LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2006-976 (firefox)



From:
    	      "Christopher Aillon" <caillon@redhat.com>


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora Core 5 Update: firefox-1.5.0.7-1.fc5


Date:
    	      Thu, 14 Sep 2006 21:47:55 -0400


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-976
2006-09-14
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : firefox
Version     : 1.5.0.7
Release     : 1.fc5
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------
Update Information:

Mozilla Firefox is an open source Web browser.

Two flaws were found in the way Firefox processed certain
regular expressions. A malicious web page could crash the
browser or possibly execute arbitrary code as the user
running Firefox. (CVE-2006-4565, CVE-2006-4566)

A number of flaws were found in Firefox. A malicious web
page could crash the browser or possibly execute arbitrary
code as the user running Firefox. (CVE-2006-4571)

A flaw was found in the handling of JavaScript timed events.
A malicious web page could crash the browser or possibly
execute arbitrary code as the user running Firefox.
(CVE-2006-4253)

A flaw was found in the Firefox auto-update verification
system. An attacker who has the ability to spoof a victim's
DNS could get Firefox to download and install malicious
code. In order to exploit this issue an attacker would also
need to get a victim to previously accept an unverifiable
certificate. (CVE-2006-4567)

Firefox did not properly prevent a frame in one domain from
injecting content into a sub-frame that belongs to another
domain, which facilitates website spoofing and other attacks
(CVE-2006-4568)

Firefox did not load manually opened, blocked popups in the
right domain context, which could lead to cross-site
scripting attacks. In order to exploit this issue an
attacker would need to find a site which would frame their
malicious page and convince the user to manually open a
blocked popup. (CVE-2006-4569)

Users of Firefox are advised to upgrade to this update,
which contains Firefox version 1.5.0.7 that corrects these
issues.
---------------------------------------------------------------------
* Wed Sep 13 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.7-1
- Update to 1.5.0.7
- Bring in pango patches from rawhide to fix MathML and cursor positioning
* Tue Aug  8 2006 Jesse Keating <jkeating@redhat.com> - 1.5.0.6-2
- Use dist tag
- rebuild
* Thu Aug  3 2006 Kai Engert <kengert@redhat.com> - 1.5.0.6-1.1.fc5
- Update to 1.5.0.6
* Thu Jul 27 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.5-1.1.fc5
- Update to 1.5.0.5
* Wed Jun 14 2006 Kai Engert <kengert@redhat.com> - 1.5.0.4-1.2.fc5
- Force "gmake -j1" on ppc ppc64 s390 s390x
* Mon Jun 12 2006 Kai Engert <kengert@redhat.com> - 1.5.0.4-1.1.fc5
- Firefox 1.5.0.4

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/u...

778e5bf66d59d06fbaad11adf079e884be53fa28  SRPMS/firefox-1.5.0.7-1.fc5.src.rpm
778e5bf66d59d06fbaad11adf079e884be53fa28  noarch/firefox-1.5.0.7-1.fc5.src.rpm
e3c66758b8b096b3787aabdf53dfd6011af92efc  ppc/debug/firefox-debuginfo-1.5.0.7-1.fc5.ppc.rpm
32ceba9a064a6ceaa3221aa88496a1d52179e315  ppc/firefox-1.5.0.7-1.fc5.ppc.rpm
0cc86390c4d8813d4b771468e4a1d13eea334cdd  x86_64/debug/firefox-debuginfo-1.5.0.7-1.fc5.x86_64.rpm
ffaaf9b4bd4f1974c940875eaea41c12873b92a8  x86_64/firefox-1.5.0.7-1.fc5.x86_64.rpm
021ec6c0f1d16f2b2d49346f80ed7d06102ae9a6  i386/firefox-1.5.0.7-1.fc5.i386.rpm
8888ee93e48e01d07ac8767bd201b27364ffb83a  i386/debug/firefox-debuginfo-1.5.0.7-1.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds