--------------------------------------------------------------------- Fedora Update Notification FEDORA-2006-076 2006-02-02 --------------------------------------------------------------------- Product : Fedora Core 4 Name : firefox Version : 1.0.7 Release : 1.2.fc4 Summary : Mozilla Firefox Web browser. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. --------------------------------------------------------------------- Update Information: Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's JavaScript interpreter dereferences objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Firefox to execute arbitrary JavaScript when a user runs Firefox. (CVE-2006-0296) A denial of service bug was found in the way Firefox saves history information. If a user visits a web page with a very long title, it is possible Firefox will crash or take a very long time to start the next time it is run. (CVE-2005-4134) --------------------------------------------------------------------- * Sun Jan 29 2006 Christopher Aillon <caillon@xxxxxxxxxx> 0:1.0.7-1.2.fc4 - Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ d37a19a1ad285f0605ed0a7fc3603c289e4d33a0 SRPMS/firefox-1.0.7-1.2.fc4.src.rpm 46d0d5698126e86ce6d2e844e113d230cd4f23ea ppc/firefox-1.0.7-1.2.fc4.ppc.rpm 822405f5a6de3e18324b2a1270a0e9a08aabb234 ppc/debug/firefox-debuginfo-1.0.7-1.2.fc4.ppc.rpm 42c8d63a8dd251c505e19dfff2c61450c149c774 x86_64/firefox-1.0.7-1.2.fc4.x86_64.rpm f737d3deb0c8791ed31caff83226d4b1a17a58d8 x86_64/debug/firefox-debuginfo-1.0.7-1.2.fc4.x86_64.rpm c6d0a31bd2106ae7ffe65ff9c780209fa3edcd9a i386/firefox-1.0.7-1.2.fc4.i386.rpm 6635d0ddc685bb7579f2701971704a4bec7d1dc8 i386/debug/firefox-debuginfo-1.0.7-1.2.fc4.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. --------------------------------------------------------------------- -- fedora-announce-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-announce-list
