BLAG

BLAG Forums
It is currently Mon Dec 22, 2014 10:01 am

All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
PostPosted: Thu Mar 24, 2005 10:55 pm 
Offline

Joined: Mon Mar 15, 2004 8:17 pm
Posts: 415
Location: ny
———————————————————————
Fedora Update Notification
FEDORA-2005-249
2005-03-23
———————————————————————

Product : Fedora Core 3
Name : mozilla
Version : 1.7.6
Release : 1.3.2
Summary : Web browser and mail reader
Description :
Mozilla is an open-source web browser, designed for standards
compliance, performance and portability.

———————————————————————
Update Information:

A buffer overflow bug was found in the way Mozilla processes GIF images.
It is possible for an attacker to create a specially crafted GIF image,
which when viewed by a victim will execute arbitrary code as the victim.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0399 to this issue.

A bug was found in the way Mozilla responds to proxy auth requests. It
is possible for a malicious webserver to steal credentials from a
victims browser by issuing a 407 proxy authentication request.
(CAN-2005-0147)

A bug was found in the way Mozilla displays dialog windows. It is
possible that a malicious web page which is being displayed in a
background tab could present the user with a dialog window appearing to
come from the active page. (CAN-2004-1380)

A bug was found in the way Mozilla Mail handles cookies when loading
content over HTTP regardless of the user’s preference. It is possible
that a particular user could be tracked through the use of malicious
mail messages which load content over HTTP. (CAN-2005-0149)

A flaw was found in the way Mozilla displays international domain names.
It is possible for an attacker to display a valid URL, tricking the user
into thinking they are viewing a legitimate webpage when they are not.
(CAN-2005-0233)

A bug was found in the way Mozilla handles pop-up windows. It is
possible for a malicious website to control the content in an unrelated
site’s pop-up window. (CAN-2004-1156)

A bug was found in the way Mozilla saves temporary files. Temporary
files are saved with world readable permissions, which could allow a
local malicious user to view potentially sensitive data. (CAN-2005-0142)

A bug was found in the way Mozilla handles synthetic middle click
events. It is possible for a malicious web page to steal the contents of
a victims clipboard. (CAN-2005-0146)

A bug was found in the way Mozilla processes XUL content. If a malicious
web page can trick a user into dragging an object, it is possible to
load malicious XUL content. (CAN-2005-0401)

A bug was found in the way Mozilla loads links in a new tab which are
middle clicked. A malicious web page could read local files or modify
privileged chrom settings. (CAN-2005-0141)

A bug was found in the way Mozilla displays the secure site icon. A
malicious web page can use a view-source URL targetted at a secure page,
while loading an insecure page, yet the secure site icon shows the
previous secure state. (CAN-2005-0144)

A bug was found in the way Mozilla displays the secure site icon. A
malicious web page can display the secure site icon by loading a binary
file from a secured site. (CAN-2005-0143)

A bug was found in the way Mozilla displays the download dialog window.
A malicious site can obfuscate the content displayed in the source
field, tricking a user into thinking they are downloading content from a
trusted source. (CAN-2005-0585)

Users of Mozilla are advised to upgrade to this updated package which
contains Mozilla version 1.7.6 to correct these issues.

———————————————————————

* Wed Mar 22 2005 Christopher Aillon 37:1.7.6-1.3.2

- Install all-redhat.js pref files

* Tue Mar 22 2005 Christopher Aillon 37:1.7.6-1.3.1

- Update to 1.7.6
- Add RPM version to useragent
- Enable smooth scrolling and system colors by default.
- Backport pango fixes from the firefox package, and now enabled by default.
- Add upstream fix to reduce round trips to xserver during remote control
- Add upstream fix to call g_set_application_name

———————————————————————
This update can be downloaded from:
http://download.fedora.redhat.com/pub/f ... updates/3/

02669640d96d1cc1bb50966bcaca5a4e SRPMS/mozilla-1.7.6-1.3.2.src.rpm
086140fa80837e4395bd23863d1cd3bc x86_64/mozilla-1.7.6-1.3.2.x86_64.rpm
399367ebf6f9d4f9498473984634c0ce x86_64/mozilla-nspr-1.7.6-1.3.2.x86_64.rpm
dabf52db59410c637ae33902009136ab x86_64/mozilla-nspr-devel-1.7.6-1.3.2.x86_64.rpm
5172afe0363245d1172488021b3ad9bf x86_64/mozilla-nss-1.7.6-1.3.2.x86_64.rpm
678f8d13728810ee930350440c706947 x86_64/mozilla-nss-devel-1.7.6-1.3.2.x86_64.rpm
7ff378a5d83625991fc0c51729a788f9 x86_64/mozilla-devel-1.7.6-1.3.2.x86_64.rpm
0107bce1bc3fe6e102aa8da01bb85ab7 x86_64/mozilla-mail-1.7.6-1.3.2.x86_64.rpm
3213705339c737d8bcc29616874a7d5c x86_64/mozilla-chat-1.7.6-1.3.2.x86_64.rpm
765be3f54ee532d841ffeaeede8101e0 x86_64/mozilla-js-debugger-1.7.6-1.3.2.x86_64.rpm
61fb797c0664a3583066d744b2aa9581 x86_64/mozilla-dom-inspector-1.7.6-1.3.2.x86_64.rpm
5a19978771f9d234ba77bb150e93438a x86_64/debug/mozilla-debuginfo-1.7.6-1.3.2.x86_64.rpm
a4b85d9372781b5f68395fa4ac8d7340 x86_64/mozilla-nspr-1.7.6-1.3.2.i386.rpm
d35ce4037dafb1ec40c2cec9304b61ba x86_64/mozilla-nss-1.7.6-1.3.2.i386.rpm
98aa9de7049b5343e39a2e26040672fa i386/mozilla-1.7.6-1.3.2.i386.rpm
a4b85d9372781b5f68395fa4ac8d7340 i386/mozilla-nspr-1.7.6-1.3.2.i386.rpm
65a61de5c98a9e0b2843aa928b00228b i386/mozilla-nspr-devel-1.7.6-1.3.2.i386.rpm
d35ce4037dafb1ec40c2cec9304b61ba i386/mozilla-nss-1.7.6-1.3.2.i386.rpm
24d648cc13985e7bcedb8df625a59359 i386/mozilla-nss-devel-1.7.6-1.3.2.i386.rpm
92fd43a847dfccba9ea7dcc0473d18f7 i386/mozilla-devel-1.7.6-1.3.2.i386.rpm
783772ada6aefc80993931a46c7650cf i386/mozilla-mail-1.7.6-1.3.2.i386.rpm
f49ca97eeffc2355fdbe4de8ad32db1b i386/mozilla-chat-1.7.6-1.3.2.i386.rpm
c63029efea76cbe664b46db3a881386a i386/mozilla-js-debugger-1.7.6-1.3.2.i386.rpm
9564486586776c0e3b40f5b6e56cbe5e i386/mozilla-dom-inspector-1.7.6-1.3.2.i386.rpm
9a2fa3f14fbb6af45d3bb43bd00b2974 i386/debug/mozilla-debuginfo-1.7.6-1.3.2.i386.rpm


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group