Fedora Legacy Test Update Notification: mozilla

Marc Deslauriers marcdeslauriers at videotron.ca
Fri Aug 12 20:51:12 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-160202
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
2005-08-12
---------------------------------------------------------------------

Name        : mozilla
Versions    : rh7.3: mozilla-1.7.10-0.73.1.legacy
Versions    : rh9: mozilla-1.7.10-0.90.1.legacy
Versions    : fc1: mozilla-1.7.10-1.1.1.legacy
Versions    : fc2: mozilla-1.7.10-1.2.1.legacy
Summary     : A Web browser.
Description :
Mozilla is an open-source Web browser, designed for standards
compliance, performance, and portability.

---------------------------------------------------------------------
Update Information:

Updated mozilla packages that fix various security issues are now
available.

Mozilla is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

A bug was found in the way Mozilla handled synthetic events. It is
possible that Web content could generate events such as keystrokes or
mouse clicks that could be used to steal data or execute malicious
Javascript code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-2260 to this issue.

A bug was found in the way Mozilla executed Javascript in XBL controls.
It is possible for a malicious webpage to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261)

A bug was found in the way Mozilla installed its extensions. If a user
can be tricked into visiting a malicious webpage, it may be possible to
obtain sensitive information such as cookies or passwords.
(CAN-2005-2263)

A bug was found in the way Mozilla handled certain Javascript functions.
It is possible for a malicious webpage to crash the browser by executing
malformed Javascript code. (CAN-2005-2265)

A bug was found in the way Mozilla handled multiple frame domains. It is
possible for a frame as part of a malicious website to inject content
into a frame that belongs to another domain. This issue was previously
fixed as CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937)

A bug was found in the way Mozilla handled child frames. It is possible
for a malicious framed page to steal sensitive information from its
parent page. (CAN-2005-2266)

A bug was found in the way Mozilla opened URLs from media players. If a
media player opens a URL which is Javascript, the Javascript executes
with access to the currently open webpage. (CAN-2005-2267)

A design flaw was found in the way Mozilla displayed alerts and prompts.
Alerts and prompts were given the generic title [JavaScript Application]
which prevented a user from knowing which site created them.
(CAN-2005-2268)

A bug was found in the way Mozilla handled DOM node names. It is
possible for a malicious site to overwrite a DOM node name, allowing
certain privileged chrome actions to execute the malicious Javascript.
(CAN-2005-2269)

A bug was found in the way Mozilla cloned base objects. It is possible
for Web content to traverse the prototype chain to gain access to
privileged chrome objects. (CAN-2005-2270)

Users of Mozilla are advised to upgrade to these updated packages, which
contain Mozilla version 1.7.10 and are not vulnerable to these issues.

---------------------------------------------------------------------
Changelogs

rh7.3:
* Wed Jul 27 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
37:1.7.10-0.73.1.legacy
- Rebuild as a Fedora Legacy update for Red Hat Linux 7.3
- Added missing freetype-devel BuildRequires
- Fix missing icons in desktop files

rh9:
* Thu Jul 28 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
37:1.7.10-0.90.1.legacy
- Rebuilt as a Fedora Legacy update for Red Hat Linux 9
- Disabled desktop-file-utils
- Disabled gtk2
- Added missing BuildRequires
- Force build with gcc296 to remain compatible with plugins
- Added xft font preferences and patch back in
- Removed mozilla-compose.desktop

fc1:
* Thu Jul 28 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
37:1.7.10-1.1.1.legacy
- Rebuilt as Fedora Legacy update for Fedora Core 1
- Changed useragent vendor tag to Fedora
- Removed Network category from mozilla.desktop
- Added missing gnome-vfs2-devel and desktop-file-utils to BuildRequires

fc2:
* Sat Jul 30 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
37:1.7.10-1.2.1.legacy
- Rebuilt as a Fedora Legacy update to Fedora Core 2
- Reverted to desktop-file-utils 0.4
- Removed desktop-update-database
- Disabled pango support
- Added missing gnome-vfs2-devel, desktop-file-utils and krb5-devel
BuildPrereq

