Security of Firefox (was Re: VDQ : Firefox, Fedora -- and yum?)
William Hooper
whooperhsd3 at earthlink.net
Mon Feb 13 03:38:22 UTC 2006
beartooth wrote:
> The most recent version of this document can be found at:
>
>
> <http://www.us-cert.gov/cas/techalerts/TA06-038A.html>
[snip]
That link describes two issues:
CVE-2006-0296
CVE-2006-0295
CVE-2006-0296 is fixed in firefox-1.0.7-1.2.fc4.
[whooper at token i386]$ rpm -qp --changelog firefox-1.0.7-1.2.fc4.i386.rpm |
head -4
warning: firefox-1.0.7-1.2.fc4.i386.rpm: V3 DSA signature: NOKEY, key ID
4f2a6fd2
* Sun Jan 29 2006 Christopher Aillon <caillon at redhat.com> 0:1.0.7-1.2.fc4
- Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296
According to Mozilla, version 1.0.x isn't vulnerable to CVE-2006-0295.
http://www.mozilla.org/security/announce/mfsa2006-04.html
--
William Hooper
More information about the fedora-list
mailing list