞(CNNVD-200606-075)

        Mozilla Firefox 是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。
        CVE-2006-1729中的漏洞并没有完全修复,攻击者可以将文件名插入到一个文本框从而读取任意文件,然后将此文本框转变成一个文件上传框控件。
        

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:seamonkey:1.0.1Mozilla SeaMonkey 1.0.1
cpe:/a:mozilla:firefox:1.5.0.3Mozilla Firefox 1.5.0.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10429Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by insertin...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2782
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-075
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/26851
(UNKNOWN)  XF  mozilla-firefox-textbox-file-access(26851)
http://www.vupen.com/english/advisories/2008/0083
(UNKNOWN)  VUPEN  ADV-2008-0083
http://www.vupen.com/english/advisories/2006/3748
(UNKNOWN)  VUPEN  ADV-2006-3748
http://www.vupen.com/english/advisories/2006/2106
(UNKNOWN)  VUPEN  ADV-2006-2106
http://www.ubuntulinux.org/support/documentation/usn/usn-323-1
(UNKNOWN)  UBUNTU  USN-323-1
http://www.ubuntulinux.org/support/documentation/usn/usn-296-2
(UNKNOWN)  UBUNTU  USN-296-2
http://www.ubuntulinux.org/support/documentation/usn/usn-296-1
(UNKNOWN)  UBUNTU  USN-296-1
http://www.securityfocus.com/bid/18228
(UNKNOWN)  BID  18228
http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
(UNKNOWN)  HP  SSRT061181
http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
(UNKNOWN)  HP  SSRT061181
http://www.securityfocus.com/archive/1/archive/1/435795/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060602 rPSA-2006-0091-1 firefox thunderbird
http://www.redhat.com/support/errata/RHSA-2006-0611.html
(UNKNOWN)  REDHAT  RHSA-2006:0611
http://www.redhat.com/support/errata/RHSA-2006-0610.html
(UNKNOWN)  REDHAT  RHSA-2006:0610
http://www.redhat.com/support/errata/RHSA-2006-0594.html
(UNKNOWN)  REDHAT  RHSA-2006:0594
http://www.redhat.com/support/errata/RHSA-2006-0578.html
(UNKNOWN)  REDHAT  RHSA-2006:0578
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
(UNKNOWN)  SUSE  SUSE-SA:2006:035
http://www.mozilla.org/security/announce/2006/mfsa2006-41.html
(UNKNOWN)  CONFIRM  http://www.mozilla.org/security/announce/2006/mfsa2006-41.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
(UNKNOWN)  MANDRIVA  MDKSA-2006:145
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
(UNKNOWN)  MANDRIVA  MDKSA-2006:143
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml
(UNKNOWN)  GENTOO  GLSA-200606-12
http://www.debian.org/security/2006/dsa-1134
(UNKNOWN)  DEBIAN  DSA-1134
http://www.debian.org/security/2006/dsa-1120
(UNKNOWN)  DEBIAN  DSA-1120
http://www.debian.org/security/2006/dsa-1118
(UNKNOWN)  DEBIAN  DSA-1118
http://securitytracker.com/id?1016202
(UNKNOWN)  SECTRACK  1016202
http://secunia.com/advisories/22066
(UNKNOWN)  SECUNIA  22066
http://secunia.com/advisories/21631
(UNKNOWN)  SECUNIA  21631
http://secunia.com/advisories/21532
(UNKNOWN)  SECUNIA  21532
http://secunia.com/advisories/21336
(UNKNOWN)  SECUNIA  21336
http://secunia.com/advisories/21324
(UNKNOWN)  SECUNIA  21324
http://secunia.com/advisories/21270
(UNKNOWN)  SECUNIA  21270
http://secunia.com/advisories/21269
(UNKNOWN)  SECUNIA  21269
http://secunia.com/advisories/21188
(UNKNOWN)  SECUNIA  21188
http://secunia.com/advisories/21183
(UNKNOWN)  SECUNIA  21183
http://secunia.com/advisories/21178
(UNKNOWN)  SECUNIA  21178
http://secunia.com/advisories/21176
(UNKNOWN)  SECUNIA  21176
http://secunia.com/advisories/21134
(UNKNOWN)  SECUNIA  21134
http://secunia.com/advisories/20561
(UNKNOWN)  SECUNIA  20561
http://secunia.com/advisories/20376
(UNKNOWN)  SECUNIA  20376
http://rhn.redhat.com/errata/RHSA-2006-0609.html
(UNKNOWN)  REDHAT  RHSA-2006:0609

- 漏洞信息

Mozilla Firefox 输入验证漏洞
中危 输入验证
2006-06-02 00:00:00 2009-08-10 00:00:00
远程  
        Mozilla Firefox 是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。
        CVE-2006-1729中的漏洞并没有完全修复,攻击者可以将文件名插入到一个文本框从而读取任意文件,然后将此文本框转变成一个文件上传框控件。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.mozilla.org/
        http://security.gentoo.org/glsa/glsa-200606-12.xml

- 漏洞信息 (F49350)

Mandriva Linux Security Advisory 2006.143 (PacketStormID:F49350)
2006-08-27 00:00:00
Mandriva  mandriva.com
advisory,vulnerability
linux,mandriva
CVE-2006-2613,CVE-2006-2894,CVE-2006-2775,CVE-2006-2776,CVE-2006-2777,CVE-2006-2778,CVE-2006-2779,CVE-2006-2780,CVE-2006-2782,CVE-2006-2783,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788,CVE-2006-3677,CVE-2006-3803,CVE-2006-3804
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-143 - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:143
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mozilla-firefox
 Date    : August 16, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of security vulnerabilities have been discovered and corrected
 in the latest Mozilla Firefox program.
 
 Previous updates to Firefox were patch fixes to Firefox 1.0.6 that
 brought it in sync with 1.0.8 in terms of security fixes.  In this
 update, Mozilla Firefox 1.5.0.6 is being provided which corrects a
 number of vulnerabilities that were previously unpatched, as well as
 providing new and enhanced features.
 
