---------------------------------------------------------------------Fedora Update Notification
FEDORA-2006-410
2006-04-18
---------------------------------------------------------------------Product     : Fedora Core 4
Name        : firefox
Version     : 1.0.8                      
Release     : 1.1.fc4                  
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------Update Information:

Several bugs were found in the way Firefox processes
malformed javascript. A malicious web page could modify the
content of a different open web page, possibly stealing
sensitive information or conducting a cross-site scripting
attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Firefox processes certain
javascript actions. A malicious web page could execute
arbitrary javascript instructions with the permissions of
"chrome", allowing the page to steal sensitive information
or install browser malware. (CVE-2006-1727, CVE-2006-1728,
CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)

Several bugs were found in the way Firefox processes
malformed web pages. A carefully crafted malicious web page
could cause the execution of arbitrary code as the user
running Firefox. (CVE-2006-0749, CVE-2006-1724,
CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
CVE-2006-1790) 

A bug was found in the way Firefox displays the secure site
icon. If a browser is configured to display the non-default
secure site modal warning dialog, it may be possible to
trick a user into believing they are viewing a secure site.
(CVE-2006-1740)

A bug was found in the way Firefox allows javascript
mutation events on "input" form elements. A malicious web
page could be created in such a way that when a user submits
a form, an arbitrary file could be uploaded to the attacker.
(CVE-2006-1729)
---------------------------------------------------------------------* Mon Apr 17 2006 Christopher Aillon  0:1.0.8-1.1.fc4
- Update to firefox 1.0.8

---------------------------------------------------------------------This update can be downloaded from:
  
edc9582da8796f9658ed0478a474a5461c3d2a8f  SRPMS/firefox-1.0.8-1.1.fc4.src.rpm
22f31a6966879e2b2a62a30f369c8e99ddcd0e7d  ppc/firefox-1.0.8-1.1.fc4.ppc.rpm
8c8b61fcf154efdaf1cb630ecafb3ab1b95dfc03  ppc/debug/firefox-debuginfo-1.0.8-1.1.fc4.ppc.rpm
52ee41a4eefbfa8b0a139476b2d1b8a78d5ddc2b  x86_64/firefox-1.0.8-1.1.fc4.x86_64.rpm
46b5a14188582e1760ca3bb4c3bb27be041fdeb1  x86_64/debug/firefox-debuginfo-1.0.8-1.1.fc4.x86_64.rpm
7ea4c55ba11869f85ca89a4b406a712e51c75c34  i386/firefox-1.0.8-1.1.fc4.i386.rpm
9b34e30b7c4ec287b823197e5b039d711fdcd5de  i386/debug/firefox-debuginfo-1.0.8-1.1.fc4.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at .
----------------------------------------------------------------------- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 4 Update: firefox-1.0.8-1.1.fc4

April 18, 2006
Several bugs were found in the way Firefox processes malformed javascript

Summary

Mozilla Firefox is an open-source web browser, designed for standards

compliance, performance and portability.

Several bugs were found in the way Firefox processes

malformed javascript. A malicious web page could modify the

content of a different open web page, possibly stealing

sensitive information or conducting a cross-site scripting

attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Firefox processes certain

javascript actions. A malicious web page could execute

arbitrary javascript instructions with the permissions of

"chrome", allowing the page to steal sensitive information

or install browser malware. (CVE-2006-1727, CVE-2006-1728,

CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)

Several bugs were found in the way Firefox processes

malformed web pages. A carefully crafted malicious web page

could cause the execution of arbitrary code as the user

running Firefox. (CVE-2006-0749, CVE-2006-1724,

CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,

CVE-2006-1790)

A bug was found in the way Firefox displays the secure site

icon. If a browser is configured to display the non-default

secure site modal warning dialog, it may be possible to

trick a user into believing they are viewing a secure site.

(CVE-2006-1740)

A bug was found in the way Firefox allows javascript

mutation events on "input" form elements. A malicious web

page could be created in such a way that when a user submits

a form, an arbitrary file could be uploaded to the attacker.

(CVE-2006-1729)

- Update to firefox 1.0.8

edc9582da8796f9658ed0478a474a5461c3d2a8f SRPMS/firefox-1.0.8-1.1.fc4.src.rpm

22f31a6966879e2b2a62a30f369c8e99ddcd0e7d ppc/firefox-1.0.8-1.1.fc4.ppc.rpm

8c8b61fcf154efdaf1cb630ecafb3ab1b95dfc03 ppc/debug/firefox-debuginfo-1.0.8-1.1.fc4.ppc.rpm

52ee41a4eefbfa8b0a139476b2d1b8a78d5ddc2b x86_64/firefox-1.0.8-1.1.fc4.x86_64.rpm

46b5a14188582e1760ca3bb4c3bb27be041fdeb1 x86_64/debug/firefox-debuginfo-1.0.8-1.1.fc4.x86_64.rpm

7ea4c55ba11869f85ca89a4b406a712e51c75c34 i386/firefox-1.0.8-1.1.fc4.i386.rpm

9b34e30b7c4ec287b823197e5b039d711fdcd5de i386/debug/firefox-debuginfo-1.0.8-1.1.fc4.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

fedora-announce-list mailing list

fedora-announce-list@redhat.com

https://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2006-410 2006-04-18 Name : firefox Version : 1.0.8 Release : 1.1.fc4 Summary : Mozilla Firefox Web browser. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Several bugs were found in the way Firefox processes malformed javascript. A malicious web page could modify the content of a different open web page, possibly stealing sensitive information or conducting a cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741) Several bugs were found in the way Firefox processes certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742) Several bugs were found in the way Firefox processes malformed web pages. A carefully crafted malicious web page could cause the execution of arbitrary code as the user running Firefox. (CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790) A bug was found in the way Firefox displays the secure site icon. If a browser is configured to display the non-default secure site modal warning dialog, it may be possible to trick a user into believing they are viewing a secure site. (CVE-2006-1740) A bug was found in the way Firefox allows javascript mutation events on "input" form elements. A malicious web page could be created in such a way that when a user submits a form, an arbitrary file could be uploaded to the attacker. (CVE-2006-1729) - Update to firefox 1.0.8 edc9582da8796f9658ed0478a474a5461c3d2a8f SRPMS/firefox-1.0.8-1.1.fc4.src.rpm 22f31a6966879e2b2a62a30f369c8e99ddcd0e7d ppc/firefox-1.0.8-1.1.fc4.ppc.rpm 8c8b61fcf154efdaf1cb630ecafb3ab1b95dfc03 ppc/debug/firefox-debuginfo-1.0.8-1.1.fc4.ppc.rpm 52ee41a4eefbfa8b0a139476b2d1b8a78d5ddc2b x86_64/firefox-1.0.8-1.1.fc4.x86_64.rpm 46b5a14188582e1760ca3bb4c3bb27be041fdeb1 x86_64/debug/firefox-debuginfo-1.0.8-1.1.fc4.x86_64.rpm 7ea4c55ba11869f85ca89a4b406a712e51c75c34 i386/firefox-1.0.8-1.1.fc4.i386.rpm 9b34e30b7c4ec287b823197e5b039d711fdcd5de i386/debug/firefox-debuginfo-1.0.8-1.1.fc4.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . fedora-announce-list mailing list fedora-announce-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : firefox
Version : 1.0.8
Release : 1.1.fc4
Summary : Mozilla Firefox Web browser.

Related News

2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved