Fedora Legacy Test Update Notification: firefox

Marc Deslauriers marcdeslauriers at videotron.ca
Tue May 16 00:15:30 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-189137-2
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189137
2006-05-15
---------------------------------------------------------------------

Name        : firefox
Versions    : fc3: firefox-1.0.8-1.1.fc3.1.legacy
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------
Update Information:

An updated firefox package that fixes several security bugs is now
available.

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

Several bugs were found in the way Firefox processes malformed
javascript. A malicious web page could modify the content of a different
open web page, possibly stealing sensitive information or conducting a
cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732,
CVE-2006-1741)

Several bugs were found in the way Firefox processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of "chrome", allowing the page to
steal sensitive information or install browser malware. (CVE-2006-1727,
CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735,
CVE-2006-1742)

Several bugs were found in the way Firefox processes malformed web
pages. A carefully crafted malicious web page could cause the execution
of arbitrary code as the user running Firefox. (CVE-2006-0748,
CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737,
CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)

A bug was found in the way Firefox displays the secure site icon. If a
browser is configured to display the non-default secure site modal
warning dialog, it may be possible to trick a user into believing they
are viewing a secure site. (CVE-2006-1740)

A bug was found in the way Firefox allows javascript mutation events on
"input" form elements. A malicious web page could be created in such a
way that when a user submits a form, an arbitrary file could be uploaded
to the attacker. (CVE-2006-1729)

Users of Firefox are advised to upgrade to these updated packages
containing Firefox version 1.0.8 which corrects these issues.

---------------------------------------------------------------------
Changelogs

fc3:
* Wed Apr 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
0:1.0.8-1.1.fc3.1.legacy
- Update to firefox 1.0.8

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc3:
8b719bb18c6dfe14b472c684ac5133d82d1b96d0
fedora/3/updates-testing/i386/firefox-1.0.8-1.1.fc3.1.legacy.i386.rpm
946f2ccbc412675ee6959a3dee50c2cb3ba90c3a
fedora/3/updates-testing/x86_64/firefox-1.0.8-1.1.fc3.1.legacy.x86_64.rpm
0747aa65730e328a9274ec66c0de8dc30645dc1d
fedora/3/updates-testing/SRPMS/firefox-1.0.8-1.1.fc3.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060515/077983c4/attachment.sig>

More information about the fedora-legacy-list mailing list