- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Critical: mozilla security update
Advisory ID:       RHSA-2005:335-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2005:335.html
Issue date:        2005-03-23
Updated on:        2005-03-23
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-1380 CAN-2005-0141 CAN-2005-0142 CAN-2005-0143 CAN-2005-0144 CAN-2005-0146 CAN-2005-0149 CAN-2005-0399 CAN-2005-0401
- ---------------------------------------------------------------------1. Summary:

Updated mozilla packages that fix various bugs are now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

A buffer overflow bug was found in the way Mozilla processes GIF images. It
is possible for an attacker to create a specially crafted GIF image, which
when viewed by a victim will execute arbitrary code as the victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0399 to this issue.

A bug was found in the way Mozilla responds to proxy auth requests. It is
possible for a malicious webserver to steal credentials from a victims
browser by issuing a 407 proxy authentication request. (CAN-2005-0147)

A bug was found in the way Mozilla displays dialog windows. It is possible
that a malicious web page which is being displayed in a background tab
could present the user with a dialog window appearing to come from the
active page. (CAN-2004-1380)

A bug was found in the way Mozilla Mail handles cookies when loading
content over HTTP regardless of the user's preference. It is possible that
a particular user could be tracked through the use of malicious mail
messages which load content over HTTP. (CAN-2005-0149)

A flaw was found in the way Firefox displays international domain names. It
is possible for an attacker to display a valid URL, tricking the user into
thinking they are viewing a legitimate webpage when they are not.
(CAN-2005-0233)

A bug was found in the way Firefox handles pop-up windows. It is possible
for a malicious website to control the content in an unrelated site's
pop-up window. (CAN-2004-1156)

A bug was found in the way Mozilla saves temporary files. Temporary files
are saved with world readable permissions, which could allow a local
malicious user to view potentially sensitive data. (CAN-2005-0142)

A bug was found in the way Mozilla handles synthetic middle click events. 
It is possible for a malicious web page to steal the contents of a victims
clipboard. (CAN-2005-0146)

A bug was found in the way Mozilla processes XUL content.  If a malicious
web page can trick a user into dragging an object, it is possible to load
malicious XUL content. (CAN-2005-0401)

A bug was found in the way Mozilla loads links in a new tab which are
middle clicked. A malicious web page could read local files or modify
privileged chrom settings. (CAN-2005-0141)

A bug was found in the way Mozilla displays the secure site icon. A
malicious web page can use a view-source URL targetted at a secure page,
while loading an insecure page, yet the secure site icon shows the previous
secure state. (CAN-2005-0144)

A bug was found in the way Mozilla displays the secure site icon. A
malicious web page can display the secure site icon by loading a binary
file from a secured site. (CAN-2005-0143)

A bug was found in the way Firefox displays the download dialog window. A
malicious site can obfuscate the content displayed in the source field,
tricking a user into thinking they are downloading content from a trusted
source. (CAN-2005-0585)

Users of Mozilla are advised to upgrade to this updated package which
contains Mozilla version 1.7.6 to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

142508 - 
144228 - 
146188 - CAN-2005-0141 multiple mozilla issues CAN-2004-1316 CAN-2005-0142 CAN-2005-0143 CAN-2005-0144 CAN-2004-1380 CAN-2004-1381 CAN-2005-0146 CAN-2005-0147 CAN-2005-0149
147397 - homograph spoofing
150866 - 
151730 - 

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ef655aef074fe9d1bb2d4275e18a30c3  devhelp-0.9.2-2.4.3.src.rpm
796caefedf5087511b137f14512aafa3  evolution-2.0.2-14.src.rpm
2822baa29d8d22062fd1e314fec1c084  mozilla-1.7.6-1.4.1.src.rpm

