CVE-2006-2788
CVSS7.5
发布时间 :2006-06-02 17:06:00
修订时间 :2010-08-21 00:48:17
NMCOP    

[原文]Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.


[CNNVD]Mozilla Firefox getRawDER 双重释放漏洞(CNNVD-200606-076)

        Mozilla Firefox 是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。
        Firefox nsIX509Cert的getRawDER 功能存在双重释放漏洞,允许远程攻击者通过特定的Javascript代码造成拒绝服务攻击(挂起)和可能执行任意代码。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:firefox:0.10.1Mozilla Firefox 0.10.1
cpe:/a:mozilla:firefox:1.0.3Mozilla Firefox 1.0.3
cpe:/a:mozilla:firefox:1.5:beta1Mozilla Firefox 1.5 Beta 1
cpe:/a:mozilla:firefox:0.9Mozilla Firefox 0.9
cpe:/a:mozilla:firefox:1.5.0.1Mozilla Firefox 1.5.0.1
cpe:/a:mozilla:firefox:0.9.2Mozilla Firefox 0.9.2
cpe:/a:mozilla:firefox:1.0.1Mozilla Firefox 1.0.1
cpe:/a:mozilla:firefox:1.0.2Mozilla Firefox 1.0.2
cpe:/a:mozilla:firefox:0.10Mozilla Firefox 0.10
cpe:/a:mozilla:firefox:1.0.5Mozilla Firefox 1.0.5
cpe:/a:mozilla:firefox:1.0.4Mozilla Firefox 1.0.4
cpe:/a:mozilla:firefox:1.5Mozilla Firefox 1.5
cpe:/a:mozilla:firefox:1.0.6Mozilla Firefox 1.0.6
cpe:/a:mozilla:firefox:0.8Mozilla Firefox 0.8
cpe:/a:mozilla:firefox:1.0.7Mozilla Firefox 1.0.7
cpe:/a:mozilla:firefox:preview_release
cpe:/a:mozilla:firefox:0.9.1Mozilla Firefox 0.9.1
cpe:/a:mozilla:firefox:0.9.3Mozilla Firefox 0.9.3
cpe:/a:mozilla:firefox:1.0Mozilla Firefox 1.0
cpe:/a:mozilla:firefox:1.5:beta2Mozilla Firefox 1.5 Beta 2
cpe:/a:mozilla:firefox:1.5.0.2Mozilla Firefox 1.5.0.2
cpe:/a:mozilla:firefox:0.9:rcMozilla Firefox 0.9 rc
cpe:/a:mozilla:firefox:1.5.0.3Mozilla Firefox 1.5.0.3
cpe:/a:mozilla:firefox:1.0.6::linux

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11065Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) a...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2788
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2788
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-076
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.mozilla.org/show_bug.cgi?id=321598
(PATCH)  CONFIRM  https://bugzilla.mozilla.org/show_bug.cgi?id=321598
http://www.us.debian.org/security/2006/dsa-1191
(UNKNOWN)  DEBIAN  DSA-1191
http://www.ubuntulinux.org/support/documentation/usn/usn-296-1
(UNKNOWN)  UBUNTU  USN-296-1
http://www.ubuntu.com/usn/usn-361-1
(UNKNOWN)  UBUNTU  USN-361-1
http://www.redhat.com/support/errata/RHSA-2006-0611.html
(UNKNOWN)  REDHAT  RHSA-2006:0611
http://www.redhat.com/support/errata/RHSA-2006-0610.html
(UNKNOWN)  REDHAT  RHSA-2006:0610
http://www.redhat.com/support/errata/RHSA-2006-0594.html
(UNKNOWN)  REDHAT  RHSA-2006:0594
http://www.redhat.com/support/errata/RHSA-2006-0578.html
(UNKNOWN)  REDHAT  RHSA-2006:0578
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
(UNKNOWN)  MANDRIVA  MDKSA-2006:145
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
(UNKNOWN)  MANDRIVA  MDKSA-2006:143
http://www.debian.org/security/2006/dsa-1210
(UNKNOWN)  DEBIAN  DSA-1210
http://www.debian.org/security/2006/dsa-1192
(UNKNOWN)  DEBIAN  DSA-1192
http://secunia.com/advisories/22849
(VENDOR_ADVISORY)  SECUNIA  22849
http://secunia.com/advisories/22342
(VENDOR_ADVISORY)  SECUNIA  22342
http://secunia.com/advisories/22299
(VENDOR_ADVISORY)  SECUNIA  22299
http://secunia.com/advisories/22247
(VENDOR_ADVISORY)  SECUNIA  22247
http://secunia.com/advisories/21631
(VENDOR_ADVISORY)  SECUNIA  21631
http://secunia.com/advisories/21532
(VENDOR_ADVISORY)  SECUNIA  21532
http://secunia.com/advisories/21336
(VENDOR_ADVISORY)  SECUNIA  21336
http://secunia.com/advisories/21270
(VENDOR_ADVISORY)  SECUNIA  21270
http://secunia.com/advisories/21269
(VENDOR_ADVISORY)  SECUNIA  21269
http://rhn.redhat.com/errata/RHSA-2006-0609.html
(UNKNOWN)  REDHAT  RHSA-2006:0609

- 漏洞信息

Mozilla Firefox getRawDER 双重释放漏洞
高危 资料不足
2006-06-02 00:00:00 2006-06-05 00:00:00
远程  
        Mozilla Firefox 是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。
        Firefox nsIX509Cert的getRawDER 功能存在双重释放漏洞,允许远程攻击者通过特定的Javascript代码造成拒绝服务攻击(挂起)和可能执行任意代码。
        

- 公告与补丁

        临时解决方法:
        * 在"连接设置"中选择"直接连接至因特网(默认)"或"手动配置代理";
        * 禁用JavaScript;
        * 不要点击Firefox插件查找器的"手动安装"按键;
        * 在不可信任的站点不要从破损图形的上下文菜单选择"浏览图形";
        * 在"查看"菜单中清除选择"查看直接插入的附件",并不要打开任何VCard附件(.vcf扩展名);
        * 从Web输入剥离BOM,或指定UTF-8以外的字符编码。
        厂商补丁:
        Mozilla
        -------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://www.mozilla.org/

        Gentoo
        ------
        Gentoo已经为此发布了一个安全公告(GLSA-200606-12)以及相应补丁:
        GLSA-200606-12:Mozilla Firefox: Multiple vulnerabilities
        链接:
        http://security.gentoo.org/glsa/glsa-200606-12.xml

        所有Mozilla Firefox用户都应升级到最新版本:
         # emerge --sync
         # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.4"
        所有Mozilla Firefox二进制程序用户都应升级到最新版本:
         # emerge --sync
         # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.4"临时解决方法:
        * 在"连接设置"中选择"直接连接至因特网(默认)"或"手动配置代理";
        * 禁用JavaScript;
        * 不要点击Firefox插件查找器的"手动安装"按键;
        * 在不可信任的站点不要从破损图形的上下文菜单选择"浏览图形";
        * 在"查看"菜单中清除选择"查看直接插入的附件",并不要打开任何VCard附件(.vcf扩展名);
        * 从Web输入剥离BOM,或指定UTF-8以外的字符编码。
        厂商补丁:
        Mozilla
        -------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://www.mozilla.org/

        Gentoo
        ------
        Gentoo已经为此发布了一个安全公告(GLSA-200606-12)以及相应补丁:
        GLSA-200606-12:Mozilla Firefox: Multiple vulnerabilities
        链接:
        http://security.gentoo.org/glsa/glsa-200606-12.xml

        所有Mozilla Firefox用户都应升级到最新版本:
         # emerge --sync
         # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.4"
        所有Mozilla Firefox二进制程序用户都应升级到最新版本:
         # emerge --sync
         # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.4"

- 漏洞信息 (F52156)

Debian Linux Security Advisory 1210-1 (PacketStormID:F52156)
2006-11-16 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-2788,CVE-2006-4340,CVE-2006-4565,CVE-2006-4566,CVE-2006-4568,CVE-2006-4571
[点击下载]

Debian Security Advisory 1210-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1210-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 14th, 2006                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-firefox
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566
                 CVE-2006-4568 CVE-2006-4571
BugTraq ID     : 20042

Several security related problems have been discovered in Mozilla and
derived products such as Mozilla Firefox.  The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:

CVE-2006-2788

    Fernando Ribeiro discovered that a vulnerability in the getRawDER
    functionallows remote attackers to cause a denial of service
    (hang) and possibly execute arbitrary code.

