DSA 1046-1: New Mozilla packages fix several vulnerabilities
Posted on: 04/27/2006 08:32 AM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1046-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 27th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : mozilla
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293 CVE-2006-0296
CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1045 CVE-2006-1529
CVE-2006-1530 CVE-2006-1531 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727
CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1733
CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738
CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790
CERT advisories: VU#179014 VU#252324 VU#329500 VU#350262 VU#488774 VU#492382 VU#592425
VU#736934 VU#813230 VU#842094 VU#932734 VU#935556
BugTraq IDs : 15773 16476 16476 16770 16881 17516

Several security related problems have been discovered in Mozilla.
The Common Vulnerabilities and Exposures project identifies the
following vulnerabilities:

CVE-2005-2353

The "run-mozilla.sh" script allows local users to create or
overwrite arbitrary files when debugging is enabled via a symlink
attack on temporary files.

CVE-2005-4134

Web pages with extremely long titles cause subsequent launches of
the browser to appear to "hang" for up to a few minutes, or even
crash if the computer has insufficient memory. [MFSA-2006-03]

CVE-2006-0292

The Javascript interpreter does not properly dereference objects,
which allows remote attackers to cause a denial of service or
execute arbitrary code. [MFSA-2006-01]

CVE-2006-0293

The function allocation code allows attackers to cause a denial of
service and possibly execute arbitrary code. [MFSA-2006-01]

CVE-2006-0296

XULDocument.persist() did not validate the attribute name,
allowing an attacker to inject arbitrary XML and JavaScript code
into localstore.rdf that would be read and acted upon during
startup. [MFSA-2006-05]

CVE-2006-0748

An anonymous researcher for TippingPoint and the Zero Day
Initiative reported that an invalid and nonsensical ordering of
table-related tags can be exploited to execute arbitrary code.
[MFSA-2006-27]

CVE-2006-0749

A particular sequence of HTML tags can cause memory corruption
that can be exploited to exectute arbitary code. [MFSA-2006-18]

CVE-2006-0884

Georgi Guninski reports that forwarding mail in-line while using
the default HTML "rich mail" editor will execute JavaScript
embedded in the e-mail message with full privileges of the client.
[MFSA-2006-21]

CVE-2006-1045

The HTML rendering engine does not properly block external images
from inline HTML attachments when "Block loading of remote images
in mail messages" is enabled, which could allow remote attackers
to obtain sensitive information. [MFSA-2006-26]

CVE-2006-1529

A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]

CVE-2006-1530

A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]

CVE-2006-1531

A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]

CVE-2006-1723

A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]

CVE-2006-1724

A vulnerability potentially allows remote attackers to cause a
denial of service and possibly execute arbitrary. [MFSA-2006-20]

CVE-2006-1725

Due to an interaction between XUL content windows and the history
mechanism, some windows may to become translucent, which might
allow remote attackers to execute arbitrary code. [MFSA-2006-29]

CVE-2006-1726

"shutdown" discovered that the security check of the function
js_ValueToFunctionObject() can be circumvented and exploited to
allow the installation of malware. [MFSA-2006-28]

CVE-2006-1727

Georgi Guninski reported two variants of using scripts in an XBL
control to gain chrome privileges when the page is viewed under
"Print Preview".under "Print Preview". [MFSA-2006-25]

CVE-2006-1728

"shutdown" discovered that the crypto.generateCRMFRequest method
can be used to run arbitrary code with the privilege of the user
running the browser, which could enable an attacker to install
malware. [MFSA-2006-24]

CVE-2006-1729

Claus Jørgensen reported that a text input box can be pre-filled
with a filename and then turned into a file-upload control,
allowing a malicious website to steal any local file whose name
they can guess. [MFSA-2006-23]

CVE-2006-1730

An anonymous researcher for TippingPoint and the Zero Day
Initiative discovered an integer overflow triggered by the CSS
letter-spacing property, which could be exploited to execute
arbitrary code. [MFSA-2006-22]

CVE-2006-1731

"moz_bug_r_a4" discovered that some internal functions return
prototypes instead of objects, which allows remote attackers to
conduct cross-site scripting attacks. [MFSA-2006-19]

CVE-2006-1732

"shutdown" discovered that it is possible to bypass same-origin
protections, allowing a malicious site to inject script into
content from another site, which could allow the malicious page to
steal information such as cookies or passwords from the other
site, or perform transactions on the user's behalf if the user
were already logged in. [MFSA-2006-17]

CVE-2006-1733

"moz_bug_r_a4" discovered that the compilation scope of privileged
built-in XBL bindings is not fully protected from web content and
can still be executed which could be used to execute arbitrary
JavaScript, which could allow an attacker to install malware such
as viruses and password sniffers. [MFSA-2006-16]

CVE-2006-1734

"shutdown" discovered that it is possible to access an internal
function object which could then be used to run arbitrary
JavaScriptcode with full permissions of the user running the
browser, which could be used to install spyware or viruses.
[MFSA-2006-15]

CVE-2006-1735

It is possible to create JavaScript functions that would get
compiled with the wrong privileges, allowing an attacker to run
code of their choice with full permissions of the user running the
browser, which could be used to install spyware or viruses.
[MFSA-2006-14]

CVE-2006-1736

It is possible to trick users into downloading and saving an
executable file via an image that is overlaid by a transparent
image link that points to the executable. [MFSA-2006-13]

CVE-2006-1737

An integer overflow allows remote attackers to cause a denial of
service and possibly execute arbitrary bytecode via JavaScript
with a large regular expression. [MFSA-2006-11]

CVE-2006-1738

An unspecified vulnerability allows remote attackers to cause a
denial of service. [MFSA-2006-11]

CVE-2006-1739

Certain Cascading Style Sheets (CSS) can cause an out-of-bounds
array write and buffer overflow that could lead to a denial of
service and the possible execution of arbitrary code. [MFSA-2006-11]

CVE-2006-1740

It is possible for remote attackers to spoof secure site
indicators such as the locked icon by opening the trusted site in
a popup window, then changing the location to a malicious site.
[MFSA-2006-12]

CVE-2006-1741

"shutdown" discovered that it is possible to inject arbitrary
JavaScript code into a page on another site using a modal alert to
suspend an event handler while a new page is being loaded. This
could be used to steal confidential information. [MFSA-2006-09]

CVE-2006-1742

Igor Bukanov discovered that the JavaScript engine does not
properly handle temporary variables, which might allow remote
attackers to trigger operations on freed memory and cause memory
corruption, causing memory corruption. [MFSA-2006-10]

CVE-2006-1790

A regression fix that could lead to memory corruption allows
remote attackers to cause a denial of service and possibly execute
arbitrary code. [MFSA-2006-11]

For the stable distribution (sarge) these problems have been fixed in
version 1.7.8-1sarge5.

For the unstable distribution (sid) these problems will be fixed in
version 1.7.13-1.

We recommend that you upgrade your Mozilla packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5.dsc
Size/MD5 checksum: 1123 b486e464eae65686c7b15f50f77cb767
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5.diff.gz
Size/MD5 checksum: 472258 0aa0d6b2edcd13fa83ce9ed271a0724f
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_alpha.deb
Size/MD5 checksum: 168068 7ed348802218aae8f17044f1938ad609
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_alpha.deb
Size/MD5 checksum: 146702 f3229e78b1ad87a9c8e2bad153faa5a3
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_alpha.deb
Size/MD5 checksum: 184934 6f62bafa779c954315d04b385eeded59
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_alpha.deb
Size/MD5 checksum: 856276 ab399c2ed74a5b13deb58aaad3d49087
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_alpha.deb
Size/MD5 checksum: 1032 e4569c9693441a0edb94ee11912dad30
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_alpha.deb
Size/MD5 checksum: 11477828 62b8bda344ef70da1c47de2adc23dd4a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_alpha.deb
Size/MD5 checksum: 403276 2978138077e4a2ecad90dd0e8c856709
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_alpha.deb
Size/MD5 checksum: 158332 364e72f576f30e42fe8bfa8e1fba365c
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_alpha.deb
Size/MD5 checksum: 3357226 6956cd03cbeda6aa147c984e5fd8317d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_alpha.deb
Size/MD5 checksum: 122282 ac007b2334d2c4f61585b9059e2c8ab3
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_alpha.deb
Size/MD5 checksum: 204160 bb0fc8af6b06e34ac81a32d04c9c3cef
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_alpha.deb
Size/MD5 checksum: 1937094 f7881427bd1afc9371f2a577a02080e9
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_alpha.deb
Size/MD5 checksum: 212402 1df52addc8f7c47b6681abd51e331f41