i386:
c4a062574f5620e321f81c47b6c78913  devhelp-0.9.2-2.4.3.i386.rpm
7de6b81d78f3dba752a3c06d664777b8  devhelp-devel-0.9.2-2.4.3.i386.rpm
5e224cefdc65509b24fd29728caecc6b  evolution-2.0.2-14.i386.rpm
b02187784c02324afd1723c24f2d17ab  evolution-devel-2.0.2-14.i386.rpm
a7838d2c5ad3eb580b4a2157e2d0aac5  mozilla-1.7.6-1.4.1.i386.rpm
b7dd0f25824fd1a9e0cf160553e75cec  mozilla-chat-1.7.6-1.4.1.i386.rpm
c88d27f8741cc22d794fa76ca001bcf2  mozilla-devel-1.7.6-1.4.1.i386.rpm
ef0444924c443bf1ef63efb291b15017  mozilla-dom-inspector-1.7.6-1.4.1.i386.rpm
3c523a0ae96a601b0c3014a8b3cdec3d  mozilla-js-debugger-1.7.6-1.4.1.i386.rpm
aa4ee2f37944777f5c6f2128bfe4051f  mozilla-mail-1.7.6-1.4.1.i386.rpm
7eea7a8e4316fe594d23022962b3aa36  mozilla-nspr-1.7.6-1.4.1.i386.rpm
2319f305324b19e2a343e946b0cb6909  mozilla-nspr-devel-1.7.6-1.4.1.i386.rpm
ab3c087c54396503607d4f5cadb49e12  mozilla-nss-1.7.6-1.4.1.i386.rpm
3fc1fdb6ceed5740a428047652faee3c  mozilla-nss-devel-1.7.6-1.4.1.i386.rpm

ia64:
36b554c9d5d4f2520c885e2c8b05786a  evolution-2.0.2-14.ia64.rpm
2edbcadc3c88a51ad077bae90d9b116f  evolution-devel-2.0.2-14.ia64.rpm
bb6ffe8c693c6009597f2cffdbdfa115  mozilla-1.7.6-1.4.1.ia64.rpm
034d4270363faaf097bca06360c25e5b  mozilla-chat-1.7.6-1.4.1.ia64.rpm
f5e5865fd0bd8c22ccde7316815deef4  mozilla-devel-1.7.6-1.4.1.ia64.rpm
6614e0cffaa568c1afb300a3c95d82cb  mozilla-dom-inspector-1.7.6-1.4.1.ia64.rpm
128a218e1765ef3b93f9bc76a808768f  mozilla-js-debugger-1.7.6-1.4.1.ia64.rpm
d3aec46e412923de975ca9444125b568  mozilla-mail-1.7.6-1.4.1.ia64.rpm
4b552fed5eb33993350562b7e2d1963b  mozilla-nspr-1.7.6-1.4.1.ia64.rpm
7eea7a8e4316fe594d23022962b3aa36  mozilla-nspr-1.7.6-1.4.1.i386.rpm
cdca5118d08f05bb29a26ad854d13c77  mozilla-nspr-devel-1.7.6-1.4.1.ia64.rpm
630b9e378acc232bf9c0001f80ac0918  mozilla-nss-1.7.6-1.4.1.ia64.rpm
ab3c087c54396503607d4f5cadb49e12  mozilla-nss-1.7.6-1.4.1.i386.rpm
441e53acf432bbd125f71b6da1830ed7  mozilla-nss-devel-1.7.6-1.4.1.ia64.rpm

ppc:
b080555e3af4b61bbd4687093b1cc94c  devhelp-0.9.2-2.4.3.ppc.rpm
9e2f3f5f8ce57636f797ebc5c1de5406  devhelp-devel-0.9.2-2.4.3.ppc.rpm
f743d2ff927f9304b6fa8ebf7f4670ac  evolution-2.0.2-14.ppc.rpm
5c652488e5e4fd37d6542d2da9b64d35  evolution-devel-2.0.2-14.ppc.rpm
ca8a8ad82aca60da1a95e1f54b08899b  mozilla-1.7.6-1.4.1.ppc.rpm
2eec8a5422770fe7f35fe89d598571a2  mozilla-chat-1.7.6-1.4.1.ppc.rpm
5efaf95c9cd4ac44ebde3c6405b293cb  mozilla-devel-1.7.6-1.4.1.ppc.rpm
fb39503b07ebf91540be47f4efa8949d  mozilla-dom-inspector-1.7.6-1.4.1.ppc.rpm
6e42d70993bde8d68019ec87d7be6049  mozilla-js-debugger-1.7.6-1.4.1.ppc.rpm
b80b956d16eccaef17a4a351e9c44512  mozilla-mail-1.7.6-1.4.1.ppc.rpm
7f0d47ec94e5c85beaa96944e89f5fe8  mozilla-nspr-1.7.6-1.4.1.ppc.rpm
d71529511834bdbdd606ee0fa4455543  mozilla-nspr-devel-1.7.6-1.4.1.ppc.rpm
f4e2a91859a1808c0ea2731c6d776654  mozilla-nss-1.7.6-1.4.1.ppc.rpm
c9affd85ff05952f9351314417ba68ab  mozilla-nss-devel-1.7.6-1.4.1.ppc.rpm

