Fedora Core 4 Update: firefox-1.0.7-1.2.fc4

    Date02 Feb 2006
    CategoryFedora
    5507
    Posted ByLinuxSecurity Advisories
    Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's JavaScript interpreter dereferences objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Firefox to execute arbitrary JavaScript when a user runs Firefox. (CVE-2006-0296) A denial of service bug was found in the way Firefox saves history information. If a user visits a web page with a very long title, it is possible Firefox will crash or take a very long time to start the next time it is run. (CVE-2005-4134)
    ---------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2006-076
    2006-02-02
    ---------------------------------------------------------------------
    
    Product     : Fedora Core 4
    Name        : firefox
    Version     : 1.0.7                      
    Release     : 1.2.fc4                  
    Summary     : Mozilla Firefox Web browser.
    Description :
    Mozilla Firefox is an open-source web browser, designed for standards
    compliance, performance and portability.
    
    ---------------------------------------------------------------------
    Update Information:
    
    Mozilla Firefox is an open source Web browser.
    
    Igor Bukanov discovered a bug in the way Firefox's
    JavaScript interpreter dereferences objects. If a user
    visits a malicious web page, Firefox could crash or execute
    arbitrary code as the user running Firefox. The Common
    Vulnerabilities and Exposures project assigned the name
    CVE-2006-0292 to this issue.
    
    moz_bug_r_a4 discovered a bug in Firefox's
    XULDocument.persist() function. A malicious web page could
    inject arbitrary RDF data into a user's localstore.rdf file,
    which can cause Firefox to execute arbitrary JavaScript when
    a user runs Firefox. (CVE-2006-0296)
    
    A denial of service bug was found in the way Firefox saves
    history information. If a user visits a web page with a very
    long title, it is possible Firefox will crash or take a very
    long time to start the next time it is run. (CVE-2005-4134)
    ---------------------------------------------------------------------
    * Sun Jan 29 2006 Christopher Aillon  0:1.0.7-1.2.fc4
    - Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296
    
    ---------------------------------------------------------------------
    This update can be downloaded from:
      http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
    
    d37a19a1ad285f0605ed0a7fc3603c289e4d33a0  SRPMS/firefox-1.0.7-1.2.fc4.src.rpm
    46d0d5698126e86ce6d2e844e113d230cd4f23ea  ppc/firefox-1.0.7-1.2.fc4.ppc.rpm
    822405f5a6de3e18324b2a1270a0e9a08aabb234  ppc/debug/firefox-debuginfo-1.0.7-1.2.fc4.ppc.rpm
    42c8d63a8dd251c505e19dfff2c61450c149c774  x86_64/firefox-1.0.7-1.2.fc4.x86_64.rpm
    f737d3deb0c8791ed31caff83226d4b1a17a58d8  x86_64/debug/firefox-debuginfo-1.0.7-1.2.fc4.x86_64.rpm
    c6d0a31bd2106ae7ffe65ff9c780209fa3edcd9a  i386/firefox-1.0.7-1.2.fc4.i386.rpm
    6635d0ddc685bb7579f2701971704a4bec7d1dc8  i386/debug/firefox-debuginfo-1.0.7-1.2.fc4.i386.rpm
    
    This update can be installed with the 'yum' update program.  Use 'yum update
    package-name' at the command line.  For more information, refer to 'Managing
    Software with yum,' available at http://fedora.redhat.com/docs/yum/.
    ---------------------------------------------------------------------
    
    -- 
    fedora-announce-list mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/fedora-announce-list
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.