The remote host is missing an update to mozilla-firefox announced via advisory DSA 1210-1. Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER functionallows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code. CVE-2006-4340 Daniel Bleichenbacher recently described an implementation error in RSA signature verification that cause the application to incorrectly trust SSL certificates. CVE-2006-4565, CVE-2006-4566 Priit Laes reported that that a JavaScript regular expression can trigger a heap-based buffer overflow which allows remote attackers to cause a denial of service and possibly execute arbitrary code. CVE-2006-4568 A vulnerability has been discovered that allows remote attackers to bypass the security model and inject content into the sub-frame of another site. CVE-2006-4571 Multiple unspecified vulnerabilities in Firefox, Thunderbird and SeaMonkey allow remote attackers to cause a denial of service, corrupt memory, and possibly execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge12. For the unstable distribution (sid) these problems have been fixed in version 1.5.dfsg+1.5.0.7-1 of firefox. We recommend that you upgrade your Mozilla Firefox package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201210-1