Fedora Legacy Test Update Notification: firefox

Marc Deslauriers marcdeslauriers at videotron.ca
Sat Feb 11 17:55:01 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-180036-2
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180036
2006-02-11
---------------------------------------------------------------------

Name        : firefox
Versions    : fc3: firefox-1.0.7-1.3.fc3.legacy
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------
Update Information:

An updated firefox package that fixes several security bugs is now
available.

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

Igor Bukanov discovered a bug in the way Firefox's Javascript
interpreter derefernces objects. If a user visits a malicious web page,
Firefox could crash or execute arbitrary code as the user running
Firefox. The Common Vulnerabilities and Exposures project assigned the
name CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist()
function. A malicious web page could inject arbitrary RDF data into a
user's localstore.rdf file, which can cause Firefox to execute arbitrary
javascript when a user runs Firefox. (CVE-2006-0296)

A denial of service bug was found in the way Firefox saves history
information. If a user visits a web page with a very long title, it is
possible Firefox will crash or take a very long time the next time it is
run. (CVE-2005-4134)

Users of Firefox are advised to upgrade to this updated package, which
contains backported patches to correct these issues.

---------------------------------------------------------------------
Changelogs

fc3:
* Sat Feb 11 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
0:1.0.7-1.3.fc3.legacy
- Added libbonobo-devel, GConf2-devel, libgnome-devel, popt to BuildRequires

* Sun Feb 05 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
0:1.0.7-1.2.fc3.legacy
- Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc3:
3b05d93992aba7369a418d53344250aa275330ac
fedora/3/updates-testing/i386/firefox-1.0.7-1.3.fc3.legacy.i386.rpm
850534b4cfa591372d8245808e46378c5923e086
fedora/3/updates-testing/x86_64/firefox-1.0.7-1.3.fc3.legacy.x86_64.rpm
a167dc9061c484aa26f89703dc0228883409235e
fedora/3/updates-testing/SRPMS/firefox-1.0.7-1.3.fc3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060211/f1153726/attachment.sig>

More information about the fedora-legacy-list mailing list