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_amd64.deb
Size/MD5 checksum: 168066 bd11d5d2dcd7e78621de4ae0c03ed6b8
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_amd64.deb
Size/MD5 checksum: 145798 518a796a9423412004eed5ac6c756d61
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_amd64.deb
Size/MD5 checksum: 184930 b6d7c90efdfe1c52bfbb6c47cdcf1244
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_amd64.deb
Size/MD5 checksum: 714636 086b722ae6d2aa33ebcaa4101fd0751b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_amd64.deb
Size/MD5 checksum: 1030 d62e40f94f76fe6780cd517eaceeec7d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_amd64.deb
Size/MD5 checksum: 10945270 2abf8d616e8b889e29f4afea01032679
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_amd64.deb
Size/MD5 checksum: 403266 66e021c850ef757ce9a2a0ebf30e462a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_amd64.deb
Size/MD5 checksum: 158326 14b7ddf2988885d66b85bd7458fa98ad
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_amd64.deb
Size/MD5 checksum: 3351216 9221380d16e886cae475efb410429c3f
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_amd64.deb
Size/MD5 checksum: 121176 98f3f0e73d27e92d2f951c892b528bbe
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_amd64.deb
Size/MD5 checksum: 204152 ef08d9bbbb26b9c6bdda0bbf8e698299
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_amd64.deb
Size/MD5 checksum: 1936008 339c98bcc87876a27b0ca0dacb6ef0cc
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_amd64.deb
Size/MD5 checksum: 204336 b25851b6c4ae6818918a0b80507eec2d

ARM architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_arm.deb
Size/MD5 checksum: 168068 863d83042249fbb53cb5570a5fd03f12
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_arm.deb
Size/MD5 checksum: 124162 eed0ab266786523a435d87925369370f
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_arm.deb
Size/MD5 checksum: 184952 2d6919422ee7aa37b28d2bf6bc942f5f
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_arm.deb
Size/MD5 checksum: 631844 c44b2cf0e0ae4ccc927a41ab6eb25380
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_arm.deb
Size/MD5 checksum: 1030 4d0eb279d61409bb9bbcaa7e8f785471
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_arm.deb
Size/MD5 checksum: 9207420 46aff4f2b0913d187048f19bc59f6e1e
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_arm.deb
Size/MD5 checksum: 403314 17d6accdd639278bad64e9e4042013e2
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_arm.deb
Size/MD5 checksum: 158382 5f900a4d4627d27289dc53aaa32e90da
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_arm.deb
Size/MD5 checksum: 3340838 a4ce703b7b9f05440ba72b7dd177cdd9
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_arm.deb
Size/MD5 checksum: 112674 8426b940dab4c2339a2894dc09584028
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_arm.deb
Size/MD5 checksum: 204184 e0f3e9a65adb373574cafe68b75a7f57
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_arm.deb
Size/MD5 checksum: 1604382 43b950f85fb316f1bc0d773ef25c6a85
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_arm.deb
Size/MD5 checksum: 168862 6245436dde393fbb8526d622d6372b96

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_i386.deb
Size/MD5 checksum: 170350 1890d8f6cf1f6d7d3f24862b8b236d5e
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_i386.deb
Size/MD5 checksum: 136640 cb2ab0bf38cc5afff64327cbf4f79fbe
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_i386.deb
Size/MD5 checksum: 187128 af578fd816c0534baa15529168dd1170
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_i386.deb
Size/MD5 checksum: 661394 3a94641ec0f1b8bebbed0b428f40e3e8
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_i386.deb
Size/MD5 checksum: 1030 42b5cb15c988c9d2328e6be2266dda42
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_i386.deb
Size/MD5 checksum: 10332780 89748f75d483a5b4905e842cf85081a6
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_i386.deb
Size/MD5 checksum: 403506 3b03c89eec36142148548f7cd64e5d12
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_i386.deb
Size/MD5 checksum: 158344 d36c1032ddd6ba8051ad27786662525a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_i386.deb
Size/MD5 checksum: 3592688 f30a67ca521067cde834d346b4646c1b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_i386.deb
Size/MD5 checksum: 116678 dda364a06fa45c104c5222988b826a6b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_i386.deb
Size/MD5 checksum: 204156 2a7e71b2393ddee06457536053b6f426
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_i386.deb
Size/MD5 checksum: 1816066 cdc0f8d06a00c14337ad20178284685c
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_i386.deb
Size/MD5 checksum: 192632 26c12b2f1e572cc70ab80fae0a20d75f