CVE-2006-4340

    Daniel Bleichenbacher recently described an implementation error
    in RSA signature verification that cause the application to
    incorrectly trust SSL certificates.

CVE-2006-4565, CVE-2006-4566

    Priit Laes reported that that a JavaScript regular expression can
    trigger a heap-based buffer overflow which allows remote attackers
    to cause a denial of service and possibly execute arbitrary code.

CVE-2006-4568

    A vulnerability has been discovered that allows remote attackers
    to bypass the security model and inject content into the sub-frame
    of another site.

CVE-2006-4571

    Multiple unspecified vulnerabilities in Firefox, Thunderbird and
    SeaMonkey allow remote attackers to cause a denial of service,
    corrupt memory, and possibly execute arbitrary code.


For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-2sarge12.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.dfsg+1.5.0.7-1 of firefox.

We recommend that you upgrade your Mozilla Firefox package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12.dsc
      Size/MD5 checksum:     1003 751f0df80be8491ac3b24e902da6e3cb
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12.diff.gz
      Size/MD5 checksum:   441420 8b1078ef98ff79137869c932999d3957
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_alpha.deb
      Size/MD5 checksum: 11181154 771ba85fbf21e6419d87820fc6f19a9a
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_alpha.deb
      Size/MD5 checksum:   170352 f2c75d2fb5ab8684a20ba6fc08585cdb
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_alpha.deb
      Size/MD5 checksum:    62166 79fd193ea817fc1f466a57e4a37d74fa

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_amd64.deb
      Size/MD5 checksum:  9411492 3c3704ef1014e0d9dc38ece9d16a36d4
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_amd64.deb
      Size/MD5 checksum:   165132 54e7468747e04dc1449faa8ff9c123b4
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_amd64.deb
      Size/MD5 checksum:    60700 a8ac42c24a29be9b260a0ec426b83f1c

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_arm.deb
      Size/MD5 checksum:  8232340 0d9f98d7a3bc7bcef0d759b98061c79b
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_arm.deb
      Size/MD5 checksum:   156586 7b74819b6afa58f7c485fb581ace3501
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_arm.deb
      Size/MD5 checksum:    55998 08e378fe351fc437422ea242ff83a60c

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_hppa.deb
      Size/MD5 checksum: 10285622 0558779439806d577d49c812255c6d0d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_hppa.deb
      Size/MD5 checksum:   168054 cd002591b783ecec56da8995fb75a400
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_hppa.deb
      Size/MD5 checksum:    61152 a38e7bca2cbe87bf5bdfd006bc95e448

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_i386.deb
      Size/MD5 checksum:  8907626 1a353f19735c6339a74fe9d2a2b97fdf
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_i386.deb
      Size/MD5 checksum:   160320 e833f8887c1b541d8f6ef4b7552a70c7
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_i386.deb
      Size/MD5 checksum:    57550 00e2dc72d2a8af56650004ac095eee06

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_ia64.deb
      Size/MD5 checksum: 11644736 049ecdd937bff15ed7e12f1282599a98
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_ia64.deb
      Size/MD5 checksum:   170668 f3298445d8884cf133bcb837cc049240
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_ia64.deb
      Size/MD5 checksum:    65358 134710ff8c57f8e02e113b5af1df6662

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_m68k.deb
      Size/MD5 checksum:  8184660 b0103cf8b425bb76d91a7873f78d0217
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_m68k.deb
      Size/MD5 checksum:   159262 e04d0648d5b817a1b7314e5d77108873
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_m68k.deb
      Size/MD5 checksum:    56816 15dc3184acaf65cca897de7092a588ff

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_mips.deb
      Size/MD5 checksum:  9942738 846cc617e99976a64ce379ff04822370
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_mips.deb
      Size/MD5 checksum:   158130 e8812baecfd3f93a6540a44b7d97a9aa
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_mips.deb
      Size/MD5 checksum:    57818 44d481edc96edd5b33c6474064792a76

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_mipsel.deb
      Size/MD5 checksum:  9819470 41ecbd5f3543c0b110771e93e2307abc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_mipsel.deb
      Size/MD5 checksum:   157672 43ca2a353bacf378a2dc7dfa9a7f3a73
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_mipsel.deb
      Size/MD5 checksum:    57634 8d16796108c3a7627ab9654e977277a5

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_powerpc.deb
      Size/MD5 checksum:  8579128 b673ec3ded27be02020cc1e532b80740
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_powerpc.deb
      Size/MD5 checksum:   158740 8c7ef8d61c6753e3474b8867d5356d9b
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_powerpc.deb
      Size/MD5 checksum:    59932 ead83381ef8abacb712f57d64ab736df

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_s390.deb
      Size/MD5 checksum:  9649760 a4cd1c6d8ee856640fef8b97bee96657
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_s390.deb
      Size/MD5 checksum:   165732 197737ac3038ab474cb47e7c30d92374
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_s390.deb
      Size/MD5 checksum:    60126 81193293f0e149cfa90e8cd9b71a3e22

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_sparc.deb
      Size/MD5 checksum:  8671300 f486f39ddab307216a90532093d178b3
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_sparc.deb
      Size/MD5 checksum:   158928 03c9877b5d2151af331509a9c9d191b8
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_sparc.deb
      Size/MD5 checksum:    56362 5fb4c5c035b32c5fd1b86b48f1b5cafb


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFWXgbW5ql+IAeqTIRAtENAJ9xeF0xlPUuVEw+pzjsDKrYihqcXgCfdhFk
+Gs4pyVIv8JJj6SwRoJgMyc=
=VqVO
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F50749)

Debian Linux Security Advisory 1192-1 (PacketStormID:F50749)
2006-10-09 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-2788,CVE-2006-4340,CVE-2006-4565,CVE-2006-4566,CVE-2006-4568,CVE-2006-4570,CVE-2006-4571
[点击下载]

Debian Security Advisory 1192-1 - Several security related problems have been discovered in Mozilla and derived products.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1192-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 6th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566
                 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571
BugTraq ID     : 20042

Several security related problems have been discovered in Mozilla and
derived products.  The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:

CVE-2006-2788

    Fernando Ribeiro discovered that a vulnerability in the getRawDER
    functionallows remote attackers to cause a denial of service
    (hang) and possibly execute arbitrary code.

CVE-2006-4340

    Daniel Bleichenbacher recently described an implementation error
    in RSA signature verification that cause the application to
    incorrectly trust SSL certificates.

CVE-2006-4565, CVE-2006-4566

    Priit Laes reported that that a JavaScript regular expression can
    trigger a heap-based buffer overflow which allows remote attackers
    to cause a denial of service and possibly execute arbitrary code.

CVE-2006-4568

    A vulnerability has been discovered that allows remote attackers
    to bypass the security model and inject content into the sub-frame
    of another site.

CVE-2006-4570

    Georgi Guninski demonstrated that even with JavaScript disabled in
    mail (the default) an attacker can still execute JavaScript when a
    mail message is viewed, replied to, or forwarded.

CVE-2006-4571

    Multiple unspecified vulnerabilities in Firefox, Thunderbird and
    SeaMonkey allow remote attackers to cause a denial of service,
    corrupt memory, and possibly execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 1.7.8-1sarge7.3.1.

