[SECURITY] Fedora Core 5 Update: firefox-1.5.0.7-1.fc5
Christopher Aillon
caillon at redhat.com
Fri Sep 15 01:47:55 UTC 2006
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-976
2006-09-14
---------------------------------------------------------------------
Product : Fedora Core 5
Name : firefox
Version : 1.5.0.7
Release : 1.fc5
Summary : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
---------------------------------------------------------------------
Update Information:
Mozilla Firefox is an open source Web browser.
Two flaws were found in the way Firefox processed certain
regular expressions. A malicious web page could crash the
browser or possibly execute arbitrary code as the user
running Firefox. (CVE-2006-4565, CVE-2006-4566)
A number of flaws were found in Firefox. A malicious web
page could crash the browser or possibly execute arbitrary
code as the user running Firefox. (CVE-2006-4571)
A flaw was found in the handling of JavaScript timed events.
A malicious web page could crash the browser or possibly
execute arbitrary code as the user running Firefox.
(CVE-2006-4253)
A flaw was found in the Firefox auto-update verification
system. An attacker who has the ability to spoof a victim's
DNS could get Firefox to download and install malicious
code. In order to exploit this issue an attacker would also
need to get a victim to previously accept an unverifiable
certificate. (CVE-2006-4567)
Firefox did not properly prevent a frame in one domain from
injecting content into a sub-frame that belongs to another
domain, which facilitates website spoofing and other attacks
(CVE-2006-4568)
Firefox did not load manually opened, blocked popups in the
right domain context, which could lead to cross-site
scripting attacks. In order to exploit this issue an
attacker would need to find a site which would frame their
malicious page and convince the user to manually open a
blocked popup. (CVE-2006-4569)
Users of Firefox are advised to upgrade to this update,
which contains Firefox version 1.5.0.7 that corrects these
issues.
---------------------------------------------------------------------
* Wed Sep 13 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.7-1
- Update to 1.5.0.7
- Bring in pango patches from rawhide to fix MathML and cursor positioning
* Tue Aug 8 2006 Jesse Keating <jkeating at redhat.com> - 1.5.0.6-2
- Use dist tag
- rebuild
* Thu Aug 3 2006 Kai Engert <kengert at redhat.com> - 1.5.0.6-1.1.fc5
- Update to 1.5.0.6
* Thu Jul 27 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.5-1.1.fc5
- Update to 1.5.0.5
* Wed Jun 14 2006 Kai Engert <kengert at redhat.com> - 1.5.0.4-1.2.fc5
- Force "gmake -j1" on ppc ppc64 s390 s390x
* Mon Jun 12 2006 Kai Engert <kengert at redhat.com> - 1.5.0.4-1.1.fc5
- Firefox 1.5.0.4
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
778e5bf66d59d06fbaad11adf079e884be53fa28 SRPMS/firefox-1.5.0.7-1.fc5.src.rpm
778e5bf66d59d06fbaad11adf079e884be53fa28 noarch/firefox-1.5.0.7-1.fc5.src.rpm
e3c66758b8b096b3787aabdf53dfd6011af92efc ppc/debug/firefox-debuginfo-1.5.0.7-1.fc5.ppc.rpm
32ceba9a064a6ceaa3221aa88496a1d52179e315 ppc/firefox-1.5.0.7-1.fc5.ppc.rpm
0cc86390c4d8813d4b771468e4a1d13eea334cdd x86_64/debug/firefox-debuginfo-1.5.0.7-1.fc5.x86_64.rpm
ffaaf9b4bd4f1974c940875eaea41c12873b92a8 x86_64/firefox-1.5.0.7-1.fc5.x86_64.rpm
021ec6c0f1d16f2b2d49346f80ed7d06102ae9a6 i386/firefox-1.5.0.7-1.fc5.i386.rpm
8888ee93e48e01d07ac8767bd201b27364ffb83a i386/debug/firefox-debuginfo-1.5.0.7-1.fc5.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list