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_ia64.deb
Size/MD5 checksum: 168070 088af473a08b7478a172e483ffe0a3cb
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_ia64.deb
Size/MD5 checksum: 174160 255499b7e29813343a088957bc4e450e
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_ia64.deb
Size/MD5 checksum: 184942 6ebb70d67e23a8ff659ec788048c558d
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_ia64.deb
Size/MD5 checksum: 966574 fa7081da19e2c59b89c5b47d70314a38
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_ia64.deb
Size/MD5 checksum: 1032 dac2c365bc58d57275205fbecd04d2f2
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_ia64.deb
Size/MD5 checksum: 12943234 f0e1ea934e597443636be3dc1f8323bc
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_ia64.deb
Size/MD5 checksum: 403274 d519dfad807b19794742e6723f6872c8
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_ia64.deb
Size/MD5 checksum: 158334 c729929af3c1879ab058541227487677
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_ia64.deb
Size/MD5 checksum: 3377040 de356df345ed8ab5ce2a970827990b0d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_ia64.deb
Size/MD5 checksum: 125582 9975c43ca6954d98309ab11ac03aadd4
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_ia64.deb
Size/MD5 checksum: 204158 fa835bffaf5008bccdcd62ff2114a481
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_ia64.deb
Size/MD5 checksum: 2302210 db2d6cd804c0372eafba307436cd9296
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_ia64.deb
Size/MD5 checksum: 242664 b8a9d7bba6700b6cb700187bbed51102

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_hppa.deb
Size/MD5 checksum: 168076 e744a5d49021e510fa29396332c5490f
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_hppa.deb
Size/MD5 checksum: 156738 c856122cc9fa2e985882f624ec57df99
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_hppa.deb
Size/MD5 checksum: 184946 74cb243dddf99e01bc525efebc9fd96b
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_hppa.deb
Size/MD5 checksum: 754578 b940f076bd46aff2f6418828503a2afc
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_hppa.deb
Size/MD5 checksum: 1036 37b2840edf5a86c22ba5dab71452f300
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_hppa.deb
Size/MD5 checksum: 12162800 74b60c8375cc5d2c379fc4e586526bc7
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_hppa.deb
Size/MD5 checksum: 403282 c138582e5075ee91ffbdba982acce035
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_hppa.deb
Size/MD5 checksum: 158338 4ad85659f4aae7580c71a8457128e3c4
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_hppa.deb
Size/MD5 checksum: 3357886 b8891334da36453c8e5619fe0896f2af
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_hppa.deb
Size/MD5 checksum: 123502 195bf5cd60cabb129d9ed04bf100241d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_hppa.deb
Size/MD5 checksum: 204160 c26281b91291c131ad3fb2f1565caa6d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_hppa.deb
Size/MD5 checksum: 2135138 b0883259ed740bcd41bf43ae4680e1b8
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_hppa.deb
Size/MD5 checksum: 216144 d73d1e1d42427175d865021d69422f8b

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_m68k.deb
Size/MD5 checksum: 168092 398298d8ffad737508ed118d4d69d112
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_m68k.deb
Size/MD5 checksum: 125818 2099631f9bd235623d98a32fa45b34d6
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_m68k.deb
Size/MD5 checksum: 184984 542adc7ea5dac9443e87d2b72023fc80
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_m68k.deb
Size/MD5 checksum: 599936 fada9efe3f62935cbb4ea56cd889e73f
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_m68k.deb
Size/MD5 checksum: 1046 2de17261893fc2e2697bbe35b59d768e
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_m68k.deb
Size/MD5 checksum: 9703464 afcf7cec434793064c55e67cfea1f441
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_m68k.deb
Size/MD5 checksum: 403358 3890cf07cef780ae34a7e294225db0db
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_m68k.deb
Size/MD5 checksum: 158380 b213d524e1473ab78ee23a556afb48ac
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_m68k.deb
Size/MD5 checksum: 3335462 13fc8f2927e661e55e6bd63490bbbab8
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_m68k.deb
Size/MD5 checksum: 114470 14ec6e7861bf73f3b7f82b91b86cf567
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_m68k.deb
Size/MD5 checksum: 204180 73817862c43af283a652039ba5b45cd1
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_m68k.deb
Size/MD5 checksum: 1683074 ab15cea98788c380e269a94d2df5472a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_m68k.deb
Size/MD5 checksum: 174748 23a6847a17c4d7e3bf6ef072798e8239

