CVE-2006-3807
CVSS7.5
发布时间 :2006-07-27 15:04:00
修订时间 :2011-03-07 21:39:31
NMCOP    

[原文]Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.


[CNNVD]Mozilla Firefox/SeaMonkey/Thunderbird改变标准Object()安全权限提升漏洞(CNNVD-200607-469)

         Mozilla Firefox/SeaMonkey/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。
         上述产品中存在多个安全漏洞,具体如下:
         Firefox及其衍生产品处理某些javascript操作时存在几个漏洞。恶意的web页面可能改变标准Object()构造以chrome权限执行任意javascript指令,允许窃取敏感信息或安装恶意的浏览器软件。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:firefox:1.5Mozilla Firefox 1.5
cpe:/a:mozilla:thunderbird:1.5.0.4Mozilla Thunderbird 1.5.0.4
cpe:/a:mozilla:firefox:1.5.0.4Mozilla Firefox 1.5.0.4
cpe:/a:mozilla:firefox:1.5.0.1Mozilla Firefox 1.5.0.1
cpe:/a:mozilla:thunderbird:1.5.0.2Mozilla Thunderbird 1.5.0.2
cpe:/a:mozilla:thunderbird:1.5Mozilla Thunderbird 1.5
cpe:/a:mozilla:seamonkey:1.0.2Mozilla SeaMonkey 1.0.2
cpe:/a:mozilla:seamonkey:1.0Mozilla SeaMonkey 1.0
cpe:/a:mozilla:firefox:1.5.0.2Mozilla Firefox 1.5.0.2
cpe:/a:mozilla:seamonkey:1.0::dev
cpe:/a:mozilla:seamonkey:1.0.1Mozilla SeaMonkey 1.0.1
cpe:/a:mozilla:firefox:1.5.0.3Mozilla Firefox 1.5.0.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10374Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3807
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-469
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA06-208A.html
(UNKNOWN)  CERT  TA06-208A
http://www.kb.cert.org/vuls/id/687396
(VENDOR_ADVISORY)  CERT-VN  VU#687396
http://www.securityfocus.com/bid/19181
(PATCH)  BID  19181
http://secunia.com/advisories/21229
(VENDOR_ADVISORY)  SECUNIA  21229
http://secunia.com/advisories/21228
(VENDOR_ADVISORY)  SECUNIA  21228
http://secunia.com/advisories/21216
(VENDOR_ADVISORY)  SECUNIA  21216
http://secunia.com/advisories/19873
(VENDOR_ADVISORY)  SECUNIA  19873
https://issues.rpath.com/browse/RPL-537
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-537
https://issues.rpath.com/browse/RPL-536
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-536
http://xforce.iss.net/xforce/xfdb/27988
(UNKNOWN)  XF  mozilla-js-constructor-code-execution(27988)
http://www.vupen.com/english/advisories/2008/0083
(UNKNOWN)  VUPEN  ADV-2008-0083
http://www.vupen.com/english/advisories/2007/0058
(UNKNOWN)  VUPEN  ADV-2007-0058
http://www.vupen.com/english/advisories/2006/3749
(UNKNOWN)  VUPEN  ADV-2006-3749
http://www.vupen.com/english/advisories/2006/3748
(UNKNOWN)  VUPEN  ADV-2006-3748
http://www.vupen.com/english/advisories/2006/2998
(UNKNOWN)  VUPEN  ADV-2006-2998
http://www.ubuntulinux.org/support/documentation/usn/usn-329-1
(UNKNOWN)  UBUNTU  USN-329-1
http://www.ubuntulinux.org/support/documentation/usn/usn-327-1
(UNKNOWN)  UBUNTU  USN-327-1
http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
(UNKNOWN)  HP  SSRT061181
http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
(UNKNOWN)  HP  HPSBUX02156
http://www.securityfocus.com/archive/1/archive/1/441333/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060727 rPSA-2006-0137-1 firefox
http://www.redhat.com/support/errata/RHSA-2006-0611.html
(UNKNOWN)  REDHAT  RHSA-2006:0611
http://www.redhat.com/support/errata/RHSA-2006-0610.html
(UNKNOWN)  REDHAT  RHSA-2006:0610
http://www.redhat.com/support/errata/RHSA-2006-0608.html
(UNKNOWN)  REDHAT  RHSA-2006:0608
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
(UNKNOWN)  SUSE  SUSE-SA:2006:048
http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
(VENDOR_ADVISORY)  CONFIRM  http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
(UNKNOWN)  GENTOO  GLSA-200608-03
http://securitytracker.com/id?1016588
(UNKNOWN)  SECTRACK  1016588
http://securitytracker.com/id?1016587
(UNKNOWN)  SECTRACK  1016587
http://securitytracker.com/id?1016586
(UNKNOWN)  SECTRACK  1016586
http://security.gentoo.org/glsa/glsa-200608-04.xml
(UNKNOWN)  GENTOO  GLSA-200608-04
http://security.gentoo.org/glsa/glsa-200608-02.xml
(UNKNOWN)  GENTOO  GLSA-200608-02
http://secunia.com/advisories/21607
(UNKNOWN)  SECUNIA  21607
http://secunia.com/advisories/21532
(UNKNOWN)  SECUNIA  21532
http://secunia.com/advisories/21529
(UNKNOWN)  SECUNIA  21529
http://secunia.com/advisories/21361
(UNKNOWN)  SECUNIA  21361
http://secunia.com/advisories/21358
(UNKNOWN)  SECUNIA  21358
http://secunia.com/advisories/21343
(UNKNOWN)  SECUNIA  21343
http://secunia.com/advisories/21336
(UNKNOWN)  SECUNIA  21336
http://secunia.com/advisories/21275
(UNKNOWN)  SECUNIA  21275
http://secunia.com/advisories/21270
(UNKNOWN)  SECUNIA  21270
http://secunia.com/advisories/21269
(UNKNOWN)  SECUNIA  21269
http://secunia.com/advisories/21262
(UNKNOWN)  SECUNIA  21262
http://secunia.com/advisories/21250
(UNKNOWN)  SECUNIA  21250
http://secunia.com/advisories/21246
(UNKNOWN)  SECUNIA  21246
http://secunia.com/advisories/21243
(UNKNOWN)  SECUNIA  21243
http://rhn.redhat.com/errata/RHSA-2006-0609.html
(UNKNOWN)  REDHAT  RHSA-2006:0609
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
(UNKNOWN)  SGI  20060703-01-P
http://www.ubuntu.com/usn/usn-361-1
(UNKNOWN)  UBUNTU  USN-361-1
http://www.ubuntu.com/usn/usn-354-1
(UNKNOWN)  UBUNTU  USN-354-1
http://www.ubuntu.com/usn/usn-350-1
(UNKNOWN)  UBUNTU  USN-350-1
http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
(UNKNOWN)  HP  HPSBUX02153
http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
(UNKNOWN)  HP  HPSBUX02156
http://www.redhat.com/support/errata/RHSA-2006-0594.html
(UNKNOWN)  REDHAT  RHSA-2006:0594
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
(UNKNOWN)  MANDRIVA  MDKSA-2006:146
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
(UNKNOWN)  MANDRIVA  MDKSA-2006:145
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
(UNKNOWN)  MANDRIVA  MDKSA-2006:143
http://www.debian.org/security/2006/dsa-1161
(UNKNOWN)  DEBIAN  DSA-1161
http://www.debian.org/security/2006/dsa-1160
(UNKNOWN)  DEBIAN  DSA-1160
http://www.debian.org/security/2006/dsa-1159
(UNKNOWN)  DEBIAN  DSA-1159
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
(UNKNOWN)  SUNALERT  102763
http://secunia.com/advisories/22342
(UNKNOWN)  SECUNIA  22342
http://secunia.com/advisories/22210
(UNKNOWN)  SECUNIA  22210
http://secunia.com/advisories/22066
(UNKNOWN)  SECUNIA  22066
http://secunia.com/advisories/22065
(UNKNOWN)  SECUNIA  22065
http://secunia.com/advisories/22055
(UNKNOWN)  SECUNIA  22055
http://secunia.com/advisories/21675
(UNKNOWN)  SECUNIA  21675
http://secunia.com/advisories/21654
(UNKNOWN)  SECUNIA  21654
http://secunia.com/advisories/21634
(UNKNOWN)  SECUNIA  21634
http://secunia.com/advisories/21631
(UNKNOWN)  SECUNIA  21631

- 漏洞信息

Mozilla Firefox/SeaMonkey/Thunderbird改变标准Object()安全权限提升漏洞
高危 资料不足
2006-07-27 00:00:00 2006-08-26 00:00:00
远程  
         Mozilla Firefox/SeaMonkey/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。
         上述产品中存在多个安全漏洞,具体如下:
         Firefox及其衍生产品处理某些javascript操作时存在几个漏洞。恶意的web页面可能改变标准Object()构造以chrome权限执行任意javascript指令,允许窃取敏感信息或安装恶意的浏览器软件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        http://lwn.net/Alerts/193397/?format=printable
        http://lwn.net/Alerts/193396/?format=printable
        http://lwn.net/Alerts/193263/?format=printable

- 漏洞信息 (F50104)

Debian Linux Security Advisory 1160-2 (PacketStormID:F50104)
2006-09-16 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-2779,CVE-2006-3805,CVE-2006-3806,CVE-2006-3807,CVE-2006-3808,CVE-2006-3809,CVE-2006-3810
[点击下载]

Debian Security Advisory 1160-2 - The latest security updates of Mozilla introduced a regression that led to a disfunctional attachment panel which warrants a correction to fix this issue.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1160-2                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 15th, 2006                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807
                 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
BugTraq IDs    : 18228 19181

The latest security updates of Mozilla introduced a regression that
led to a disfunctional attachment panel which warrants a correction to
fix this issue.  For reference please find below the original advisory
text:

  Several security related problems have been discovered in Mozilla and
  derived products.  The Common Vulnerabilities and Exposures project
  identifies the following vulnerabilities:

  CVE-2006-2779

      Mozilla team members discovered several crashes during testing of
      the browser engine showing evidence of memory corruption which may
      also lead to the execution of arbitrary code.  The last bit of
      this problem will be corrected with the next update.  You can
      prevent any trouble by disabling Javascript.  [MFSA-2006-32]

  CVE-2006-3805

      The Javascript engine might allow remote attackers to execute
      arbitrary code.  [MFSA-2006-50]

  CVE-2006-3806

      Multiple integer overflows in the Javascript engine might allow
      remote attackers to execute arbitrary code.  [MFSA-2006-50]

  CVE-2006-3807

      Specially crafted Javascript allows remote attackers to execute
      arbitrary code.  [MFSA-2006-51]

  CVE-2006-3808

      Remote AutoConfig (PAC) servers could execute code with elevated
      privileges via a specially crafted PAC script.  [MFSA-2006-52]

  CVE-2006-3809

      Scripts with the UniversalBrowserRead privilege could gain
      UniversalXPConnect privileges and possibly execute code or obtain
      sensitive data.  [MFSA-2006-53]

  CVE-2006-3810

      A cross-site scripting vulnerability allows remote attackers to
      inject arbitrary web script or HTML.  [MFSA-2006-54]

For the stable distribution (sarge) these problems have been fixed in
version 1.7.8-1sarge7.2.2.

For the unstable distribution (sid) these problems won't be fixed
since its end of lifetime has been reached and the package will soon
be removed.

We recommend that you upgrade your mozilla package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2.dsc
      Size/MD5 checksum:     1131 bb39933b4dcb63f6f986f0da3ab9461e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2.diff.gz
      Size/MD5 checksum:   532293 5a86930497b980b25e7f8e5cd6305ad0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   168074 553ba25202552c16c02cfdcf94bbc1c4
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   147582 e953bc1da64aaab9b50ef2bd357279b8
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   184944 18bfed4502c3e8a50cac55bd69cf6f20
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   857148 c9f560d4ad706a1e50dbd2db21978427
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:     1042 9de55ee42dcc1c484a801623ac29c80d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum: 11484766 4b31f8553a2ee93057858b35cdc522d9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   403274 da75d1e0207b660ae42d7d1eb0b99617
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   158338 264975902923a3c4b04f3fb2758cf61e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:  3358874 5728dcb6abe8f43915d0b62cdae5fb78
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   122312 c96ac910fe008c2582d5b33a4abdfdb0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   204152 e262ee393ee0114d19c646520b95a0e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:  1937184 b87b131e3f4da4757b725ebb77a624aa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_alpha.deb
      Size/MD5 checksum:   212582 e1bb8eb0ea7013d825f1c6368931b9d1

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   168072 0d98ed91660e7fc8d1f4a31ead03b9bf
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   146678 7a8e7068a414213850e54253ebb0d977
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   184950 f428f4a3ef968df80df014a98d747ce5
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   715510 91bd0fcde1c53b6056ea33860c464d90
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:     1042 47e650f92cdafea5dc08d93e37bc7d7e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum: 10948878 e537efe2b7e984f51dc1e187d3f34ac7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   403278 831026525cebf77e1195b9a571127911
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   158334 a1ff9fbaf23292c6d593fe5bed360ecb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:  3352852 d9704f4582d97890a546801df3716782
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   121206 e4687f0678206bc7546786c517771feb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   204158 89914bc3978d7502003529976e381ba8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:  1936056 4bbeba555dbc0b68c8c2ccd45e42d948
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_amd64.deb
      Size/MD5 checksum:   204432 d9975a7eafd40678112faad81185018f

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   168068 fce9bf7f31bfdfbfe100965648b5fbe1
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   125028 a4bbf5fcb376c008a20a113823b4f528
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   184964 0d46a1f48a783fc781029e9d2b810c9c
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   632708 0d9a60c457fcb65d0100f8e26b79d2ca
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:     1038 da7c79e8962cf7d1c834ebf429d380e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:  9219442 dd73deb6db71af0cdfdf86885d53465d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   403316 c39b47abf0d634e40e42fcbee2ffa1db
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   158380 abe3b5a07b4ff166d7ef3f2c018d8fcf
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:  3342318 b60668be41da0a39844b18d02aa63741
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   112658 231332c5934adafb236d8fde7be70cfb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   204176 d71b44edfe88785428619a51908b5d3b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:  1604478 075ca3db4526f490a3b6a57d52ce4dc7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_arm.deb
      Size/MD5 checksum:   169016 0a74bc4e92be3879da2da8d126868299

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   168068 79ff86fa3907e2a53a5dadd5d315b56a
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   157604 12b6abdb4a0d7706c67e6418b4e73f9b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   184962 9364b64efcd74f2a34dabc783c0ce986
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   755438 de9b01a201480a90831d1fbc1fac5c6c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:     1042 2d88d33a47e5a9372d503705b3ace0c9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum: 12167958 1195ed2e4e13a95a04283d04267a48ce
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   403276 53a622d0957c63ef52029b7ea514c4d8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   158348 9dfaf9108f6b53ef2590ed9926922499
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:  3359196 2d74deb88c6808c27b5f820ba723bb6b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   123516 3e4d3c99cb18c8dc619784d9710cb2f6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   204158 742a5f3e3607163909b019fc8199c5b3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:  2135242 ef8c1529ad34a6597fd7881ec97036f5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_hppa.deb
      Size/MD5 checksum:   216392 b91e9dc35b71766e3c2d866f3597b170

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   170352 40703cb53ee5b7294dc107887569c08b
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   137502 f85890195ea91c20d4b8c4992133c9c5
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   187146 35b47880629e7947d510ac659b1dd3d0
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   662276 52c7a3db98c5a97f260bc32d275b2919
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:     1038 96c3fdcc00a3815780d1c852f97a3306
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum: 10346404 0375cc857561973bce9465d44e5c5cd9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   403518 bd1d71b85dc5804a8aa10d2f7b72a932
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   158372 7629bf899b61e3f6e0ce0443eb8afbdb
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:  3594582 4e1d44adf416fef07f8f8e3ac8251ea8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   116674 8dc261639f60ae8c63c9fc4dfc172888
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   204172 23721786d112c62e2ab6d79cfe982cd6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:  1816144 8b73736956fd00eab47d3da1b69d52dc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_i386.deb
      Size/MD5 checksum:   192752 2750113b2c0b9a9a17294c82ccb1abb8

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   168068 8a8b01bc327c81ac9a35eec2606f0afc
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   175020 7f421d9a83a3645a3e6defcea674eee7
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   184960 9f48269063f614ad7f2452ea5d684582
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   967452 51e6465184e6368d9cd3a5d2dfbb328a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:     1034 c1407f176821f65d05121b9b9fa2be17
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum: 12961330 9afc30c671d79c2820b38d44550a9334
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   403274 97e3733b9ed636dde9f64607a8fd5b31
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   158334 18eb5b155cba3e74c07bd08d60e26b18
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:  3378646 028b0d4dde4a766b856855e96432d0c1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   125610 2b2b7e71175af23fdb4acb766ecb216d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   204146 a85654f4a1e5d6445af59983689ac5b9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:  2302356 f68c5a97ca84e5a8789c7ea8616feda3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_ia64.deb
      Size/MD5 checksum:   242824 57b969592c8d46f13e42fc45bd2b620f

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   168084 ebaefee3ded203ba02eb42d440d01140
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   126708 639cc0b13f5a259ca255a214e7448cb6
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   184984 bda1a3fb6f94da0fa93caafd8726c4bb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   600782 0da67847bd97a0deeca7221ed6daa762
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:     1044 0e3b52647ec4d1cab0df8133c4183bb6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:  9712800 73f41e356d2d7d7e2b2131c33f3fb865
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   403356 5703ad69f20642dff0b73abaf3b291e9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   158386 15f302f71c73e88c2bdf4599f1a990b7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:  3336818 b8570a6a33a5aaaf9165f9bd7870f3d2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   114446 59dda0bbda07cff9e208e1fad40c5357
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   204192 e0bb7bac75c0e86b972efa750a1170cd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:  1683150 6595c133e2616136f47c44cf595cfcc3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_m68k.deb
      Size/MD5 checksum:   174924 d1c35762abfe065b9d703960a21a9d99

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   168076 5947b8928a7d52f2d40cc93a0efe95ed
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   141558 dc10a1a91e526e92d22d4585594c0669
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   184958 a7ff18cd5c7522cb46250f970b792541
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   726538 e5cfada69c95b3ff6374c0dde7b755e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:     1044 6fe88cb467a02eb83f1b6cc56cb2ba63
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum: 10735426 b229a0c89d52fed9a6ca47da0630f870
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   403270 7dcffe7aa3853fe206eaf3209809ec59
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   158344 04223592accfc2dfd5a32b00f303c8ac
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:  3358718 43bc8b35c0b1d67ea06ddd4649d36fbc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   117626 cd932bedb3c95f08d612eff4b9bec368
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   204164 5689c8ae6a39dfc735af908e216f4505
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:  1795556 cfa51006dde9b3433f25048b0c562166
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_mips.deb
      Size/MD5 checksum:   189938 e7ca25e62753d01a29e668680110fd03