s390:
be028cead30042d2d0a6ccfb3b1acd60  evolution-2.0.2-14.s390.rpm
f753f3408222e3c3505b51551bbabf15  evolution-devel-2.0.2-14.s390.rpm
6a2768f0e8dfadb73f91e725da238fa4  mozilla-1.7.6-1.4.1.s390.rpm
b816dbdda317776c96119267fbf72fbf  mozilla-chat-1.7.6-1.4.1.s390.rpm
6aa47533e291b1a11f5d2df9c5d6e3fc  mozilla-devel-1.7.6-1.4.1.s390.rpm
0589218bfb8df65d70fc84e5f82ae094  mozilla-dom-inspector-1.7.6-1.4.1.s390.rpm
156b9cb6a790554cdede32f4e95a1f2a  mozilla-js-debugger-1.7.6-1.4.1.s390.rpm
0808078b09f3066189b504b594f4c9a7  mozilla-mail-1.7.6-1.4.1.s390.rpm
b6a56eedf837d24b952fa5398f43abc5  mozilla-nspr-1.7.6-1.4.1.s390.rpm
8f45563bfe7df84230204f23a92e2c30  mozilla-nspr-devel-1.7.6-1.4.1.s390.rpm
ee14089af4fac8e42c1265dfce8a0d16  mozilla-nss-1.7.6-1.4.1.s390.rpm
0b13dd9da58f22a3e54ec99f7b7f165f  mozilla-nss-devel-1.7.6-1.4.1.s390.rpm

s390x:
ecca54c1461b85910609fc149d32b7f5  evolution-2.0.2-14.s390x.rpm
d922cf9a4f01be35ab40da5e1a1bacbd  evolution-devel-2.0.2-14.s390x.rpm
bab0d846cb27f006b26f9539fb23858f  mozilla-1.7.6-1.4.1.s390x.rpm
62045b915cf20d7df0f189ac71a714c7  mozilla-chat-1.7.6-1.4.1.s390x.rpm
4a828b4ce571b106c7431782df7b7301  mozilla-devel-1.7.6-1.4.1.s390x.rpm
23c2b0a864a2afa8bb833bd58e901cef  mozilla-dom-inspector-1.7.6-1.4.1.s390x.rpm
380384518578ab1aab19d52d55718c72  mozilla-js-debugger-1.7.6-1.4.1.s390x.rpm
7e82eab7a3aa4fa93c3885af7d918de8  mozilla-mail-1.7.6-1.4.1.s390x.rpm
fe60363934e4aeeb063a5e74e133b3e6  mozilla-nspr-1.7.6-1.4.1.s390x.rpm
b6a56eedf837d24b952fa5398f43abc5  mozilla-nspr-1.7.6-1.4.1.s390.rpm
527e7c92da0bcfe40d493a04aa4cc6a6  mozilla-nspr-devel-1.7.6-1.4.1.s390x.rpm
19bd01a9c77355bbd3868364faa53e3f  mozilla-nss-1.7.6-1.4.1.s390x.rpm
ee14089af4fac8e42c1265dfce8a0d16  mozilla-nss-1.7.6-1.4.1.s390.rpm
7d73d9a7d0de4a4df5a1734a47b8a1b1  mozilla-nss-devel-1.7.6-1.4.1.s390x.rpm

