Fedora Test Update Notification: mozilla

Jesse Keating jkeating at j2solutions.net
Thu Jun 17 14:57:56 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1532
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1532
2004-06-17
- ---------------------------------------------------------------------
 
Name        : mozilla
Version 7.3 : 1.4.2-2.1.0.legacy.1
Summary     : Web browser and mail reader
Description :
Mozilla is an open-source web browser, designed for standards
compliance, performance and portability.
 
- ---------------------------------------------------------------------
Update Information:
 
CAN-2003-0564:
Multiple vulnerabilities in multiple vendor implementations of the 
Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow 
remote attackers to cause a denial of service and possibly execute 
arbitrary code via an S/MIME email message containing certain unexpected 
ASN.1 constructs, as demonstrated using the NISSC test suite.
 
CAN-2003-0594:
Mozilla allows remote attackers to bypass intended cookie access 
restrictions on a web application via "%2e%2e" (encoded dot dot) directory 
traversal sequences in a URL, which causes Mozilla to send the cookie 
outside the specified URL subsets, e.g. to a vulnerable application that 
runs on the same server as the target application.
 
CAN-2004-0191:
Mozilla before 1.4.2 executes Javascript events in the context of a new 
page while it is being loaded, allowing it to interact with the previous 
page (zombie document) and enable cross-domain and cross-site scripting 
(XSS) attacks, as demonstrated using onmousemove events.
- ---------------------------------------------------------------------
Changelog:
 
7.3:
 
* Fri Jun 11 2004 Jesse Keating <jkeating at j2solutions.net>
 
- - Added legacy and added gcc-c++ as a build-req
 
* Wed Mar 24 2004 Chris Blizzard <blizzard at redhat.com> 37:1.4.2-3.0.0.SNAP
 
- - Update to a 1.4.2.
- - Time for a new changelog.
 
- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
 
43f3c7ed5c1cb848478937cadab47bd5237c43dd  
7.3/updates-testing/SRPMS/mozilla-1.4.2-2.1.0.legacy.1.src.rpm
bac721ec26e0fe0a97ce17ca76a229f78e06f027  
7.3/updates-testing/i386/mozilla-1.4.2-2.1.0.legacy.1.i386.rpm
7b6f4ae222a80e06940dd2fe6fa100f4d933e92c  
7.3/updates-testing/i386/mozilla-chat-1.4.2-2.1.0.legacy.1.i386.rpm
f0ae36c8710968fec5b81e1f7eb7c21ca3aae7eb  
7.3/updates-testing/i386/mozilla-devel-1.4.2-2.1.0.legacy.1.i386.rpm
194ccdb868d8985f1e3b363229141ed69b1e1211  
7.3/updates-testing/i386/mozilla-dom-inspector-1.4.2-2.1.0.legacy.1.i386.rpm
59171244d35d111f9543b45a7399333f7d66c61e  
7.3/updates-testing/i386/mozilla-js-debugger-1.4.2-2.1.0.legacy.1.i386.rpm
3cee5e9e7f248d0d94161c2c3e27340a522825b2  
7.3/updates-testing/i386/mozilla-mail-1.4.2-2.1.0.legacy.1.i386.rpm
ea018091469857131f1c78e296e3e7d6619783bb  
7.3/updates-testing/i386/mozilla-nspr-1.4.2-2.1.0.legacy.1.i386.rpm
163f47ff39ce8cad7ca7533c69fab1e213ef73b7  
7.3/updates-testing/i386/mozilla-nspr-devel-1.4.2-2.1.0.legacy.1.i386.rpm
b956f5a47f52d1ff830ce9f858d393742849c3df  
7.3/updates-testing/i386/mozilla-nss-1.4.2-2.1.0.legacy.1.i386.rpm
326828da345d70c4c580c3403343124bed7eab1e  
7.3/updates-testing/i386/mozilla-nss-devel-1.4.2-2.1.0.legacy.1.i386.rpm

80d131ed4d9194c22438288ace539c18027594e8  
7.3/updates-testing/SRPMS/galeon-1.2.13-0.2.2.legacy.src.rpm
f66de028a8b522e3a88dd338bfc6ea99a4f5a7c5  
7.3/updates-testing/i386/galeon-1.2.13-0.2.2.legacy.i386.rpm
 
Please note that this update is also available via yum and apt through
the updates-testing channel.  Many people find this an easier
way to apply updates.
- ---------------------------------------------------------------------
- -- 
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0bF04v2HLvE71NURAs0iAJwMnZoB+Vbuzm/Sn1mN5IHr0HY44wCfb8yR
OkDI8K3gHRTIOu8KPCFboQA=
=/AXu
-----END PGP SIGNATURE-----

More information about the fedora-legacy-list mailing list