We recommend that you upgrade your Mozilla package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1.dsc
      Size/MD5 checksum:     1131 d15b48d8e6d5bb470cffefdb98fd8c58
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1.diff.gz
      Size/MD5 checksum:   565099 9539b911c438e419cee16fdce5ccebb1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_alpha.deb
      Size/MD5 checksum:   168064 ebdd93280990a822fe619b20d2c5651b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_alpha.deb
      Size/MD5 checksum:   147992 527d6cfc2f148b2b57a5710e927d2f7d
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_alpha.deb
      Size/MD5 checksum:   184944 6b61d08d769e011cbd2c90e8fb45c13b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_alpha.deb
      Size/MD5 checksum:   857794 f734aa2ccf548cd02f29c41af248191b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_alpha.deb
      Size/MD5 checksum:     1038 03fa5f515ce9cf9ee8b6909112e67241
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_alpha.deb
      Size/MD5 checksum: 11492210 6370fe9a4502211f03d1c556db10a9a9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_alpha.deb
      Size/MD5 checksum:   403278 be6c2e243d2690311b9ebd3f39d0699d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_alpha.deb
      Size/MD5 checksum:   158336 6e0d851b64e2eef0a971ec836bf1d8be
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_alpha.deb
      Size/MD5 checksum:  3358952 739167a1d53ef3fea8d48ac68a0ff985
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_alpha.deb
      Size/MD5 checksum:   122296 6fdf00b74974a4e264d5ad8cc211d10a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_alpha.deb
      Size/MD5 checksum:   204154 17bc334d8f76a7f53f4e1bf8487dc47a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_alpha.deb
      Size/MD5 checksum:  1937186 381885d5a06821864c32f351b37dc906
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_alpha.deb
      Size/MD5 checksum:   212632 bb11ae317c16108ca9320317eef099c7

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_amd64.deb
      Size/MD5 checksum:   168068 a6ec123adfd2fcbf9408596b5c73b9d4
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_amd64.deb
      Size/MD5 checksum:   147080 9152fff3ba0fbf2a2bf5460d8c96cb5f
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_amd64.deb
      Size/MD5 checksum:   184956 524afa513ee220128c8524c1205ef8f5
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_amd64.deb
      Size/MD5 checksum:   715998 08791e74ecdf20de41e5f19d94a716ca
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_amd64.deb
      Size/MD5 checksum:     1036 6742c0d8e01ba7280ee2517b02a0692a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_amd64.deb
      Size/MD5 checksum: 10958842 2dd4d59281c666921689dab18cc97a7f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_amd64.deb
      Size/MD5 checksum:   403286 ae407a2bc00ed600a3e4381bf4b2f5fa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_amd64.deb
      Size/MD5 checksum:   158332 9dc4bdb8e22d6a43a426768e1159465a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_amd64.deb
      Size/MD5 checksum:  3352976 007632e26f24148508945746e9b38808
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_amd64.deb
      Size/MD5 checksum:   121182 0b6333f64e2c554b0714ab2300a231f2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_amd64.deb
      Size/MD5 checksum:   204176 ddf17971c28fb17165bc67136e899437
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_amd64.deb
      Size/MD5 checksum:  1936044 5595ca57ce7bad38f20e8d096e263719
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_amd64.deb
      Size/MD5 checksum:   204450 d2da3c40abbd17b414db5eae5075dbd5

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_arm.deb
      Size/MD5 checksum:   168072 ff2516439a6a9142f390711efb348ad8
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_arm.deb
      Size/MD5 checksum:   125426 a4c096f68b567473cedf980a41b7841e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_arm.deb
      Size/MD5 checksum:   184972 958ce2289c9f9001c05c6fcbcb5c8a71
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_arm.deb
      Size/MD5 checksum:   633292 f9ae3102e3e1db4c7193cc647108affc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_arm.deb
      Size/MD5 checksum:     1038 c615211b7d148e6914ccc8206ae72269
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_arm.deb
      Size/MD5 checksum:  9220338 f018149aeceba69d07abd6ccf40511f8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_arm.deb
      Size/MD5 checksum:   403324 791115daa9842a854c101152b2aa53e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_arm.deb
      Size/MD5 checksum:   158364 ea384cea48bab4655a5b155b670dcbbe
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_arm.deb
      Size/MD5 checksum:  3342410 147a1d3e30e68d492d1606d8f5b75e8b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_arm.deb
      Size/MD5 checksum:   112668 151c1100ded9a89a7dca01496f657bde
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_arm.deb
      Size/MD5 checksum:   204172 ed28f22bc9063cd418041f1212cc3a01
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_arm.deb
      Size/MD5 checksum:  1604524 311d5cd9eaab1aaa9bb10ec44f1b43b8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_arm.deb
      Size/MD5 checksum:   169016 e827fe7370f7f3766230765c66e1b9ed

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_hppa.deb
      Size/MD5 checksum:   168070 64581dd9cc92cd679ee2fc0ee61db9f5
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_hppa.deb
      Size/MD5 checksum:   157996 716faceb18fb7018141b84f51c6503a7
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_hppa.deb
      Size/MD5 checksum:   184952 10cf87ce4aac77800d045012455f52b7
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_hppa.deb
      Size/MD5 checksum:   756042 44e58475246ab2da5fce46332b9bed8f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_hppa.deb
      Size/MD5 checksum:     1042 5cbd847400e085f61ce114727dc400e6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_hppa.deb
      Size/MD5 checksum: 12176912 0d2a27beadca59f8eb2102d1a032b351
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_hppa.deb
      Size/MD5 checksum:   403290 0640f6da79eab04ce3fb60f52f235763
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_hppa.deb
      Size/MD5 checksum:   158358 c748bbf13608c462fa51a7c200344324
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_hppa.deb
      Size/MD5 checksum:  3359202 f9182415beea6800a2799ef66853f001
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_hppa.deb
      Size/MD5 checksum:   123514 efafd42607f1d4219906f39f1153f56d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_hppa.deb
      Size/MD5 checksum:   204170 5f500679a2fbb03620fe96e5a9e66615
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_hppa.deb
      Size/MD5 checksum:  2135248 fbdad52922d54cbbd93b2c07435f114b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_hppa.deb
      Size/MD5 checksum:   216440 bfbe9cda6e01d1f17872512935be0699

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_i386.deb
      Size/MD5 checksum:   170352 93c0132757c2f5927cbcd3edbc6c50e1
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_i386.deb
      Size/MD5 checksum:   137902 746c7c10db2d40314da82cfbfe68b21b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_i386.deb
      Size/MD5 checksum:   187134 448048f13343dd917bf8e5b4aebc9c6c
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_i386.deb
      Size/MD5 checksum:   662738 c6c6a485eddccd6827e459d5a3ef1802
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_i386.deb
      Size/MD5 checksum:     1032 7dba2a502de330766b38b3de3415bb96
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_i386.deb
      Size/MD5 checksum: 10349414 3433a083e8caf92aeccd640fa8e3051c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_i386.deb
      Size/MD5 checksum:   403516 f2bf1fe26de0867f652d0279ee09a2ce
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_i386.deb
      Size/MD5 checksum:   158364 5efe6a701d8ec73f9b68c99f6ed8743a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_i386.deb
      Size/MD5 checksum:  3595032 20d25e4e398ee8e061023c051202ead0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_i386.deb
      Size/MD5 checksum:   116690 832936b80e72faa976f9b88cf7bbce1e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_i386.deb
      Size/MD5 checksum:   204166 8232c7007d5674ec81cadb21e1152192
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_i386.deb
      Size/MD5 checksum:  1816124 d86ab51a3bae24c0c15812c09a6d5aca
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_i386.deb
      Size/MD5 checksum:   192792 f6aa69247beb6d659fceeda712570211

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_ia64.deb
      Size/MD5 checksum:   168064 c7e380c8c28cb27c75f0eb4f5308ce0f
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_ia64.deb
      Size/MD5 checksum:   175418 51df9210069ec76233e987faf7332f73
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_ia64.deb
      Size/MD5 checksum:   184940 fa8414c133c69fcbc757eb5a973fd619
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_ia64.deb
      Size/MD5 checksum:   968238 1325acd2d3c6cd55da5862c4cc37c7e7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_ia64.deb
      Size/MD5 checksum:     1034 7cb96d17eca85528e75571e908eea762
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_ia64.deb
      Size/MD5 checksum: 12965968 c806fe57cad11be3e517ae32a9bf8a74
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_ia64.deb
      Size/MD5 checksum:   403278 38b8e1dee5235aba18f4481e8358e17a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_ia64.deb
      Size/MD5 checksum:   158342 92e3349223f0ce8018df4a5e3dd3d284
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_ia64.deb
      Size/MD5 checksum:  3378668 afbbe0a2a0388afa336f0fa5b2e9b375
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_ia64.deb
      Size/MD5 checksum:   125586 f628ec3a2a0e9ffd882349a4748b5bb5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_ia64.deb
      Size/MD5 checksum:   204164 b64822e5541dbf9ce18c25c3c57a727c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_ia64.deb
      Size/MD5 checksum:  2302358 89a93b8c9f670c25508881335159d695
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_ia64.deb
      Size/MD5 checksum:   242930 62fc9a87649de2ecef2a39542c470857

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_m68k.deb
      Size/MD5 checksum:   168078 c3b7aa1b816f29a98e4a111cb8eee55b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_m68k.deb
      Size/MD5 checksum:   127086 70b2e18c48d5fa16a42ea2c230841434
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_m68k.deb
      Size/MD5 checksum:   184992 b243567f7524c97f6d32ef7acfd419cd
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_m68k.deb
      Size/MD5 checksum:   601300 39d6c017e68ea837f0ce4da5fed30499
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_m68k.deb
      Size/MD5 checksum:     1044 70236bff1f5c7409fa727dbb9125aaa0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_m68k.deb
      Size/MD5 checksum:  9717226 5ba4f9b972b837b6007874872dd3b352
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_m68k.deb
      Size/MD5 checksum:   403386 fff7cf6c197cb493e92daf6d41d26e34
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_m68k.deb
      Size/MD5 checksum:   158420 701da929538dad73aec9fdc68cdcf749
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_m68k.deb
      Size/MD5 checksum:  3338098 a046f1d0df0784228383a9e8406d7a65
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_m68k.deb
      Size/MD5 checksum:   114484 669b9051c0991e44bda2db410c91cb95
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_m68k.deb
      Size/MD5 checksum:   204216 99c53a9c2f2350a4a1a9d39c78054047
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_m68k.deb
      Size/MD5 checksum:  1683242 aa2ed286b86606c51481d4a51729b1f9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_m68k.deb
      Size/MD5 checksum:   175022 504150e924b5ad04892b29e06646d9e5

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_mips.deb
      Size/MD5 checksum:   168068 986e98f644a1ce7e41c8b66ea64a78d3
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_mips.deb
      Size/MD5 checksum:   141958 9d48c8ead5b703ec59e151fe015017a9
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_mips.deb
      Size/MD5 checksum:   184944 8c22e740e0f30065e3e2555470a7400e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_mips.deb
      Size/MD5 checksum:   727008 4eb13d18c10aba6970877152605932d6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_mips.deb
      Size/MD5 checksum:     1042 a03a2cb21c195c0be9fddc05bc36ae2a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_mips.deb
      Size/MD5 checksum: 10738234 765f082c174e71fcf336a1a05d4da21e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_mips.deb
      Size/MD5 checksum:   403294 321aad797e8afc4d201f2e2f5b2aa451
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_mips.deb
      Size/MD5 checksum:   158346 83a396e806b4d7d0f488081d0f573adf
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_mips.deb
      Size/MD5 checksum:  3358822 e9c2a6ec923da290335ca1251b871ea3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_mips.deb
      Size/MD5 checksum:   117644 1b60a2916cd066c5e8ee1bc615b549ba
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_mips.deb
      Size/MD5 checksum:   204164 0b7ec0de758949ede920d1fda470b406
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_mips.deb
      Size/MD5 checksum:  1795554 1ecdca7f3d0175d64d1320cccb3e4c97
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_mips.deb
      Size/MD5 checksum:   190110 d507d038190177f2a07a236770596b43

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_mipsel.deb
      Size/MD5 checksum:   168076 daeb11c43fcdae32f8107fc870d413ea
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_mipsel.deb
      Size/MD5 checksum:   141908 58052e46884d461b22cf6308183d8104
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_mipsel.deb
      Size/MD5 checksum:   184954 793c3b33874d48779520cbb302ccf07d
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_mipsel.deb
      Size/MD5 checksum:   716464 ca48760ff0f4621ee9562aa839358520
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_mipsel.deb
      Size/MD5 checksum:     1042 9f3f22a5debbcc2e8dfc009d97e35d2e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_mipsel.deb
      Size/MD5 checksum: 10617798 9fde4aa43c30493758af5c0d27248a85
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_mipsel.deb
      Size/MD5 checksum:   403288 15fd9ac211379c4a53d1a00002f1954d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_mipsel.deb
      Size/MD5 checksum:   158330 62e83130300fef744be42b911f872701
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_mipsel.deb
      Size/MD5 checksum:  3359560 9af2ab0f437e08b5936c7cd56a181b63
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_mipsel.deb
      Size/MD5 checksum:   117204 2c2503930b8b58af5e74ad2d1270591d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_mipsel.deb
      Size/MD5 checksum:   204156 0bb224941755465b55ff6df8cec8cfcb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_mipsel.deb
      Size/MD5 checksum:  1777612 cbcf8085e6ec3a7ba97b0e751b5345c4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_mipsel.deb
      Size/MD5 checksum:   187622 9bc6ba814ade0445aff6d5a9c4d3a696

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_powerpc.deb
      Size/MD5 checksum:   168074 d7b4a7c5bbe3baac5133c3fa1a265e07
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_powerpc.deb
      Size/MD5 checksum:   132428 774701aa5761a72b48719cc3c90b95e7
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_powerpc.deb
      Size/MD5 checksum:   184956 7b79f2e6d9d4cba7c9b8ab88b2232604
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_powerpc.deb
      Size/MD5 checksum:   720214 ef13301949fb2cb87c0f2464220bfad0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_powerpc.deb
      Size/MD5 checksum:     1042 b11e9180cd97514ea791541dc51c6e5d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_powerpc.deb
      Size/MD5 checksum:  9711648 8c107826f2ec6cca249be5f1042dea0e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_powerpc.deb
      Size/MD5 checksum:   403292 12e27826c444ab1f8c5afd88f154fbcb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_powerpc.deb
      Size/MD5 checksum:   158356 affeb35493057105a7dfd89bba5d40dd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_powerpc.deb
      Size/MD5 checksum:  3341204 ad03912ca42d8d14ab7b269e30c444b1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_powerpc.deb
      Size/MD5 checksum:   114582 3c198af3d33673a9d6f2e7c1cec00e4f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_powerpc.deb
      Size/MD5 checksum:   204176 a6d09e9b630d9210a1cf1ffbc81c8569
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_powerpc.deb
      Size/MD5 checksum:  1643154 2d343f903c492177885ee167aa89eb7a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_powerpc.deb
      Size/MD5 checksum:   175816 8e2eddbd5631017cb725b69e1e493143