x86_64:
5a7a6b72629d066a3830f59fb04593a2  devhelp-0.9.2-2.4.3.x86_64.rpm
895f1fd3c661b98e803a923884c2effc  devhelp-devel-0.9.2-2.4.3.x86_64.rpm
28f97d232c0bf557426da1a8bbcc9be4  evolution-2.0.2-14.x86_64.rpm
3f54339b8b1a8837af14fa3937e67c09  evolution-devel-2.0.2-14.x86_64.rpm
01309838e0abdfa4b89b649fa945e80b  mozilla-1.7.6-1.4.1.x86_64.rpm
00782ab9ca7504c15deb016246fc7581  mozilla-chat-1.7.6-1.4.1.x86_64.rpm
fa881165f821dc8b2f613cc10c48b81b  mozilla-devel-1.7.6-1.4.1.x86_64.rpm
d17299423d61ccd0dd7ccb8c771677de  mozilla-dom-inspector-1.7.6-1.4.1.x86_64.rpm
58dd6924cc0596a5a6380518b660f5e7  mozilla-js-debugger-1.7.6-1.4.1.x86_64.rpm
51bc9b4fb28fe0e076137d7f31360eee  mozilla-mail-1.7.6-1.4.1.x86_64.rpm
e897cf784cb23d147d6fdb0acb33d309  mozilla-nspr-1.7.6-1.4.1.x86_64.rpm
7eea7a8e4316fe594d23022962b3aa36  mozilla-nspr-1.7.6-1.4.1.i386.rpm
aa28118dc28d21f47f2d61f8601595e7  mozilla-nspr-devel-1.7.6-1.4.1.x86_64.rpm
341cafa4e39a9e0cb2919e2a1800fed5  mozilla-nss-1.7.6-1.4.1.x86_64.rpm
ab3c087c54396503607d4f5cadb49e12  mozilla-nss-1.7.6-1.4.1.i386.rpm
19166638b89d32e156c333bed457888a  mozilla-nss-devel-1.7.6-1.4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ef655aef074fe9d1bb2d4275e18a30c3  devhelp-0.9.2-2.4.3.src.rpm
796caefedf5087511b137f14512aafa3  evolution-2.0.2-14.src.rpm
2822baa29d8d22062fd1e314fec1c084  mozilla-1.7.6-1.4.1.src.rpm

i386:
c4a062574f5620e321f81c47b6c78913  devhelp-0.9.2-2.4.3.i386.rpm
7de6b81d78f3dba752a3c06d664777b8  devhelp-devel-0.9.2-2.4.3.i386.rpm
5e224cefdc65509b24fd29728caecc6b  evolution-2.0.2-14.i386.rpm
b02187784c02324afd1723c24f2d17ab  evolution-devel-2.0.2-14.i386.rpm
a7838d2c5ad3eb580b4a2157e2d0aac5  mozilla-1.7.6-1.4.1.i386.rpm
b7dd0f25824fd1a9e0cf160553e75cec  mozilla-chat-1.7.6-1.4.1.i386.rpm
c88d27f8741cc22d794fa76ca001bcf2  mozilla-devel-1.7.6-1.4.1.i386.rpm
ef0444924c443bf1ef63efb291b15017  mozilla-dom-inspector-1.7.6-1.4.1.i386.rpm
3c523a0ae96a601b0c3014a8b3cdec3d  mozilla-js-debugger-1.7.6-1.4.1.i386.rpm
aa4ee2f37944777f5c6f2128bfe4051f  mozilla-mail-1.7.6-1.4.1.i386.rpm
7eea7a8e4316fe594d23022962b3aa36  mozilla-nspr-1.7.6-1.4.1.i386.rpm
2319f305324b19e2a343e946b0cb6909  mozilla-nspr-devel-1.7.6-1.4.1.i386.rpm
ab3c087c54396503607d4f5cadb49e12  mozilla-nss-1.7.6-1.4.1.i386.rpm
3fc1fdb6ceed5740a428047652faee3c  mozilla-nss-devel-1.7.6-1.4.1.i386.rpm