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_mips.deb
Size/MD5 checksum: 168074 958f2c3227b801f01d1166a54187ee41
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_mips.deb
Size/MD5 checksum: 140686 2244af2acdc2844be99005e4e3f0d121
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_mips.deb
Size/MD5 checksum: 184960 54829d9c8798df955039c7268b25392a
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_mips.deb
Size/MD5 checksum: 725672 2310546bc1cbe2df5a6c1fef62ce1ccf
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_mips.deb
Size/MD5 checksum: 1032 6a43b5ff3f81433a162dd200ea052fcb
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_mips.deb
Size/MD5 checksum: 10728020 4caf72ce0e493eaf1b9a5fdf0ae57d6e
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_mips.deb
Size/MD5 checksum: 403274 d4c7bd6d0638bffa0c5d2c23cf080611
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_mips.deb
Size/MD5 checksum: 158336 d1d77d961279da110d01de630e53846b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_mips.deb
Size/MD5 checksum: 3357194 94993156be09ad11712075d917d21660
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_mips.deb
Size/MD5 checksum: 117610 77ca046034494b735a10028e5af8eed5
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_mips.deb
Size/MD5 checksum: 204150 f6b3f0d0bfc84aa27a24beee692c9932
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_mips.deb
Size/MD5 checksum: 1795504 2d34d3ff2dd99a2d0089c1eca53b0579
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_mips.deb
Size/MD5 checksum: 189880 2cb68bac9a41b14e627426ebb1405fd1

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_mipsel.deb
Size/MD5 checksum: 168082 c1eba053c4a1c0421ea508b29fbaa683
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_mipsel.deb
Size/MD5 checksum: 140636 a2474b059a8c1e4845922102cc1d58d8
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_mipsel.deb
Size/MD5 checksum: 184940 4a7289c8753105101fe9b0862e3aad71
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_mipsel.deb
Size/MD5 checksum: 715106 67e1dc2600da37597fb75e22b7875a6d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_mipsel.deb
Size/MD5 checksum: 1038 d0f622dcb3b5b41b62986c3c7c338370
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_mipsel.deb
Size/MD5 checksum: 10603070 6a6966022c2f8a8ab2807e656043e39a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_mipsel.deb
Size/MD5 checksum: 403296 6b7722ec5a34cae5f221c3958dc65bc1
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_mipsel.deb
Size/MD5 checksum: 158342 87c0d4a874ca1aa5e3be85e2249dbe6b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_mipsel.deb
Size/MD5 checksum: 3357982 a7258380f1f7fcc380d2a8161cc1b803
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_mipsel.deb
Size/MD5 checksum: 117204 e77b1061daa3c8a762b9bd0a58f340ee
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_mipsel.deb
Size/MD5 checksum: 204162 b2e72e6b19f1092e84f2977291e782bf
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_mipsel.deb
Size/MD5 checksum: 1777610 f88abea35dc9ac1c7760d2ae8761303a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_mipsel.deb
Size/MD5 checksum: 187444 37c35256b507720467747edfd7ad6606