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_s390.deb
      Size/MD5 checksum:   168072 181bd53f98bae36e2c65617f7d19d3dd
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_s390.deb
      Size/MD5 checksum:   157706 4841fbcddea3c973c0e58f650b02be0a
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_s390.deb
      Size/MD5 checksum:   184944 3676098265fe184b29eeaeb5600fb0b0
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_s390.deb
      Size/MD5 checksum:   800404 d59043ee3f8de6109ded310eb2676caa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_s390.deb
      Size/MD5 checksum:     1038 f2edb972286fb96d781b6eedda318047
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_s390.deb
      Size/MD5 checksum: 11339772 1d4d0d4737b0da240db0aa3d64f740de
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_s390.deb
      Size/MD5 checksum:   403280 4a628c6906de57be839683efc0e75385
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_s390.deb
      Size/MD5 checksum:   158330 d948a64b56af65bcef8ea69095d2c7f0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_s390.deb
      Size/MD5 checksum:  3353612 fdd6c8b25715b6bd4a19afa9a1f6d6de
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_s390.deb
      Size/MD5 checksum:   121366 c9a927eaf8fdd5e81ec5e4ccd65cbfcc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_s390.deb
      Size/MD5 checksum:   204170 db1baf6a69237d2ad992312f7e49e06f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_s390.deb
      Size/MD5 checksum:  1944792 7c2ccc266fed2030012e957b1e8468b5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_s390.deb
      Size/MD5 checksum:   213644 610bee894928b26d2b807525e5cae97e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_sparc.deb
      Size/MD5 checksum:   168068 6fcfd42726a291edb1cfd61e2f11a984
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_sparc.deb
      Size/MD5 checksum:   129660 f339731cd85d092184e8d645692b6a46
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_sparc.deb
      Size/MD5 checksum:   184956 753e6c5c8897c8b295069be4aedcc55b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_sparc.deb
      Size/MD5 checksum:   674042 57126ff0e746ea6353e94c9cd12f19de
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_sparc.deb
      Size/MD5 checksum:     1040 c67300bde176389372c7fc1c165f5976
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_sparc.deb
      Size/MD5 checksum:  9384000 d747594bfa533f6df4021ec0230289f2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_sparc.deb
      Size/MD5 checksum:   403286 4be3db86d8867bb882fee94008bc5246
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_sparc.deb
      Size/MD5 checksum:   158348 549784d01068073683bc83977403e545
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_sparc.deb
      Size/MD5 checksum:  3342172 b6572f524ddc2f0a90cb1b57ef53066a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_sparc.deb
      Size/MD5 checksum:   112514 8dfad0f1400d292cafe84da604f849d8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_sparc.deb
      Size/MD5 checksum:   204154 a09ecfc644a8bbb0f8a6d333afbc6b59
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_sparc.deb
      Size/MD5 checksum:  1583764 1d3bca34a075297f04f503831eea979c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_sparc.deb
      Size/MD5 checksum:   168194 ad23c724cea9ef75bde64e0d5565e791


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFJkfiW5ql+IAeqTIRAgdFAKCoagXBRFY9thTBjbcPNI29sORHOgCfQ7g9
YD5UbakZ17L+QlLyrMoMxtY=
=ouT1
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F50727)

Debian Linux Security Advisory 1191-1 (PacketStormID:F50727)
2006-10-09 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-2788,CVE-2006-4340,CVE-2006-4565,CVE-2006-4566,CVE-2006-4568,CVE-2006-4570,CVE-2006-4571
[点击下载]

Debian Security Advisory 1191-1: Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1191-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 5th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-thunderbird
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566
                 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571
BugTraq ID     : 20042

Several security related problems have been discovered in Mozilla and
derived products such as Mozilla Thunderbird.  The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:

CVE-2006-2788

    Fernando Ribeiro discovered that a vulnerability in the getRawDER
    functionallows remote attackers to cause a denial of service
    (hang) and possibly execute arbitrary code.

CVE-2006-4340

    Daniel Bleichenbacher recently described an implementation error
    in RSA signature verification that cause the application to
    incorrectly trust SSL certificates.

CVE-2006-4565, CVE-2006-4566

    Priit Laes reported that that a JavaScript regular expression can
    trigger a heap-based buffer overflow which allows remote attackers
    to cause a denial of service and possibly execute arbitrary code.

CVE-2006-4568

    A vulnerability has been discovered that allows remote attackers
    to bypass the security model and inject content into the sub-frame
    of another site.

CVE-2006-4570

    Georgi Guninski demonstrated that even with JavaScript disabled in
    mail (the default) an attacker can still execute JavaScript when a
    mail message is viewed, replied to, or forwarded.

CVE-2006-4571

    Multiple unspecified vulnerabilities in Firefox, Thunderbird and
    SeaMonkey allow remote attackers to cause a denial of service,
    corrupt memory, and possibly execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.8c.1.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.0.7-1.

We recommend that you upgrade your Mozilla Thunderbird packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1.dsc
      Size/MD5 checksum:     1003 d7261fba347b9876e873f1d424e60190
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1.diff.gz
      Size/MD5 checksum:   519315 066ed351050722c36274e3e837fd174f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_alpha.deb
      Size/MD5 checksum: 12855288 285e55a20445ea5dffe79de01baf788c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_alpha.deb
      Size/MD5 checksum:  3280106 0206d9fe08e3da2d4bf919c6b2b54ec7
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_alpha.deb
      Size/MD5 checksum:   152092 c5c984f0f11f94cb263f5bbef367de09
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_alpha.deb
      Size/MD5 checksum:    33520 ed7e6d825f630da666e07914527f2c75
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_alpha.deb
      Size/MD5 checksum:    89492 1e9ed565915dc4327e444ad999cc5daa

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_amd64.deb
      Size/MD5 checksum: 12258904 f40f86252184ce7360b2b9d1e58cef8f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_amd64.deb
      Size/MD5 checksum:  3281164 e4e2160d22d4721508f1762804b3b18b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_amd64.deb
      Size/MD5 checksum:   151124 a72d17f827929c9189f9ba96ff73c7a1
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_amd64.deb
      Size/MD5 checksum:    33512 bbe0fe4a7e56a138c220790ab9de97a6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_amd64.deb
      Size/MD5 checksum:    89350 f2b7e1d1d4eb5f1abb2522ddbdb46ff5

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_arm.deb
      Size/MD5 checksum: 10345146 4c171699433072d443eb7b35a2550fd2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_arm.deb
      Size/MD5 checksum:  3272118 a52ad3d2cd1806e936374537e135d7db
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_arm.deb
      Size/MD5 checksum:   143266 9dedbe9b5f45727a93cfccb5c99bf371
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_arm.deb
      Size/MD5 checksum:    33522 14d1c0d0af46731075ea7c35c2900258
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_arm.deb
      Size/MD5 checksum:    81318 81219b4c82896fab12427e42df1b2760

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_hppa.deb
      Size/MD5 checksum: 13570024 3a62ee11075402dfad030e2ede937191
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_hppa.deb
      Size/MD5 checksum:  3285124 e9cadee2d32b2bcb56b1278043e97da4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_hppa.deb
      Size/MD5 checksum:   153296 3fecaa707002afb1ba6854da724ad132
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_hppa.deb
      Size/MD5 checksum:    33520 83e537b9aff4d44fd958043298a1d7f2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_hppa.deb
      Size/MD5 checksum:    97390 c3ceeedcf00d99d34c7b5f424da7da63

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_i386.deb
      Size/MD5 checksum: 11568436 af1de65bd715970c4432149aec80b2a2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_i386.deb
      Size/MD5 checksum:  3507870 5dab89db24f1443fe782dc931f4ee0af
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_i386.deb
      Size/MD5 checksum:   146732 bc52082cd1ab0f026c401204cd63b4a7
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_i386.deb
      Size/MD5 checksum:    33518 5d3c9700cce7b9c0261c246ed7b8afd4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_i386.deb
      Size/MD5 checksum:    88084 e244c9c8b7224814774bef13f4213d4e

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_ia64.deb
      Size/MD5 checksum: 14628630 07bfcc171f449b86b9d62f903e29d506
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_ia64.deb
      Size/MD5 checksum:  3291260 d7186841974796f8f90be26700801a95
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_ia64.deb
      Size/MD5 checksum:   155452 e17eb664e56fcc0809dd36580f92cc1a
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_ia64.deb
      Size/MD5 checksum:    33514 fc890529fdea5526a05ffd16b96f5956
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_ia64.deb
      Size/MD5 checksum:   107220 eb93528d586b050ecc3b60742b4fa344