x86_64:
5a7a6b72629d066a3830f59fb04593a2  devhelp-0.9.2-2.4.3.x86_64.rpm
895f1fd3c661b98e803a923884c2effc  devhelp-devel-0.9.2-2.4.3.x86_64.rpm
28f97d232c0bf557426da1a8bbcc9be4  evolution-2.0.2-14.x86_64.rpm
3f54339b8b1a8837af14fa3937e67c09  evolution-devel-2.0.2-14.x86_64.rpm
01309838e0abdfa4b89b649fa945e80b  mozilla-1.7.6-1.4.1.x86_64.rpm
00782ab9ca7504c15deb016246fc7581  mozilla-chat-1.7.6-1.4.1.x86_64.rpm
fa881165f821dc8b2f613cc10c48b81b  mozilla-devel-1.7.6-1.4.1.x86_64.rpm
d17299423d61ccd0dd7ccb8c771677de  mozilla-dom-inspector-1.7.6-1.4.1.x86_64.rpm
58dd6924cc0596a5a6380518b660f5e7  mozilla-js-debugger-1.7.6-1.4.1.x86_64.rpm
51bc9b4fb28fe0e076137d7f31360eee  mozilla-mail-1.7.6-1.4.1.x86_64.rpm
e897cf784cb23d147d6fdb0acb33d309  mozilla-nspr-1.7.6-1.4.1.x86_64.rpm
7eea7a8e4316fe594d23022962b3aa36  mozilla-nspr-1.7.6-1.4.1.i386.rpm
aa28118dc28d21f47f2d61f8601595e7  mozilla-nspr-devel-1.7.6-1.4.1.x86_64.rpm
341cafa4e39a9e0cb2919e2a1800fed5  mozilla-nss-1.7.6-1.4.1.x86_64.rpm
ab3c087c54396503607d4f5cadb49e12  mozilla-nss-1.7.6-1.4.1.i386.rpm
19166638b89d32e156c333bed457888a  mozilla-nss-devel-1.7.6-1.4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ef655aef074fe9d1bb2d4275e18a30c3  devhelp-0.9.2-2.4.3.src.rpm
796caefedf5087511b137f14512aafa3  evolution-2.0.2-14.src.rpm
2822baa29d8d22062fd1e314fec1c084  mozilla-1.7.6-1.4.1.src.rpm

i386:
c4a062574f5620e321f81c47b6c78913  devhelp-0.9.2-2.4.3.i386.rpm
7de6b81d78f3dba752a3c06d664777b8  devhelp-devel-0.9.2-2.4.3.i386.rpm
5e224cefdc65509b24fd29728caecc6b  evolution-2.0.2-14.i386.rpm
b02187784c02324afd1723c24f2d17ab  evolution-devel-2.0.2-14.i386.rpm
a7838d2c5ad3eb580b4a2157e2d0aac5  mozilla-1.7.6-1.4.1.i386.rpm
b7dd0f25824fd1a9e0cf160553e75cec  mozilla-chat-1.7.6-1.4.1.i386.rpm
c88d27f8741cc22d794fa76ca001bcf2  mozilla-devel-1.7.6-1.4.1.i386.rpm
ef0444924c443bf1ef63efb291b15017  mozilla-dom-inspector-1.7.6-1.4.1.i386.rpm
3c523a0ae96a601b0c3014a8b3cdec3d  mozilla-js-debugger-1.7.6-1.4.1.i386.rpm
aa4ee2f37944777f5c6f2128bfe4051f  mozilla-mail-1.7.6-1.4.1.i386.rpm
7eea7a8e4316fe594d23022962b3aa36  mozilla-nspr-1.7.6-1.4.1.i386.rpm
2319f305324b19e2a343e946b0cb6909  mozilla-nspr-devel-1.7.6-1.4.1.i386.rpm
ab3c087c54396503607d4f5cadb49e12  mozilla-nss-1.7.6-1.4.1.i386.rpm
3fc1fdb6ceed5740a428047652faee3c  mozilla-nss-devel-1.7.6-1.4.1.i386.rpm

ia64:
36b554c9d5d4f2520c885e2c8b05786a  evolution-2.0.2-14.ia64.rpm
2edbcadc3c88a51ad077bae90d9b116f  evolution-devel-2.0.2-14.ia64.rpm
bb6ffe8c693c6009597f2cffdbdfa115  mozilla-1.7.6-1.4.1.ia64.rpm
034d4270363faaf097bca06360c25e5b  mozilla-chat-1.7.6-1.4.1.ia64.rpm
f5e5865fd0bd8c22ccde7316815deef4  mozilla-devel-1.7.6-1.4.1.ia64.rpm
6614e0cffaa568c1afb300a3c95d82cb  mozilla-dom-inspector-1.7.6-1.4.1.ia64.rpm
128a218e1765ef3b93f9bc76a808768f  mozilla-js-debugger-1.7.6-1.4.1.ia64.rpm
d3aec46e412923de975ca9444125b568  mozilla-mail-1.7.6-1.4.1.ia64.rpm
4b552fed5eb33993350562b7e2d1963b  mozilla-nspr-1.7.6-1.4.1.ia64.rpm
7eea7a8e4316fe594d23022962b3aa36  mozilla-nspr-1.7.6-1.4.1.i386.rpm
cdca5118d08f05bb29a26ad854d13c77  mozilla-nspr-devel-1.7.6-1.4.1.ia64.rpm
630b9e378acc232bf9c0001f80ac0918  mozilla-nss-1.7.6-1.4.1.ia64.rpm
ab3c087c54396503607d4f5cadb49e12  mozilla-nss-1.7.6-1.4.1.i386.rpm
441e53acf432bbd125f71b6da1830ed7  mozilla-nss-devel-1.7.6-1.4.1.ia64.rpm

