The latest security updates of Mozilla Firefox introduced a regression that led to a dysfunctional attachment panel which warrants a correction to fix this issue. For reference please find below the original advisory text:
Several security related problems have been discovered in Mozilla and derived products like Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
- CVE-2006-3805
The Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]
- CVE-2006-3806
Multiple integer overflows in the Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]
- CVE-2006-3807
Specially crafted Javascript allows remote attackers to execute arbitrary code. [MFSA-2006-51]
- CVE-2006-3808
Remote Proxy AutoConfig (PAC) servers could execute code with elevated privileges via a specially crafted PAC script. [MFSA-2006-52]
- CVE-2006-3809
Scripts with the UniversalBrowserRead privilege could gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data. [MFSA-2006-53]
- CVE-2006-3811
Multiple vulnerabilities allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. [MFSA-2006-55]
For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge11.
For the unstable distribution (sid) these problems have been fixed in version 1.5.dfsg+1.5.0.5-1.
We recommend that you upgrade your mozilla-firefox package.
MD5 checksums of the listed files are available in the original advisory.
MD5 checksums of the listed files are available in the revised advisory.