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   168076 fa13db77745d2c3dc3e7a12fc19ad4cd
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   141502 f6a859a3cd7a1f8e8d704a189a72ba8b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   184968 d90edf8a1c7642b76cfea3068efa55d3
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   715976 7a9aea273c635f0ba708f15b887b16c5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:     1042 4ead757bdb7893ddfb5eef4ca12464e1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum: 10610616 0c0aabe84441b9ef639159bc849121e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   403286 6f4b7ee71b7f4927daa64166a5934a14
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   158348 325353631a54b489d4cc0ed578459ba9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:  3359394 f3b7354fe4e390c4ea740e364610d6fd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   117228 2cc3a94499f9504531c1dfbc42bb2987
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   204160 35a12913bf54c279401c34bcaf02f837
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:  1777626 bc1de5ce86cb2947975e2d15368e6ad5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_mipsel.deb
      Size/MD5 checksum:   187518 d2d60cc4b957fb143d89855d51b89b64

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   168068 fe49d18e432e28aa0aa4e06ee720bdb6
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   132040 088cf084ba4f12278a498570de88bda2
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   184950 971800ffb5d07ca71b8a665cb4cdd3c1
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   719746 079df4da7ec5cc46052378464f68bb73
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:     1040 dbe93abdb48856ee45c5c1f31dc74d83
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:  9708238 60c1f1d72c777602d3663bd9f6d66d8c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   403288 3d67e5bbca986f3d493f092de173b986
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   158338 210cb429751cc16741a99a5a501252bd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:  3341180 f0fbd1b7ae8e83a6212f10e210a7afbc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   114582 23b3b328c10d7472f37062d1fb89835a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   204146 8906e4e5938b651da42ecaadf5ede88a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:  1643152 f997b2218228de4a821e1a76ac307a8e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_powerpc.deb
      Size/MD5 checksum:   175706 df8d203557f6c0da764ab163dfd35ba0

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   168070 dbbc50f83250fa4e96ce5fa5aa1f1239
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   157342 9ca3b2ba1392a8e0b9ae312770fa422f
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   184942 64f9ec8255365634cf3e985d78b0a918
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   799736 3a649e5c93b057fb5c49e9614b9c4d48
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:     1034 312e876dd1ada606d872ecc3f5dd1c87
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum: 11332196 ba8e90e85c7e47b1f7d2a0e558572bd0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   403286 84d8aa100b642ddf3e11d25d7cf2e3f4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   158334 eee9734fc27ed2120b19b68f64ed9a47
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:  3353460 94a5f4aeb8e6caf52298ab42ce51925b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   121356 039e4621cc5f1f396f04cce7d936ae20
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   204162 76138f26bcc903413304ecdea530b582
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:  1944774 2a1fc7f1bda7ecb455993706030f3886
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_s390.deb
      Size/MD5 checksum:   213602 4b929622e24e962f12715d98ec5184e7

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   168072 41eac7654297e41bb8ea1bcdeb41855e
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   129260 08ca2de15725be7d32b3b2324715a058
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   184956 d4a41f56e9b37ffb60a2c66b30c5471f
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   673524 84378a8cf1d88b597fb6a4cbb815adcc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:     1042 88279f4538a6e215092f5b9bc9e16e68
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:  9381720 4912beeb2cb4a02cc4abf6d5c730180a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   403296 c6346a95715ba44112e46cf80959c503
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   158350 b12497e5a02785d466d1975ea22d4040
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:  3342192 ef8bfe776ee10bbbd7cb2a7fa3754aa6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   112532 b3e1ff572f35ca8a5fa368cf815cb32f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   204164 f376fe7d73e318e1c87e66bd527ef147
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:  1583792 7a9053fa95df17218f140360f69fe05a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_sparc.deb
      Size/MD5 checksum:   168116 65ecc744a989197668923747d5dfcdde



  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFCi8eW5ql+IAeqTIRAixcAJ9k2r6d7atRXaNm9NAlvLvT6/HPqwCfdI1G
XFoU8PToGJgeQMowkOV+CWw=
=MV56
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F50002)

Debian Linux Security Advisory 1161-2 (PacketStormID:F50002)
2006-09-14 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-3805,CVE-2006-3806,CVE-2006-3807,CVE-2006-3808,CVE-2006-3809,CVE-2006-3811
[点击下载]

Debian Security Advisory 1161-2 - The latest security updates of Mozilla Firefox introduced a regression that led to a disfunctional attachment panel which warrants a correction to fix this issue.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1161-2                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 13th, 2006                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-firefox
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808
                 CVE-2006-3809 CVE-2006-3811
CERT advisories: VU#655892 VU#687396 VU#876420
BugTraq ID     : 19181

The latest security updates of Mozilla Firefox introduced a regression
that led to a disfunctional attachment panel which warrants a
correction to fix this issue.  For reference please find below the
original advisory text:

  Several security related problems have been discovered in Mozilla and
  derived products like Mozilla Firefox.  The Common Vulnerabilities and
  Exposures project identifies the following vulnerabilities:

  CVE-2006-3805

      The Javascript engine might allow remote attackers to execute
      arbitrary code.  [MFSA-2006-50]

  CVE-2006-3806

      Multiple integer overflows in the Javascript engine might allow
      remote attackers to execute arbitrary code.  [MFSA-2006-50]

  CVE-2006-3807

      Specially crafted Javascript allows remote attackers to execute
      arbitrary code.  [MFSA-2006-51]

  CVE-2006-3808

      Remote AutoConfig (PAC) servers could execute code with elevated
      privileges via a specially crafted PAC script.  [MFSA-2006-52]

  CVE-2006-3809

      Scripts with the UniversalBrowserRead privilege could gain
      UniversalXPConnect privileges and possibly execute code or obtain
      sensitive data.  [MFSA-2006-53]

  CVE-2006-3811

      Multiple vulnerabilities allow remote attackers to cause a denial
      of service (crash) and possibly execute arbitrary code.
      [MFSA-2006-55]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-2sarge11.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.dfsg+1.5.0.5-1.

We recommend that you upgrade your mozilla-firefox package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11.dsc
      Size/MD5 checksum:     1003 fcb7947248bc53a236134e59a7e9673a
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11.diff.gz
      Size/MD5 checksum:   419204 417893bc76c1a0f772e6c6eff7571c98
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_alpha.deb
      Size/MD5 checksum: 11176846 0f8f7a2dfe4758092806312b92c0fa16
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_alpha.deb
      Size/MD5 checksum:   169842 7bc6af501357d15416aa39a731ad84a7
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_alpha.deb
      Size/MD5 checksum:    61674 6746719356df15955ad4cadfee8a44ae

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_amd64.deb
      Size/MD5 checksum:  9405320 6cb1704571922ccc445aa3b54cfee6b1
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_amd64.deb
      Size/MD5 checksum:   164636 81725e9973607ef36dd732a2e7ef40a1
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_amd64.deb
      Size/MD5 checksum:    60204 2eb1e134427f4f4dc94233c42aadc295

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_arm.deb
      Size/MD5 checksum:  8228072 fd099e40cc4ab7475f9b9ee5edbaf224
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_arm.deb
      Size/MD5 checksum:   156064 10ce619e39bc6b2731114786e1cb9c93
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_arm.deb
      Size/MD5 checksum:    55518 da686a241720a55b9f444c2d00da3fb8

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_hppa.deb
      Size/MD5 checksum: 10281878 47dd66ed0e3f65b784257a3a7124b669
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_hppa.deb
      Size/MD5 checksum:   167584 b795910270c5244dce878ede41b1bf4e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_hppa.deb
      Size/MD5 checksum:    60656 e2735db17f1c50937886821f5c682325

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_i386.deb
      Size/MD5 checksum:  8905260 78f91ed5ea64d8401f81c881bf197318
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_i386.deb
      Size/MD5 checksum:   159842 39c39cc385ece1da80d7129ad5d91073
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_i386.deb
      Size/MD5 checksum:    57062 54ca183ad099a3d172a03433fb9bae77

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_ia64.deb
      Size/MD5 checksum: 11638550 b7c8dca5be087b63b0c9cb99a5406ee6
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_ia64.deb
      Size/MD5 checksum:   170184 ebba92837650a1af655a24b3196510cd
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_ia64.deb
      Size/MD5 checksum:    64872 0da252d7693a0c55a7f1e9e92e8bfd93

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_m68k.deb
      Size/MD5 checksum:  8180246 a55c8120cfc2da1df53dc65ecd6fce91
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_m68k.deb
      Size/MD5 checksum:   158684 746c12952165ac9375d63b5ae8ba34f1
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_m68k.deb
      Size/MD5 checksum:    56318 e1b1e85cf556c71d425403b0177aa871

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_mips.deb
      Size/MD5 checksum:  9939250 9e86d61f30f4057e59dc7f310cbb5cf5
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_mips.deb
      Size/MD5 checksum:   157634 e5f8214f60849ae5ac4be6967719d2cd
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_mips.deb
      Size/MD5 checksum:    57332 aec13be187d73ef17e173594f6476b5a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_mipsel.deb
      Size/MD5 checksum:  9814448 412c4ae8bf5c53d0d6eb151a13f5be65
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_mipsel.deb
      Size/MD5 checksum:   157198 a7ef40abac781f64a43fb6bfd5013785
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_mipsel.deb
      Size/MD5 checksum:    57148 50378fe99784dd4e0612f2339843345a