 The following CVE names have been corrected with this update:
 CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776,
 CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780,
 CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, 
 CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677,
 CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807,
 CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805,
 CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811,
 CVE-2006-3812.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2613
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2777
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2780
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2784
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2788
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812
 http://www.mozilla.org/security/announce/2006/mfsa2006-31.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-33.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-34.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-35.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-36.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-37.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-38.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-39.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-41.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-42.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-43.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-56.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 76ef1a2e7338c08e485ab2c19a1ce691  2006.0/RPMS/devhelp-0.10-7.1.20060mdk.i586.rpm
 d44f02b82df9f404f899ad8bc4bdd6a2  2006.0/RPMS/epiphany-1.8.5-4.1.20060mdk.i586.rpm
 29efc065aeb4a53a105b2c27be816758  2006.0/RPMS/epiphany-devel-1.8.5-4.1.20060mdk.i586.rpm
 caad34c0d4c16a50ec4b05820e6d01db  2006.0/RPMS/galeon-2.0.1-1.1.20060mdk.i586.rpm
 d0e75938f4e129936351f015bd90a37a  2006.0/RPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.noarch.rpm
 652044ff7d9c3170df845011ec696393  2006.0/RPMS/libdevhelp-1_0-0.10-7.1.20060mdk.i586.rpm
 bf6dcf87f409d06b42234dbca387b922  2006.0/RPMS/libdevhelp-1_0-devel-0.10-7.1.20060mdk.i586.rpm
 e9aaff3090a4459b57367f4903b0458a  2006.0/RPMS/libnspr4-1.5.0.6-1.4.20060mdk.i586.rpm
 fa99cbc159722cc0ff9e5710f24ca599  2006.0/RPMS/libnspr4-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 d4d45b797ca2f2347c0409d9f956ff25  2006.0/RPMS/libnspr4-static-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 8d33e72703090a911f7fd171ad9dd719  2006.0/RPMS/libnss3-1.5.0.6-1.4.20060mdk.i586.rpm
 23afd287c042c5492c210255554a6893  2006.0/RPMS/libnss3-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 4a188f54230b943ea9c8930eb2e0cfe1  2006.0/RPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.i586.rpm
 5bec4690547fd733ca97cb2933ebe427  2006.0/RPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.i586.rpm
 55836595e5cba3828a9a5a27e5aa1825  2006.0/RPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.i586.rpm
 0faf5ee7022ee0b70915d2c845865cae  2006.0/RPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.i586.rpm
 312a89317692b3bd86060a1995365d86  2006.0/RPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.i586.rpm
 38215dccbee8a169bcbac2af2897c2f7  2006.0/RPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.i586.rpm
 aaba2fa72f8de960a3a757b3010027d3  2006.0/RPMS/mozilla-firefox-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 d8d59a55974f6fa20d99fb30f126638f  2006.0/RPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.i586.rpm
 946e6a76c71dbbee3340f1a96ae25a1d  2006.0/RPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.i586.rpm
 9a14c31a41c2bac3942caa3d1fb5daee  2006.0/RPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.i586.rpm
 b5074c27d1cb719bf9f8fabe8aebf628  2006.0/RPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.i586.rpm
 7a225cdfdf0c17c0f4a72ad27907fc07  2006.0/RPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.i586.rpm
 06526a054d108d3c9b5f66313151ecc2  2006.0/RPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.i586.rpm
 8f721bd3914c31e04359def6272db929  2006.0/RPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.i586.rpm
 a704ed726e6db4ba59592563cd2c48b0  2006.0/RPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.i586.rpm
 0ef6729b05e013a364e847e4a1b7b3e3  2006.0/RPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.i586.rpm
 570b19872de676414b399ff970024b78  2006.0/RPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.i586.rpm
 dee38f0bbe3870d3bd8ad02ea968c57a  2006.0/RPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.i586.rpm
 92916e155ec38b5078234728593d72a2  2006.0/RPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.i586.rpm
 c808f2f32fc9e514ffb097eeeb226a96  2006.0/RPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.i586.rpm
 6dda5771d062eae75f8f04b7dab8d6cc  2006.0/RPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.i586.rpm
 c4ac8441170504cc5ec05cf5c8e6e9f9  2006.0/RPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.i586.rpm
 2765008afd4c0ba1d702eda9627a7690  2006.0/RPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.i586.rpm
 15b600977b07651f1c3568f4d7f1f9ac  2006.0/RPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.i586.rpm
 6f1fae6befe608fc841fcc71e15852c0  2006.0/RPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.i586.rpm
 81f412da40ea14bcc23d420d7a5724f9  2006.0/RPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.i586.rpm
 76e0ece3c0b6f507340871a168a57e36  2006.0/RPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.i586.rpm
 6ded58e85ed113718cfb3484ae420bb9  2006.0/RPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.i586.rpm
 c76f6648e88de4a63991eac66c3fba04  2006.0/RPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.i586.rpm
 1c7ab93275bcdcf30ed9ec2ddb4893df  2006.0/RPMS/yelp-2.10.0-6.1.20060mdk.i586.rpm
 60279919aa5f17c2ecd9f64db87cb952  2006.0/SRPMS/devhelp-0.10-7.1.20060mdk.src.rpm
 c446c046409b6697a863868fe5c64222  2006.0/SRPMS/epiphany-1.8.5-4.1.20060mdk.src.rpm
 e726300336f737c8952f664bf1866d6f  2006.0/SRPMS/galeon-2.0.1-1.1.20060mdk.src.rpm
 e9e30596eceb0bc9a03f7880cd7d14ea  2006.0/SRPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.src.rpm
 4168c73cba97276fa4868b4ac2c7eb19  2006.0/SRPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.src.rpm
 6a7df29f5af703d10d7ea1fee160ac00  2006.0/SRPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.src.rpm
 e56e14c28051ec4332cbde8dbee7bb6a  2006.0/SRPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.src.rpm
 1a144c86fd8db39e2801117296e15d2b  2006.0/SRPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.src.rpm
 f4889d2ee6e07c0141b57ab9aaccae64  2006.0/SRPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.src.rpm
 dee0f7bc91c797e880fff19e1cb05a63  2006.0/SRPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.src.rpm
 45724f6ceed66701392bd131feaf1f6d  2006.0/SRPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.src.rpm
 cc680cac7fea3f7f8a48a5daf86db088  2006.0/SRPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.src.rpm
 69b04335c21313262af4253863109cc8  2006.0/SRPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.src.rpm
 2aab89244a535afcbc25271df5d6b33f  2006.0/SRPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.src.rpm
 f1c7f71d5484c5047b1b38fc16888ae3  2006.0/SRPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.src.rpm
 3963e3c3a2c38c41d9d3bc5250b124a6  2006.0/SRPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.src.rpm
 bb54aed17a126a9e8568d49866db99ea  2006.0/SRPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.src.rpm
 2a1b11f2c8944bc1fc0d313d54a903cf  2006.0/SRPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.src.rpm
 783c5b3c0fb9916e07f220110155476d  2006.0/SRPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.src.rpm
 895e315731fa0b453045cc39da4f5358  2006.0/SRPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.src.rpm
 daa0a127d2a1a3641d4e97bfb95f1647  2006.0/SRPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.src.rpm
 0c778b0738b11dfd5d68be48fa6316ed  2006.0/SRPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.src.rpm
 7025d0118cf29e39117bd87c586e84a3  2006.0/SRPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.src.rpm
 5d8b8e869f588c0f5751e9ce7addba45  2006.0/SRPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.src.rpm
 c5148674a8c7dd1f88c5729293f899ba  2006.0/SRPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.src.rpm
 91d490c075473e2443e383201b961cb8  2006.0/SRPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.src.rpm
 622ae4619d151bb1634113e50b30fbac  2006.0/SRPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.src.rpm
 e6d64c14929d299e2fb52e334ae6641a  2006.0/SRPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.src.rpm
 20f64c6dfd6aa1450cba5002d42f53d8  2006.0/SRPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.src.rpm
 b93a6b548bb1cf0f8cc46dec133e81a3  2006.0/SRPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.src.rpm
 f5603b65b3d10fa5083934e08d2d4560  2006.0/SRPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.src.rpm
 c0e978ea92b4a8f3aa75dad5ab7588b9  2006.0/SRPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.src.rpm
