Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora Core 4 Firefox Update FEDORA-2006-410 Critical: Javascript Attacks

fedora
Calendar Grey April 18, 2006
Dist Fedora Esm H88
The latest Firefox release for Fedora Core 4 resolves various vulnerabilities linked to improperly structured JavaScript and harmful coding elements.
Several bugs were found in the way Firefox processes malformed javascript

Summary

Mozilla Firefox is an open-source web browser, designed for standards

compliance, performance and portability.

Several bugs were found in the way Firefox processes

malformed javascript. A malicious web page could modify the

content of a different open web page, possibly stealing

sensitive information or conducting a cross-site scripting

attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Firefox processes certain

javascript actions. A malicious web page could execute

arbitrary javascript instructions with the permissions of

"chrome", allowing the page to steal sensitive information

or install browser malware. (CVE-2006-1727, CVE-2006-1728,

CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)

Several bugs were found in the way Firefox processes

malformed web pages. A carefully crafted malicious web page

could cause the execution of arbitrary code as the user

running Firefox. (CVE-2006-0749, CVE-2006-1724,

CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,

CVE-2006-1790)

A bug was found in the way Firefox displays the secure site

icon. If a browser is configured to display the non-default

secure site modal warning dialog, it may be possible to

trick a user into believing they are viewing a secure site.

(CVE-2006-1740)

A bug was found in the way Firefox allows javascript

mutation events on "input" form elements. A malicious web

page could be created in such a way that when a user submits

a form, an arbitrary file could be uploaded to the attacker.

(CVE-2006-1729)

- Update to firefox 1.0.8

edc9582da8796f9658ed0478a474a5461c3d2a8f SRPMS/firefox-1.0.8-1.1.fc4.src.rpm

22f31a6966879e2b2a62a30f369c8e99ddcd0e7d ppc/firefox-1.0.8-1.1.fc4.ppc.rpm

8c8b61fcf154efdaf1cb630ecafb3ab1b95dfc03 ppc/debug/firefox-debuginfo-1.0.8-1.1.fc4.ppc.rpm

52ee41a4eefbfa8b0a139476b2d1b8a78d5ddc2b x86_64/firefox-1.0.8-1.1.fc4.x86_64.rpm

46b5a14188582e1760ca3bb4c3bb27be041fdeb1 x86_64/debug/firefox-debuginfo-1.0.8-1.1.fc4.x86_64.rpm

7ea4c55ba11869f85ca89a4b406a712e51c75c34 i386/firefox-1.0.8-1.1.fc4.i386.rpm

9b34e30b7c4ec287b823197e5b039d711fdcd5de i386/debug/firefox-debuginfo-1.0.8-1.1.fc4.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

fedora-announce-list mailing list

fedora-announce-list@redhat.com

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: firefox
Version: 1.0.8
Release: 1.1.fc4
Summary: Mozilla Firefox Web browser.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here