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_m68k.deb
      Size/MD5 checksum: 10794842 fa716b92e3c7a9d67fad6fd453c78bb4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_m68k.deb
      Size/MD5 checksum:  3271690 d95eb910dd6d38de41c17fcb6b1c4696
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_m68k.deb
      Size/MD5 checksum:   145054 2b7570676e15cea809905c442f91b5e0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_m68k.deb
      Size/MD5 checksum:    33550 3db6c520d1c489fb4e17501d19dececf
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_m68k.deb
      Size/MD5 checksum:    82556 32d25c11844a48ed963e3c5c51ff34fc

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_mips.deb
      Size/MD5 checksum: 11948708 4f58ce9668da6a12b823edaa3c8b35b3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_mips.deb
      Size/MD5 checksum:  3279410 e639b2bf43eda95d3ca3bb0b9aec6df7
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_mips.deb
      Size/MD5 checksum:   148042 cb6ee4a9bd4dec3166e48e356b9c3465
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_mips.deb
      Size/MD5 checksum:    33524 2765555b00f4ed717b34e98c5c0d9c02
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_mips.deb
      Size/MD5 checksum:    84748 0e934e90bb6bd47c7500fd665728ba27

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_mipsel.deb
      Size/MD5 checksum: 11817078 4239077894c74444d33063229dd847df
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_mipsel.deb
      Size/MD5 checksum:  3280416 ac165850436e63818da8fffe134628d1
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_mipsel.deb
      Size/MD5 checksum:   147600 ae6d7ff1b34dddab3d0c18d6e38bc77b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_mipsel.deb
      Size/MD5 checksum:    33518 27bed1b95a4e34a291c7e67c6a9fdd37
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_mipsel.deb
      Size/MD5 checksum:    84650 173fefc8b58b15398b3cccad2c812495

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_powerpc.deb
      Size/MD5 checksum: 10912494 d13ec5b97f5fde0795e5f762330756f6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_powerpc.deb
      Size/MD5 checksum:  3270108 dbd7eb3154db4a379fcfcda6b7d414b9
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_powerpc.deb
      Size/MD5 checksum:   145048 b9ab45845f58fb064d7d1ae449481db9
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_powerpc.deb
      Size/MD5 checksum:    33526 b5e07e26d215581b4cc0fea6d71beaf3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_powerpc.deb
      Size/MD5 checksum:    81478 b57b8038afbfd5490a6cf847e740ab60

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_s390.deb
      Size/MD5 checksum: 12705708 68195861caccd07a18a379ffe2e88403
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_s390.deb
      Size/MD5 checksum:  3280614 38dec996622a4e1762a1ef683bba9c43
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_s390.deb
      Size/MD5 checksum:   151436 b54ba7420653e63746d019b979f3ae76
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_s390.deb
      Size/MD5 checksum:    33516 e24dafe27c103a8d40de9a905b052311
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_s390.deb
      Size/MD5 checksum:    89290 9daa1eb634834e02aefde0a594bcd0f9

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_sparc.deb
      Size/MD5 checksum: 11181284 adedd4c6302ddb868a531810d226143a
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_sparc.deb
      Size/MD5 checksum:  3275816 c38922ec47674939277e6984f87c0eb4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_sparc.deb
      Size/MD5 checksum:   144702 9183a627463aa564a0313d4d361d22f3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_sparc.deb
      Size/MD5 checksum:    33528 5f87736faa9ee0a9b10e29c48280798a
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_sparc.deb
      Size/MD5 checksum:    83122 72966880dc02a1b472dcac7b1404fa58


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFJNsFW5ql+IAeqTIRAgeZAJ0dYXyy9QKfcADcFekhEP7n0hfqeACgpro4
H5iKBfGUezJNoEbseNfM8+Q=
=Dv+0
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F49350)

Mandriva Linux Security Advisory 2006.143 (PacketStormID:F49350)
2006-08-27 00:00:00
Mandriva  mandriva.com
advisory,vulnerability
linux,mandriva
CVE-2006-2613,CVE-2006-2894,CVE-2006-2775,CVE-2006-2776,CVE-2006-2777,CVE-2006-2778,CVE-2006-2779,CVE-2006-2780,CVE-2006-2782,CVE-2006-2783,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788,CVE-2006-3677,CVE-2006-3803,CVE-2006-3804
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-143 - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:143
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mozilla-firefox
 Date    : August 16, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of security vulnerabilities have been discovered and corrected
 in the latest Mozilla Firefox program.
 
 Previous updates to Firefox were patch fixes to Firefox 1.0.6 that
 brought it in sync with 1.0.8 in terms of security fixes.  In this
 update, Mozilla Firefox 1.5.0.6 is being provided which corrects a
 number of vulnerabilities that were previously unpatched, as well as
 providing new and enhanced features.
 