 93cb0acaeddb095d13b37aeb0ab4dd49  2006.0/SRPMS/yelp-2.10.0-6.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 d52f4955f15f99137dd9a0b2f360c8b2  x86_64/2006.0/RPMS/devhelp-0.10-7.1.20060mdk.x86_64.rpm
 369457b4a09c07ba18ee5bb18fb2ffa1  x86_64/2006.0/RPMS/epiphany-1.8.5-4.1.20060mdk.x86_64.rpm
 76735684f3ff493770e374a90fd359c7  x86_64/2006.0/RPMS/epiphany-devel-1.8.5-4.1.20060mdk.x86_64.rpm
 5da75ab6624f8c8f0c212ce2299d645f  x86_64/2006.0/RPMS/galeon-2.0.1-1.1.20060mdk.x86_64.rpm
 945059b9456c9ff2ccd40ff4a6d8ae70  x86_64/2006.0/RPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.noarch.rpm
 193f97760bb46e16051ba7b6b968f340  x86_64/2006.0/RPMS/lib64devhelp-1_0-0.10-7.1.20060mdk.x86_64.rpm
 1b67733b0450cd6572c9879c0eb38640  x86_64/2006.0/RPMS/lib64devhelp-1_0-devel-0.10-7.1.20060mdk.x86_64.rpm
 115fcbc6c99bf063cd1768d2b08e9d89  x86_64/2006.0/RPMS/lib64nspr4-1.5.0.6-1.4.20060mdk.x86_64.rpm
 686404fa32e2625f23b19e11c548bbe5  x86_64/2006.0/RPMS/lib64nspr4-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm
 f0886b330d3f5af566af6cf5572ca671  x86_64/2006.0/RPMS/lib64nspr4-static-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm
 10e9abdcb3f952c4db35c85fe58ad8ad  x86_64/2006.0/RPMS/lib64nss3-1.5.0.6-1.4.20060mdk.x86_64.rpm
 202bab2742f162d1cbd6d36720e6f7fb  x86_64/2006.0/RPMS/lib64nss3-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm
 e9aaff3090a4459b57367f4903b0458a  x86_64/2006.0/RPMS/libnspr4-1.5.0.6-1.4.20060mdk.i586.rpm
 fa99cbc159722cc0ff9e5710f24ca599  x86_64/2006.0/RPMS/libnspr4-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 d4d45b797ca2f2347c0409d9f956ff25  x86_64/2006.0/RPMS/libnspr4-static-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 8d33e72703090a911f7fd171ad9dd719  x86_64/2006.0/RPMS/libnss3-1.5.0.6-1.4.20060mdk.i586.rpm
 23afd287c042c5492c210255554a6893  x86_64/2006.0/RPMS/libnss3-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 74811077c91dde3bc8c8bae45e5862a7  x86_64/2006.0/RPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.x86_64.rpm
 75711988a67bf3f36fc08823561bb2b7  x86_64/2006.0/RPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.x86_64.rpm
 5bd9ad43769390549ab3c4549c971db7  x86_64/2006.0/RPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.x86_64.rpm
 dfdd808e2ec0866c15db5f1ea6a5b5bd  x86_64/2006.0/RPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.x86_64.rpm
 1fad19f458ce0aa50e86710ed3b7fe04  x86_64/2006.0/RPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.x86_64.rpm
 743e8d4f009ab2d2fc2e8c131244fb57  x86_64/2006.0/RPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.x86_64.rpm
 476ee9a87f650a0ef3523a9619f9f611  x86_64/2006.0/RPMS/mozilla-firefox-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm
 be48721cbc6e5634b50ce5b6cfe4a951  x86_64/2006.0/RPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.x86_64.rpm
 e56ce18466e20db3189e035329c606ce  x86_64/2006.0/RPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.x86_64.rpm
 489e5940c9ac9573842888ff07436e4c  x86_64/2006.0/RPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.x86_64.rpm
 73d2eb2fc6ec99a1d3eeb94d9ddff36e  x86_64/2006.0/RPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.x86_64.rpm
 acbd3cd5f82b47a6c6cb03ebd6ca25ae  x86_64/2006.0/RPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.x86_64.rpm
 362807f9da1130dd8da606b9ded06311  x86_64/2006.0/RPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.x86_64.rpm
 e48c991fa555d22d1f382baa83dfcae9  x86_64/2006.0/RPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.x86_64.rpm
 0d954f47de6d2cc58e36cd2c9ddae09c  x86_64/2006.0/RPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.x86_64.rpm
 8f615598d04985a0d60a3469ea3044ed  x86_64/2006.0/RPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.x86_64.rpm
 f4810510feb31e6195358c5ddd87252f  x86_64/2006.0/RPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.x86_64.rpm
 537d53b7805ac84009f2ff99e3282b91  x86_64/2006.0/RPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.x86_64.rpm
 afbc9ee04902213758bbf262b732de21  x86_64/2006.0/RPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.x86_64.rpm
 dcef8c7676529394e5fbd4168f8e2cd6  x86_64/2006.0/RPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.x86_64.rpm
 f4ee0e7ecba430fd3ce5e8ebeda9b5c1  x86_64/2006.0/RPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.x86_64.rpm
 778261355184ca73cbf1aab1ce56644d  x86_64/2006.0/RPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.x86_64.rpm
 10ca4e7f4cf10c380849ced0bf83e08b  x86_64/2006.0/RPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.x86_64.rpm
 427cabc08ec66e1a45bc27e5625f49bb  x86_64/2006.0/RPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.x86_64.rpm
 de4e61d4fce7cd286bb4a3778cb8499f  x86_64/2006.0/RPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.x86_64.rpm
 86e9af4c42b59e32d4e5ac0a8d1afe30  x86_64/2006.0/RPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.x86_64.rpm
 126b1e0826330986fbf485eabade949d  x86_64/2006.0/RPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.x86_64.rpm
 d2e6da2db277b7f5dabed3e95d4b818b  x86_64/2006.0/RPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.x86_64.rpm
 a83edee07d2465cf55024ed1b7aa779f  x86_64/2006.0/RPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.x86_64.rpm
 9e33e2a0c3d4a92a0b420c417fcd3469  x86_64/2006.0/RPMS/yelp-2.10.0-6.1.20060mdk.x86_64.rpm
 60279919aa5f17c2ecd9f64db87cb952  x86_64/2006.0/SRPMS/devhelp-0.10-7.1.20060mdk.src.rpm
 c446c046409b6697a863868fe5c64222  x86_64/2006.0/SRPMS/epiphany-1.8.5-4.1.20060mdk.src.rpm
 e726300336f737c8952f664bf1866d6f  x86_64/2006.0/SRPMS/galeon-2.0.1-1.1.20060mdk.src.rpm
 e9e30596eceb0bc9a03f7880cd7d14ea  x86_64/2006.0/SRPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.src.rpm
 4168c73cba97276fa4868b4ac2c7eb19  x86_64/2006.0/SRPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.src.rpm
 6a7df29f5af703d10d7ea1fee160ac00  x86_64/2006.0/SRPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.src.rpm
 e56e14c28051ec4332cbde8dbee7bb6a  x86_64/2006.0/SRPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.src.rpm
 1a144c86fd8db39e2801117296e15d2b  x86_64/2006.0/SRPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.src.rpm
 f4889d2ee6e07c0141b57ab9aaccae64  x86_64/2006.0/SRPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.src.rpm
 dee0f7bc91c797e880fff19e1cb05a63  x86_64/2006.0/SRPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.src.rpm
 45724f6ceed66701392bd131feaf1f6d  x86_64/2006.0/SRPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.src.rpm
 cc680cac7fea3f7f8a48a5daf86db088  x86_64/2006.0/SRPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.src.rpm
 69b04335c21313262af4253863109cc8  x86_64/2006.0/SRPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.src.rpm
 2aab89244a535afcbc25271df5d6b33f  x86_64/2006.0/SRPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.src.rpm
 f1c7f71d5484c5047b1b38fc16888ae3  x86_64/2006.0/SRPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.src.rpm
 3963e3c3a2c38c41d9d3bc5250b124a6  x86_64/2006.0/SRPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.src.rpm
 bb54aed17a126a9e8568d49866db99ea  x86_64/2006.0/SRPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.src.rpm
 2a1b11f2c8944bc1fc0d313d54a903cf  x86_64/2006.0/SRPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.src.rpm
 783c5b3c0fb9916e07f220110155476d  x86_64/2006.0/SRPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.src.rpm
 895e315731fa0b453045cc39da4f5358  x86_64/2006.0/SRPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.src.rpm
 daa0a127d2a1a3641d4e97bfb95f1647  x86_64/2006.0/SRPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.src.rpm
 0c778b0738b11dfd5d68be48fa6316ed  x86_64/2006.0/SRPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.src.rpm
 7025d0118cf29e39117bd87c586e84a3  x86_64/2006.0/SRPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.src.rpm
 5d8b8e869f588c0f5751e9ce7addba45  x86_64/2006.0/SRPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.src.rpm
 c5148674a8c7dd1f88c5729293f899ba  x86_64/2006.0/SRPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.src.rpm
 91d490c075473e2443e383201b961cb8  x86_64/2006.0/SRPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.src.rpm
 622ae4619d151bb1634113e50b30fbac  x86_64/2006.0/SRPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.src.rpm
 e6d64c14929d299e2fb52e334ae6641a  x86_64/2006.0/SRPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.src.rpm
 20f64c6dfd6aa1450cba5002d42f53d8  x86_64/2006.0/SRPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.src.rpm
 b93a6b548bb1cf0f8cc46dec133e81a3  x86_64/2006.0/SRPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.src.rpm
 f5603b65b3d10fa5083934e08d2d4560  x86_64/2006.0/SRPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.src.rpm
 c0e978ea92b4a8f3aa75dad5ab7588b9  x86_64/2006.0/SRPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.src.rpm
 93cb0acaeddb095d13b37aeb0ab4dd49  x86_64/2006.0/SRPMS/yelp-2.10.0-6.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE41l0mqjQ0CJFipgRAu1DAJ90MqoteYoIfAj0Gqim5fxrvOw7BACg0xq5
L8QZWCg0xY3ZRacFzNTgusw=
=gl6u
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F48629)

