Multiple security vulnerabilities have been identified in the
mozilla-firefox web browser. These vulnerabilities could allow an
attacker to execute code on the victim’s machine via specially crafted
network resources.
- CAN-2005-2701
Heap overrun in XBM image processing
- CAN-2005-2702
Denial of service (crash) and possible execution of arbitrary
code via Unicode sequences with “zero-width non-joiner”
characters.
- CAN-2005-2703
XMLHttpRequest header spoofing
- CAN-2005-2704
Object spoofing using XBL <implements>
- CAN-2005-2705
JavaScript integer overflow
- CAN-2005-2706
Privilege escalation using about: scheme
- CAN-2005-2707
Chrome window spoofing allowing windows to be created without
UI components such as a URL bar or status bar that could be
used to carry out phishing attacks
For the stable distribution (sarge), these problems have been fixed in
version 1.0.4-2sarge5.
For the unstable distribution (sid), these problems have been fixed in
version 1.0.7-1.
We recommend that you upgrade your mozilla-firefox package.