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
21ef0fc3fb4a4b1bab035a3ca39f05793980f96c
redhat/7.3/updates-testing/i386/mozilla-1.7.10-0.73.1.legacy.i386.rpm
bd577e6f2da710d29e4b80178c06824dc49f777e
redhat/7.3/updates-testing/i386/mozilla-chat-1.7.10-0.73.1.legacy.i386.rpm
ead8a39e3bf89266c46ad4416b7089b1685c1611
redhat/7.3/updates-testing/i386/mozilla-devel-1.7.10-0.73.1.legacy.i386.rpm
f3cbc0d33c063472bd02836c5bb6fa1358a07144
redhat/7.3/updates-testing/i386/mozilla-dom-inspector-1.7.10-0.73.1.legacy.i386.rpm
d80e8e4ca42908fcddb3fe210ca7e3239572d645
redhat/7.3/updates-testing/i386/mozilla-js-debugger-1.7.10-0.73.1.legacy.i386.rpm
cd099e3c6886784093ab23fc4217c3d9c8202ddc
redhat/7.3/updates-testing/i386/mozilla-mail-1.7.10-0.73.1.legacy.i386.rpm
7423c24f838e81e69f14363324bebad96c87bf87
redhat/7.3/updates-testing/i386/mozilla-nspr-1.7.10-0.73.1.legacy.i386.rpm
1b4d201829286b23cf6f86068e82e1f116f5e238
redhat/7.3/updates-testing/i386/mozilla-nspr-devel-1.7.10-0.73.1.legacy.i386.rpm
afce419aeac48067ec55ba4c54b75a96b84ae248
redhat/7.3/updates-testing/i386/mozilla-nss-1.7.10-0.73.1.legacy.i386.rpm
9e2b0fc1e17b6a014fb78b1d4ed73aa9b33a6998
redhat/7.3/updates-testing/i386/mozilla-nss-devel-1.7.10-0.73.1.legacy.i386.rpm
a055ace074f9d074f8dc24b8467ef03ab2a4f56d
redhat/7.3/updates-testing/SRPMS/mozilla-1.7.10-0.73.1.legacy.src.rpm
9e617122c902d6a41fe8ab5a7541c6ad7d7a4274
redhat/7.3/updates-testing/i386/galeon-1.2.14-0.73.4.legacy.i386.rpm
9a09d9823313a758f7d73631e46d5fd44f018a04
redhat/7.3/updates-testing/SRPMS/galeon-1.2.14-0.73.4.legacy.src.rpm

rh9:
361bb85b2bd856bb6f75a2067ca9f8b64740d55e
redhat/9/updates-testing/i386/mozilla-1.7.10-0.90.1.legacy.i386.rpm
5b5331a02a50612518a9b04e8e25e1f0e61afbc9
redhat/9/updates-testing/i386/mozilla-chat-1.7.10-0.90.1.legacy.i386.rpm
1cef67b7101ca5ef94c2da52cf7e6fa1904ddab7
redhat/9/updates-testing/i386/mozilla-devel-1.7.10-0.90.1.legacy.i386.rpm
ebfd6b8d96a12c32c8c32cd06a0eb29ce44ebd9c
redhat/9/updates-testing/i386/mozilla-dom-inspector-1.7.10-0.90.1.legacy.i386.rpm
00a5dc6a4da814c68efa0e6f0bebaeb2e5af43e4
redhat/9/updates-testing/i386/mozilla-js-debugger-1.7.10-0.90.1.legacy.i386.rpm
3cff356510a48956b0ce9e7ab7cc158da2f37906
redhat/9/updates-testing/i386/mozilla-mail-1.7.10-0.90.1.legacy.i386.rpm
998feb261e696dcd5a08cfd2d884b30063944f78
redhat/9/updates-testing/i386/mozilla-nspr-1.7.10-0.90.1.legacy.i386.rpm
12d4caa735df18edaf636d30de98ab41b0c394ac
redhat/9/updates-testing/i386/mozilla-nspr-devel-1.7.10-0.90.1.legacy.i386.rpm
e20f1d5b4111a23b1f6ec30547ebd447c2c9eb54
redhat/9/updates-testing/i386/mozilla-nss-1.7.10-0.90.1.legacy.i386.rpm
815236f90f4778e52a364ae4795b762f95b11909
redhat/9/updates-testing/i386/mozilla-nss-devel-1.7.10-0.90.1.legacy.i386.rpm
49801c7d362ba0e659096516f7dc89960aaba5ab
redhat/9/updates-testing/SRPMS/mozilla-1.7.10-0.90.1.legacy.src.rpm
abd5ff8e4e92dacc43cd8ddbb88061bee410a965
redhat/9/updates-testing/i386/galeon-1.2.14-0.90.4.legacy.i386.rpm
f252f4ec0b3132199e30362b5aa12fcf70345708
redhat/9/updates-testing/SRPMS/galeon-1.2.14-0.90.4.legacy.src.rpm