Ubuntu Security Notice 323-1 (PacketStormID:F48629)
2006-07-28 00:00:00
Ubuntu  security.ubuntu.com
advisory,vulnerability
linux,ubuntu
CVE-2006-2775,CVE-2006-2776,CVE-2006-2777,CVE-2006-2778,CVE-2006-2779,CVE-2006-2780,CVE-2006-2781,CVE-2006-2782,CVE-2006-2783,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787
[点击下载]

Ubuntu Security Notice 323-1 - A massive security update for multiple vulnerabilities in Mozilla has been released.

=========================================================== 
Ubuntu Security Notice USN-323-1              July 25, 2006
mozilla vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778,
CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782,
CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786,
CVE-2006-2787
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  mozilla-browser                          2:1.7.13-0ubuntu05.04.1
  mozilla-mailnews                         2:1.7.13-0ubuntu05.04.1
  mozilla-psm                              2:1.7.13-0ubuntu05.04.1

Ubuntu 5.10:
  mozilla-browser                          2:1.7.13-0ubuntu5.10.1
  mozilla-mailnews                         2:1.7.13-0ubuntu5.10.1
  mozilla-psm                              2:1.7.13-0ubuntu5.10.1

After a standard system upgrade you need to restart Mozilla to effect
the necessary changes.

Details follow:

Jonas Sicking discovered that under some circumstances persisted XUL
attributes are associated with the wrong URL. A malicious web site
could exploit this to execute arbitrary code with the privileges of
the user. (MFSA 2006-35, CVE-2006-2775)

Paul Nickerson discovered that content-defined setters on an object
prototype were getting called by privileged UI code. It was
demonstrated that this could be exploited to run arbitrary web script
with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar
attack was discovered by moz_bug_r_a4 that leveraged SelectionObject
notifications that were called in privileged context. (MFSA 2006-43,
CVE-2006-2777)

Mikolaj Habryn discovered a buffer overflow in the crypto.signText()
function. By tricking a user to visit a site with an SSL certificate
with specially crafted optional Certificate Authority name
arguments, this could potentially be exploited to execute arbitrary
code with the user's privileges. (MFSA 2006-38, CVE-2006-2778)

The Mozilla developer team discovered several bugs that lead to
crashes with memory corruption. These might be exploitable by
malicious web sites to execute arbitrary code with the privileges of
the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780)

Masatoshi Kimura discovered a memory corruption (double-free) when
processing a large VCard with invalid base64 characters in it. By
sending a maliciously crafted set of VCards to a user, this could
potentially be exploited to execute arbitrary code with the user's
privileges. (MFSA 2006-40, CVE-2006-2781)

Chuck McAuley reported that the fix for CVE-2006-1729 (file stealing
by changing input type) was not sufficient to prevent all variants of
exploitation. (MFSA 2006-41, CVE-2006-2782)

Masatoshi Kimura found a way to bypass web input sanitizers which
filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)'
characters into the HTML code (e. g. '<scr[BOM]ipt>'), these filters
might not recognize the tags anymore; however, Mozilla would still
execute them since BOM markers are filtered out before processing the
page. (MFSA 2006-42, CVE-2006-2783)

Paul Nickerson noticed that the fix for CVE-2005-0752 (JavaScript
privilege escalation on the plugins page) was not sufficient to
prevent all variants of exploitation. (MFSA 2006-36, CVE-2006-2784)

Paul Nickerson demonstrated that if an attacker could convince a user
to right-click on a broken image and choose "View Image" from the
context menu then he could get JavaScript to run on a site of the
attacker's choosing. This could be used to steal login cookies or
other confidential information from the target site. (MFSA 2006-34,
CVE-2006-2785)

Kazuho Oku discovered various ways to perform HTTP response smuggling
when used with certain proxy servers. Due to different interpretation
of nonstandard HTTP headers in Mozilla and the proxy server, a
malicious web site can exploit this to send back two responses to one
request. The second response could be used to steal login cookies or
other sensitive data from another opened web site. (MFSA 2006-33,
CVE-2006-2786)


