[SECURITY] Fedora 7 Update: gtkmozembedmm-1.4.2.cvs20060817-14.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:45:27 UTC 2007

Fedora Update Notification
2007-11-29 01:44:21.449766

Name        : gtkmozembedmm
Product     : Fedora 7
Version     : 1.4.2.cvs20060817
Release     : 14.fc7
URL         : http://gtkmm.sourceforge.net/
Summary     : C++ wrapper for GtkMozembed
Description :
This package provides a C++/gtkmm wrapper for GtkMozEmbed
from Mozilla 1.4.x to 1.7.x.
The wrapper provides a convenient interface for C++ programmers
to use the Gtkmozembed HTML-rendering widget inside their software.

Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com> - 1.4.2.cvs20060817-14
- Rebuild against newer gecko
* Fri Jul 20 2007 Haïkel Guémar <karlthered at gmail.com> - 1.4.2.cvs20060817-13
- Rebuild against  gecko-libs
* Fri Jul 20 2007 Haïkel Guémar <karlthered at gmail.com> - 1.4.2.cvs20060817-12
- Rebuild against  gecko-libs
* Wed Jun  6 2007 Haïkel Guémar <karlthered at gmail.com> - 1.4.2.cvs20060817-11
- rebuilt against gecko-libs
Updated packages:

fe777ee04e72a38e5c26b62749359be08564019d gtkmozembedmm-debuginfo-1.4.2.cvs20060817-14.fc7.ppc64.rpm
7e1cb5294e4fa567481bb577bb1e409cbef5be04 gtkmozembedmm-devel-1.4.2.cvs20060817-14.fc7.ppc64.rpm
344a9b67d87dd6b7748b0bfe124eff6d75eaa59e gtkmozembedmm-1.4.2.cvs20060817-14.fc7.ppc64.rpm
8c0d3c1c1d751cd35f57f819a57b743c9c825bbf gtkmozembedmm-1.4.2.cvs20060817-14.fc7.i386.rpm
3d74cdc5871092bc70d3db70eb5e67af535e53e1 gtkmozembedmm-devel-1.4.2.cvs20060817-14.fc7.i386.rpm
ab8a15233e7720c02addf35dbb445567a006dbd1 gtkmozembedmm-debuginfo-1.4.2.cvs20060817-14.fc7.i386.rpm
77c9876e468746919372aa44149037fb05763317 gtkmozembedmm-1.4.2.cvs20060817-14.fc7.x86_64.rpm
b515e71d44e752f0c650edfa72283d4f8d9605cf gtkmozembedmm-devel-1.4.2.cvs20060817-14.fc7.x86_64.rpm
833a1af80111d5e5403947b4b29a2c87c2bb8b94 gtkmozembedmm-debuginfo-1.4.2.cvs20060817-14.fc7.x86_64.rpm
f57dd5f1b30e9a2337ca74cd1106668d4c451e08 gtkmozembedmm-debuginfo-1.4.2.cvs20060817-14.fc7.ppc.rpm
5d6e964617f8390b7812b031ef5341ea6c8828fe gtkmozembedmm-devel-1.4.2.cvs20060817-14.fc7.ppc.rpm
e734fa94312c88bc2c785ab8c6250434c7283f6b gtkmozembedmm-1.4.2.cvs20060817-14.fc7.ppc.rpm
b4ba7ec5060e53b27b61d150810a56bec1a4a012 gtkmozembedmm-1.4.2.cvs20060817-14.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gtkmozembedmm' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.

More information about the Fedora-package-announce mailing list