x86_64:
5a7a6b72629d066a3830f59fb04593a2  devhelp-0.9.2-2.4.3.x86_64.rpm
895f1fd3c661b98e803a923884c2effc  devhelp-devel-0.9.2-2.4.3.x86_64.rpm
28f97d232c0bf557426da1a8bbcc9be4  evolution-2.0.2-14.x86_64.rpm
3f54339b8b1a8837af14fa3937e67c09  evolution-devel-2.0.2-14.x86_64.rpm
01309838e0abdfa4b89b649fa945e80b  mozilla-1.7.6-1.4.1.x86_64.rpm
00782ab9ca7504c15deb016246fc7581  mozilla-chat-1.7.6-1.4.1.x86_64.rpm
fa881165f821dc8b2f613cc10c48b81b  mozilla-devel-1.7.6-1.4.1.x86_64.rpm
d17299423d61ccd0dd7ccb8c771677de  mozilla-dom-inspector-1.7.6-1.4.1.x86_64.rpm
58dd6924cc0596a5a6380518b660f5e7  mozilla-js-debugger-1.7.6-1.4.1.x86_64.rpm
51bc9b4fb28fe0e076137d7f31360eee  mozilla-mail-1.7.6-1.4.1.x86_64.rpm
e897cf784cb23d147d6fdb0acb33d309  mozilla-nspr-1.7.6-1.4.1.x86_64.rpm
7eea7a8e4316fe594d23022962b3aa36  mozilla-nspr-1.7.6-1.4.1.i386.rpm
aa28118dc28d21f47f2d61f8601595e7  mozilla-nspr-devel-1.7.6-1.4.1.x86_64.rpm
341cafa4e39a9e0cb2919e2a1800fed5  mozilla-nss-1.7.6-1.4.1.x86_64.rpm
ab3c087c54396503607d4f5cadb49e12  mozilla-nss-1.7.6-1.4.1.i386.rpm
19166638b89d32e156c333bed457888a  mozilla-nss-devel-1.7.6-1.4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ef655aef074fe9d1bb2d4275e18a30c3  devhelp-0.9.2-2.4.3.src.rpm
796caefedf5087511b137f14512aafa3  evolution-2.0.2-14.src.rpm
2822baa29d8d22062fd1e314fec1c084  mozilla-1.7.6-1.4.1.src.rpm

i386:
c4a062574f5620e321f81c47b6c78913  devhelp-0.9.2-2.4.3.i386.rpm
7de6b81d78f3dba752a3c06d664777b8  devhelp-devel-0.9.2-2.4.3.i386.rpm
5e224cefdc65509b24fd29728caecc6b  evolution-2.0.2-14.i386.rpm
b02187784c02324afd1723c24f2d17ab  evolution-devel-2.0.2-14.i386.rpm
a7838d2c5ad3eb580b4a2157e2d0aac5  mozilla-1.7.6-1.4.1.i386.rpm
b7dd0f25824fd1a9e0cf160553e75cec  mozilla-chat-1.7.6-1.4.1.i386.rpm
c88d27f8741cc22d794fa76ca001bcf2  mozilla-devel-1.7.6-1.4.1.i386.rpm
ef0444924c443bf1ef63efb291b15017  mozilla-dom-inspector-1.7.6-1.4.1.i386.rpm
3c523a0ae96a601b0c3014a8b3cdec3d  mozilla-js-debugger-1.7.6-1.4.1.i386.rpm
aa4ee2f37944777f5c6f2128bfe4051f  mozilla-mail-1.7.6-1.4.1.i386.rpm
7eea7a8e4316fe594d23022962b3aa36  mozilla-nspr-1.7.6-1.4.1.i386.rpm
2319f305324b19e2a343e946b0cb6909  mozilla-nspr-devel-1.7.6-1.4.1.i386.rpm
ab3c087c54396503607d4f5cadb49e12  mozilla-nss-1.7.6-1.4.1.i386.rpm
3fc1fdb6ceed5740a428047652faee3c  mozilla-nss-devel-1.7.6-1.4.1.i386.rpm