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_powerpc.deb
      Size/MD5 checksum:  8576000 845d7e9726dfe677b3e7e788b3c4daa7
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_powerpc.deb
      Size/MD5 checksum:   158278 cee79f6031004b1d26287c1766acc8c0
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_powerpc.deb
      Size/MD5 checksum:    59444 3cede4cc2ffbb21a460a87ae6da4c443

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_s390.deb
      Size/MD5 checksum:  9644388 4cdc4fba0ff2f749509e0162eac50ab1
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_s390.deb
      Size/MD5 checksum:   165190 285d75aa1d10c558cf56de3917777ab4
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_s390.deb
      Size/MD5 checksum:    59630 686ad114f29bce70ebeef7744ac140a9

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_sparc.deb
      Size/MD5 checksum:  8667892 cac220d156fdb0d0a307ccbec6e648af
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_sparc.deb
      Size/MD5 checksum:   158460 fa572a3d6e045fd7faca38d96ad0d529
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_sparc.deb
      Size/MD5 checksum:    55882 e70bf88e151ba6e56a9bc4239bc519c8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFB+V1W5ql+IAeqTIRAiJcAKC1xZEZWxqGwxAj9/MBcUj+paZ7ggCaAzHa
qumKTR/tQ7FOiv+RBH/RVqw=
=JKuZ
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F49861)

Debian Linux Security Advisory 1159-2 (PacketStormID:F49861)
2006-09-08 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-2779,CVE-2006-3805,CVE-2006-3806,CVE-2006-3807,CVE-2006-3808,CVE-2006-3809,CVE-2006-3810
[点击下载]

Debian Security Advisory 1159-2 - The latest security updates of Mozilla Thunderbird introduced a regression that led to a disfunctional attachment panel which warrants a correction to fix this issue.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1159-2                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 8th, 2006                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-thunderbird
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807
                 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
BugTraq IDs    : 18228 19181

The latest security updates of Mozilla Thunderbird introduced a
regression that led to a disfunctional attachment panel which warrants
a correction to fix this issue.  For reference please find below the
original advisory text:

  Several security related problems have been discovered in Mozilla and
  derived products such as Mozilla Thunderbird.  The Common
  Vulnerabilities and Exposures project identifies the following
  vulnerabilities:

  CVE-2006-2779

      Mozilla team members discovered several crashes during testing of
      the browser engine showing evidence of memory corruption which may
      also lead to the execution of arbitrary code.  The last bit of
      this problem will be corrected with the next update.  You can
      prevent any trouble by disabling Javascript.  [MFSA-2006-32]

  CVE-2006-3805

      The Javascript engine might allow remote attackers to execute
      arbitrary code.  [MFSA-2006-50]

  CVE-2006-3806

      Multiple integer overflows in the Javascript engine might allow
      remote attackers to execute arbitrary code.  [MFSA-2006-50]

  CVE-2006-3807

      Specially crafted Javascript allows remote attackers to execute
      arbitrary code.  [MFSA-2006-51]

  CVE-2006-3808

      Remote AutoConfig (PAC) servers could execute code with elevated
      privileges via a specially crafted PAC script.  [MFSA-2006-52]

  CVE-2006-3809

      Scripts with the UniversalBrowserRead privilege could gain
      UniversalXPConnect privileges and possibly execute code or obtain
      sensitive data.  [MFSA-2006-53]

  CVE-2006-3810

      A cross-site scripting vulnerability allows remote attackers to
      inject arbitrary web script or HTML.  [MFSA-2006-54]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.8b.2.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.0.5-1.

We recommend that you upgrade your mozilla-thunderbird package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2.dsc
      Size/MD5 checksum:     1003 359853df29b29253164e9aef34d18066
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2.diff.gz
      Size/MD5 checksum:   486593 3759fe23473ecb6cee532cb47cdd4e63
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum: 12849016 fdf32dcb741195378d9079231aba21cd
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum:  3279426 879ae924d100517f98ee7f39a84e1bb2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum:   151696 dd6911608eb54bebc7fbcdb58e5d63bb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum:    33138 9581f8f0be21162692672e55d5f00640
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum:    89106 06a2f4752c619fb6a80d15d8fd1741de

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum: 12255346 0ef80084b8dc8f3aeab523b3ce03009e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum:  3280646 de3c980f39e86509f62348d39ffb65f5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum:   150662 369341b36fb2a2bcf3178c5bf788c72c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum:    33132 42ef7496ee17221749feff905c1eb3ce
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum:    88892 15554699cf57f756e7e615910c36e705

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum: 10343074 0716c5639dc5b76dfee6f2aac33378f1
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum:  3271558 0df9cfaf413911576ab6cbda7a366dc5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum:   142846 59248b09ddba4eea5c15f3a8e441c8b8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum:    33160 e0292cee475239b5660a1db8a60e9599
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum:    80938 12eae1b21352bdbe21499d74f2ee3bc7

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum: 13564760 ac59239f3cd97d1ae63616335e86b755
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum:  3284788 9c9ed05edb7b5d15c444347f27d997b6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum:   152898 39997b48bfa96256946015464c4cabb9
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum:    33144 9f7a34db227b65158d2907e7030c0a35
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum:    97012 3b4cf017d74aa8a47d723b4c2f196735

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum: 11564254 30581baff08ebcf78cb7a805078238c3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum:  3507668 46a7e9a8d982b9df0a3ac2c0d0f2f9e6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum:   146348 b8c2a88b083683e63ee7e83846aff346
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum:    33150 5f56019ede768d9132def0798ea1c1fb
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum:    87708 c51a3dc04f9bcba7fdfd486474d63966

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum: 14624280 55e21c6d9b9590b7b02646071e3d4881
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum:  3291092 d6cfb0e457c509cfd558b41d6db45e61
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum:   155048 12b7efd38b79c5e152757c1ae2861344
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum:    33144 b941a4303b34f97550744026b347e711
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum:   106840 e5e09e738134c8a7494a2b15e95c40df

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum: 10791360 246f9f51609b2848c2d54f3183e07d5d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum:  3271086 ad5796c388daa8f0965fdb8a353ba90d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum:   144660 486d2b72286e105a670c40c4982857fd
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum:    33174 feca51e39ec459f867e412e788308687
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum:    82198 a2252137e94259eb8e699bf4d7a84ab7

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum: 11943666 7d1fc9df6d4bb496bbed6b5f10353db3
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum:  3278862 02a47eea657b6d287a860f98bb54c11e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum:   147602 07157e5a5dd3af8d299f7b4e060b357e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum:    33146 1d945a5ae87a049a5d12f604f5ecf83f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum:    84410 53d48b348d8d62b2aa2a2f03cf92e84d

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum: 11811276 e8b1890107fb3c3e9410d396dd6fee51
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum:  3279782 c0daeff4c21f2bc5a47731cb06ae51aa
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum:   147156 f240918563f055e8da73d60aff27b63f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum:    33132 7d1aa8886a3d0b7857298944b03a55ba
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum:    84270 74cbaa157220d3012e421f9427041216

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum: 10908472 a7120c11e497b2e280562b3611e0ba55
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum:  3269516 58f62e16cbcc5988ef169c44b746e51a
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum:   144672 a62727479a514dbde5394e455a9bf055
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum:    33136 b839ba3f926ac102c3c322e4e140e40f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum:    81046 9251eb44207d2610bef616e409951937

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum: 12702008 ce1773912bae44fdb1473a86b31ffddf
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum:  3280008 d20c17b61ae08aacb9bcf2578ffd2d03
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum:   150980 a7936545066775c99d0cec4cff187ba2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum:    33140 8389760a91f3444c6170d5ed32867bd1
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum:    88926 d237c5c35347449b6695f352f25b112a

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum: 11176470 9d792595c891df352238de0e1b4f7639
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum:  3275230 164f9abf5ca1a11a2ca5d0a69cc4a93f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum:   144318 e79b826ed1d778023f567fee90730446
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum:    33148 7d029003df1ee859d52ceacd8ba1142f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum:    82746 b308910b4e9c4025b0488d44424b85f3


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFAQSjW5ql+IAeqTIRAqTaAKCVHUKzdKVWHpclBH4nt0XskPzRJwCbBzt0
l+vA2DPz5+7JAZ8AwieQOUY=
=1sra
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F49555)

Debian Linux Security Advisory 1161-1 (PacketStormID:F49555)
2006-08-30 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-3805,CVE-2006-3806,CVE-2006-3807,CVE-2006-3808,CVE-2006-3809,CVE-2006-3811
[点击下载]

Debian Security Advisory 1161-1 - Several security related problems have been discovered in Mozilla and derived products like Mozilla Firefox.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1161-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 29th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-firefox
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808
                 CVE-2006-3809 CVE-2006-3811
CERT advisories: VU#655892 VU#687396 VU#876420
BugTraq ID     : 19181

Several security related problems have been discovered in Mozilla and
derived products like Mozilla Firefox.  The Common Vulnerabilities and
Exposures project identifies the following vulnerabilities:

CVE-2006-3805

    The Javascript engine might allow remote attackers to execute
    arbitrary code.  [MFSA-2006-50]

CVE-2006-3806

    Multiple integer overflows in the Javascript engine might allow
    remote attackers to execute arbitrary code.  [MFSA-2006-50]

CVE-2006-3807

    Specially crafted Javascript allows remote attackers to execute
    arbitrary code.  [MFSA-2006-51]

CVE-2006-3808

    Remote AutoConfig (PAC) servers could execute code with elevated
    privileges via a specially crafted PAC script.  [MFSA-2006-52]

CVE-2006-3809

    Scripts with the UniversalBrowserRead privilege could gain
    UniversalXPConnect privileges and possibly execute code or obtain
    sensitive data.  [MFSA-2006-53]

CVE-2006-3811

    Multiple vulnerabilities allow remote attackers to cause a denial
    of service (crash) and possibly execute arbitrary code.
    [MFSA-2006-55]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-2sarge10.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.dfsg+1.5.0.5-1.