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu05.04.1.diff.gz
      Size/MD5:   337800 2db7b990124c6c1c1b8e9672ca5d6513
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu05.04.1.dsc
      Size/MD5:     1140 dff39e5ce49d9743de85eec224192a32
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13.orig.tar.gz
      Size/MD5: 38788839 db906560b5abe488286ad1edc21d52b6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   168074 ad1b6c33075e971bbda9f2b1fb105acd
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   141800 26fe9cb2a488851d5a08f008eccb1286
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   184958 e70af6a5c0c0ebd475977cede7dd2d0e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   710626 8a7cb0a2c698fbb25a19cb372012cc25
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5: 10610980 33b6ff77510c97ad410648acfa60969d
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   403276 503bd265002378861042e9145adca4e5
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   158328 a3a78547d1739fa489b5eaf06e2bb775
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:  3352288 f136491aa7a81cafefbb3c7ecdc5f358
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   121188 9047e6b7ddc935e553ef96869a0697b1
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   204152 5ddbdbe777cf61007db5946793386778
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:  1935856 e72372370e4e6ad8f232649faab04c1e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:   204518 694f522af956a4e0450fc40c0fec1681
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu05.04.1_amd64.deb
      Size/MD5:     1042 e6281edcb4a65fa6d05ea72eb83b6cc6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   168070 81c685cd991f0ff3b109be63f80130c5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   128448 77877720eaad8970b2675ead1eeaaf76
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   184934 cf8811d7050bd397343b9a6f16e43be6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   640510 4919807173e6d2e47a9d3c04ba7ba2b8
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:  9625412 8b357311b8d2ca54dec002ab45c8be2a
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   403294 b32aca483d56c4ce22e7c985b29e2fc4
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   158332 8186f8e0eed294d42d40deaa635620df
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:  3344850 258d820d93386ad62ef54a6427dc80a8
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   115832 cb1f8880d0afe7e6d7c7a62df15817ed
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   204160 6631b13c4025bbe77715589c86c28de7
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:  1780842 e2d26ad17ed1ee60cf7b3dcadff9080a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:   188486 7722d3ca28defc86236a0a24ec0a31bb
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu05.04.1_i386.deb
      Size/MD5:     1038 3122a3872c2860bf08471a77215a539f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   168076 2df31cb514546f26e4dda5a13f234c55
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   127186 f68d8a52426231ba404610958394f786
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   184950 2f0a1db9364ce06f9c5b0a5b984d2167
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   714848 8f18e6495b88346a54b806af6bbea813
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:  9177718 3d1e82b88c35c967c210b88ff54970dc
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   403298 1c4691bde820ec913f3bbddf13c9cef6
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   158338 407c8d0d588edb5dd6742ec47b912472
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:  3340480 80710d7291666df1ce959410928bbec4
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   114584 a3c957dc3151e896ff18e9bd2710e6fa
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   204166 f4a827dd3800896f1dd36c9a0e563ff9
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:  1643010 06882ef0b556a5db1adec008cd609370
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:   175714 a1f98dd0b17c838723cd06b4a4167a21
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu05.04.1_powerpc.deb
      Size/MD5:     1046 3fff2d11475b3d408cb007f79583b486

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu5.10.1.diff.gz
      Size/MD5:   339739 f3417c36cc2f4edf0f56f2a3d291186f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13-0ubuntu5.10.1.dsc
      Size/MD5:     1080 6633c093477fe6313ea31a05626c74fa
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.13.orig.tar.gz
      Size/MD5: 38788839 db906560b5abe488286ad1edc21d52b6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   168042 e7c77d1568c6c46f083ab05f038464ff
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   143820 446658c0da7878eca5977486d5aa71c8
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   184942 8fc2cf6a6d115e63715f5c54b82c2d4a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   719348 fd2b0f552c07995dc65906b56b12a5bc
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5: 10666540 3b661ff62d97846c23e422fdb0f87bc8
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   403282 ab2167239e57b61676dc3fbd296a2ffc
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   158322 d0e08f0196752784b50d87191d878d0a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:  3347976 344d169cf65cb66bb67af5dbb4c19048
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   122358 9db2a1a2d412846a541a5b113357a65b
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   204154 9e2f774e0c8b0bc75f60899b9ea518dd
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:  1962852 1baa399dd55eaccda81c2f707f225817
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:   204202 e6f84c6501268f8cd8680d55ca8bc673
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10.1_amd64.deb
      Size/MD5:     1032 875ac9a3fccb0f396f537560047ca9e6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   168048 257bbb4473be7bdfff3ded89b9d8a12b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   129200 eda6af1ceb30b9594442702ad99152ed
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   184932 f05d44d79b74e7887af887e6a9b09f1e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   635378 a7808a9e8f431a16cc60baddc68b8139
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:  9185932 85d2251d70e3488a0cc388e0db41a4fc
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   403280 7034e103d8a30f986ec57fe31160e487
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   158324 a29a00a6e450d7d998d6e874987f10ba
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:  3337576 7094cd9a4464d4645d92489c371c6cab
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   115304 87dd3fb83b695986dda9ddeaedf47781
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   204152 09352de0004e77e96ca17cb21d0715e3
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:  1691482 6df8075f514d49d7f5411891bbc0e7f5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:   178782 d2d5d1aa46de77fb2b54ec98ef3a7a14
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10.1_i386.deb
      Size/MD5:     1032 a3f4871c955138dd6d6e759ea114e4c8

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   168048 852ade578c01f279b8aff0a794a268a3
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   130906 df3dd2deffe59449bf2442cf00f6689e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   184932 4e6345c82ae5563193e1b5b201ef3043
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   696888 902ed7ec1cf327ea9931948f756d60e6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:  9263244 87d38e3da8f8e9174e87552155add753
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   403284 3a37460373177133ba2c687501b574a1
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   158326 092102dfb58bfe5ea20ff0969f7f56f2
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:  3336540 8f37d1620049b2fefc1b651fd51c43b7
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   115348 bef4e6c32a92c26fa06395801657e367
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   204158 60731a37272e50a8660ecb2cfae9aabf
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:  1671422 3b3f3bedfbba4263f26773d93436e769
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:   175906 c6b918fa89cd2423d47b018f279c4d68
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10.1_powerpc.deb
      Size/MD5:     1032 cc69d04f87b79ff659067186cab9cfd9

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   168054 0d954bebca6ea4131c28e11337bba7ad
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   127450 521963b1b21999ff9f42d35b884c23ed
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   184948 74d53204904bf8bf02928f6cb0b3e787
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   630704 0987af2fe353aff94cefddc61ac1c8e6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:  9013886 08e90ea95c75c3eb03d8533532314fdb
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   403286 f5a6f817c9926829a4012da7973b3fcc
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   158328 2b884313c4bd382d1609d01568b7013e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:  3336286 f1a166252e7c78d5d90a7ef91b7b6eb0
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   113834 8df1183b10a5d69c1087634f81178a41
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   204152 e0177e963461936592387a9e6d5171bd
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:  1629816 a02204343afa9a872f99f63e85170096
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:   170382 010d945bfd8636541e8202c036668e18
    http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.13-0ubuntu5.10.1_sparc.deb
      Size/MD5:     1032 5d9b7b8e12b9746c44fd3fd41dec9f13
    

- 漏洞信息 (F48488)

Debian Linux Security Advisory 1120-1 (PacketStormID:F48488)
2006-07-24 00:00:00
Debian  debian.org
advisory,vulnerability
linux,debian
CVE-2006-1942,CVE-2006-2775,CVE-2006-2776,CVE-2006-2777,CVE-2006-2778,CVE-2006-2779,CVE-2006-2780,CVE-2006-2781,CVE-2006-2782,CVE-2006-2783,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787
[点击下载]

Debian Security Advisory 1118-1 - A massive slew of vulnerabilities have been patched in mozilla-firefox for Debian.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1120-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 23rd, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-firefox
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777
                 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782
                 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786
                 CVE-2006-2787
CERT advisories: VU#237257 VU#243153 VU#421529 VU#466673 VU#575969
BugTraq ID     : 18228

Several security related problems have been discovered in Mozilla.
The Common Vulnerabilities and Exposures project identifies the
following vulnerabilities:

CVE-2006-1942

    Eric Foley discovered that a user can be tricked to expose a local
    file to a remote attacker by displaying a local file as image in
    connection with other vulnerabilities.  [MFSA-2006-39]

CVE-2006-2775

    XUL attributes are associated with the wrong URL under certain
    circumstances, which might allow remote attackers to bypass
    restrictions.  [MFSA-2006-35]

CVE-2006-2776

    Paul Nickerson discovered that content-defined setters on an
    object prototype were getting called by privileged user interface
    code, and "moz_bug_r_a4" demonstrated that the higher privilege
    level could be passed along to the content-defined attack code.
    [MFSA-2006-37]

CVE-2006-2777

    A vulnerability allows remote attackers to execute arbitrary code
    and create notifications that are executed in a privileged
    context.  [MFSA-2006-43]

