Fedora Legacy Test Update Notification: mozilla

Marc Deslauriers marcdeslauriers at videotron.ca
Sun Oct 24 13:47:29 UTC 2004 

This release corrects broken epiphany packages for FC1.
Please re-test and report in bugzilla.

---------------------------------------------------------------------
Fedora Test Update Notification
FEDORALEGACY-2004-2089
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2089
2004-10-24
---------------------------------------------------------------------
 
Name          : mozilla
Version (7.3) : 1.4.3-0.7.1.legacy
Version (9)   : 1.4.3-0.9.1.legacy
Version (fc1) : 1.4.3-1.fc1.1.legacy
Summary       : A Web browser.
Description   :
Mozilla is an open-source Web browser, designed for standards
compliance, performance, and portability.

---------------------------------------------------------------------
Update Information:

NISCC testing of implementations of the S/MIME protocol uncovered a
number of bugs in NSS versions prior to 3.9. The parsing of unexpected
ASN.1 constructs within S/MIME data could cause Mozilla to crash or
consume large amounts of memory. A remote attacker could potentially
trigger these bugs by sending a carefully-crafted S/MIME message to a
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0564 to this issue.

Andreas Sandblad discovered a cross-site scripting issue that affects
various versions of Mozilla. When linking to a new page it is still
possible to interact with the old page before the new page has been
successfully loaded. Any Javascript events will be invoked in the
context of the new page, making cross-site scripting possible if the
different pages belong to different domains. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0191 to this issue.

Flaws have been found in the cookie path handling between a number of
Web browsers and servers. The HTTP cookie standard allows a Web server
supplying a cookie to a client to specify a subset of URLs on the origin
server to which the cookie applies. Web servers such as Apache do not
filter returned cookies and assume that the client will only send back
cookies for requests that fall within the server-supplied subset of
URLs. However, by supplying URLs that use path traversal (/../) and
character encoding, it is possible to fool many browsers into sending a
cookie to a path outside of the originally-specified subset. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2003-0594 to this issue. 

Zen Parse reported improper input validation to the SOAPParameter object
constructor leading to an integer overflow and controllable heap
corruption. Malicious JavaScript could be written to utilize this flaw
and could allow arbitrary code execution. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0722 to
this issue.

During a source code audit, Chris Evans discovered a buffer overflow and
integer overflows which affect the libpng code inside Mozilla. An
attacker could create a carefully crafted PNG file in such a way that it
would cause Mozilla to crash or execute arbitrary code when the image
was viewed. (CAN-2004-0597, CAN-2004-0599)

Zen Parse reported a flaw in the POP3 capability. A malicious POP3
server could send a carefully crafted response that would cause a heap
overflow and potentially allow execution of arbitrary code as the user
running Mozilla. (CAN-2004-0757)

Marcel Boesch found a flaw that allows a CA certificate to be imported
with a DN the same as that of the built-in CA root certificates, which
can cause a denial of service to SSL pages, as the malicious certificate
is treated as invalid. (CAN-2004-0758)

Met - Martin Hassman reported a flaw in Mozilla that could allow
malicious Javascript code to upload local files from a users machine
without requiring confirmation. (CAN-2004-0759)

Mindlock Security reported a flaw in ftp URI handling. By using a NULL
character (%00) in a ftp URI, Mozilla can be confused into opening a
resource as a different MIME type. (CAN-2004-0760)

Mozilla does not properly prevent a frame in one domain from injecting
content into a frame that belongs to another domain, which facilitates
website spoofing and other attacks, also known as the frame injection
vulnerability. (CAN-2004-0718)

Tolga Tarhan reported a flaw that can allow a malicious webpage to use a
redirect sequence to spoof the security lock icon that makes a webpage
appear to be encrypted. (CAN-2004-0761)

Jesse Ruderman reported a security issue that affects a number of
browsers including Mozilla that could allow malicious websites to
install arbitrary extensions by using interactive events to manipulate
the XPInstall Security dialog box. (CAN-2004-0762)

Emmanouel Kellinis discovered a caching flaw in Mozilla which allows
malicious websites to spoof certificates of trusted websites via
redirects and Javascript that uses the "onunload" method.
(CAN-2004-0763)

Mozilla allowed malicious websites to hijack the user interface via the
"chrome" flag and XML User Interface Language (XUL) files.
(CAN-2004-0764)

The cert_TestHostName function in Mozilla only checks the hostname
portion of a certificate when the hostname portion of the URI is not a
fully qualified domain name (FQDN). This flaw could be used for spoofing
if an attacker had control of machines on a default DNS search path.
(CAN-2004-0765)
 
Jesse Ruderman discovered a cross-domain scripting bug in Mozilla. If
a user is tricked into dragging a javascript link into another frame or
page, it becomes possible for an attacker to steal or modify sensitive
information from that site. Additionally, if a user is tricked into
dragging two links in sequence to another window (not frame), it is
possible for the attacker to execute arbitrary commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0905 to this issue.

Gael Delalleau discovered an integer overflow which affects the BMP
handling code inside Mozilla. An attacker could create a carefully
crafted BMP file in such a way that it would cause Mozilla to crash or
execute arbitrary code when the image is viewed. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0904 to this issue.

Georgi Guninski discovered a stack-based buffer overflow in the vCard
display routines. An attacker could create a carefully crafted vCard
file in such a way that it would cause Mozilla to crash or execute
arbitrary code when viewed. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0903 to this
issue.

Wladimir Palant discovered a flaw in the way javascript interacts with
the clipboard. It is possible that an attacker could use malicious
javascript code to steal sensitive data which has been copied into the
clipboard. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0908 to this issue.

Georgi Guninski discovered a heap based buffer overflow in the "Send
Page" feature. It is possible that an attacker could construct a link in
such a way that a user attempting to forward it could result in a crash
or arbitrary code execution. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0902 to this
issue.

---------------------------------------------------------------------
7.3 Changelog:

* Thu Sep 30 2004 Dominic Hargreaves <dom at earth.li>
37:1.4.3-0.7.1.legacy

- Rebuild for Red Hat Linux 7.3

* Mon Sep 20 2004 Christpoher Aillon <caillon at redhat.com> 37:1.4.3-2.1.3

- Backport security fixes from
http://mozilla.org/projects/security/known-vulnerabilities.html

* Tue Aug 03 2004 Christopher Aillon <caillon at redhat.com> 37:1.4.3-2.1.2

- Final 1.4.3 release

* Fri Jul 30 2004 Christopher Aillon <caillon at redhat.com>
37:1.4.3-2.1.1.SNAP

- Add libpng fix

* Fri Jul 30 2004 Christopher Aillon <caillon at redhat.com>
37:1.4.3-2.1.0.SNAP

- Update to a 1.4 snapshot for security fixes.

* Wed Mar 24 2004 Chris Blizzard <blizzard at redhat.com>
37:1.4.2-3.0.0.SNAP

- Update to a 1.4.2.
- Time for a new changelog.

9 Changelog:
* Sun Oct 03 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
37:1.4.3-0.9.1.legacy

- Added backported security fixes from mozilla 1.7.3

* Tue Sep 21 2004 John Dalbec <jpdalbec at ysu.edu> 37:1.4.3-0.9.0.legacy.2

- Added BuildRequires: compat-gcc for gcc296 program (%ifarch i386
only).
- Added BuildRequires: compat-gcc-c++ for g++296 program (%ifarch i386
only).
- Added BuildRequires: gtk+-devel.
- Added BuildRequires: ORBit-devel.
- Added %dir /usr/lib/mozilla to %files.
- Added /usr/include/mozilla-1.4.3 to %files devel.

* Mon Aug 30 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
37:1.4.3-0.9.0.legacy

- Update to latest 1.4 branch for security fixes.

