GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Sep 28, 2006 8:26 pm Post subject: [ GLSA 200609-19 ] Mozilla Firefox: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: Mozilla Firefox: Multiple vulnerabilities (GLSA 200609-19)
Severity: normal
Exploitable: remote
Date: September 28, 2006
Bug(s): #147652
ID: 200609-19
Synopsis
The Mozilla Foundation has reported numerous vulnerabilities in Mozilla Firefox, including one that may allow execution of arbitrary code.
Background
Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform, stand-alone browser application.
Affected Packages
Package: www-client/mozilla-firefox
Vulnerable: < 1.5.0.7
Unaffected: >= 1.5.0.7
Architectures: All supported architectures
Package: www-client/mozilla-firefox-bin
Vulnerable: < 1.5.0.7
Unaffected: >= 1.5.0.7
Architectures: All supported architectures
Description
A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below.
Impact
The most severe vulnerability involves enticing a user to visit a malicious website, crashing the browser and executing arbitrary code with the rights of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.7" |
Users of the binary package should upgrade as well: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.7" |
References
CVE-2006-4253
CVE-2006-4340
CVE-2006-4565
CVE-2006-4566
CVE-2006-4567
CVE-2006-4568
CVE-2006-4569
CVE-2006-4571
Last edited by GLSA on Mon May 11, 2009 4:17 am; edited 2 times in total |
|
News & Announcements
