--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-180036-2 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180036 2006-02-11 --------------------------------------------------------------------- Name : firefox Versions : fc3: firefox-1.0.7-1.3.fc3.legacy Summary : Mozilla Firefox Web browser. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. --------------------------------------------------------------------- Update Information: An updated firefox package that fixes several security bugs is now available. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Igor Bukanov discovered a bug in the way Firefox's Javascript interpreter derefernces objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Firefox to execute arbitrary javascript when a user runs Firefox. (CVE-2006-0296) A denial of service bug was found in the way Firefox saves history information. If a user visits a web page with a very long title, it is possible Firefox will crash or take a very long time the next time it is run. (CVE-2005-4134) Users of Firefox are advised to upgrade to this updated package, which contains backported patches to correct these issues. --------------------------------------------------------------------- Changelogs fc3: * Sat Feb 11 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 0:1.0.7-1.3.fc3.legacy - Added libbonobo-devel, GConf2-devel, libgnome-devel, popt to BuildRequires * Sun Feb 05 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 0:1.0.7-1.2.fc3.legacy - Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) fc3: 3b05d93992aba7369a418d53344250aa275330ac fedora/3/updates-testing/i386/firefox-1.0.7-1.3.fc3.legacy.i386.rpm 850534b4cfa591372d8245808e46378c5923e086 fedora/3/updates-testing/x86_64/firefox-1.0.7-1.3.fc3.legacy.x86_64.rpm a167dc9061c484aa26f89703dc0228883409235e fedora/3/updates-testing/SRPMS/firefox-1.0.7-1.3.fc3.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