FC1 Changelog:

* Thu Sep 30 2004 Rob Myers <rob.myers at gtri.gatech.edu>
37:1.4.3-1.fc1.1.legacy

- rebuild FC1

* Mon Sep 20 2004 Christpoher Aillon <caillon at redhat.com> 37:1.4.3-3.0.3

- Backport security fixes from
http://mozilla.org/projects/security/known-vulnerabilities.html

* Fri Jul 30 2004 Christopher Aillon <caillon at redhat.com>
37:1.4.3-3.0.1.SNAP

- Add libpng fix

* Fri Jul 30 2004 Christopher Aillon <caillon at redhat.com>
37:1.4.3-3.0.0.SNAP

- Update to latest 1.4 branch for security fixes.

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/

8b26049e02b8ba752151edbbda3a7ac13550f419 
redhat/7.3/updates-testing/SRPMS/mozilla-1.4.3-0.7.1.legacy.src.rpm
d21e84f5b3d17317424b521fe5bb6a1771187532 
redhat/7.3/updates-testing/SRPMS/galeon-1.2.13-0.7.1.legacy.src.rpm
367a2c8360f0e8f984a63da7e3e6ccadc692341c 
redhat/7.3/updates-testing/i386/mozilla-1.4.3-0.7.1.legacy.i386.rpm
3675dc6ec08f513dca4a56b5c26b2632d1d9081e 
redhat/7.3/updates-testing/i386/mozilla-chat-1.4.3-0.7.1.legacy.i386.rpm
7765e5bf8d219a2337396b65e6983c79a44c9d7b 
redhat/7.3/updates-testing/i386/mozilla-devel-1.4.3-0.7.1.legacy.i386.rpm
5e363fe99cbad7745de8e93b2420e7281a08c038 
redhat/7.3/updates-testing/i386/mozilla-dom-inspector-1.4.3-0.7.1.legacy.i386.rpm
cffefef5b6b67d5e40a4f988503982af9a4cb49b 
redhat/7.3/updates-testing/i386/mozilla-js-debugger-1.4.3-0.7.1.legacy.i386.rpm
e6d7563bf90f5f6bd4246e2b07097d37ac18e256 
redhat/7.3/updates-testing/i386/mozilla-mail-1.4.3-0.7.1.legacy.i386.rpm
e04ab6de0904386e881541234a8604e6283fbd00 
redhat/7.3/updates-testing/i386/mozilla-nspr-1.4.3-0.7.1.legacy.i386.rpm
a333e23e084b9d59488db7451b991b3775d3c774 
redhat/7.3/updates-testing/i386/mozilla-nspr-devel-1.4.3-0.7.1.legacy.i386.rpm
0611c836e192bed899e30c261e17736c4a5a1b78 
redhat/7.3/updates-testing/i386/mozilla-nss-1.4.3-0.7.1.legacy.i386.rpm
04789c2b7516018e0fdbae8c0c24edba98a373b7 
redhat/7.3/updates-testing/i386/mozilla-nss-devel-1.4.3-0.7.1.legacy.i386.rpm
14287024fbe57fc555c5e8fa2736d2a708ae2dc6 
redhat/7.3/updates-testing/i386/galeon-1.2.13-0.7.1.legacy.i386.rpm

