Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Fedora Core 3: FEDORA-2005-247 Important: Linux Kernel Security Flaw

fedora
Calendar Grey March 23, 2005
Dist Fedora Esm H88
The latest Fedora Core 3 patch addresses various vulnerabilities in Firefox, particularly targeting buffer overflow concerns, thereby improving user security with timely updates.
A buffer overflow bug was found in the way Firefox processes GIF images

Summary

Mozilla Firefox is an open-source web browser, designed for standards

compliance, performance and portability.

A buffer overflow bug was found in the way Firefox processes GIF images.

It is possible for an attacker to create a specially crafted GIF image,

which when viewed by a victim will execute arbitrary code as the victim.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the name CAN-2005-0399 to this issue.

A bug was found in the way Firefox processes XUL content. If a malicious

web page can trick a user into dragging an object, it is possible to

load malicious XUL content. The Common Vulnerabilities and Exposures

project (cve.mitre.org) has assigned the name CAN-2005-0401 to this issue.

A bug was found in the way Firefox bookmarks content to the sidebar. If

a user can be tricked into bookmarking a malicious web page into the

sidebar panel, that page could execute arbitrary programs. The Common

Vulnerabilities and Exposures project (cve.mitre.org) has assigned the

name CAN-2005-0402 to this issue.

Users of Firefox are advised to upgrade to this updated package which

contains Firefox version 1.0.2 and is not vulnerable to these issues.

Additionally, there was a bug found in the way Firefox rendered some

fonts, notably the Tahoma font while italicized. This issue has been

filed as Bug 150041 (bugzilla.redhat.com). This updated package

contains a fix for this issue.

- Firefox 1.0.2

- Fix issues with italic rendering using certain fonts (e.g. Tahoma)

- Add upstream fix to reduce round trips to xserver during remote control

- Add upstream fix to call g_set_application_name

a461bc4e69e10779b3a46944f6b3fd23 SRPMS/firefox-1.0.2-1.3.1.src.rpm

1951b68e390da2f45177df9c016240a0 x86_64/firefox-1.0.2-1.3.1.x86_64.rpm

a81f4837b641ae78f3f6559cbf05715c

x86_64/debug/firefox-debuginfo-1.0.2-1.3.1.x86_64.rpm

9b19361c8a3dc98edaa07eb1043c11b3 i386/firefox-1.0.2-1.3.1.i386.rpm

a97e425d13c5abb994520829b16b8063

i386/debug/firefox-debuginfo-1.0.2-1.3.1.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical firefox malicious content XUL issue

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Name: firefox
Version: 1.0.2
Release: 1.3.1
Summary: Mozilla Firefox Web browser.

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical firefox malicious content XUL issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here