We recommend that you upgrade your mozilla-firefox package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10.dsc
      Size/MD5 checksum:     1003 09583ca7a6bd470e092c5226528ae80c
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10.diff.gz
      Size/MD5 checksum:   419119 3618884176a92d3ac97022e074188e77
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10_alpha.deb
      Size/MD5 checksum: 11176644 0b0ab73f6c4deebad034c9c5f604d3a0
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge10_alpha.deb
      Size/MD5 checksum:   169796 fbfddc6581dd0c7389a6445ecb0ec3f9
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge10_alpha.deb
      Size/MD5 checksum:    61598 b07ab088199007de44282145a7721fc3

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10_amd64.deb
      Size/MD5 checksum:  9405310 33590c4e5998a0b7fa9a26b281e7da3c
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge10_amd64.deb
      Size/MD5 checksum:   164566 aceef401edf65c2633f27aad978396dc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge10_amd64.deb
      Size/MD5 checksum:    60122 d5250c9fb83f1b7c67123a1bf2191840

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10_arm.deb
      Size/MD5 checksum:  8228178 aed4e4dbbeefc391454e3f7aebc63a15
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge10_arm.deb
      Size/MD5 checksum:   156018 440374f401628e71f4f01057e0418c2c
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge10_arm.deb
      Size/MD5 checksum:    55444 02d92e0752b89ff7b049252b6c327300

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10_i386.deb
      Size/MD5 checksum:  8904976 b2441882b3107c287ce1cf4414b7440f
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge10_i386.deb
      Size/MD5 checksum:   159774 18cb2b3db08016bc6c4526574f3b72de
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge10_i386.deb
      Size/MD5 checksum:    56992 00e9d8fc0cf7b22666627876851a365b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10_ia64.deb
      Size/MD5 checksum: 11638750 9e7e3b0aee30e3a80a0eec0515d81258
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge10_ia64.deb
      Size/MD5 checksum:   170104 d6dc6f919293d517ef990cb46060d115
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge10_ia64.deb
      Size/MD5 checksum:    64798 9532185c638659206c6627f5857698ff

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10_hppa.deb
      Size/MD5 checksum: 10281754 c5ec2b8d56096c9efb0efab75dcc9171
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge10_hppa.deb
      Size/MD5 checksum:   167484 9e8718e775368564fc6f691e214f651c
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge10_hppa.deb
      Size/MD5 checksum:    60578 65426b32ec4d7f2f7fb397aadae7b173

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10_m68k.deb
      Size/MD5 checksum:  8180240 2786b8b54f2748023752d1aec5899fe2
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge10_m68k.deb
      Size/MD5 checksum:   158648 869e3cacfa86e6cc68fcb9d98f081607
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge10_m68k.deb
      Size/MD5 checksum:    56246 2f14d625a593d86ef0c13c8b7f1391e5

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10_mips.deb
      Size/MD5 checksum:  9939504 c18bb8875373e0e1dd707ad9a6778d87
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge10_mips.deb
      Size/MD5 checksum:   157580 8ebfe5494e67be102f9ef48f9af06d82
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge10_mips.deb
      Size/MD5 checksum:    57268 a4bd50f5614dace6e1d524372b4d3435

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10_mipsel.deb
      Size/MD5 checksum:  9814412 363c45d54885eee9c6f4c6e0116a68ed
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge10_mipsel.deb
      Size/MD5 checksum:   157128 cb46a82ef943f94f10c0224efdb2a336
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge10_mipsel.deb
      Size/MD5 checksum:    57090 6971eb188d7dbdf22b032c91ae145111

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10_powerpc.deb
      Size/MD5 checksum:  8576282 1c61ed7a704bed95e6186e5fc1ffb25a
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge10_powerpc.deb
      Size/MD5 checksum:   158190 3ab95e22b86f243140f22687feed25af
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge10_powerpc.deb
      Size/MD5 checksum:    59370 5cc17f0992b7425b0f8c55422683f453

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10_s390.deb
      Size/MD5 checksum:  9643386 9d62f4ad6fb018b9f6dc3b1e48e11aba
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge10_s390.deb
      Size/MD5 checksum:   165116 ab405fffa91e4ac0ab18891dfb763d28
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge10_s390.deb
      Size/MD5 checksum:    59560 c7d8aec75403e3fde0e812bac573383a

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge10_sparc.deb
      Size/MD5 checksum:  8667678 c65257545e9562877989ca3275df27c0
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge10_sparc.deb
      Size/MD5 checksum:   158394 94580d49c505b103d2b60b69022af5ab
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge10_sparc.deb
      Size/MD5 checksum:    55812 c0f3f408ea170b5c3b2f6e4542c52b5c


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE9Ha+W5ql+IAeqTIRAvI/AJ44HxKoYBXTdYjpw1Y0mGtgWRNhcQCfQBco
ubvT6wj8d+xgCnDda4pQVqM=
=uuVl
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F49544)

Debian Linux Security Advisory 1160-1 (PacketStormID:F49544)
2006-08-29 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-2779,CVE-2006-3805,CVE-2006-3806,CVE-2006-3807,CVE-2006-3808,CVE-2006-3809,CVE-2006-3810
[点击下载]

Debian Security Advisory 1160-1 - Several security related problems have been discovered in Mozilla and derived products.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1160-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 29th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807
                 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
BugTraq IDs    : 18228 19181

Several security related problems have been discovered in Mozilla and
derived products.  The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:

CVE-2006-2779

    Mozilla team members discovered several crashes during testing of
    the browser engine showing evidence of memory corruption which may
    also lead to the execution of arbitrary code.  The last bit of
    this problem will be corrected with the next update.  You can
    prevent any trouble by disabling Javascript.  [MFSA-2006-32]

CVE-2006-3805

    The Javascript engine might allow remote attackers to execute
    arbitrary code.  [MFSA-2006-50]

CVE-2006-3806

    Multiple integer overflows in the Javascript engine might allow
    remote attackers to execute arbitrary code.  [MFSA-2006-50]

CVE-2006-3807

    Specially crafted Javascript allows remote attackers to execute
    arbitrary code.  [MFSA-2006-51]

CVE-2006-3808

    Remote AutoConfig (PAC) servers could execute code with elevated
    privileges via a specially crafted PAC script.  [MFSA-2006-52]

CVE-2006-3809

    Scripts with the UniversalBrowserRead privilege could gain
    UniversalXPConnect privileges and possibly execute code or obtain
    sensitive data.  [MFSA-2006-53]

CVE-2006-3810

    A cross-site scripting vulnerability allows remote attackers to
    inject arbitrary web script or HTML.  [MFSA-2006-54]

For the stable distribution (sarge) these problems have been fixed in
version 1.7.8-1sarge7.2.1.

For the unstable distribution (sid) these problems won't be fixed
since its end of lifetime has been reached and the package will soon
be removed.

We recommend that you upgrade your mozilla package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1.dsc
      Size/MD5 checksum:     1131 2bd30d0e1391b9705d1c8bcdcb9aa3e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1.diff.gz
      Size/MD5 checksum:   531386 81427d72e82e1117623773ef1d9e0d92
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   168074 eac003641c1939a8b4bef7497c374ba6
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   147532 e0a6fb3ce5c6de10c698cff9b80cc117
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   184942 223249982ca92e440245a6bb9d75d533
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   857098 8b0e75af2905326a5d9e67be91c9aac8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:     1040 66b38827a857248465f223152b80f204
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum: 11484928 d27d68018193d11fe6781e41feb81678
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   403300 153ac5f793787cefc5ae5678ef844e4b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   158344 245e5dd64c3c328b5c02408e244db629
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:  3358858 aa3043c1f46a6c5bfdc67efb433c7572
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   122304 54105650c2458ff3c29825cbc6295144
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   204164 05fb25c76ab388ffc0cd1930ed7fa780
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:  1937180 0b49f5a4694fa5dccb024ae2d9399077
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_alpha.deb
      Size/MD5 checksum:   212580 db8f16769dd27e8241dd073225433b74

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   168070 b42a4f421d392323c5ccf78f59a446f9
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   146634 108d35f0e9303db9b5c2d803f33d29fb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   184962 dae604dee94ff87f0883c8bcbaed87de
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   715462 b8a19b3a0729575842ffc45f6cc525ce
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:     1034 2eb59559388c253878b92b4b566d32f5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum: 10948874 79783e1204731d378de0de64e2e060ff
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   403290 9060ed97202c1419e75511e1117a2e69
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   158342 15fd68de4bd67ece8b11477f4bc813c8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:  3352804 9cd9ee777bca717e736d3eecb4813adf
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   121184 e383a9b3187337765fd635eb75333469
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   204172 3a9ee9ae111fb1f6c8b09860869aedbe
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:  1936078 b973fcfa00570b490e3d4884d9c6e825
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_amd64.deb
      Size/MD5 checksum:   204426 999ddfb35f3a0b8a974aeae56c22dc65

