Stay Secure with the Latest Linux Advisories

security advisorymoderateFedora Core

Fedora Core 5 FEDORA-2006-411 Moderate: Firefox Web Browser Risks

Several bugs were found in the way Firefox processes malformed javascript. . ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-411 2006-04-18 ---------------------------------------------------------------------Product : Fedora Core 5 Name : firefox Version : 1.5.0.2 Release : 1.1.fc5 Summary : Mozilla Firefox Web browser. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ---------------------------------------------------------------------Update Information: Several bugs were found in the way Firefox processes malformed javascript. A malicious web page could modify the content of a different open web page, possibly stealing sensitive information or conducting a cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741) Several bugs were found in the way Firefox processes certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742) Several bugs were found in the way Firefox processes malformed web pages. A carefully crafted malicious web page could cause the execution of arbitrary code as the user running Firefox. (CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790) A bug was found in the way Firefox displays the secure site icon. If a browser is configured to display the non-default secure site modal warning dialog, it may be possible to trick a user into believing they are viewing a secure site. (CVE-2006-1740) A bug was found in the way Firefox allows javascript mutation events on "input" form elements. A malicious web page could be created in such a way that whena user submits a form, an arbitrary file could be uploaded to the attacker. (CVE-2006-1729) ---------------------------------------------------------------------* Wed Apr 19 2006 Christopher Aillon - 1.5.0.2-1.1.fc5 - Update to 1.5.0.2 ---------------------------------------------------------------------This update can be downloaded from: aba3a17adde822ac4d3bb900c65e87a06a8d331f SRPMS/firefox-1.5.0.2-1.1.fc5.src.rpm 1c80c1fd6561c3cc7f3e54463bc6d25445956e30 ppc/firefox-1.5.0.2-1.1.fc5.ppc.rpm 42b8356caa72dafaa84977bf987c6650c715fd7c ppc/debug/firefox-debuginfo-1.5.0.2-1.1.fc5.ppc.rpm bc79140dc00183aeecf8dccd36565a4f78f6bbcd x86_64/firefox-1.5.0.2-1.1.fc5.x86_64.rpm 95babbc4143fa8164ad71ce9da67469171b4d66f x86_64/debug/firefox-debuginfo-1.5.0.2-1.1.fc5.x86_64.rpm d89a1acecd42915ce7571dc1759661f01985e4f8 i386/firefox-1.5.0.2-1.1.fc5.i386.rpm 4f87d27853e5122b941afbfbb3a1788ffb338b4d i386/debug/firefox-debuginfo-1.5.0.2-1.1.fc5.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ----------------------------------------------------------------------- fedora-announce-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The latest release of Mozilla Firefox for Fedora Core 5 addresses multiple security issues related to webpage rendering and script execution.. firefox update,Fedora security,web browser bugs,JavaScript issues. . Severity: Important. LinuxSecurity.com Team

Apr 18, 2006 •Important Fedora