CVE-2006-2778

    Mikolaj Habryn a buffer overflow in the crypto.signText function
    that allows remote attackers to execute arbitrary code via certain
    optional Certificate Authority name arguments.  [MFSA-2006-38]

CVE-2006-2779

    Mozilla team members discovered several crashes during testing of
    the browser engine showing evidence of memory corruption which may
    also lead to the execution of arbitrary code.  This problem has
    only partially been corrected.  [MFSA-2006-32]

CVE-2006-2780

    An integer overflow allows remote attackers to cause a denial of
    service and may permit the execution of arbitrary code.
    [MFSA-2006-32]

CVE-2006-2782

    Chuck McAuley discovered that a text input box can be pre-filled
    with a filename and then turned into a file-upload control,
    allowing a malicious website to steal any local file whose name
    they can guess.  [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]

CVE-2006-2783

    Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM)
    is stripped from UTF-8 pages during the conversion to Unicode
    before the parser sees the web page, which allows remote attackers
    to conduct cross-site scripting (XSS) attacks.  [MFSA-2006-42]

CVE-2006-2784

    Paul Nickerson discovered that the fix for CAN-2005-0752 can be
    bypassed using nested javascript: URLs, allowing the attacker to
    execute privileged code.  [MFSA-2005-34, MFSA-2006-36]

CVE-2006-2785

    Paul Nickerson demonstrated that if an attacker could convince a
    user to right-click on a broken image and choose "View Image" from
    the context menu then he could get JavaScript to
    run.  [MFSA-2006-34]

CVE-2006-2786

    Kazuho Oku discovered that Mozilla's lenient handling of HTTP
    header syntax may allow remote attackers to trick the browser to
    interpret certain responses as if they were responses from two
    different sites.  [MFSA-2006-33]

CVE-2006-2787

    The Mozilla researcher "moz_bug_r_a4" discovered that JavaScript
    run via EvalInSandbox can escape the sandbox and gain elevated
    privilege.  [MFSA-2006-31]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-2sarge9.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.dfsg+1.5.0.4-1.

We recommend that you upgrade your Mozilla Firefox packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9.dsc
      Size/MD5 checksum:     1001 21424c5ba440f16f6abea37711d66aa9
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9.diff.gz
      Size/MD5 checksum:   398646 2eff76a21650ad05f52b5fdf73bd3f7e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_alpha.deb
      Size/MD5 checksum: 11173304 3a940907dc9761c8f509bb4c985db436
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_alpha.deb
      Size/MD5 checksum:   169032 05d7a00140abdf880b41c4fa28114068
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_alpha.deb
      Size/MD5 checksum:    60866 de85fa33566f2fbfcc86501ee62b2a1b

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_amd64.deb
      Size/MD5 checksum:  9401816 963bc07e9bad81b56674d2e87fcc2074
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_amd64.deb
      Size/MD5 checksum:   163774 782e55322d790e206be62b7c973cf4ee
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_amd64.deb
      Size/MD5 checksum:    59390 62063c4dc7dfb9dd977b2a019bd37946

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_arm.deb
      Size/MD5 checksum:  8223298 0a3854d01bb66b8251a6fd0f6f6acf1d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_arm.deb
      Size/MD5 checksum:   155248 04b4755e60835717a7b5ed0025f00f0c
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_arm.deb
      Size/MD5 checksum:    54702 93f66e628ad9327de4ed14acdfec4395

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_i386.deb
      Size/MD5 checksum:  8899786 395567e782da4a1d6e0ef10367ba57cc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_i386.deb
      Size/MD5 checksum:   159032 5225bca73b84ed3e8a1c4e06bdd6cd69
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_i386.deb
      Size/MD5 checksum:    56250 f8baa460416bd34c28e347b371c2ac72

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_ia64.deb
      Size/MD5 checksum: 11632562 3fc46e9c4a4575594c610c7ff85146ce
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_ia64.deb
      Size/MD5 checksum:   169362 aad3f6f89760080eca86f9988c690532
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_ia64.deb
      Size/MD5 checksum:    64062 0973673b6e56cc6d26db14a0170c4a1a

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_hppa.deb
      Size/MD5 checksum: 10275134 dbdcf7d07ead3c046ec5a604922bd853
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_hppa.deb
      Size/MD5 checksum:   166732 ff51c0f78f3bb6ee011c85e850e67230
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_hppa.deb
      Size/MD5 checksum:    59840 856193bc316aecbcce4f88aae4404240

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_m68k.deb
      Size/MD5 checksum:  8175302 d60841a0292077f4635ca9b68c45cd8a
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_m68k.deb
      Size/MD5 checksum:   157932 5559512572a0493c336f46e67dc6163d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_m68k.deb
      Size/MD5 checksum:    55524 f04387c9e24e76965342227983327a03

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_mips.deb
      Size/MD5 checksum:  9932150 56eefc3ec8a8832645ec1316929f4411
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_mips.deb
      Size/MD5 checksum:   156774 696dca1ed57d6c13fd80bcd6fc4364cd
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_mips.deb
      Size/MD5 checksum:    56506 af7303ff23599cf25224df22f5b92e05

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_mipsel.deb
      Size/MD5 checksum:  9810314 3673c61e049c42c7ea21ed58e06b2acc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_mipsel.deb
      Size/MD5 checksum:   156350 9d3f411c8372b54775ab5ba90c10d0da
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_mipsel.deb
      Size/MD5 checksum:    56336 ccc11bdf50a4b0809fe7ed2dbdf44006

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_powerpc.deb
      Size/MD5 checksum:  8571660 cf198d98db5695e5c423c567ebfdba38
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_powerpc.deb
      Size/MD5 checksum:   157448 d96866bfc3e74f73d6cf4a3f71aa50cb
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_powerpc.deb
      Size/MD5 checksum:    58628 e3a6722463006bb379c9548318784af8

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_s390.deb
      Size/MD5 checksum:  9641400 c935ca331cf22eab9f311fc65c69e227
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_s390.deb
      Size/MD5 checksum:   164392 342aeb1f6362565bac9cd8f9a34e6711
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_s390.deb
      Size/MD5 checksum:    58816 3199d08b5c64c05d4c9f3600fd1a9927

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_sparc.deb
      Size/MD5 checksum:  8662210 a25db0f4ce57b47898d633b2512cd0b4
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_sparc.deb
      Size/MD5 checksum:   157632 5d0f66746bcbb48269e1e4e0efa71067
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_sparc.deb
      Size/MD5 checksum:    55062 99d09b78f6efa23c02d1e9076185f105


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD4DBQFEwxuaW5ql+IAeqTIRAph6AJigs7vAqUX4Kff4L09LciD7GjfGAJ9oSjEi
YKqqcIwtb4nh4LCbn5fKcw==
=zfrY
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F48485)

Debian Linux Security Advisory 1118-1 (PacketStormID:F48485)
2006-07-24 00:00:00
Debian  debian.org
advisory,vulnerability
linux,debian
CVE-2006-1942,CVE-2006-2775,CVE-2006-2776,CVE-2006-2777,CVE-2006-2778,CVE-2006-2779,CVE-2006-2780,CVE-2006-2781,CVE-2006-2782,CVE-2006-2783,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787
[点击下载]

Debian Security Advisory 1118-1 - A massive slew of vulnerabilities have been patched in Mozilla for Debian.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1118-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 22nd, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777
                 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781
                 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785
                 CVE-2006-2786 CVE-2006-2787
CERT advisories: VU#237257 VU#243153 VU#421529 VU#466673 VU#575969
BugTraq ID     : 18228

