The Mandriva Security Team published a new security update: MDKSA-2005:169 - Updated mozilla-firefox packages fix multiple vulnerabilities for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: mozilla-firefox
Advisory ID: MDKSA-2005:169
Date: September 26th, 2005

Affected versions: 10.2
______________________________________________________________________

Problem Description:

A number of vulnerabilities have been discovered in Mozilla Firefox
that have been corrected in version 1.0.7:

A bug in the way Firefox processes XBM images could be used to execute
arbitrary code via a specially crafted XBM image file (CAN-2005-2701).

A bug in the way Firefox handles certain Unicode sequences could be
used to execute arbitrary code via viewing a specially crafted Unicode
sequence (CAN-2005-2702).

A bug in the way Firefox makes XMLHttp requests could be abused by a
malicious web page to exploit other proxy or server flaws from the
victim's machine; however, the default behaviour of the browser is to
disallow this (CAN-2005-2703).

A bug in the way Firefox implemented its XBL interface could be abused
by a malicious web page to create an XBL binding in such a way as to
allow arbitrary JavaScript execution with chrome permissions
(CAN-2005-2704).

An integer overflow in Firefox's JavaScript engine could be manipulated
in certain conditions to allow a malicious web page to execute
arbitrary code (CAN-2005-2705).

A bug in the way Firefox displays about: pages could be used to execute
JavaScript with chrome privileges (CAN-2005-2706).

A bug in the way Firefox opens new windows could be used by a malicious
web page to construct a new window without any user interface elements
(such as address bar and status bar) that could be used to potentially
mislead the user (CAN-2005-2707).

A bug in the way Firefox proceesed URLs on the command line could be
used to execute arbitary commands as the user running Firefox; this
could be abused by clicking on a supplied link, such as from an instant
messaging client (CAN-2005-2968).

The updated packages have been patched to address these issues and all
users are urged to upgrade immediately.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2968
http://www.mozilla.org/security/announce/mfsa2005-58.html
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.2:
aa128125581323ada6917cf71d73af73 10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm
c91875aae8fbfb23c684443111ab2bfb 10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm
09d4afd21b17bc091c9087f8669d439b 10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm
f287c600ffa5bef0a7865b8942f82223 10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm
78491507510c36caa971c5667a0b39eb 10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.i586.rpm
37a3d3d39c3f29a8a20c062e56ade3eb 10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.i586.rpm
d78f74a900992ad5e0904da8b17ba78b 10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
895038bb470beda14c6de3fa5f3fc5ce x86_64/10.2/RPMS/lib64nspr4-1.0.2-9.1.102mdk.x86_64.rpm
d0a573b27841bcb358b7a5bf99867fda x86_64/10.2/RPMS/lib64nspr4-devel-1.0.2-9.1.102mdk.x86_64.rpm
aa128125581323ada6917cf71d73af73 x86_64/10.2/RPMS/libnspr4-1.0.2-9.1.102mdk.i586.rpm
c91875aae8fbfb23c684443111ab2bfb x86_64/10.2/RPMS/libnspr4-devel-1.0.2-9.1.102mdk.i586.rpm
b86a14e377368e647a408218871924c7 x86_64/10.2/RPMS/lib64nss3-1.0.2-9.1.102mdk.x86_64.rpm
4bdabb56ef5f8eb4058fcfeca56aba79 x86_64/10.2/RPMS/lib64nss3-devel-1.0.2-9.1.102mdk.x86_64.rpm
09d4afd21b17bc091c9087f8669d439b x86_64/10.2/RPMS/libnss3-1.0.2-9.1.102mdk.i586.rpm
f287c600ffa5bef0a7865b8942f82223 x86_64/10.2/RPMS/libnss3-devel-1.0.2-9.1.102mdk.i586.rpm
1988da499fd2b06805d6aea3deb0ed72 x86_64/10.2/RPMS/mozilla-firefox-1.0.2-9.1.102mdk.x86_64.rpm
c7e70731b9873ebbe6eab2046ecdfe68 x86_64/10.2/RPMS/mozilla-firefox-devel-1.0.2-9.1.102mdk.x86_64.rpm
d78f74a900992ad5e0904da8b17ba78b x86_64/10.2/SRPMS/mozilla-firefox-1.0.2-9.1.102mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDOMJHmqjQ0CJFipgRAoBtAKDSjceCU6aIIjgQRD6Ihojew6RB2gCdGoHp
ayU11aK6Xq6oIbophmTk96U=
=MQPT
-----END PGP SIGNATURE-----