 The following CVE names have been corrected with this update:
 CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776,
 CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780,
 CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, 
 CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677,
 CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807,
 CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805,
 CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811,
 CVE-2006-3812.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2613
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2777
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2780
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2784
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2788
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812
 http://www.mozilla.org/security/announce/2006/mfsa2006-31.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-33.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-34.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-35.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-36.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-37.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-38.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-39.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-41.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-42.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-43.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
 http://www.mozilla.org/security/announce/2006/mfsa2006-56.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 76ef1a2e7338c08e485ab2c19a1ce691  2006.0/RPMS/devhelp-0.10-7.1.20060mdk.i586.rpm
 d44f02b82df9f404f899ad8bc4bdd6a2  2006.0/RPMS/epiphany-1.8.5-4.1.20060mdk.i586.rpm
 29efc065aeb4a53a105b2c27be816758  2006.0/RPMS/epiphany-devel-1.8.5-4.1.20060mdk.i586.rpm
 caad34c0d4c16a50ec4b05820e6d01db  2006.0/RPMS/galeon-2.0.1-1.1.20060mdk.i586.rpm
 d0e75938f4e129936351f015bd90a37a  2006.0/RPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.noarch.rpm
 652044ff7d9c3170df845011ec696393  2006.0/RPMS/libdevhelp-1_0-0.10-7.1.20060mdk.i586.rpm
 bf6dcf87f409d06b42234dbca387b922  2006.0/RPMS/libdevhelp-1_0-devel-0.10-7.1.20060mdk.i586.rpm
 e9aaff3090a4459b57367f4903b0458a  2006.0/RPMS/libnspr4-1.5.0.6-1.4.20060mdk.i586.rpm
 fa99cbc159722cc0ff9e5710f24ca599  2006.0/RPMS/libnspr4-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 d4d45b797ca2f2347c0409d9f956ff25  2006.0/RPMS/libnspr4-static-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 8d33e72703090a911f7fd171ad9dd719  2006.0/RPMS/libnss3-1.5.0.6-1.4.20060mdk.i586.rpm
 23afd287c042c5492c210255554a6893  2006.0/RPMS/libnss3-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 4a188f54230b943ea9c8930eb2e0cfe1  2006.0/RPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.i586.rpm
 5bec4690547fd733ca97cb2933ebe427  2006.0/RPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.i586.rpm
 55836595e5cba3828a9a5a27e5aa1825  2006.0/RPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.i586.rpm
 0faf5ee7022ee0b70915d2c845865cae  2006.0/RPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.i586.rpm
 312a89317692b3bd86060a1995365d86  2006.0/RPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.i586.rpm
 38215dccbee8a169bcbac2af2897c2f7  2006.0/RPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.i586.rpm
 aaba2fa72f8de960a3a757b3010027d3  2006.0/RPMS/mozilla-firefox-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 d8d59a55974f6fa20d99fb30f126638f  2006.0/RPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.i586.rpm
 946e6a76c71dbbee3340f1a96ae25a1d  2006.0/RPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.i586.rpm
 9a14c31a41c2bac3942caa3d1fb5daee  2006.0/RPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.i586.rpm
 b5074c27d1cb719bf9f8fabe8aebf628  2006.0/RPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.i586.rpm
 7a225cdfdf0c17c0f4a72ad27907fc07  2006.0/RPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.i586.rpm
 06526a054d108d3c9b5f66313151ecc2  2006.0/RPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.i586.rpm
 8f721bd3914c31e04359def6272db929  2006.0/RPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.i586.rpm
 a704ed726e6db4ba59592563cd2c48b0  2006.0/RPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.i586.rpm
 0ef6729b05e013a364e847e4a1b7b3e3  2006.0/RPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.i586.rpm
 570b19872de676414b399ff970024b78  2006.0/RPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.i586.rpm
 dee38f0bbe3870d3bd8ad02ea968c57a  2006.0/RPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.i586.rpm
 92916e155ec38b5078234728593d72a2  2006.0/RPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.i586.rpm
 c808f2f32fc9e514ffb097eeeb226a96  2006.0/RPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.i586.rpm
 6dda5771d062eae75f8f04b7dab8d6cc  2006.0/RPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.i586.rpm
 c4ac8441170504cc5ec05cf5c8e6e9f9  2006.0/RPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.i586.rpm
 2765008afd4c0ba1d702eda9627a7690  2006.0/RPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.i586.rpm
 15b600977b07651f1c3568f4d7f1f9ac  2006.0/RPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.i586.rpm
 6f1fae6befe608fc841fcc71e15852c0  2006.0/RPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.i586.rpm
 81f412da40ea14bcc23d420d7a5724f9  2006.0/RPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.i586.rpm
 76e0ece3c0b6f507340871a168a57e36  2006.0/RPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.i586.rpm
 6ded58e85ed113718cfb3484ae420bb9  2006.0/RPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.i586.rpm
 c76f6648e88de4a63991eac66c3fba04  2006.0/RPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.i586.rpm
 1c7ab93275bcdcf30ed9ec2ddb4893df  2006.0/RPMS/yelp-2.10.0-6.1.20060mdk.i586.rpm
 60279919aa5f17c2ecd9f64db87cb952  2006.0/SRPMS/devhelp-0.10-7.1.20060mdk.src.rpm
 c446c046409b6697a863868fe5c64222  2006.0/SRPMS/epiphany-1.8.5-4.1.20060mdk.src.rpm
 e726300336f737c8952f664bf1866d6f  2006.0/SRPMS/galeon-2.0.1-1.1.20060mdk.src.rpm
 e9e30596eceb0bc9a03f7880cd7d14ea  2006.0/SRPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.src.rpm
 4168c73cba97276fa4868b4ac2c7eb19  2006.0/SRPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.src.rpm
 6a7df29f5af703d10d7ea1fee160ac00  2006.0/SRPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.src.rpm
 e56e14c28051ec4332cbde8dbee7bb6a  2006.0/SRPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.src.rpm
 1a144c86fd8db39e2801117296e15d2b  2006.0/SRPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.src.rpm
 f4889d2ee6e07c0141b57ab9aaccae64  2006.0/SRPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.src.rpm
 dee0f7bc91c797e880fff19e1cb05a63  2006.0/SRPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.src.rpm
 45724f6ceed66701392bd131feaf1f6d  2006.0/SRPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.src.rpm
 cc680cac7fea3f7f8a48a5daf86db088  2006.0/SRPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.src.rpm
 69b04335c21313262af4253863109cc8  2006.0/SRPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.src.rpm
 2aab89244a535afcbc25271df5d6b33f  2006.0/SRPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.src.rpm
 f1c7f71d5484c5047b1b38fc16888ae3  2006.0/SRPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.src.rpm
 3963e3c3a2c38c41d9d3bc5250b124a6  2006.0/SRPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.src.rpm
 bb54aed17a126a9e8568d49866db99ea  2006.0/SRPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.src.rpm
 2a1b11f2c8944bc1fc0d313d54a903cf  2006.0/SRPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.src.rpm
 783c5b3c0fb9916e07f220110155476d  2006.0/SRPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.src.rpm
 895e315731fa0b453045cc39da4f5358  2006.0/SRPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.src.rpm
 daa0a127d2a1a3641d4e97bfb95f1647  2006.0/SRPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.src.rpm
 0c778b0738b11dfd5d68be48fa6316ed  2006.0/SRPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.src.rpm
 7025d0118cf29e39117bd87c586e84a3  2006.0/SRPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.src.rpm
 5d8b8e869f588c0f5751e9ce7addba45  2006.0/SRPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.src.rpm
 c5148674a8c7dd1f88c5729293f899ba  2006.0/SRPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.src.rpm
 91d490c075473e2443e383201b961cb8  2006.0/SRPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.src.rpm
 622ae4619d151bb1634113e50b30fbac  2006.0/SRPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.src.rpm
 e6d64c14929d299e2fb52e334ae6641a  2006.0/SRPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.src.rpm
 20f64c6dfd6aa1450cba5002d42f53d8  2006.0/SRPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.src.rpm
 b93a6b548bb1cf0f8cc46dec133e81a3  2006.0/SRPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.src.rpm
 f5603b65b3d10fa5083934e08d2d4560  2006.0/SRPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.src.rpm
 c0e978ea92b4a8f3aa75dad5ab7588b9  2006.0/SRPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.src.rpm