Several security related problems have been discovered in Mozilla.
The Common Vulnerabilities and Exposures project identifies the
following vulnerabilities:

CVE-2006-1942

    Eric Foley discovered that a user can be tricked to expose a local
    file to a remote attacker by displaying a local file as image in
    connection with other vulnerabilities.  [MFSA-2006-39]

CVE-2006-2775

    XUL attributes are associated with the wrong URL under certain
    circumstances, which might allow remote attackers to bypass
    restrictions.  [MFSA-2006-35]

CVE-2006-2776

    Paul Nickerson discovered that content-defined setters on an
    object prototype were getting called by privileged user interface
    code, and "moz_bug_r_a4" demonstrated that the higher privilege
    level could be passed along to the content-defined attack code.
    [MFSA-2006-37]

CVE-2006-2777

    A vulnerability allows remote attackers to execute arbitrary code
    and create notifications that are executed in a privileged
    context.  [MFSA-2006-43]

CVE-2006-2778

    Mikolaj Habryn a buffer overflow in the crypto.signText function
    that allows remote attackers to execute arbitrary code via certain
    optional Certificate Authority name arguments.  [MFSA-2006-38]

CVE-2006-2779

    Mozilla team members discovered several crashes during testing of
    the browser engine showing evidence of memory corruption which may
    also lead to the execution of arbitrary code.  This problem has
    only partially been corrected.  [MFSA-2006-32]

CVE-2006-2780

    An integer overflow allows remote attackers to cause a denial of
    service and may permit the execution of arbitrary code.
    [MFSA-2006-32]

CVE-2006-2781

    Masatoshi Kimura discovered a double-free vulnerability that
    allows remote attackers to cause a denial of service and possibly
    execute arbitrary code via a VCard.  [MFSA-2006-40]

CVE-2006-2782

    Chuck McAuley discovered that a text input box can be pre-filled
    with a filename and then turned into a file-upload control,
    allowing a malicious website to steal any local file whose name
    they can guess.  [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]

CVE-2006-2783

    Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM)
    is stripped from UTF-8 pages during the conversion to Unicode
    before the parser sees the web page, which allows remote attackers
    to conduct cross-site scripting (XSS) attacks.  [MFSA-2006-42]

CVE-2006-2784

    Paul Nickerson discovered that the fix for CAN-2005-0752 can be
    bypassed using nested javascript: URLs, allowing the attacker to
    execute privileged code.  [MFSA-2005-34, MFSA-2006-36]

CVE-2006-2785

    Paul Nickerson demonstrated that if an attacker could convince a
    user to right-click on a broken image and choose "View Image" from
    the context menu then he could get JavaScript to
    run.  [MFSA-2006-34]

CVE-2006-2786

    Kazuho Oku discovered that Mozilla's lenient handling of HTTP
    header syntax may allow remote attackers to trick the browser to
    interpret certain responses as if they were responses from two
    different sites.  [MFSA-2006-33]

CVE-2006-2787

    The Mozilla researcher "moz_bug_r_a4" discovered that JavaScript
    run via EvalInSandbox can escape the sandbox and gain elevated
    privilege.  [MFSA-2006-31]

For the stable distribution (sarge) these problems have been fixed in
version 1.7.8-1sarge7.1

For the unstable distribution (sid) these problems have been fixed in
version 1.7.13-0.3.

We recommend that you upgrade your Mozilla packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1.dsc
      Size/MD5 checksum:     1127 473562c669e27793809fd76034b5e9de
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1.diff.gz
      Size/MD5 checksum:   498361 6d4f73fb299451760cbf05974d36753a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   168076 9478bc76f4c4dac2cfa1adc51c599e71
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   147050 34ab8e06aeb3d46f150b0099a29b8c2b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   184960 ec9526c058ec2a9629fa16a2c7b0f286
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   856618 515d873622c67d0cf1b155f85187935c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:     1040 a12e4c5754cf581aa6aab5dd4a1388ec
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum: 11481282 52de66676dea443b4426cb0e24703a57
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   403306 efe2822cd3109126a096e4c19bb61f6e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   158336 490cc71ffff457bd6f600ef3d7ab9b4b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:  3358246 5bf68f7988b64ef4175768d92829dccc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   122294 6c36e2cec285b6ec28b3115aaa8cfdb1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   204170 d02d474bf40b4a0adc41e58cbb0f71aa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:  1937112 be8a8005f99506a3e9188672c3f70e57
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_alpha.deb
      Size/MD5 checksum:   212298 96d4c738772a42501805fd1cfb2a6336

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   168070 841b4f6d14d55a8e37ea9fe2d4b8508b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   146154 b17bbe57b0a30c4698f5c883984d552e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   184950 342427477e9db97c2d663a3b7620c1ea
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   714978 bbf6e26c728df94a6bdb8e19b22dae5b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:     1036 4f0379f9ae6b0edf6eb5fbf4977f9d6e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum: 10946160 f7e344cd5bbcc6f1d06b314be572ffd2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   403294 675c774981cadd3d695cc7fa498d2046
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   158330 387195d0b8a6fd9acf4b1a2c8d0d70d8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:  3352180 f896a49299904f8082ccc96ff85ac40e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   121192 df4ef46b4940ecd65ae9cdc140cca1bf
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   204170 cdd080115be04ac72473181ce622caf1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:  1936006 002755bffa9cbb1a943a4a81d04f362b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_amd64.deb
      Size/MD5 checksum:   204400 61fe98f12d92139d157dd672ca6513c8

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   168074 1de16d4b8435fe420a7883dc7d51c910
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   124492 d138a37a746f6fa32bd574f34fdaaefe
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   184960 30851d8827b6061465d370ba42d4ccff
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   632198 79ce23ade76fcc6cb789053d801c904f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:     1036 e0a0373f1cdf7ecf8f176bbbc4e23d18
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:  9212808 1dbb7f756a25a96e9057ef8f96d05805
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   403314 07dad23f621d6e3be785ba0fb5a29763
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   158366 176eede20a70a9ac2a61282b7bc45b01
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:  3341712 0904389fef700da0f4664d4bceb28717
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   112672 8797efa5f068220b587eaac7818cccdc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   204178 75382868b592a542b00e6b6441591a3b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:  1604452 34e908e017cf40549741c227acc78b50
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_arm.deb
      Size/MD5 checksum:   168866 ed9894b18f51f745750ad28fa47aba1f

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   170346 5956d005059fd107818f8035fa9ffbf2
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   136984 5a5c0d8e7e0614ee02c182983e8d8656
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   187138 74f8739619d8ae81b1fe30d0668b8a58
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   661744 74ebef87c001e89d4a2e8d45c9910e13
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:     1032 8f01d06ab6028c5b908dd5594e1d1c14
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum: 10336772 e281b8fb2b04eb6f788654557efb8f94
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   403504 5db7402ffdb5b6523fa43d1c89944907
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   158352 a8a7f9c96a21287704a76ff3e5455335
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:  3594164 db6a4633ec5db81ce6e0bd1d9bf95193
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   116702 fade783b8720425b0f05004c6d9632ef
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   204170 e173db0beb2598ea64ac80262b8043e4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:  1816096 10fd0769547b8342fcf833182c66f7cd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_i386.deb
      Size/MD5 checksum:   192634 9f757a02bfa0e741b4d131191ac3bed1

