Linux distributor Debian issued a security advisory over the weekend, warning of several problems in Mozilla and associated products such as Mozilla Firefox.
The vulnerabilities include bugs in the layout engine which could allow a denial of service attack and the execution of arbitrary code.
Vulnerabilities in the JavaScript engine could allow the same attacks, and a 'shutdown' flaw could allow remote attackers to gain privileges and install malicious code via the watch JavaScript function.
For the stable distribution of Debian, known as 'sarge', these problems have been fixed in version 1.0.4-2sarge15.
For the testing and unstable distribution, known as 'sid' and 'etch', these problems have been fixed in version 2.0.0.1+dfsg-2 of 'Iceweasel'.
Debian recommends that users upgrade their Firefox and Iceweasel packages.
There have been no announcements from Mozilla or other Linux distributions, although Debian warned that the bugs are not Debian specific.
Debian warns of Mozilla bugs
By
Robert Jaques
on Jan 30, 2007 9:42AM