ia64:
36b554c9d5d4f2520c885e2c8b05786a  evolution-2.0.2-14.ia64.rpm
2edbcadc3c88a51ad077bae90d9b116f  evolution-devel-2.0.2-14.ia64.rpm
bb6ffe8c693c6009597f2cffdbdfa115  mozilla-1.7.6-1.4.1.ia64.rpm
034d4270363faaf097bca06360c25e5b  mozilla-chat-1.7.6-1.4.1.ia64.rpm
f5e5865fd0bd8c22ccde7316815deef4  mozilla-devel-1.7.6-1.4.1.ia64.rpm
6614e0cffaa568c1afb300a3c95d82cb  mozilla-dom-inspector-1.7.6-1.4.1.ia64.rpm
128a218e1765ef3b93f9bc76a808768f  mozilla-js-debugger-1.7.6-1.4.1.ia64.rpm
d3aec46e412923de975ca9444125b568  mozilla-mail-1.7.6-1.4.1.ia64.rpm
4b552fed5eb33993350562b7e2d1963b  mozilla-nspr-1.7.6-1.4.1.ia64.rpm
7eea7a8e4316fe594d23022962b3aa36  mozilla-nspr-1.7.6-1.4.1.i386.rpm
cdca5118d08f05bb29a26ad854d13c77  mozilla-nspr-devel-1.7.6-1.4.1.ia64.rpm
630b9e378acc232bf9c0001f80ac0918  mozilla-nss-1.7.6-1.4.1.ia64.rpm
ab3c087c54396503607d4f5cadb49e12  mozilla-nss-1.7.6-1.4.1.i386.rpm
441e53acf432bbd125f71b6da1830ed7  mozilla-nss-devel-1.7.6-1.4.1.ia64.rpm

x86_64:
5a7a6b72629d066a3830f59fb04593a2  devhelp-0.9.2-2.4.3.x86_64.rpm
895f1fd3c661b98e803a923884c2effc  devhelp-devel-0.9.2-2.4.3.x86_64.rpm
28f97d232c0bf557426da1a8bbcc9be4  evolution-2.0.2-14.x86_64.rpm
3f54339b8b1a8837af14fa3937e67c09  evolution-devel-2.0.2-14.x86_64.rpm
01309838e0abdfa4b89b649fa945e80b  mozilla-1.7.6-1.4.1.x86_64.rpm
00782ab9ca7504c15deb016246fc7581  mozilla-chat-1.7.6-1.4.1.x86_64.rpm
fa881165f821dc8b2f613cc10c48b81b  mozilla-devel-1.7.6-1.4.1.x86_64.rpm
d17299423d61ccd0dd7ccb8c771677de  mozilla-dom-inspector-1.7.6-1.4.1.x86_64.rpm
58dd6924cc0596a5a6380518b660f5e7  mozilla-js-debugger-1.7.6-1.4.1.x86_64.rpm
51bc9b4fb28fe0e076137d7f31360eee  mozilla-mail-1.7.6-1.4.1.x86_64.rpm
e897cf784cb23d147d6fdb0acb33d309  mozilla-nspr-1.7.6-1.4.1.x86_64.rpm
7eea7a8e4316fe594d23022962b3aa36  mozilla-nspr-1.7.6-1.4.1.i386.rpm
aa28118dc28d21f47f2d61f8601595e7  mozilla-nspr-devel-1.7.6-1.4.1.x86_64.rpm
341cafa4e39a9e0cb2919e2a1800fed5  mozilla-nss-1.7.6-1.4.1.x86_64.rpm
ab3c087c54396503607d4f5cadb49e12  mozilla-nss-1.7.6-1.4.1.i386.rpm
19166638b89d32e156c333bed457888a  mozilla-nss-devel-1.7.6-1.4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

