Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora Core 5 FEDORA-2006-411 Moderate: Firefox Web Browser Risks

fedora
Calendar Grey April 18, 2006
Dist Fedora Esm H88
The latest release of Mozilla Firefox for Fedora Core 5 addresses multiple security issues related to webpage rendering and script execution.
Several bugs were found in the way Firefox processes malformed javascript

Summary

Mozilla Firefox is an open-source web browser, designed for standards

compliance, performance and portability.

Several bugs were found in the way Firefox processes

malformed javascript. A malicious web page could modify the

content of a different open web page, possibly stealing

sensitive information or conducting a cross-site scripting

attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Firefox processes certain

javascript actions. A malicious web page could execute

arbitrary javascript instructions with the permissions of

"chrome", allowing the page to steal sensitive information

or install browser malware. (CVE-2006-1727, CVE-2006-1728,

CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)

Several bugs were found in the way Firefox processes

malformed web pages. A carefully crafted malicious web page

could cause the execution of arbitrary code as the user

running Firefox. (CVE-2006-0749, CVE-2006-1724,

CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,

CVE-2006-1790)

A bug was found in the way Firefox displays the secure site

icon. If a browser is configured to display the non-default

secure site modal warning dialog, it may be possible to

trick a user into believing they are viewing a secure site.

(CVE-2006-1740)

A bug was found in the way Firefox allows javascript

mutation events on "input" form elements. A malicious web

page could be created in such a way that when a user submits

a form, an arbitrary file could be uploaded to the attacker.

(CVE-2006-1729)

- Update to 1.5.0.2

aba3a17adde822ac4d3bb900c65e87a06a8d331f SRPMS/firefox-1.5.0.2-1.1.fc5.src.rpm

1c80c1fd6561c3cc7f3e54463bc6d25445956e30 ppc/firefox-1.5.0.2-1.1.fc5.ppc.rpm

42b8356caa72dafaa84977bf987c6650c715fd7c ppc/debug/firefox-debuginfo-1.5.0.2-1.1.fc5.ppc.rpm

bc79140dc00183aeecf8dccd36565a4f78f6bbcd x86_64/firefox-1.5.0.2-1.1.fc5.x86_64.rpm

95babbc4143fa8164ad71ce9da67469171b4d66f x86_64/debug/firefox-debuginfo-1.5.0.2-1.1.fc5.x86_64.rpm

d89a1acecd42915ce7571dc1759661f01985e4f8 i386/firefox-1.5.0.2-1.1.fc5.i386.rpm

4f87d27853e5122b941afbfbb3a1788ffb338b4d i386/debug/firefox-debuginfo-1.5.0.2-1.1.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

fedora-announce-list mailing list

fedora-announce-list@redhat.com

Topics%20covered

Topics Covered

security advisory moderate Fedora Core malware web page attack

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Name: firefox
Version: 1.5.0.2
Release: 1.1.fc5
Summary: Mozilla Firefox Web browser.

Topics%20covered

Topics Covered

security advisory moderate Fedora Core malware web page attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here