[SECURITY] Fedora Core 4 Update: mozilla-1.7.12-1.5.2

Christopher Aillon caillon at redhat.com
Thu Feb 2 23:40:40 UTC 2006


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-075
2006-02-02
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : mozilla
Version     : 1.7.12                      
Release     : 1.5.2                  
Summary     : Web browser and mail reader
Description :
Mozilla is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------
Update Information:

Mozilla is an open source Web browser, advanced email and
newsgroup client, IRC chat client, and HTML editor. 

Igor Bukanov discovered a bug in the way Mozilla's
JavaScript interpreter dereferences objects. If a user
visits a malicious web page, Mozilla could crash or execute
arbitrary code as the user running Mozilla. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Mozilla's
XULDocument.persist() function. A malicious web page could
inject arbitrary RDF data into a user's localstore.rdf file,
which can cause Mozilla to execute arbitrary JavaScript when
a user runs Mozilla. (CVE-2006-0296)

A denial of service bug was found in the way Mozilla saves
history information. If a user visits a web page with a very
long title, it is possible Mozilla will crash or take a very
long time to start the next time it is run. (CVE-2005-4134)
---------------------------------------------------------------------
* Sun Jan 29 2006 Christopher Aillon <caillon at redhat.com> 37:1.7.12-1.5.2
- Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

2d63b67eca3a37cfd58d0fe898c94b7f07428f3f  SRPMS/mozilla-1.7.12-1.5.2.src.rpm
5792fd158f6c9de07b6fc33dac63f63964fc5372  ppc/mozilla-1.7.12-1.5.2.ppc.rpm
22fb55e6c03609948e71645750e446dbcf7a6342  ppc/mozilla-nspr-1.7.12-1.5.2.ppc.rpm
c4e5209f64788a1f68cfceaecb9e86d706d2dc4a  ppc/mozilla-nspr-devel-1.7.12-1.5.2.ppc.rpm
866ece106827a85431f4dd769f477707ce5726f4  ppc/mozilla-nss-1.7.12-1.5.2.ppc.rpm
372ac7c5d9c7092db5e89b1b2c32ff655ed4bc13  ppc/mozilla-nss-devel-1.7.12-1.5.2.ppc.rpm
bfb343549a0f61a3e4af02ce1eb504970a95b84a  ppc/mozilla-devel-1.7.12-1.5.2.ppc.rpm
83653b993a3c1f939f1228746bab5999f4aa641e  ppc/mozilla-mail-1.7.12-1.5.2.ppc.rpm
925c0ac3ea1b2bd90442cbebaf17b64a5bde7ff4  ppc/mozilla-chat-1.7.12-1.5.2.ppc.rpm
c904061f97fa70e2dbddfde39a9fafe365c998a6  ppc/mozilla-js-debugger-1.7.12-1.5.2.ppc.rpm
a809b5149d1386bd63e231f73d8053608fcda795  ppc/mozilla-dom-inspector-1.7.12-1.5.2.ppc.rpm
fe503337dacdf1a458f8a6b1b3537d32352eb410  ppc/debug/mozilla-debuginfo-1.7.12-1.5.2.ppc.rpm
1eb5c26cea0db6e73fe6dfc17ff2213d01c580cf  x86_64/mozilla-1.7.12-1.5.2.x86_64.rpm
a7f7bedc70223aa12d694dcf391c162898618bc1  x86_64/mozilla-nspr-1.7.12-1.5.2.x86_64.rpm
8ff7d0c8475d443365aa6e6b8d4a20ffe8b6f8c9  x86_64/mozilla-nspr-devel-1.7.12-1.5.2.x86_64.rpm
ecbbdaebf5f0926db5b06abeb28cd7f26f644f4e  x86_64/mozilla-nss-1.7.12-1.5.2.x86_64.rpm
d7949c70bc730ce4fa9670a90b2870169e35c574  x86_64/mozilla-nss-devel-1.7.12-1.5.2.x86_64.rpm
0c39728a2e6ef28c87159aaa95189ec3bc7b0e0e  x86_64/mozilla-devel-1.7.12-1.5.2.x86_64.rpm
ce814bf566fe2e8b0fcd78ef8f2b77ec3041620d  x86_64/mozilla-mail-1.7.12-1.5.2.x86_64.rpm
36ff9cdd4d72510eaedd2e98eaae4d2d67b2f27a  x86_64/mozilla-chat-1.7.12-1.5.2.x86_64.rpm
73e3a60f9e9e7ef2d613ecbd7a516e0347fd52c2  x86_64/mozilla-js-debugger-1.7.12-1.5.2.x86_64.rpm
0da54002f43f92b6810b408b1d0fca9f81eba5cc  x86_64/mozilla-dom-inspector-1.7.12-1.5.2.x86_64.rpm
aec63cc8952bcdeedca64d5c13bbaaaa9accef74  x86_64/debug/mozilla-debuginfo-1.7.12-1.5.2.x86_64.rpm
f5f1cf060f250fd274e560e55dd2ee1c866218e5  i386/mozilla-1.7.12-1.5.2.i386.rpm
15beac21ff0ff6b43117b5d128a81834d8d755d5  i386/mozilla-nspr-1.7.12-1.5.2.i386.rpm
51525231e79de34a335acf40b47bbf800b1d85ab  i386/mozilla-nspr-devel-1.7.12-1.5.2.i386.rpm
6d65ad231025054b6797828346d679d111019523  i386/mozilla-nss-1.7.12-1.5.2.i386.rpm
f54042f6f450db77d4ffbc83cd87864c683cd7dc  i386/mozilla-nss-devel-1.7.12-1.5.2.i386.rpm
93ee64fdfbc8eb4fcdf4c7317f859d98c72963f3  i386/mozilla-devel-1.7.12-1.5.2.i386.rpm
61027b28a80358a0cb874f3e4ebfeb29b0a34a1b  i386/mozilla-mail-1.7.12-1.5.2.i386.rpm
350263359cdbe1959e0f24299109cb1d7efc1e5a  i386/mozilla-chat-1.7.12-1.5.2.i386.rpm
e15edc081719380528c5e17b166c05191e98d168  i386/mozilla-js-debugger-1.7.12-1.5.2.i386.rpm
020cf3c6252e44adb37e3680a6e7ae7216e8670e  i386/mozilla-dom-inspector-1.7.12-1.5.2.i386.rpm
c9ea96428af2ef0a90c0f509e1ba48670cc4471a  i386/debug/mozilla-debuginfo-1.7.12-1.5.2.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------




More information about the fedora-announce-list mailing list