4cba85b2190de4bbd96505a0433cad388e3a2e26 
redhat/9/updates-testing/SRPMS/mozilla-1.4.3-0.9.1.legacy.src.rpm
f5cf30105dbec5d0f24270e418141ba556df7db0 
redhat/9/updates-testing/SRPMS/galeon-1.2.13-0.9.2.legacy.src.rpm
5623fba5418718a38eb47a334866833d5705f809 
redhat/9/updates-testing/i386/mozilla-1.4.3-0.9.1.legacy.i386.rpm
17a567dc4151929cd998fa145631a939edb658ea 
redhat/9/updates-testing/i386/mozilla-chat-1.4.3-0.9.1.legacy.i386.rpm
c94427f671fc72f3198c3947feb1a55e14cb285f 
redhat/9/updates-testing/i386/mozilla-devel-1.4.3-0.9.1.legacy.i386.rpm
a11eecf474c891edcc64dcb07e85ffef0af17b42 
redhat/9/updates-testing/i386/mozilla-dom-inspector-1.4.3-0.9.1.legacy.i386.rpm
eff086a513ad6a62c64e0f5875c8407e706360ed 
redhat/9/updates-testing/i386/mozilla-js-debugger-1.4.3-0.9.1.legacy.i386.rpm
f11ac30cfc4ef65c0670c381f47b69a342e4db22 
redhat/9/updates-testing/i386/mozilla-mail-1.4.3-0.9.1.legacy.i386.rpm
1b69070ca96ef10c60ce7fdb115b730bdf17a5ca 
redhat/9/updates-testing/i386/mozilla-nspr-1.4.3-0.9.1.legacy.i386.rpm
aa8c04f0b2d3cefed5222c2940240ecfc3780315 
redhat/9/updates-testing/i386/mozilla-nspr-devel-1.4.3-0.9.1.legacy.i386.rpm
5cf1c268091e7b88732e8efa58d48cf225e70800 
redhat/9/updates-testing/i386/mozilla-nss-1.4.3-0.9.1.legacy.i386.rpm
6911b2dc76ef48c309c425bd2b8d620941b5c023 
redhat/9/updates-testing/i386/mozilla-nss-devel-1.4.3-0.9.1.legacy.i386.rpm
d99fb9b15188b9d58ad67051cd3e3468ac02681c 
redhat/9/updates-testing/i386/galeon-1.2.13-0.9.2.legacy.i386.rpm

861196199b25fe56d2f2d990c4eb74fad537a643 
fedora/1/updates-testing/SRPMS/mozilla-1.4.3-1.fc1.1.legacy.src.rpm
8dd0c2479974060a9b4c64e7fb7bb7bfe08bfca0 
fedora/1/updates-testing/SRPMS/epiphany-1.0.4-2.4.legacy.src.rpm
346049a0d8835253ee9f97249b0ac834cb664bfc 
fedora/1/updates-testing/i386/mozilla-1.4.3-1.fc1.1.legacy.i386.rpm
4898da95488b5fbb6962613c383f42faaf5ff4ba 
fedora/1/updates-testing/i386/mozilla-chat-1.4.3-1.fc1.1.legacy.i386.rpm
edc0eeeaf12cc95c4838375c61140c0a12df423b 
fedora/1/updates-testing/i386/mozilla-devel-1.4.3-1.fc1.1.legacy.i386.rpm
871e5ea09920d2844acd74188202c5f99b177bc9 
fedora/1/updates-testing/i386/mozilla-dom-inspector-1.4.3-1.fc1.1.legacy.i386.rpm
75d8796d1e902fa56fc8665850a7027d189bd809 
fedora/1/updates-testing/i386/mozilla-js-debugger-1.4.3-1.fc1.1.legacy.i386.rpm
08a55541cc0062892b4ae7e11f12ea041dfdc5c2 
fedora/1/updates-testing/i386/mozilla-mail-1.4.3-1.fc1.1.legacy.i386.rpm
a00c8f63b2ac924794e533582adecd979ca5aebb 
fedora/1/updates-testing/i386/mozilla-nspr-1.4.3-1.fc1.1.legacy.i386.rpm
a3e31f50a30ce3bb9d280bbcd0a941c2910534bd 
fedora/1/updates-testing/i386/mozilla-nspr-devel-1.4.3-1.fc1.1.legacy.i386.rpm
df50478720c9430b1e9edbcd96323db6bf15c48b 
fedora/1/updates-testing/i386/mozilla-nss-1.4.3-1.fc1.1.legacy.i386.rpm
ebefb845a937bca2c0655f5dd6d43bdf9759a871 
fedora/1/updates-testing/i386/mozilla-nss-devel-1.4.3-1.fc1.1.legacy.i386.rpm
5885ec55134e6bffe7be6e0ec527b668e1f8b262 
fedora/1/updates-testing/i386/epiphany-1.0.4-2.4.legacy.i386.rpm
 
Please note that this update is also available via yum and apt through
the updates-testing channel.  Many people find this an easier way to
apply updates.
---------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20041024/c84a8671/attachment.sig>

More information about the fedora-legacy-list mailing list