fc1:
024af661649ccdd80f61cdbcd67405146ddd290e
fedora/1/updates-testing/i386/mozilla-1.7.10-1.1.1.legacy.i386.rpm
c714508dfbf5194b518ab8c36ef15e35b5f9f34d
fedora/1/updates-testing/i386/mozilla-chat-1.7.10-1.1.1.legacy.i386.rpm
9f87a7c1b15b1eacf77d785ba02a6e5272786483
fedora/1/updates-testing/i386/mozilla-devel-1.7.10-1.1.1.legacy.i386.rpm
40d6a447c6fa50971449a12ed04d2139e7f38c86
fedora/1/updates-testing/i386/mozilla-dom-inspector-1.7.10-1.1.1.legacy.i386.rpm
7d7993584caf000376d414adfea09ef03b5dcfcc
fedora/1/updates-testing/i386/mozilla-js-debugger-1.7.10-1.1.1.legacy.i386.rpm
ddb668ea5ef6354bcea561d396f322b812986d3c
fedora/1/updates-testing/i386/mozilla-mail-1.7.10-1.1.1.legacy.i386.rpm
ba21eee7662528448aeab774f9f1eedcd27bef6e
fedora/1/updates-testing/i386/mozilla-nspr-1.7.10-1.1.1.legacy.i386.rpm
6fc9017c5f1712648f83f74dfc289097244bf2fb
fedora/1/updates-testing/i386/mozilla-nspr-devel-1.7.10-1.1.1.legacy.i386.rpm
b16af5524e6b5ae6d00b978aa7ae7e382045e42a
fedora/1/updates-testing/i386/mozilla-nss-1.7.10-1.1.1.legacy.i386.rpm
fe6babcc981d3d8d00405bc668a163c762325556
fedora/1/updates-testing/i386/mozilla-nss-devel-1.7.10-1.1.1.legacy.i386.rpm
b897549c97460c0c77cb7cd2a5cc09fa2b87e648
fedora/1/updates-testing/SRPMS/mozilla-1.7.10-1.1.1.legacy.src.rpm
8e927ac2f8ef17d3d33a5f244944c8e23bd349a5
fedora/1/updates-testing/i386/epiphany-1.0.8-1.fc1.4.legacy.i386.rpm
e7269e1c82160199d9922ee85116ca6c3b968aa4
fedora/1/updates-testing/SRPMS/epiphany-1.0.8-1.fc1.4.legacy.src.rpm

fc2:
84191565518894d9064043591f6bd8a87aadf7c1
fedora/2/updates-testing/i386/mozilla-1.7.10-1.2.1.legacy.i386.rpm
840981293c815a81a1e2731cb70890fdcf4a9439
fedora/2/updates-testing/i386/mozilla-chat-1.7.10-1.2.1.legacy.i386.rpm
c8239468a1ee288b4a4c476d3499e2dd21f9e15f
fedora/2/updates-testing/i386/mozilla-devel-1.7.10-1.2.1.legacy.i386.rpm
ead0223ae156bc10bc98d7b3e2b3d73fe295a3b8
fedora/2/updates-testing/i386/mozilla-dom-inspector-1.7.10-1.2.1.legacy.i386.rpm
8f8ce4d865ca4f1a39044c5be16aa3226c379336
fedora/2/updates-testing/i386/mozilla-js-debugger-1.7.10-1.2.1.legacy.i386.rpm
f7f86824465f7cefb863edd0185a1d10dd1a9e5b
fedora/2/updates-testing/i386/mozilla-mail-1.7.10-1.2.1.legacy.i386.rpm
6ddbbe1bf072839e4d614f875c4bf2b9e613c252
fedora/2/updates-testing/i386/mozilla-nspr-1.7.10-1.2.1.legacy.i386.rpm
b19179e3c9636c693519859168c15a374868265b
fedora/2/updates-testing/i386/mozilla-nspr-devel-1.7.10-1.2.1.legacy.i386.rpm
cb906332518766343ce2e0b42b1daa8ea365f5c2
fedora/2/updates-testing/i386/mozilla-nss-1.7.10-1.2.1.legacy.i386.rpm
b321daec595fa820fa1c61636b6e7ae04bc93ec0
fedora/2/updates-testing/i386/mozilla-nss-devel-1.7.10-1.2.1.legacy.i386.rpm
84b27211a322366ed7b55ebd56b27bd311f268b1
fedora/2/updates-testing/SRPMS/mozilla-1.7.10-1.2.1.legacy.src.rpm
602ce3dc7e96667ca3c854208447873660bbbbec
fedora/2/updates-testing/i386/epiphany-1.2.10-0.2.5.legacy.i386.rpm
d1c8debf69421cf879a8cc124999f09b86849743
fedora/2/updates-testing/SRPMS/epiphany-1.2.10-0.2.5.legacy.src.rpm
616b84cd1427ed5692afaad68e75fa78a306853d
fedora/2/updates-testing/i386/devhelp-0.9.1-0.2.8.legacy.i386.rpm
2f93f6d05bf459305427ee159b798a939087d125
fedora/2/updates-testing/i386/devhelp-devel-0.9.1-0.2.8.legacy.i386.rpm
08ac95e7d0f4bdcebbe03994cdacd5074f166479
fedora/2/updates-testing/SRPMS/devhelp-0.9.1-0.2.8.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050812/45c95998/attachment.sig>

More information about the fedora-legacy-list mailing list