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   168074 a836b7a5b37b78aaebcb61ff654e3cf2
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   124986 2e2ca9f9bd5665ac32c42952a452796b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   184962 8fb34805a06ab453ba89d0c23e4f9e5b
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   632686 6c8279f37ffc94cfd53ed83a5c180a8b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:     1038 7d522787331c0e28b5f7c6c1af24cce9
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:  9219618 782774e232a36315020a29df714397a0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   403348 f925ff6457b707657779b5b4fe421cd0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   158366 ac6ba8d892c154c57d71cfe0a208da1a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:  3342412 c4740ddaba9219a6c94ad1d3d2907cbd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   112662 9865794389927f4b199020c5ef66cafe
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   204186 0e66cf4d32d251121edad264c6ed61ae
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:  1604474 c68c19164028881a7e9d190a5a8c73f2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_arm.deb
      Size/MD5 checksum:   169044 99d262cc2a412f938fd62dd5cb80d4aa

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   170346 c96f11b70b94d0f7a5dd198ae0270316
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   137444 d5505057ab521c13c9b9df8faf1898ad
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   187130 fbb5013961c323e1a6eac06a972399fb
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   662236 11505452778ab2a6f62b8b12690e327a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:     1036 c90cf11f05a6db492676075f10455caa
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum: 10346294 690c7568c81116dc99575e67c02c26c7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   403522 31bf91f8cc9a86f67cce7b1bbbd6bc7b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   158376 ee2658cae1ba55a281b06ebde593659a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:  3594716 f8c1546c3530793960246557fbcf382c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   116690 21d708a27dd00ef6f7143e9f9a6cdf73
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   204178 b6a41c12e4c7008177f8746fab92901a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:  1816154 77f5e242fdc4adb1924be7f975a2405c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_i386.deb
      Size/MD5 checksum:   192744 eb2e3a4bc87212eca06c12f1e7d46521

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   168072 7209fb036521f59fd735e703ec79400e
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   174978 10ba506a46b231aeee34dd51510ffee8
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   184954 d3cba059a9c48a693418fd96e791f57e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   967402 052903f29e606cad5e4182773a42d416
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:     1034 152faf535691f3f8ebe217cc0d37422c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum: 12961084 020b12eb88202d7d3ae166ecfa828878
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   403296 bb77bbcaad98b8a86369c72ccc026011
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   158342 f1f091c558fd2d6075373b9472190cf1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:  3378634 2f3091a1d77aee6324eb818ade2c817d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   125590 53ca1454eebe786c7ff1c3f68940d434
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   204164 68889825552d42960a9c047f5db4ead5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:  2302378 c66ad68e4c2ee6d463dcaa1f7e795463
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_ia64.deb
      Size/MD5 checksum:   242830 1fa9d4351819c18bc4b773c682ad74de

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   168076 66d61d5be7abd2e8b74a6c96198e9552
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   157562 0104f3dfd071237a5cfa40c5ee433575
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   184960 999ee07a9b0c90f504d00ca54c139198
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   755388 764a9d45fbf49b17d9d5aadb89d85829
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:     1040 c5b34199e97ffc378d3fd2d9dcf72bea
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum: 12168102 6dec58cb9458522eae398920e9aed844
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   403306 6188aa3503a805bd203c62610c4e3ced
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   158346 44964603e4dbed4635cfb16095665ef7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:  3359148 eb36fb8717e781f36760147898718d94
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   123522 65537d7af21935b0b92749ca351e17be
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   204174 f945cf55aabf0ab174f04e88b4180620
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:  2135256 640e1fbc9bc8a2d5f84ffbbcaee57567
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_hppa.deb
      Size/MD5 checksum:   216396 1fcca2871418d7411b2c247b31a656f7

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   168092 fe86bb2ca8abc891c409057990732610
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   126642 07e87b835240123e3a0b823a34aabe95
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   184984 6cf1417d36748d1a9b9547174b74d177
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   600730 576d83b5963a8ffc881daed75e6c6f6f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:     1044 e28e82a08d4b72b4eecb426a2c19e4e0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:  9712802 98a468557f08faefcfb386e1b03ce53b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   403368 ab30bf829c00290b4cbc3b63786029c2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   158406 77bc46299d455fe392bd60a3037e205f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:  3337004 297f3a2e48d9375a32e90b93a8763871
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   114468 21fe6664bf23421fcba559396134fcf0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   204184 058b99007e3e3fac132353330c464dea
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:  1683152 8948cd6b6c7e1c0da51264f1d7ffb6a0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_m68k.deb
      Size/MD5 checksum:   174924 b2da7692c92862df050caeb6060246f1

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   168072 ef741effd5c0d92bfd1006a067fd420f
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   141500 23dcf154e495b937c76b0d08c8ba3af1
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   184950 573206997817d3b0c52f3f74f0f0935e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   726474 b411fb639491df2df5258b3b23cf115f
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:     1040 2053ec9d35e7de4ddccbc4bd9e068dd3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum: 10735382 04afb86059c770780b2c5ed9574b252a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   403278 b33128eba36459050025687c1b97251d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   158356 2eaa19cd569a150fb0888a905dbfdfa6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:  3358818 d1de9be804d868b1cb6b01ff14818bb5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   117622 b9cbc88e07c6ba01713f573099dcac35
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   204164 c24dc616bc0019537a371281b6c5ce21
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:  1795562 294cae49d1f538a2326de93caf90ef2a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_mips.deb
      Size/MD5 checksum:   189932 5fc63acfb905a864466afc317ad62764

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   168076 52d5bb8de3bcac5af1b9c7161253fc6e
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   141448 759d76f0c1f1a3141aa7e5b6fa738cd2
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   184952 1613e4a0ebb0b01215c3f50622906953
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   715936 dea4e33f2242680a9f6992a7ebe69f69
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:     1042 a1c3ebbbd7ec67a49483b5ac811ef24d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum: 10610812 3c6e191ecd90394cc89d5917f88b3811
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   403296 f0fc353a203378cd9051ffca1c333ee7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   158352 98411cf47fe0952686e12f4be46e7d94
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:  3359336 f7afcef1f79da6078e6430af714f952b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   117208 8fcd67e70a26166aec44114139c4d0e0
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   204170 a706dca773dd6c03e7d700939fc1e96e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:  1777624 f9ec1c606051df270a0f2335857177ad
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_mipsel.deb
      Size/MD5 checksum:   187520 3c28b28ebc6baff0c9bb847a21372e7e

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   168082 13e1e7545eed58e1270a0ab2c2d433ca
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   131994 24dde066f00f91ed7c303768bf5219fe
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   184964 21eff711bbb483906b64e5e168095ed9
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   719692 68fd6243189e634a4b0139384efca743
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:     1046 85e2ca21bc46e736215b4419deaaaeb8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:  9708312 ae32ace9e83f069280dd57e345e9c951
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   403294 713943ac3d06f4b151389688b9344f26
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   158358 e298f882d70323a87942d2a110105336
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:  3341090 64ea6ce84a115bdc20bfa3dcd5b61bfd
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   114598 912e6c2dddf4835bcd5458d8142b012b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   204174 5961f2538d92304d808bdeb36ebfd43b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:  1643146 cffb2e9d9a2dfeccd12e469525e73e21
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_powerpc.deb
      Size/MD5 checksum:   175724 2a597fcb96bd9e8b119f96fc813615e7

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   168068 192a90d8302aba56c5188562e43c11c1
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   157298 12d3bf42c74ef7a00c9d33fa92393e2f
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   184942 849cdda4f8860506bb79f316b89ea365
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   799696 713c51045254abf3d96d55884ee51a6c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:     1034 bcafed934a00cdec70c2f62e083e2bf3
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum: 11332328 b869c3b55f45383a4f050d6190c5d979
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   403292 ef466f1e923cc970a1f6edc5695efe49
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   158348 ffbc21fcb1ee262942f775d04b318d93
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:  3353464 705a66aa8deafe87aaa9d2509358002d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   121344 6b04648d824b662bca6841bd305b50d5
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   204164 b56489b01c9992f25ad694d85e7cc4cc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:  1944778 cc4551e2cb4e07c26843245de31ed270
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_s390.deb
      Size/MD5 checksum:   213600 be9c36068e6449c0e30a233887ea1d07

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   168076 08f44358b647bf2c2ea7f0da859e8ac9
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   129208 18b77b286bfba205e942a72eb2baffab
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   184942 864ce609343d141ade3c922d138f6f78
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   673486 e87272fe32ca15edc9ea340737aa3e0e
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:     1042 7ec6b04120c98b7ab47143fe1141d8d7
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:  9381788 34105262fdd068aafce32b54d5f45236
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   403296 ec09417da44a128602cb441462b28816
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   158350 bbda61175cf8fc0e9cb5ae24da55b9a4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:  3342214 e160009ac134ebd9ff0209176a320429
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   112516 20e88571138978994c7c05528610a790
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   204168 b7b3949f1d80b750efa8f8c2f40c2c6d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:  1583812 48afe1f55a7d4fd35eb4a42619941979
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.1_sparc.deb
      Size/MD5 checksum:   168118 35333e0fd86439304bc49d1eded1c4ae


