Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
89
security advisorycriticalFedoraFedora 10: galeon-2.0.7-15.fc10 critical memory corruption in Firefox
Update to new upstream Firefox version 3.0.15, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-10981 2009-11-04 10:56:11 -------------------------------------------------------------------------------- Name : galeon Product : Fedora 10 Version : 2.0.7 Release : 15.fc10 URL : https://sourceforge.net/projects/galeon/ Summary : GNOME2 Web browser based on Mozilla Description : Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.0.15, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 27 2009 Jan Horak - 2.0.7-15 - Rebuild against newer gecko * Wed Sep 9 2009 Jan Horak - 2.0.7-14 - Rebuild against newer gecko * Tue Aug 4 2009 Jan Horak - 2.0.7-13 - Rebuild against newer gecko * Tue Jul 21 2009 Jan Horak - 2.0.7-12 - Rebuild against newer gecko * Thu Jun 11 2009 Christopher Aillon - 2.0.7-11 - Rebuild against newer gecko * Mon Apr 27 2009 Christopher Aillon - 2.0.7-10 - Rebuild against newer gecko * Tue Apr 21 2009 Christopher Aillon - 2.0.7-9 - Rebuild against newer gecko * FriMar 27 2009 Christopher Aillon - 2.0.7-8 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 2.0.7-7 - Rebuild against newer gecko * Sun Feb 15 2009 Denis Leroy - 2.0.7-6 - Added upstream patch to use Gnome Print * Wed Feb 4 2009 Christopher Aillon - 2.0.7-5 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 2.0.7-4 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=530567 [ 2 ] Bug #530569 - CVE-2009-3382 Firefox crashes with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=530569 [ 3 ] Bug #530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override https://bugzilla.redhat.com/show_bug.cgi?id=530168 [ 4 ] Bug #530167 - CVE-2009-3375 Firefox cross-origin data theft through document.getSelection() https://bugzilla.redhat.com/show_bug.cgi?id=530167 [ 5 ] Bug #530162 - CVE-2009-1563 Firefox heap buffer overflow in string to number conversion https://bugzilla.redhat.com/show_bug.cgi?id=530162 [ 6 ] Bug #530157 - CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS() https://bugzilla.redhat.com/show_bug.cgi?id=530157 [ 7 ] Bug #530156 - CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser https://bugzilla.redhat.com/show_bug.cgi?id=530156 [ 8 ] Bug #530155 - CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing https://bugzilla.redhat.com/show_bug.cgi?id=530155 [ 9 ] Bug #524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use https://bugzilla.redhat.com/show_bug.cgi?id=524815 [ 10 ] Bug #530151 - CVE-2009-3370 Firefox form history vulnerable to stealing https://bugzilla.redhat.com/show_bug.cgi?id=530151 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update galeon' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Nov 04, 2009
•Critical
Fedora
89
security advisorysecurity issuecriticalFedora: Galeon Security Advisory for Mozilla Issues - Critical
Update to new upstream Firefox version 3.5.4, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-10878 2009-10-29 02:34:53 -------------------------------------------------------------------------------- Name : galeon Product : Fedora 11 Version : 2.0.7 Release : 17.fc11 URL : https://sourceforge.net/projects/galeon/ Summary : GNOME2 Web browser based on Mozilla Description : Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.4, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 27 2009 Jan Horak - 2.0.7-17 - Rebuild against newer gecko * Fri Sep 25 2009 Denis Leroy - 2.0.7-16 - Added patch from Yanko Kaneti (#525417) to fix crash on startup * Wed Sep 23 2009 Denis Leroy - 2.0.7-15 - Added jsconsole patch - Changed default home location, Mandriva patch - Disable plugins wrap patch, causing spurious crashes - Made gecko libs Rs and BRs exact (#515640) * Wed Sep 9 2009 Jan Horak - 2.0.7-14 - Rebuild against newer gecko * Mon Aug 3 2009 Christopher Aillon - 2.0.7-13 - Rebuild againstnewer gecko * Fri Jul 17 2009 Jan Horak - 2.0.7-12 - Rebuild against newer gecko * Tue Jun 30 2009 Christopher Aillon - 2.0.7-11 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=530567 [ 2 ] Bug #530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override https://bugzilla.redhat.com/show_bug.cgi?id=530168 [ 3 ] Bug #530167 - CVE-2009-3375 Firefox cross-origin data theft through document.getSelection() https://bugzilla.redhat.com/show_bug.cgi?id=530167 [ 4 ] Bug #530162 - CVE-2009-1563 Firefox heap buffer overflow in string to number conversion https://bugzilla.redhat.com/show_bug.cgi?id=530162 [ 5 ] Bug #530157 - CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS() https://bugzilla.redhat.com/show_bug.cgi?id=530157 [ 6 ] Bug #530156 - CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser https://bugzilla.redhat.com/show_bug.cgi?id=530156 [ 7 ] Bug #530155 - CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing https://bugzilla.redhat.com/show_bug.cgi?id=530155 [ 8 ] Bug #524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use https://bugzilla.redhat.com/show_bug.cgi?id=524815 [ 9 ] Bug #530151 - CVE-2009-3370 Firefox form history vulnerable to stealing https://bugzilla.redhat.com/show_bug.cgi?id=530151 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update galeon' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Oct 28, 2009
•Critical
Fedora
89
security advisoryupdatecriticalFedora 11 Galeon Update: 2009-9505 Critical Security Fixes
Update to new upstream Firefox version 3.5.3, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-9505 2009-09-11 22:40:07 -------------------------------------------------------------------------------- Name : galeon Product : Fedora 11 Version : 2.0.7 Release : 14.fc11 URL : Summary : GNOME2 Web browser based on Mozilla Description : Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.3, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 9 2009 Jan Horak - 2.0.7-14 - Rebuild against newer gecko * Mon Aug 3 2009 Christopher Aillon - 2.0.7-13 - Rebuild against newer gecko * Fri Jul 17 2009 Jan Horak - 2.0.7-12 - Rebuild against newer gecko * Tue Jun 30 2009 Christopher Aillon - 2.0.7-11 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #521684 - CVE-2009-3069 Firefox 3.5 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521684 [ 2 ] Bug #521686 - CVE-2009-3070 Firefox 3.53.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521686 [ 3 ] Bug #521687 - CVE-2009-3071 Firefox 3.5.2 3.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521687 [ 4 ] Bug #521688 - CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521688 [ 5 ] Bug #521689 - CVE-2009-3073 Firefox 3.5 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521689 [ 6 ] Bug #521690 - CVE-2009-3074 Firefox 3.5 3.0.14 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521690 [ 7 ] Bug #521691 - CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521691 [ 8 ] Bug #521693 - CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=521693 [ 9 ] Bug #521694 - CVE-2009-3078 Firefox 3.5.3 3.0.14 Location bar spoofing via tall line-height Unicode characters https://bugzilla.redhat.com/show_bug.cgi?id=521694 [ 10 ] Bug #521695 - CVE-2009-3079 Firefox 3.5.3 3.0.14 Chrome privilege escalation with FeedWriter https://bugzilla.redhat.com/show_bug.cgi?id=521695 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update galeon' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Sep 11, 2009
•Critical
Fedora
89
security advisoryFedorasecurity issuesFedora 34: galeon-3.6.4-15 Moderate: Chrome Vulnerability Concerns
Update to new upstream Firefox version 3.0.13, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note: Issues described in MFSA 2009-42 and MFSA 2009-43 were previously addressed via rebase of the NSS packages.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-8288 2009-08-05 00:00:31 -------------------------------------------------------------------------------- Name : galeon Product : Fedora 10 Version : 2.0.7 Release : 13.fc10 URL : https://sourceforge.net/projects/galeon/ Summary : GNOME2 Web browser based on Mozilla Description : Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.0.13, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note: Issues described in MFSA 2009-42 and MFSA 2009-43 were previously addressed via rebase of the NSS packages. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 4 2009 Jan Horak - 2.0.7-13 - Rebuild against newer gecko * Tue Jul 21 2009 Jan Horak - 2.0.7-12 - Rebuild against newer gecko * Thu Jun 11 2009 Christopher Aillon - 2.0.7-11 - Rebuild against newer gecko * Mon Apr 27 2009 Christopher Aillon - 2.0.7-10 - Rebuild against newergecko * Tue Apr 21 2009 Christopher Aillon - 2.0.7-9 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 2.0.7-8 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 2.0.7-7 - Rebuild against newer gecko * Sun Feb 15 2009 Denis Leroy - 2.0.7-6 - Added upstream patch to use Gnome Print * Wed Feb 4 2009 Christopher Aillon - 2.0.7-5 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 2.0.7-4 - Rebuild against newer gecko -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update galeon' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Aug 04, 2009