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   168076 7caf0acd02827f3259cc523d24882267
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   174472 c8fbf63229bf8f13e1e51419a917da78
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   184950 8305ace7fb5c15b17da7cbd94ac114be
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   966902 6f09c27be295615d6724ec4e82c8682c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:     1036 8d0589021091a859a4fe1a8784cf2b84
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum: 12948914 25e2e3b61f3212b5e69fb8db376dea1c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   403298 00cd58b07f32fb9b33cdf3f9138ff48d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   158334 c03b2a84ab5db4574bce186a934bb61c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:  3377948 0ae22412a7c6766cc74b84578f029da0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   125598 a853f9be2fef52df2b7537a56a4762ca
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   204160 d6c4e9801cb584fa974ec2843d4e7dde
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:  2302302 8d6e65e606882e9a9f29eae5ecdc0505
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_ia64.deb
      Size/MD5 checksum:   242684 1c59d2b14cf73625549222c27feec305

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   168076 5626cf0a12a7d9993ab65840ac71b2e4
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   157080 ae8769ba33d1f7b1c55db5af74322108
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   184966 653cf87074a4392f1103f333b8f385a4
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   754910 5c54ed3f028d4fca725c43f17aac7472
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:     1038 b21e02e210697770a13094757afdb343
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum: 12164938 0710346051d9d6217a938faf1a6c3a5e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   403280 dec179a4a47c40e21b74e1015655a47a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   158346 0fbead0b5adfaf58475f3308ad5c7825
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:  3358624 8c0cbf705f20e694222dc2a2e558bf25
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   123514 7d29aa30c3c525bfb3674200d0853f60
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   204152 5f27c072d2b0cf7a88362b0ca86aa91f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:  2135198 ca8cf38363e6fa41e3c58e0f6813bcec
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_hppa.deb
      Size/MD5 checksum:   216176 dbf6f4e0538358e675fafb2215215ddb

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   168090 2f9923cada81ee2792194134d5c8766c
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   126174 a2d29b886d583dfeaecaf9140a98cbb1
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   184976 07788d7940bceb772ee38b639fa06c90
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   600262 57d23c1825ce20d9fdc7ed3c935e4822
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:     1044 6865b570c621d2715d90d55e72c18686
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:  9707812 039664d92d6585080245e56b31a495bc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   403372 80f8ea392f13f4a8615281ad17b45345
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   158396 e11aa75979022c10ff540e9cca7da37e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:  3336888 253879215a28c9c1611e1eab36739c69
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   114490 e32e9948e3e8df554e2314c7e7851c86
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   204220 56d85ed9b0439792035300fe5c3745e9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:  1683110 5392bc875f07ce277f17a08558223d76
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_m68k.deb
      Size/MD5 checksum:   174758 bd3bb602538e94bb672b67c80056aa51

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   168078 b716653d10d25308e460c0d15ce8c249
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   141006 e192f8087b16f7e17257aa63394def8f
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   184962 d2d6aaad54ee894ed00c678a856cd292
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   725986 e57f99d19cc017d3273eaa632cef1359
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:     1040 2574a4694290c9c0b66900214389d13a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum: 10729826 577b9c004ce4078826f9085cfef3f1b7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   403284 e32ea6716c0102cbd6e7c2c738239555
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   158342 ac17f1b907adddaae579376411860fe6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:  3358078 c03e05906c6da5b7f06c8adfb9bf1bb5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   117626 027b87aceadf873cadd52f5b5a6cdad2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   204166 04db7ee6b1bcc0a7e286bd7aed2a46af
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:  1795496 43c24c3da475b571baee65e6f97b3b72
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_mips.deb
      Size/MD5 checksum:   189876 4515f5447d4d74104bac1b98a21741a9

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   168080 6b20701ae2005724d525421407997b34
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   140964 20d773802c88e422796b2b0d8657f269
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   184956 e696e6afa300237c1fe8bf9d24c25341
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   715454 ba7d908f470f0fe10912263bd88ffe27
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:     1042 e660b635921248505a19c5bc4ad57698
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum: 10606956 9c45e8272bec9b1e40d18a577283d270
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   403302 fc7449f1c1aca3e3beb41743d5ddce15
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   158342 b357c21424e98e72a150cdc7ef285f36
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:  3358814 9384ee1ae88d0ce5bfb9cf7419cf1fc4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   117192 6cee62bb29d207039072c1f66b15693d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   204166 02d9a75229f18b8222cbde0809763968
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:  1777564 812da33649005f3e9c602b92e5198d0f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_mipsel.deb
      Size/MD5 checksum:   187450 50a81db8d3f8fb747b9641ebab1e44c2

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   168076 3ec22b357709447796939d749ee01918
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   131506 b23d3cb1d96dd102ea8e1a317611d9cf
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   184962 47e118b6e43ab5dd68edaaebb61a14a5
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   719212 2eb46acfdb0984316af95544d2a26586
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:     1040 da38d40720821ab284ff921f8d14ac7b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:  9706108 c273d7531e0510262497b2b665025009
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   403278 909516b0d9bfbc46f3c0dd438bb02c29
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   158338 2de3e64ff4391b9db98838fac617dbf6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:  3340554 4253026847bdceca40ba1f7f8a77150a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   114590 cf73e13daee899efb5d6cefb3e85c461
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   204148 3de97db7ab79ee5b688b62dc1132859c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:  1643042 52b9f55a9507da86f34ebda24e25ec12
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_powerpc.deb
      Size/MD5 checksum:   175652 d7538c95e4ea1efaf76737a24b5e0388

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   168070 97ce8fcc52d581aa9608dbc327abbe8b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   156822 008799a0d79ca556d878a20b96028354
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   184962 a3241679a42c7f8fe899e34ae7516981
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   799202 fbbf02a9624d975a1eaafdfaf025f885
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:     1042 12f767e93775437d702d9ea31bed575c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum: 11330344 442b98dd32a88fd33efa22d5d13bdd3e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   403320 aa21f60bfc070223d8a6f5c78c4b0faf
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   158350 b0981f49d6b5639a4712e2a115599d6b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:  3353136 4576af9688c6fc5b4e7fe64deb11aead
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   121352 1c1672d0d0f3752a0195ee1ff33d8ec4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   204158 a0a82c9fa992b839aaf60f9484fd9bc8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:  1944746 432f3f0fb2e1a429a51ddda422cc21cc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_s390.deb
      Size/MD5 checksum:   213482 f8bc5f9fa1e79b26ba22bb891e5b9b46

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   168082 98bec9b3ad75652b9fa7f0c425a2deb2
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   128722 9947038f2936e62834bfdd1b2672d497
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   184962 4ffe137e0baebd3335718ac6936ca52b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   673000 696296101aefad3cdc6e41c39320f85a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:     1038 e1e482e36d09311de2fb0416e068e070
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:  9376650 7b791062063db30e3a2f25436f410c01
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   403280 15a8a8616423b988387abcf2a3089b93
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   158336 2481b4d5956c4219f33a5c29d3125ed3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:  3341556 4765e3947b3045730fb35f128ec8b30c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   112532 8b9d8d6fb0469b333837653684508c68
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   204158 a46509b3f314a48cf5d0365dd999688a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:  1583728 57ca973e877b3a718e5534537c94e468
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_sparc.deb
      Size/MD5 checksum:   168012 2a402caa207ced1ede92416141a37ab9


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEwibVW5ql+IAeqTIRAgCjAKCTna7EXWnfCae8ORnFtPat+ZZZjQCgqMIj
JsY39Lz2s/UBFnxveD7ud+8=
=ySjN
-----END PGP SIGNATURE-----

    

- 漏洞信息

26313
Mozilla Multiple Products Text Box Arbitrary File Access (Variant)
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-06-01 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站