Debian Firefox vulnerabilities

CVE-2006-2787 [CRITICAL] CVE-2006-2787: firefox - EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote at... EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.4-1)

CVE-2006-0296 [MEDIUM] CVE-2006-0296: firefox - The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonk... The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.1-1)

CVE-2006-0298 [MEDIUM] CVE-2006-0298: firefox - The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows... The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.1-1)

CVE-2006-1727 [HIGH] CVE-2006-1727: firefox - Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ... Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview". Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.2-1)

CVE-2006-2785 [MEDIUM] CVE-2006-2785: firefox - Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allow... Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascri

CVE-2006-1732 [MEDIUM] CVE-2006-1732: firefox - Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and ... Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. Scope: local sid: resolved (fixed in 1.5.dfsg

CVE-2006-1738 [MEDIUM] CVE-2006-1738: firefox - Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and ... Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.2-2)

CVE-2006-3808 [HIGH] CVE-2006-3808: firefox - Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy Au... Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.5-1)

CVE-2006-3809 [HIGH] CVE-2006-3809: firefox - Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before... Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.5-1)

CVE-2006-0297 [MEDIUM] CVE-2006-0297: firefox - Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript... Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. Scope: local sid: resolved (fixed in 1.5.dfsg+1.

CVE-2006-0299 [MEDIUM] CVE-2006-0299: firefox - The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if run... The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.1-1)

CVE-2006-2784 [MEDIUM] CVE-2006-2784: firefox - The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote us... The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would

CVE-2006-1724 [HIGH] CVE-2006-1724: firefox - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x befor... Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.2-1)

CVE-2006-2782 [MEDIUM] CVE-2006-2782: firefox - Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which... Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.4-1)

CVE-2006-6585 [MEDIUM] CVE-2006-6585: firefox - The Extensions manager in Mozilla Firefox 2.0 does not properly populate the lis... The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected. Scope: local sid: resolved (fixed in

CVE-2006-1531 [HIGH] CVE-2006-1531: firefox - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonk... Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530,

CVE-2006-6497 [MEDIUM] CVE-2006-6497: firefox - Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.... Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2006-1729 [MEDIUM] CVE-2006-1729: firefox - Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before ... Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler. Scope: local

CVE-2006-1737 [CRITICAL] CVE-2006-1737: firefox - Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x bef... Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.2-2)

CVE-2006-0295 [MEDIUM] CVE-2006-0295: firefox - Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMo... Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.1-1)