[SECURITY] Fedora Core 4 Update: mozilla-1.7.13-1.1.fc4

Christopher Aillon caillon at redhat.com
Wed May 3 19:02:50 UTC 2006


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-488
2006-05-03
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : mozilla
Version     : 1.7.13                      
Release     : 1.1.fc4                  
Summary     : Web browser and mail reader
Description :
Mozilla is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------
Update Information:

Updated mozilla packages that fix several security bugs are
now available.

This update has been rated as having critical security
impact by the Fedora Security Response Team.

Mozilla is an open source Web browser, advanced email and
newsgroup client, IRC chat client, and HTML editor.

Several bugs were found in the way Mozilla processes
malformed JavaScript. A malicious web page could modify the
content of a different open web page, possibly stealing
sensitive information or conducting a cross-site scripting
attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Mozilla processes certain
JavaScript actions. A malicious web page could execute
arbitrary JavaScript instructions with the permissions of
"chrome", allowing the page to steal sensitive information
or install browser malware. (CVE-2006-1727, CVE-2006-1728,
CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)

Several bugs were found in the way Mozilla processes
malformed web pages. A carefully crafted malicious web page
could cause the execution of arbitrary code as the user
running Mozilla. (CVE-2006-0748, CVE-2006-0749,
CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
CVE-2006-1790)

A bug was found in the way Mozilla displays the secure site
icon. If a browser is configured to display the non-default
secure site modal warning dialog, it may be possible to
trick a user into believing they are viewing a secure site.
(CVE-2006-1740)

A bug was found in the way Mozilla allows JavaScript
mutation events on "input" form elements. A malicious web
page could be created in such a way that when a user submits
a form, an arbitrary file could be uploaded to the attacker.
(CVE-2006-1729)

A bug was found in the way Mozilla executes in-line mail
forwarding. If a user can be tricked into forwarding a
maliciously crafted mail message as in-line content, it is
possible for the message to execute JavaScript with the
permissions of "chrome". (CVE-2006-0884)

Users of Mozilla are advised to upgrade to these updated
packages containing Mozilla version 1.7.13 which corrects
these issues.

---------------------------------------------------------------------
* Wed Apr 26 2006 Christopher Aillon <caillon at redhat.com> 37:1.7.13-1.1.fc4
- Mozilla 1.7.13

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

c0358b0e0d4dcdbfe9c2043e04d231038888df82  SRPMS/mozilla-1.7.13-1.1.fc4.src.rpm
80f2f24681147dd860d0010cf5ff14c52634fcd5  ppc/mozilla-1.7.13-1.1.fc4.ppc.rpm
c9175f2524734241206e64529fbdb009854c8363  ppc/mozilla-nspr-1.7.13-1.1.fc4.ppc.rpm
131b55acae6f0ce863cb6fcb3fb7c7c9358edb25  ppc/mozilla-nspr-devel-1.7.13-1.1.fc4.ppc.rpm
f7e0dd636f61e3060bbe18b1e6e75ac0510d7081  ppc/mozilla-nss-1.7.13-1.1.fc4.ppc.rpm
2bae93877c0fda6480359da719392f1375ba2802  ppc/mozilla-nss-devel-1.7.13-1.1.fc4.ppc.rpm
9bd4dd11278f1ca0ff33d16430aa951391f9d7d3  ppc/mozilla-devel-1.7.13-1.1.fc4.ppc.rpm
40ca7836e9fe12e6246728d572895e40e8035d4c  ppc/mozilla-mail-1.7.13-1.1.fc4.ppc.rpm
945e722390aa4d6d4a29cddb3a596d18394b4b96  ppc/mozilla-chat-1.7.13-1.1.fc4.ppc.rpm
7391c82ed34e49533c9f8db9880545f8ef2e2d3e  ppc/mozilla-js-debugger-1.7.13-1.1.fc4.ppc.rpm
768ca1cd7dbf4693545befa1407bad67d3c7ad02  ppc/mozilla-dom-inspector-1.7.13-1.1.fc4.ppc.rpm
9d18e3e808f0a6b7103db650c709cf375b2ea4e8  ppc/debug/mozilla-debuginfo-1.7.13-1.1.fc4.ppc.rpm
7f3062f7a7fe1ddcc90521044af14f237499fb70  x86_64/mozilla-1.7.13-1.1.fc4.x86_64.rpm
d32d4eaac43f0e22ecb4c6489f967d4a90f0bb9f  x86_64/mozilla-nspr-1.7.13-1.1.fc4.x86_64.rpm
f5c42876560e29b92126c82e7955133b1c2d5197  x86_64/mozilla-nspr-devel-1.7.13-1.1.fc4.x86_64.rpm
4f18489c7815e129ec86ee3c8856b702c2bc0095  x86_64/mozilla-nss-1.7.13-1.1.fc4.x86_64.rpm
e56ce765b79c07b45d493a06f55d202fe54d5462  x86_64/mozilla-nss-devel-1.7.13-1.1.fc4.x86_64.rpm
4784321445e122ee1c6296f495da2aead8595f0c  x86_64/mozilla-devel-1.7.13-1.1.fc4.x86_64.rpm
607f4f5903c2dc045216f2ed52fec25429277eb3  x86_64/mozilla-mail-1.7.13-1.1.fc4.x86_64.rpm
bb4cf7fe2b18793bf204655656a61689d7abbf64  x86_64/mozilla-chat-1.7.13-1.1.fc4.x86_64.rpm
fc6406e2f2cac36aa71907bfc5a85cdbf980f634  x86_64/mozilla-js-debugger-1.7.13-1.1.fc4.x86_64.rpm
3dcebae2c3d76d79fcaa09612cb5c6fb077935be  x86_64/mozilla-dom-inspector-1.7.13-1.1.fc4.x86_64.rpm
0e3ef6075677fa772828370eacdabf30cbdd96b8  x86_64/debug/mozilla-debuginfo-1.7.13-1.1.fc4.x86_64.rpm
0b114059df506dca4eb3352be42efcfae1fd9cdb  i386/mozilla-1.7.13-1.1.fc4.i386.rpm
68d08c417746691a700e7f172278dac57beba5e1  i386/mozilla-nspr-1.7.13-1.1.fc4.i386.rpm
7171a6bac7b4c82e62beaf386e280fe4b4d6d01c  i386/mozilla-nspr-devel-1.7.13-1.1.fc4.i386.rpm
7dd63d9eda97cd43baece066e3b2f2b5cc99f5a9  i386/mozilla-nss-1.7.13-1.1.fc4.i386.rpm
65e4dc34e0b6125aff2faa7607588e1464d9ea96  i386/mozilla-nss-devel-1.7.13-1.1.fc4.i386.rpm
f2a91b7f01b0ad56e42c664fe00f3cf5d6d47f5a  i386/mozilla-devel-1.7.13-1.1.fc4.i386.rpm
e8a55805016daa5bc16711c814a3a7eff55c7d4f  i386/mozilla-mail-1.7.13-1.1.fc4.i386.rpm
c0d3348f60680d4ef6d100dbd14ddad0db49ca96  i386/mozilla-chat-1.7.13-1.1.fc4.i386.rpm
ec9112f4a4eea122a6e3854221d73e16a9ffb624  i386/mozilla-js-debugger-1.7.13-1.1.fc4.i386.rpm
bed640b80b0eda4bd0fb17014caaebae122b378c  i386/mozilla-dom-inspector-1.7.13-1.1.fc4.i386.rpm
279062c773d4fcdb336f3d3acc37838d17ffbb88  i386/debug/mozilla-debuginfo-1.7.13-1.1.fc4.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------




More information about the package-announce mailing list