FrSIRT - Fedora Security Update Fixes Mozilla Firefox Remote Code Execution Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Mozilla Firefox Remote Code Execution Vulnerabilities

Title : Fedora Security Update Fixes Mozilla Firefox Remote Code Execution Vulnerabilities
Advisory ID : FrSIRT/ADV-2006-2397
CVE ID : CVE-2006-2775 - CVE-2006-2776 - CVE-2006-2777 - CVE-2006-2778 - CVE-2006-2779 - CVE-2006-2780 - CVE-2006-2782 - CVE-2006-2783 - CVE-2006-2784 - CVE-2006-2785 - CVE-2006-2786 - CVE-2006-2787
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-06-16

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Fedora has released updated packages to address multiple vulnerabilities identified in Mozilla Firefox [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

95a7757bc809f28351b60a17dcfb751654e6ff23 SRPMS/firefox-1.5.0.4-1.2.fc5.src.rpm
95a7757bc809f28351b60a17dcfb751654e6ff23 noarch/firefox-1.5.0.4-1.2.fc5.src.rpm
5998037c5e08aaed8d50518d793275359909a42d ppc/debug/firefox-debuginfo-1.5.0.4-1.2.fc5.ppc.rpm
62558bd2241682686a483e9300f9578774cf03ee ppc/firefox-1.5.0.4-1.2.fc5.ppc.rpm
9a7bace21549ba55ed473a33156093307d287ba8 x86_64/debug/firefox-debuginfo-1.5.0.4-1.2.fc5.x86_64.rpm
a243d58a8ef3a1df0f6fdace2f66b86af7a6f2f9 x86_64/firefox-1.5.0.4-1.2.fc5.x86_64.rpm
a92b0f4bcae912bc498eadf49dfec4af972d2ddc i386/firefox-1.5.0.4-1.2.fc5.i386.rpm
6b682ede571d6fcdd031bae0ca3f45c433eb1d72 i386/debug/firefox-debuginfo-1.5.0.4-1.2.fc5.i386.rpm

ChangeLog

2006-06-16 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle and BEA Products Multiple Code Execution Vulnerabilities
	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

	IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities
	IBM AIX Sendmail Header Lines Denial of Service Vulnerability
	IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities
	IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities
	IBM Hardware Management Console Denial of Service Vulnerability
	IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
	IBM DB2 Denial of Service and Information Disclosure Vulnerabilities

	Cisco IOS/CatOS VLAN Trunking Protocol DoS Vulnerability
	Cisco PIX and ASA Security Bypass and Denial of Service
	Cisco Unity Security Bypass and Denial of Service
	Cisco UCM SIP Remote Denial of Service
	Cisco IOS Denial of Service and Security Bypass Vulnerabilities
	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability