Package: firefox Version: 1.5.dfsg+1.5.0.2-3 Severity: grave -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The following advisory was published recently: http://www.securident.com/vuln/ff.txt [..] Result: Firefox Remote Code Execution and Denial of Service - Vendor contacted, no patch yet. Problem: A handling issue exists in how Firefox handles certain Javascript in js320.dll and xpcom_core.dll regarding iframe.contentWindow.focus(). By manipulating this feature a buffer overflow will occur. [..] I initally set this report to grave. Regards, Daniel - -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (110, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15.08060320 Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) Versions of packages firefox depends on: ii debianutils 2.15.7 Miscellaneous utilities specific t ii fontconfig 2.3.2-5.1 generic font configuration library ii libatk1.0-0 1.11.4-1 The ATK accessibility toolkit ii libc6 2.3.6-7 GNU C Library: Shared libraries ii libcairo2 1.0.4-1+b1 The Cairo 2D vector graphics libra ii libfontconfig1 2.3.2-5.1 generic font configuration library ii libfreetype6 2.1.10-3 FreeType 2 font engine, shared lib ii libgcc1 1:4.1.0-1+b1 GCC support library ii libglib2.0-0 2.10.2-1 The GLib library of C routines ii libgtk2.0-0 2.8.17-1 The GTK+ graphical user interface ii libidl0 0.8.6-1 library for parsing CORBA IDL file ii libjpeg62 6b-12 The Independent JPEG Group's JPEG ii libpango1.0-0 1.12.1-2 Layout and rendering of internatio ii libpng12-0 1.2.8rel-5.1 PNG library - runtime ii libstdc++6 4.1.0-1+b1 The GNU Standard C++ Library v3 ii libx11-6 2:1.0.0-6 X11 client-side library ii libxcursor1 1.1.5.2-5 X cursor management library ii libxext6 1:1.0.0-4 X11 miscellaneous extension librar ii libxfixes3 1:3.0.1.2-4 X11 miscellaneous 'fixes' extensio ii libxft2 2.1.8.2-6 FreeType-based font drawing librar ii libxi6 1:1.0.0-5 X11 Input extension library ii libxinerama1 1:1.0.1-4 X11 Xinerama extension library ii libxrandr2 2:1.1.0.2-4 X11 RandR extension library ii libxrender1 1:0.9.0.2-4 X Rendering Extension client libra ii libxt6 1:1.0.0-4 X11 toolkit intrinsics library ii psmisc 22.2-1 Utilities that use the proc filesy ii zlib1g 1:1.2.3-11 compression library - runtime firefox recommends no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFETobcdg0kG0+YFBERAmWjAJ4qLn54eEqo1M7KTyO/xUbsFoc6mACfQ/cM KmgZleZqoM3hqv6dXkY0xxI= =Zqis -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