 93cb0acaeddb095d13b37aeb0ab4dd49  2006.0/SRPMS/yelp-2.10.0-6.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 d52f4955f15f99137dd9a0b2f360c8b2  x86_64/2006.0/RPMS/devhelp-0.10-7.1.20060mdk.x86_64.rpm
 369457b4a09c07ba18ee5bb18fb2ffa1  x86_64/2006.0/RPMS/epiphany-1.8.5-4.1.20060mdk.x86_64.rpm
 76735684f3ff493770e374a90fd359c7  x86_64/2006.0/RPMS/epiphany-devel-1.8.5-4.1.20060mdk.x86_64.rpm
 5da75ab6624f8c8f0c212ce2299d645f  x86_64/2006.0/RPMS/galeon-2.0.1-1.1.20060mdk.x86_64.rpm
 945059b9456c9ff2ccd40ff4a6d8ae70  x86_64/2006.0/RPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.noarch.rpm
 193f97760bb46e16051ba7b6b968f340  x86_64/2006.0/RPMS/lib64devhelp-1_0-0.10-7.1.20060mdk.x86_64.rpm
 1b67733b0450cd6572c9879c0eb38640  x86_64/2006.0/RPMS/lib64devhelp-1_0-devel-0.10-7.1.20060mdk.x86_64.rpm
 115fcbc6c99bf063cd1768d2b08e9d89  x86_64/2006.0/RPMS/lib64nspr4-1.5.0.6-1.4.20060mdk.x86_64.rpm
 686404fa32e2625f23b19e11c548bbe5  x86_64/2006.0/RPMS/lib64nspr4-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm
 f0886b330d3f5af566af6cf5572ca671  x86_64/2006.0/RPMS/lib64nspr4-static-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm
 10e9abdcb3f952c4db35c85fe58ad8ad  x86_64/2006.0/RPMS/lib64nss3-1.5.0.6-1.4.20060mdk.x86_64.rpm
 202bab2742f162d1cbd6d36720e6f7fb  x86_64/2006.0/RPMS/lib64nss3-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm
 e9aaff3090a4459b57367f4903b0458a  x86_64/2006.0/RPMS/libnspr4-1.5.0.6-1.4.20060mdk.i586.rpm
 fa99cbc159722cc0ff9e5710f24ca599  x86_64/2006.0/RPMS/libnspr4-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 d4d45b797ca2f2347c0409d9f956ff25  x86_64/2006.0/RPMS/libnspr4-static-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 8d33e72703090a911f7fd171ad9dd719  x86_64/2006.0/RPMS/libnss3-1.5.0.6-1.4.20060mdk.i586.rpm
 23afd287c042c5492c210255554a6893  x86_64/2006.0/RPMS/libnss3-devel-1.5.0.6-1.4.20060mdk.i586.rpm
 74811077c91dde3bc8c8bae45e5862a7  x86_64/2006.0/RPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.x86_64.rpm
 75711988a67bf3f36fc08823561bb2b7  x86_64/2006.0/RPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.x86_64.rpm
 5bd9ad43769390549ab3c4549c971db7  x86_64/2006.0/RPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.x86_64.rpm
 dfdd808e2ec0866c15db5f1ea6a5b5bd  x86_64/2006.0/RPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.x86_64.rpm
 1fad19f458ce0aa50e86710ed3b7fe04  x86_64/2006.0/RPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.x86_64.rpm
 743e8d4f009ab2d2fc2e8c131244fb57  x86_64/2006.0/RPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.x86_64.rpm
 476ee9a87f650a0ef3523a9619f9f611  x86_64/2006.0/RPMS/mozilla-firefox-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm
 be48721cbc6e5634b50ce5b6cfe4a951  x86_64/2006.0/RPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.x86_64.rpm
 e56ce18466e20db3189e035329c606ce  x86_64/2006.0/RPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.x86_64.rpm
 489e5940c9ac9573842888ff07436e4c  x86_64/2006.0/RPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.x86_64.rpm
 73d2eb2fc6ec99a1d3eeb94d9ddff36e  x86_64/2006.0/RPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.x86_64.rpm
 acbd3cd5f82b47a6c6cb03ebd6ca25ae  x86_64/2006.0/RPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.x86_64.rpm
 362807f9da1130dd8da606b9ded06311  x86_64/2006.0/RPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.x86_64.rpm
 e48c991fa555d22d1f382baa83dfcae9  x86_64/2006.0/RPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.x86_64.rpm
 0d954f47de6d2cc58e36cd2c9ddae09c  x86_64/2006.0/RPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.x86_64.rpm
 8f615598d04985a0d60a3469ea3044ed  x86_64/2006.0/RPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.x86_64.rpm
 f4810510feb31e6195358c5ddd87252f  x86_64/2006.0/RPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.x86_64.rpm
 537d53b7805ac84009f2ff99e3282b91  x86_64/2006.0/RPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.x86_64.rpm
 afbc9ee04902213758bbf262b732de21  x86_64/2006.0/RPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.x86_64.rpm
 dcef8c7676529394e5fbd4168f8e2cd6  x86_64/2006.0/RPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.x86_64.rpm
 f4ee0e7ecba430fd3ce5e8ebeda9b5c1  x86_64/2006.0/RPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.x86_64.rpm
 778261355184ca73cbf1aab1ce56644d  x86_64/2006.0/RPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.x86_64.rpm
 10ca4e7f4cf10c380849ced0bf83e08b  x86_64/2006.0/RPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.x86_64.rpm
 427cabc08ec66e1a45bc27e5625f49bb  x86_64/2006.0/RPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.x86_64.rpm
 de4e61d4fce7cd286bb4a3778cb8499f  x86_64/2006.0/RPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.x86_64.rpm
 86e9af4c42b59e32d4e5ac0a8d1afe30  x86_64/2006.0/RPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.x86_64.rpm
 126b1e0826330986fbf485eabade949d  x86_64/2006.0/RPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.x86_64.rpm
 d2e6da2db277b7f5dabed3e95d4b818b  x86_64/2006.0/RPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.x86_64.rpm
 a83edee07d2465cf55024ed1b7aa779f  x86_64/2006.0/RPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.x86_64.rpm
 9e33e2a0c3d4a92a0b420c417fcd3469  x86_64/2006.0/RPMS/yelp-2.10.0-6.1.20060mdk.x86_64.rpm
 60279919aa5f17c2ecd9f64db87cb952  x86_64/2006.0/SRPMS/devhelp-0.10-7.1.20060mdk.src.rpm
 c446c046409b6697a863868fe5c64222  x86_64/2006.0/SRPMS/epiphany-1.8.5-4.1.20060mdk.src.rpm
 e726300336f737c8952f664bf1866d6f  x86_64/2006.0/SRPMS/galeon-2.0.1-1.1.20060mdk.src.rpm
 e9e30596eceb0bc9a03f7880cd7d14ea  x86_64/2006.0/SRPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.src.rpm
 4168c73cba97276fa4868b4ac2c7eb19  x86_64/2006.0/SRPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.src.rpm
 6a7df29f5af703d10d7ea1fee160ac00  x86_64/2006.0/SRPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.src.rpm
 e56e14c28051ec4332cbde8dbee7bb6a  x86_64/2006.0/SRPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.src.rpm
 1a144c86fd8db39e2801117296e15d2b  x86_64/2006.0/SRPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.src.rpm
 f4889d2ee6e07c0141b57ab9aaccae64  x86_64/2006.0/SRPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.src.rpm
 dee0f7bc91c797e880fff19e1cb05a63  x86_64/2006.0/SRPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.src.rpm
 45724f6ceed66701392bd131feaf1f6d  x86_64/2006.0/SRPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.src.rpm
 cc680cac7fea3f7f8a48a5daf86db088  x86_64/2006.0/SRPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.src.rpm
 69b04335c21313262af4253863109cc8  x86_64/2006.0/SRPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.src.rpm
 2aab89244a535afcbc25271df5d6b33f  x86_64/2006.0/SRPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.src.rpm
 f1c7f71d5484c5047b1b38fc16888ae3  x86_64/2006.0/SRPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.src.rpm
 3963e3c3a2c38c41d9d3bc5250b124a6  x86_64/2006.0/SRPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.src.rpm
 bb54aed17a126a9e8568d49866db99ea  x86_64/2006.0/SRPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.src.rpm
 2a1b11f2c8944bc1fc0d313d54a903cf  x86_64/2006.0/SRPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.src.rpm
 783c5b3c0fb9916e07f220110155476d  x86_64/2006.0/SRPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.src.rpm
 895e315731fa0b453045cc39da4f5358  x86_64/2006.0/SRPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.src.rpm
 daa0a127d2a1a3641d4e97bfb95f1647  x86_64/2006.0/SRPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.src.rpm
 0c778b0738b11dfd5d68be48fa6316ed  x86_64/2006.0/SRPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.src.rpm
 7025d0118cf29e39117bd87c586e84a3  x86_64/2006.0/SRPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.src.rpm
 5d8b8e869f588c0f5751e9ce7addba45  x86_64/2006.0/SRPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.src.rpm
 c5148674a8c7dd1f88c5729293f899ba  x86_64/2006.0/SRPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.src.rpm
 91d490c075473e2443e383201b961cb8  x86_64/2006.0/SRPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.src.rpm
 622ae4619d151bb1634113e50b30fbac  x86_64/2006.0/SRPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.src.rpm
 e6d64c14929d299e2fb52e334ae6641a  x86_64/2006.0/SRPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.src.rpm
 20f64c6dfd6aa1450cba5002d42f53d8  x86_64/2006.0/SRPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.src.rpm
 b93a6b548bb1cf0f8cc46dec133e81a3  x86_64/2006.0/SRPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.src.rpm
 f5603b65b3d10fa5083934e08d2d4560  x86_64/2006.0/SRPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.src.rpm
 c0e978ea92b4a8f3aa75dad5ab7588b9  x86_64/2006.0/SRPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.src.rpm
 93cb0acaeddb095d13b37aeb0ab4dd49  x86_64/2006.0/SRPMS/yelp-2.10.0-6.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE41l0mqjQ0CJFipgRAu1DAJ90MqoteYoIfAj0Gqim5fxrvOw7BACg0xq5
L8QZWCg0xY3ZRacFzNTgusw=
=gl6u
-----END PGP SIGNATURE-----

    

- 漏洞信息

27668
Mozilla Multiple Products nsIX509Cert getRawDER Function Double-free DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

- 时间线

2005-12-27 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站