|
|
|
>>
VUPEN Security / Public Mailing Lists Mirror |
Assigned : VUPEN/ADV-2006-0428
From : "Christopher Aillon" <caillon at redhat.com>
Subject : Fedora Core 4 Update: firefox-1.0.7-1.2.fc4
Date : 2006-02-03
Original Message
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-076
2006-02-02
---------------------------------------------------------------------
Product : Fedora Core 4
Name : firefox
Version : 1.0.7
Release : 1.2.fc4
Summary : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
---------------------------------------------------------------------
Update Information:
Mozilla Firefox is an open source Web browser.
Igor Bukanov discovered a bug in the way Firefox's
JavaScript interpreter dereferences objects. If a user
visits a malicious web page, Firefox could crash or execute
arbitrary code as the user running Firefox. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2006-0292 to this issue.
moz_bug_r_a4 discovered a bug in Firefox's
XULDocument.persist() function. A malicious web page could
inject arbitrary RDF data into a user's localstore.rdf file,
which can cause Firefox to execute arbitrary JavaScript when
a user runs Firefox. (CVE-2006-0296)
A denial of service bug was found in the way Firefox saves
history information. If a user visits a web page with a very
long title, it is possible Firefox will crash or take a very
long time to start the next time it is run. (CVE-2005-4134)
---------------------------------------------------------------------
* Sun Jan 29 2006 Christopher Aillon <caillon@redhat.com> 0:1.0.7-1.2.fc4
- Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
d37a19a1ad285f0605ed0a7fc3603c289e4d33a0 SRPMS/firefox-1.0.7-1.2.fc4.src.rpm
46d0d5698126e86ce6d2e844e113d230cd4f23ea ppc/firefox-1.0.7-1.2.fc4.ppc.rpm
822405f5a6de3e18324b2a1270a0e9a08aabb234 ppc/debug/firefox-debuginfo-1.0.7-1.2.fc4.ppc.rpm
42c8d63a8dd251c505e19dfff2c61450c149c774 x86_64/firefox-1.0.7-1.2.fc4.x86_64.rpm
f737d3deb0c8791ed31caff83226d4b1a17a58d8 x86_64/debug/firefox-debuginfo-1.0.7-1.2.fc4.x86_64.rpm
c6d0a31bd2106ae7ffe65ff9c780209fa3edcd9a i386/firefox-1.0.7-1.2.fc4.i386.rpm
6635d0ddc685bb7579f2701971704a4bec7d1dc8 i386/debug/firefox-debuginfo-1.0.7-1.2.fc4.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
Disclaimer : VUPEN Security does not endorse the content of this
message submitted by others to public mailinglists. Messages submitted to public
mailinglists do not necessarily reflect the opinions or policies of VUPEN Security.
VUPEN Security makes no warranties, express or implied, as to the content of the message
in this page or the accuracy and reliability of any messages and other materials
submitted to public mailinglists. Any questions or comments regarding this page
should be sent to
team@vupen.com
|
|
|
|
|
|
Monthly Statistics |
 |
|
|
|
| |
|
Try VUPEN
VNS |
 |
|
 |
|
| |
|
 |
| |
|
|
|
|