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE89AKW5ql+IAeqTIRAh+CAJwKZdZNcE27+T4elhU08IZDuaBFHgCffnIp
0lMBTqTg5RcxbmmQrQQ/mLo=
=SzIZ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F49515)

Debian Linux Security Advisory 1159-1 (PacketStormID:F49515)
2006-08-28 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-2779,CVE-2006-3805,CVE-2006-3806,CVE-2006-3807,CVE-2006-3808,CVE-2006-3809,CVE-2006-3810
[点击下载]

Debian Security Advisory 1159-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1159-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 28th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-thunderbird
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807
                 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
BugTraq IDs    : 18228 19181

Several security related problems have been discovered in Mozilla and
derived products such as Mozilla Thunderbird.  The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:

CVE-2006-2779

    Mozilla team members discovered several crashes during testing of
    the browser engine showing evidence of memory corruption which may
    also lead to the execution of arbitrary code.  The last bit of
    this problem will be corrected with the next update.  You can
    prevent any trouble by disabling Javascript.  [MFSA-2006-32]

CVE-2006-3805

    The Javascript engine might allow remote attackers to execute
    arbitrary code.  [MFSA-2006-50]

CVE-2006-3806

    Multiple integer overflows in the Javascript engine might allow
    remote attackers to execute arbitrary code.  [MFSA-2006-50]

CVE-2006-3807

    Specially crafted Javascript allows remote attackers to execute
    arbitrary code.  [MFSA-2006-51]

CVE-2006-3808

    Remote AutoConfig (PAC) servers could execute code with elevated
    privileges via a specially crafted PAC script.  [MFSA-2006-52]

CVE-2006-3809

    Scripts with the UniversalBrowserRead privilege could gain
    UniversalXPConnect privileges and possibly execute code or obtain
    sensitive data.  [MFSA-2006-53]

CVE-2006-3810

    A cross-site scripting vulnerability allows remote attackers to
    inject arbitrary web script or HTML.  [MFSA-2006-54]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.8b.1.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.0.5-1.

We recommend that you upgrade your mozilla-thunderbird package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1.dsc
      Size/MD5 checksum:     1003 04d64af96e791f70b148b47369e78fa8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1.diff.gz
      Size/MD5 checksum:   485519 ee4edfac117a53c5af08ed97fe85fe55
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum: 12848642 4c5bcb9649ff7eec7d4ad6409fccfbce
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum:  3279330 5de619881da404d6846a64e1ab100198
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum:   151606 aca457a945d7a89cc5ad25952db6d32b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum:    33038 f219f0a68ebce04be1a448d582330e36
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum:    88998 349021463f3a1fca2c269044cf3e66ca

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum: 12255144 bacce34b5bc0e00ae8dfdcb6db7effee
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum:  3280524 68041a19610600cd691914971d72e915
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum:   150580 d4cd554373b8cf9695e11b172ccd018c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum:    33032 5c7cc39d0f91f8cbd7dfbcd62f5233ea
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum:    88794 ef6eb382de91c862944b1486e5c343a7

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum: 10342700 42ebac688dbc2943768353f381c48af5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum:  3271408 8d1d920dbc27c50d3cef51653ae67571
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum:   142784 14df28e047604532f99d28d57fd66555
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum:    33052 441a28a0673a0b4a341ea3d2685ef7a7
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum:    80852 608e1e053e2bfd73099f6e853cdc3b11

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum: 11563882 b41abc362fc0ed424a3a4cd6c4fa8ca6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum:  3507108 6c5268e655733613500ee2173f1012ec
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum:   146250 ba9d20e519d188c237b4b7cef17d3bbe
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum:    33052 ef87f87b1ec09d8b1e66591e69895233
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum:    87606 925e4a236ba4230a8e32216a064c3f06

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum: 14624106 a3b234485952ea02ccfdd68133a2cf35
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum:  3291038 a15a8ff3fbc471ed4969bb86e67c3c4c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum:   154934 96ab243eb1e9340a6c04743d761febe8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum:    33034 ef4ff45411db444879bd8171814989e0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum:   106730 975838d769c3c4e9821ee2f2db1f180a

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum: 13565080 e4e770db9c3257e4082f6ba9a4b17942
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum:  3284790 cd7b3d8fa65712084108545b06bf5cf8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum:   152812 a850d4bbfc5412356adb8999e4afd3a2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum:    33046 4b2d523df0b35eaf49c2ee670040a746
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum:    96926 49c2664125f88dcbcf8fc370490f1783

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum: 10791242 efe7adeef2105ee962f60eb09d32be04
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum:  3270798 a64399e4e34ec761ddb064e650432d47
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum:   144566 c368a1f6bda4a639c799903d3bed7c86
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum:    33066 3992b0cab96e959ecea687899f8ef05f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum:    82094 b13852c78fa4f46ff993f3c1e98680dc

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum: 11943796 cb93a2f2fc4dd706defeaea3c18a6b6f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum:  3278794 9acf4f9583972ed1fe2d453e8330233b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum:   147496 07472047d17dabe204412c357bb21169
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum:    33042 b7f0219fc847c1a52b3336aea10b1523
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum:    84296 de6058169bdcaac13f4e44e50d86fcfa

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum: 11811180 7a90700b755f8a9628743c00c5658e01
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum:  3279738 b7599c5e7cb743cfe02f60402beeef4c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum:   147050 e648ba4dcabf8cd85415d259d19f9dc5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum:    33034 9892f5d7755b7b013b825acf7d239b9a
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum:    84184 08802c45278f5d135118b15c261d60ff

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum: 10908332 b4899f52b0b1555eef1a52e29f7ccff0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum:  3269376 138a349de0a5a33317fb12e38fa7048d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum:   144570 8a5fbabc69454577f95fca69d6922183
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum:    33046 eab66e527293d35eeec5a2aa21e34988
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum:    80956 110bbacc7e5b85d32966e8b095d18e49

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum: 12701528 e77cc46c7784b4678e00158c4067fb13
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum:  3279814 9f614f520b7d24b584b4dfdde4d6856c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum:   150872 8ec4f9059a17b2e75afd8cb472dfd7d4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum:    33030 1a9dd5360add1b5c7d3940e44efc72f4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum:    88798 c1fc3eda5995f50df821da0913447ffa

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum: 11176418 d9291799bae4c157fe7f0a9dd86ebcf4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum:  3275086 2a78bb9f76059b034dd1232cdd82dee6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum:   144214 0f03b8b13d7cb6ae6c0eebbec1da6d2b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum:    33056 4b9864766f12b2328b9e6fdfd98a4d0e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum:    82648 c02d426a3ab8f7e704f946d0b0fee7c8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE8n9lW5ql+IAeqTIRAgpiAKCTSJG8bf98rWgKM1d1zfQY78HNCQCghAW6
yE3zyT2KfVUR036bLnDdZo0=
=bqG2
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F48662)

Ubuntu Security Notice 327-1 (PacketStormID:F48662)
2006-07-28 00:00:00
Ubuntu  security.ubuntu.com
advisory,javascript,vulnerability
linux,ubuntu
CVE-2006-3113,CVE-2006-3677,CVE-2006-3801,CVE-2006-3802,CVE-2006-3803,CVE-2006-3805,CVE-2006-3806,CVE-2006-3807,CVE-2006-3808,CVE-2006-3809,CVE-2006-3810,CVE-2006-3811,CVE-2006-3812
[点击下载]

Ubuntu Security Notice USN-327-1 - A multitude of javascript related vulnerabilities have been patched in Firefox.

=========================================================== 
Ubuntu Security Notice USN-327-1              July 27, 2006
firefox vulnerabilities
CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802,
CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807,
CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811,
CVE-2006-3812
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  firefox                      1.5.dfsg+1.5.0.5-0ubuntu6.06

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Please note that Firefox 1.0.8 in Ubuntu 5.10 and Ubuntu 5.04 are also
affected by these problems. Updates for these Ubuntu releases will be
delayed due to upstream dropping support for this Firefox version. We
strongly advise that you disable JavaScript to disable the attack
vectors for most vulnerabilities if you use one of these Ubuntu
versions.