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_powerpc.deb
Size/MD5 checksum: 168078 e8a320169dd21bd2653f2e1cceacaea8
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_powerpc.deb
Size/MD5 checksum: 131146 01deac585f851b2b22d117db76271f69
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_powerpc.deb
Size/MD5 checksum: 184928 69c925958815b6a0b66d67660e530d21
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_powerpc.deb
Size/MD5 checksum: 718850 182c8077cedbd4b17e519bf9d4340ddf
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_powerpc.deb
Size/MD5 checksum: 1038 8492a6da8120bcd6498c1cf5b5e7bb29
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_powerpc.deb
Size/MD5 checksum: 9703116 df00589069a7994886b37154a83ba48a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_powerpc.deb
Size/MD5 checksum: 403294 3530285f43e66537f891885855b56a4a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_powerpc.deb
Size/MD5 checksum: 158344 f0158562b460aa36a08f24b3c6a828c5
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_powerpc.deb
Size/MD5 checksum: 3339658 0d6d999cd0559fd93be3257664ad9165
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_powerpc.deb
Size/MD5 checksum: 114598 bf235995c329c00a51416cb6d9996fad
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_powerpc.deb
Size/MD5 checksum: 204166 2156c81a5e15e4444d2c5be22ee066a8
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_powerpc.deb
Size/MD5 checksum: 1642978 409eb5485153365138f9d130db5a0bf5
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_powerpc.deb
Size/MD5 checksum: 175672 d148c3a307177bd5a88d211c554c515f

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_s390.deb
Size/MD5 checksum: 168062 f336a2de372d02f5dad5673afd3b6e19
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_s390.deb
Size/MD5 checksum: 156458 71cc856f65e80354b508799a720d2223
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_s390.deb
Size/MD5 checksum: 184956 46fe112fa61e011e2fb79cff847378cb
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_s390.deb
Size/MD5 checksum: 798872 7d02d09328a985bed9aaa3f603c56b72
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_s390.deb
Size/MD5 checksum: 1036 7d25a776a8f9e3467060085df346a772
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_s390.deb
Size/MD5 checksum: 11325484 cad88ede93803739d98498f4b43c74c2
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_s390.deb
Size/MD5 checksum: 403292 fc353648cb5e5fabf0b07211729fb8c7
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_s390.deb
Size/MD5 checksum: 158346 e173c32ab6b9a1904f0236fb00ce836f
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_s390.deb
Size/MD5 checksum: 3352214 ca96b4f7ee3c1498904a567a6462778d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_s390.deb
Size/MD5 checksum: 121378 c33f1b9d5907dd6422a0ecb38c6f714a
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_s390.deb
Size/MD5 checksum: 204166 e4f8a67148cf7b703c280ec91f289298
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_s390.deb
Size/MD5 checksum: 1944742 31da3121c50c27f4df3be7939cbe7324
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_s390.deb
Size/MD5 checksum: 213446 4d431a25410f0e6039f4032c9acf3378

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_sparc.deb
Size/MD5 checksum: 168070 0005424068108c85553255259aea5f5b
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_sparc.deb
Size/MD5 checksum: 128364 0988e532f8ef63759610a007d07bf60b
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_sparc.deb
Size/MD5 checksum: 184942 62e592a514e25e3c7c5420c5c53f3d8e
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_sparc.deb
Size/MD5 checksum: 672638 f35942f6694b22af40973af8fb9058a5
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_sparc.deb
Size/MD5 checksum: 1030 771b441d8c662e3db4c45646f4e6a99b
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_sparc.deb
Size/MD5 checksum: 9373440 a4560f2a4bc80bbf93829f7bf0a1bc5d
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_sparc.deb
Size/MD5 checksum: 403276 440bcce7ec880544cff5bba723239473
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_sparc.deb
Size/MD5 checksum: 158336 d0ecad8b66d39437bec068ee8e182397
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_sparc.deb
Size/MD5 checksum: 3340588 5f44ff3da184961882044aef4a46e696
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_sparc.deb
Size/MD5 checksum: 112516 83e39c205c5098b2e0b58c1301a39705
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_sparc.deb
Size/MD5 checksum: 204156 ae1c34bb6889e7912fb210d120f5d7f8
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_sparc.deb
Size/MD5 checksum: 1583742 fa8be53ec188d2471269ea2b88142e51
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_sparc.deb
Size/MD5 checksum: 168022 e8bd471a692f313db05316ecf5e4c7b8


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEUG3yW5ql+IAeqTIRAqvUAJoCh+Fw/iqxHDM7K0lRf1BOeedhUgCgm/HF
deq39Cez7MKhcPK50z6aO+o=
=OJBq
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1046_1_new_mozilla_packages_fix_several_vulnerabilities.html)