Fedora
89
security advisoryfedoraupdateFedora 11: FEDORA-2009-8279 Moderate: Galeon Firefox Security Fix
Update to new upstream Firefox version 3.5.2, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-8279 2009-08-05 00:00:09 -------------------------------------------------------------------------------- Name : galeon Product : Fedora 11 Version : 2.0.7 Release : 13.fc11 URL : https://sourceforge.net/projects/galeon/ Summary : GNOME2 Web browser based on Mozilla Description : Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.2, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2009 Christopher Aillon - 2.0.7-13 - Rebuild against newer gecko * Fri Jul 17 2009 Jan Horak - 2.0.7-12 - Rebuild against newer gecko * Tue Jun 30 2009 Christopher Aillon - 2.0.7-11 - Rebuild against newer gecko -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update galeon' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed withthe Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Aug 04, 2009
•Important
Fedora
89
security advisorycriticalsoftware updateFedora 10 galeon-2.0.7-12 Critical: Multiple Firefox Issues
Update to new upstream Firefox version 3.0.12, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-7961 2009-07-23 18:32:19 -------------------------------------------------------------------------------- Name : galeon Product : Fedora 10 Version : 2.0.7 Release : 12.fc10 URL : https://sourceforge.net/projects/galeon/ Summary : GNOME2 Web browser based on Mozilla Description : Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.0.12, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 21 2009 Jan Horak - 2.0.7-12 - Rebuild against newer gecko * Thu Jun 11 2009 Christopher Aillon - 2.0.7-11 - Rebuild against newer gecko * Mon Apr 27 2009 Christopher Aillon - 2.0.7-10 - Rebuild against newer gecko * Tue Apr 21 2009 Christopher Aillon - 2.0.7-9 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 2.0.7-8 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 2.0.7-7 - Rebuild against newer gecko * Sun Feb 15 2009 Denis Leroy - 2.0.7-6 - Added upstream patch to useGnome Print * Wed Feb 4 2009 Christopher Aillon - 2.0.7-5 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 2.0.7-4 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #512131 - CVE-2009-2463 Mozilla Base64 decoding crash https://bugzilla.redhat.com/show_bug.cgi?id=512131 [ 2 ] Bug #512133 - CVE-2009-2464 Mozilla crash with multiple RDFs in XUL tree https://bugzilla.redhat.com/show_bug.cgi?id=512133 [ 3 ] Bug #512135 - CVE-2009-2465 Mozilla double frame construction crashes https://bugzilla.redhat.com/show_bug.cgi?id=512135 [ 4 ] Bug #512128 - CVE-2009-2462 Mozilla Browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=512128 [ 5 ] Bug #512136 - CVE-2009-2466 Mozilla JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=512136 [ 6 ] Bug #512137 - CVE-2009-2467 Mozilla remote code execution during Flash player unloading https://bugzilla.redhat.com/show_bug.cgi?id=512137 [ 7 ] Bug #512142 - CVE-2009-2469 Mozilla remote code execution using watch and __defineSetter__ on SVG element https://bugzilla.redhat.com/show_bug.cgi?id=512142 [ 8 ] Bug #512146 - CVE-2009-2471 Mozilla setTimeout loses XPCNativeWrappers https://bugzilla.redhat.com/show_bug.cgi?id=512146 [ 9 ] Bug #512147 - CVE-2009-2472 Mozilla multiple cross origin wrapper bypasses https://bugzilla.redhat.com/show_bug.cgi?id=512147 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update galeon' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Jul 23, 2009
•Critical
Fedora
89
security advisoryFedorasoftware patchFedora 10: Important Update for Galeon 2.0.7-9 Web Browser Released
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-3893 2009-04-22 19:42:31 -------------------------------------------------------------------------------- Name : galeon Product : Fedora 10 Version : 2.0.7 Release : 9.fc10 URL : https://sourceforge.net/projects/galeon/ Summary : GNOME2 Web browser based on Mozilla Description : Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. -------------------------------------------------------------------------------- Update Information: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 21 2009 Christopher Aillon - 2.0.7-9 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 2.0.7-8 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 2.0.7-7 - Rebuild against newer gecko * Sun Feb 15 2009 Denis Leroy - 2.0.7-6 - Added upstream patch to use Gnome Print * Wed Feb 4 2009 Christopher Aillon - 2.0.7-5 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 2.0.7-4 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #496252 - CVE-2009-1302 Firefox 3 Layout engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=496252 [ 2 ] Bug #496253 - CVE-2009-1303 Firefox 2 and 3 Layout engine crash https://bugzilla.redhat.com/show_bug.cgi?id=496253 [ 3 ] Bug #496255 - CVE-2009-1304 Firefox 3 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=496255 [ 4 ] Bug #496256 - CVE-2009-1305 Firefox2 and 3 JavaScript engine crash https://bugzilla.redhat.com/show_bug.cgi?id=496256 [ 5 ] Bug #486704 - CVE-2009-0652 firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks) https://bugzilla.redhat.com/show_bug.cgi?id=486704 [ 6 ] Bug #496262 - CVE-2009-1306 Firefox jar: scheme ignores the content-disposition: header on the inner URI https://bugzilla.redhat.com/show_bug.cgi?id=496262 [ 7 ] Bug #496263 - CVE-2009-1307 Firefox Same-origin violations when Adobe Flash loaded via view-source: protocol https://bugzilla.redhat.com/show_bug.cgi?id=496263 [ 8 ] Bug #496266 - CVE-2009-1308 Firefox XSS hazard using third-party stylesheets and XBL bindings https://bugzilla.redhat.com/show_bug.cgi?id=496266 [ 9 ] Bug #496267 - CVE-2009-1309 Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString https://bugzilla.redhat.com/show_bug.cgi?id=496267 [ 10 ] Bug #496270 - CVE-2009-1310 Firefox Malicious search plugins can inject code into arbitrary sites https://bugzilla.redhat.com/show_bug.cgi?id=496270 [ 11 ] Bug #496271 - CVE-2009-1311 Firefox POST data sent to wrong site when saving web page with embedded frame https://bugzilla.redhat.com/show_bug.cgi?id=496271 [ 12 ] Bug #496274 - CVE-2009-1312 Firefox allows Refresh header to redirect to javascript: URIs https://bugzilla.redhat.com/show_bug.cgi?id=496274 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update galeon' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Apr 24, 2009
•Important
Fedora
89
security advisoryfedoracriticalFedora 9: 2009-3099 Critical Galeon Memory Flaw Remote Code Execution
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-3099 2009-03-28 00:57:36 --------------------------------------------------------------------------------Name : galeon Product : Fedora 9 Version : 2.0.7 Release : 8.fc9 URL : https://sourceforge.net/projects/galeon/ Summary : GNOME2 Web browser based on Mozilla Description : Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. --------------------------------------------------------------------------------Update Information: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbagecollection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series --------------------------------------------------------------------------------ChangeLog: * Fri Mar 27 2009 Christopher Aillon - 2.0.7-8 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 2.0.7-7 - Rebuild against newer gecko * Sun Feb 15 2009 Denis Leroy - 2.0.7-6 - Added upstream patch to use Gnome print support - Added patch to fix compiler warnings * Wed Feb 4 2009 Christopher Aillon - 2.0.7-5 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 2.0.7-4 - Rebuild against newer gecko * Wed Nov 12 2008 Christopher Aillon - 2.0.7-3 - Rebuild against newer gecko * Tue Oct 7 2008 Denis Leroy - 2.0.7-2 - Added patches to fix default font (#212616) and printing (#449806). Yay. * Sat Sep 27 2008 Denis Leroy - 2.0.7-1 - Update to upstream 2.0.7, support for libxul-unstable - Plugin patch cleanup - Other patches upstreamed * Wed Sep 24 2008 Christopher Aillon - 2.0.5-3 - Rebuild against newer gecko * Wed Jun 18 2008 Denis Leroy - 2.0.5-2 - Rebuild with xulrunner 1.9 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update galeon' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailinglist
Mar 28, 2009
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!