FAQ   Search   Memberlist  
Profile    Log in to check your private messages    Register    Log in
[SECURITY] 30k Update 2005-03-23: firefox-1.0.2-1.3.1

 
Post new topic   Reply to topic    BLAG Forum Index -> announcements
View previous topic :: View next topic  
Author Message
mike_m
PostPosted: Thu Mar 24, 2005 4:28 am    Post subject: [SECURITY] 30k Update 2005-03-23: firefox-1.0.2-1.3.1 Reply with quote

———————————————————————
Fedora Update Notification
FEDORA-2005-246
2005-03-23
———————————————————————

Product : Fedora Core 3
Name : firefox
Version : 1.0.2
Release : 1.3.1
Summary : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

———————————————————————
Update Information:

A buffer overflow bug was found in the way Firefox processes GIF images.
It is possible for an attacker to create a specially crafted GIF image,
which when viewed by a victim will execute arbitrary code as the victim.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0399 to this issue.

A bug was found in the way Firefox processes XUL content. If a malicious
web page can trick a user into dragging an object, it is possible to
load malicious XUL content. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-0401 to this issue.

A bug was found in the way Firefox bookmarks content to the sidebar. If
a user can be tricked into bookmarking a malicious web page into the
sidebar panel, that page could execute arbitrary programs. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2005-0402 to this issue.

Users of Firefox are advised to upgrade to this updated package which
contains Firefox version 1.0.2 and is not vulnerable to these issues.

Additionally, there was a bug found in the way Firefox rendered some
fonts, notably the Tahoma font while italicized. This issue has been
filed as Bug 150041 (bugzilla.redhat.com). This updated package
contains a fix for this issue.

———————————————————————
* Wed Mar 23 2005 Christopher Aillon 0:1.0.2-1.3.1

- Firefox 1.0.2
- Fix issues with italic rendering using certain fonts (e.g. Tahoma)
- Add upstream fix to reduce round trips to xserver during remote control
- Add upstream fix to call g_set_application_name

———————————————————————
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

a461bc4e69e10779b3a46944f6b3fd23 SRPMS/firefox-1.0.2-1.3.1.src.rpm
1951b68e390da2f45177df9c016240a0 x86_64/firefox-1.0.2-1.3.1.x86_64.rpm
a81f4837b641ae78f3f6559cbf05715c x86_64/debug/firefox-debuginfo-1.0.2-1.3.1.x86_64.rpm
9b19361c8a3dc98edaa07eb1043c11b3 i386/firefox-1.0.2-1.3.1.i386.rpm
a97e425d13c5abb994520829b16b8063 i386/debug/firefox-debuginfo-1.0.2-1.3.1.i386.rpm

Display posts from previous:   
Post new topic   Reply to topic    BLAG Forum Index -> announcements
Page 1 of 1

Protected by Anti-Spam ACP