Details follow:

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious URL. (CVE-2006-3113, CVE-2006-3677, CVE-2006-3801,
CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807,
CVE-2006-3809, CVE-2006-3811, CVE-2006-3812)

cross-site scripting vulnerabilities were found in the
XPCNativeWrapper() function and native DOM method handlers. A
malicious web site could exploit these to modify the contents or steal
confidential data (such as passwords) from other opened web pages.
(CVE-2006-3802, CVE-2006-3810)

A bug was found in the script handler for automatic proxy
configuration. A malicious proxy could send scripts which could
execute arbitrary code with the user's privileges. (CVE-2006-3808)

Please see 

  http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

for technical details of these vulnerabilities.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06.diff.gz
      Size/MD5:   174602 7be6f5862219ac4cf44f05733f372f2b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06.dsc
      Size/MD5:     1109 252d6acf45b009008a6bc88166e2632f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5.orig.tar.gz
      Size/MD5: 44067762 749933c002e158576ec15782fc451e43

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_all.deb
      Size/MD5:    49190 850dd650e7f876dd539e605d9b3026c8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_all.deb
      Size/MD5:    50078 c1fa4a40187d9c5b58bd049edb00ce54

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
      Size/MD5: 47269292 167aadc3f03b4e1b7cb9ed826e672983
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
      Size/MD5:  2796768 b54592d0bd736f6ee12a90987771bc59
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
      Size/MD5:   216136 79fa6c69ffb0dd6037e56d1ba538ff64
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
      Size/MD5:    82358 e2e026d582a7b5352cee4453cef0fe45
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
      Size/MD5:  9400544 a9d0b804a4374dc636bb79968a2bce5c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
      Size/MD5:   218822 a09476caea7d8d73d6a2f534bd494493
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
      Size/MD5:   161876 0e0e65348dba8167b4891b173baa8f0d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
      Size/MD5:   235746 064fc1434a315f857ee92f60fd49d772
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
      Size/MD5:   757458 bd6a5e28e05a04a5deca731ab29f70e4

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
      Size/MD5: 43837610 a7e4a535262f8a5d5cb0ace7ed785237
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
      Size/MD5:  2796700 4509dbf62e3fd2cda7168c20aa65ba4f
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
      Size/MD5:   209546 50e174c1c7290fca51f9e1ee71ebb56c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
      Size/MD5:    74732 25ba86caeeb1a88da4493875178a3636
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
      Size/MD5:  7916536 40ebfe4330af25c2359f8b25b039ed5e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
      Size/MD5:   218822 6066f59acbce1b4de2dc284b5801efc5
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
      Size/MD5:   146570 c1a5c5cc4371b228093d03d9ed7ad607
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
      Size/MD5:   235754 0e9a1a89f63a9869b875ee6a50547c2b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
      Size/MD5:   669556 d537a4771b80e5c06f18b2c5d7e5d384

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
      Size/MD5: 48648192 479d29e08ff2b9cef89a6da3285c0aad
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
      Size/MD5:  2796790 60b97738bfc3b8b32914487bb4aba239
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
      Size/MD5:   212982 a396e119a32303afc024d513b997c84e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
      Size/MD5:    77894 ef7841bb2ab8de0e0c44e59c893b1622
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
      Size/MD5:  9019132 ed3927484eea5fccf84a2840640febf3
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
      Size/MD5:   218826 a2338c3c8064a304deb752bf32a291f8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
      Size/MD5:   159112 7d5d6100727ceb894695b219cec11e43
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
      Size/MD5:   235754 69085beb145222fea07d2d6c19158a2d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
      Size/MD5:   768332 8dc6cc8c54185d57af14bab3bee39f9d

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
      Size/MD5: 45235424 f5a07188af5802fffbd3cfdd64b109cf
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
      Size/MD5:  2796756 cb13c7ea0e3b7af2f1e12db1f8dc38a2
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
      Size/MD5:   210488 17f7723b697110c8f132422bc059d447
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
      Size/MD5:    76340 c38ccb8b71b9c3783a1c9816ecd9cf5d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
      Size/MD5:  8411310 4b3865b2df3924d094e0b18f207bf33d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
      Size/MD5:   218814 a0e67d0d425cea2cd5835e2c2faa930f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
      Size/MD5:   149018 73108368f0ef745188ebd1c48ea10c88
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
      Size/MD5:   235746 695a6122710fb30201daaa239ba6d48d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
      Size/MD5:   681612 896721beb3cdcea12bab98223c0796c2
    

- 漏洞信息 (F48661)

Technical Cyber Security Alert 2006-208A (PacketStormID:F48661)
2006-07-28 00:00:00
US-CERT  cert.org
advisory,remote,web,arbitrary,vulnerability
CVE-2006-3801,CVE-2006-3677,CVE-2006-3113,CVE-2006-3803,CVE-2006-3805,CVE-2006-3804,CVE-2006-3806,CVE-2006-3807,CVE-2006-3811
[点击下载]

Technical Cyber Security Alert TA06-208A - The Mozilla web browser and derived products contain several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                        National Cyber Alert System

                 Technical Cyber Security Alert TA06-208A


Mozilla Products Contain Multiple Vulnerabilities

   Original release date: July 27, 2006
   Last revised: --
   Source: US-CERT


Systems Affected

     * Mozilla SeaMonkey
     * Mozilla Firefox
     * Mozilla Thunderbird

   Any products based on Mozilla components, specifically Gecko, may also
   be affected.


Overview

   The Mozilla web browser and derived products contain several
   vulnerabilities, the most serious of which could allow a remote
   attacker to execute arbitrary code on an affected system.


I. Description

   Several vulnerabilities have been reported in the Mozilla web browser
   and derived products. More detailed information is available in the
   individual vulnerability notes, including the following:


   VU#476724 - Mozilla products fail to properly handle frame references 

   Mozilla products fail to properly handle frame or window references.
   This may allow a remote attacker to execute arbitrary code on a
   vulnerable system.
   (CVE-2006-3801)


   VU#670060 - Mozilla fails to properly release JavaScript references 

   Mozilla products fail to properly release memory. This vulnerability
   may allow a remote attacker to execute code on a vulnerable system.
   (CVE-2006-3677)


   VU#239124 - Mozilla fails to properly handle simultaneous XPCOM events
   
   Mozilla products are vulnerable to memory corruption via simultaneous
   XPCOM events. This may allow a remote attacker to execute arbitrary
   code on a vulnerable system.
   (CVE-2006-3113)


   VU#265964 - Mozilla products contain a race condition 

   Mozilla products contain a race condition. This vulnerability may
   allow a remote attacker to execute code on a vulnerable system.
   (CVE-2006-3803)


   VU#897540 - Mozilla products VCard attachment buffer overflow 

   Mozilla products fail to properly handle malformed VCard attachments,
   allowing a buffer overflow to occur. This vulnerability may allow a
   remote attacker to execute arbitrary code on a vulnerable system.
   (CVE-2006-3804)


   VU#876420 - Mozilla fails to properly handle garbage collection 

   The Mozilla JavaScript engine fails to properly perform garbage
   collection, which may allow a remote attacker to execute arbitrary
   code on a vulnerable system.
   (CVE-2006-3805)


   VU#655892 - Mozilla JavaScript engine contains multiple integer
   overflows 

   The Mozilla JavaScript engine contains multiple integer overflows.
   This vulnerability may allow a remote attacker to execute arbitrary
   code on a vulnerable system.
   (CVE-2006-3806)


   VU#687396 - Mozilla products fail to properly validate JavaScript
   constructors 

   Mozilla products fail to properly validate references returned by
   JavaScript constructors. This vulnerability may allow a remote
   attacker to execute arbitrary code on a vulnerable system.
   (CVE-2006-3807)


   VU#527676 - Mozilla contains multiple memory corruption
   vulnerabilities 

   Mozilla products contain multiple vulnerabilities that can cause
   memory corruption. This may allow a remote attacker to execute
   arbitrary code on a vulnerable system.
   (CVE-2006-3811)


II. Impact

   A remote, unauthenticated attacker could execute arbitrary code on a
   vulnerable system. An attacker may also be able to cause the
   vulnerable application to crash.


III. Solution

Upgrade

   Upgrade to Mozilla Firefox 1.5.0.5, Mozilla Thunderbird 1.5.0.5, or
   SeaMonkey 1.0.3.

Disable JavaScript and Java

   These vulnerabilities can be mitigated by disabling JavaScript and
   Java in all affected products. Instructions for disabling Java in
   Firefox can be found in the "Securing Your Web Browser" document.


Appendix A. References

     * US-CERT Vulnerability Notes Related to July Mozilla Security
       Advisories -
       <http://www.kb.cert.org/vuls/byid?searchview&query=firefox_1505>

     * CVE-2006-3081 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801>

     * CVE-2006-3677 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677>

     * CVE-2006-3113 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113>

     * CVE-2006-3803 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803>

     * CVE-2006-3804 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804>

     * CVE-2006-3805 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805>

     * CVE-2006-3806 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806>

     * CVE-2006-3807 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807>

     * CVE-2006-3811 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811>

     * Mozilla Foundation Security Advisories -
       <http://www.mozilla.org/security/announce/>

     * Known Vulnerabilities in Mozilla Products -
       <http://www.mozilla.org/projects/security/known-vulnerabilities.html>

     * Securing Your Web Browser -
       <http://www.us-cert.gov/reading_room/securing_browser/browser_security.html#Mozilla_Firefox>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA06-208A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA06-208A Feedback VU#239124" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2006 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   Jul 27, 2006: Initial release


    
    

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRMkgNexOF3G+ig+rAQIFsAgAoWoMkxxhkzb+xgLVCJF7h4k4EBCgJGWa
BSOiFfL4Gs4vv4lNooDRCIOdxiBfXYL71XsIOT4aWry5852/6kyYnyAiXXYj1Uv0
SbPY2sQSZ5EaG+G9i8HDIy3fpJN4XgH3ng1uzUnJihY19IfndbXicpZE+debIUri
qt9NRD2f5FW5feKo1cBpYxtmxQAEePOa2dJHh7I7cnFGtG3MixHx4kVEyuYUutCX
5tHDsfTIdySNkIdCQ4vhk846bErB/kaHiKMQDfMglllb3GOSc07OQ0CDo2eTPVsA
9DtKkiDP1C4dh1mxco8CWlS6327+EB0KXGGoqDF2+j/rrpsW0oc8nA==
=HwuK
-----END PGP SIGNATURE-----
    

- 漏洞信息

27568
Mozilla Multiple Products Standard Object() Constructor Manipulation Privilege Escalation
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-07-25 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站