RedHat: Critical: mozilla security update RHSA-2005:335-01

Updated mozilla packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Summary



Summary

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0399 to this issue. A bug was found in the way Mozilla responds to proxy auth requests. It is possible for a malicious webserver to steal credentials from a victims browser by issuing a 407 proxy authentication request. (CAN-2005-0147) A bug was found in the way Mozilla displays dialog windows. It is possible that a malicious web page which is being displayed in a background tab could present the user with a dialog window appearing to come from the active page. (CAN-2004-1380) A bug was found in the way Mozilla Mail handles cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. (CAN-2005-0149) A flaw was found in the way Firefox displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CAN-2005-0233) A bug was found in the way Firefox handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CAN-2004-1156) A bug was found in the way Mozilla saves temporary files. Temporary files are saved with world readable permissions, which could allow a local malicious user to view potentially sensitive data. (CAN-2005-0142) A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CAN-2005-0146) A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CAN-2005-0401) A bug was found in the way Mozilla loads links in a new tab which are middle clicked. A malicious web page could read local files or modify privileged chrom settings. (CAN-2005-0141) A bug was found in the way Mozilla displays the secure site icon. A malicious web page can use a view-source URL targetted at a secure page, while loading an insecure page, yet the secure site icon shows the previous secure state. (CAN-2005-0144) A bug was found in the way Mozilla displays the secure site icon. A malicious web page can display the secure site icon by loading a binary file from a secured site. (CAN-2005-0143) A bug was found in the way Firefox displays the download dialog window. A malicious site can obfuscate the content displayed in the source field, tricking a user into thinking they are downloading content from a trusted source. (CAN-2005-0585) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.6 to correct these issues.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
142508 - 144228 - 146188 - CAN-2005-0141 multiple mozilla issues CAN-2004-1316 CAN-2005-0142 CAN-2005-0143 CAN-2005-0144 CAN-2004-1380 CAN-2004-1381 CAN-2005-0146 CAN-2005-0147 CAN-2005-0149 147397 - homograph spoofing 150866 - 151730 -
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: ef655aef074fe9d1bb2d4275e18a30c3 devhelp-0.9.2-2.4.3.src.rpm 796caefedf5087511b137f14512aafa3 evolution-2.0.2-14.src.rpm 2822baa29d8d22062fd1e314fec1c084 mozilla-1.7.6-1.4.1.src.rpm
i386: c4a062574f5620e321f81c47b6c78913 devhelp-0.9.2-2.4.3.i386.rpm 7de6b81d78f3dba752a3c06d664777b8 devhelp-devel-0.9.2-2.4.3.i386.rpm 5e224cefdc65509b24fd29728caecc6b evolution-2.0.2-14.i386.rpm b02187784c02324afd1723c24f2d17ab evolution-devel-2.0.2-14.i386.rpm a7838d2c5ad3eb580b4a2157e2d0aac5 mozilla-1.7.6-1.4.1.i386.rpm b7dd0f25824fd1a9e0cf160553e75cec mozilla-chat-1.7.6-1.4.1.i386.rpm c88d27f8741cc22d794fa76ca001bcf2 mozilla-devel-1.7.6-1.4.1.i386.rpm ef0444924c443bf1ef63efb291b15017 mozilla-dom-inspector-1.7.6-1.4.1.i386.rpm 3c523a0ae96a601b0c3014a8b3cdec3d mozilla-js-debugger-1.7.6-1.4.1.i386.rpm aa4ee2f37944777f5c6f2128bfe4051f mozilla-mail-1.7.6-1.4.1.i386.rpm 7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm 2319f305324b19e2a343e946b0cb6909 mozilla-nspr-devel-1.7.6-1.4.1.i386.rpm ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm 3fc1fdb6ceed5740a428047652faee3c mozilla-nss-devel-1.7.6-1.4.1.i386.rpm
ia64: 36b554c9d5d4f2520c885e2c8b05786a evolution-2.0.2-14.ia64.rpm 2edbcadc3c88a51ad077bae90d9b116f evolution-devel-2.0.2-14.ia64.rpm bb6ffe8c693c6009597f2cffdbdfa115 mozilla-1.7.6-1.4.1.ia64.rpm 034d4270363faaf097bca06360c25e5b mozilla-chat-1.7.6-1.4.1.ia64.rpm f5e5865fd0bd8c22ccde7316815deef4 mozilla-devel-1.7.6-1.4.1.ia64.rpm 6614e0cffaa568c1afb300a3c95d82cb mozilla-dom-inspector-1.7.6-1.4.1.ia64.rpm 128a218e1765ef3b93f9bc76a808768f mozilla-js-debugger-1.7.6-1.4.1.ia64.rpm d3aec46e412923de975ca9444125b568 mozilla-mail-1.7.6-1.4.1.ia64.rpm 4b552fed5eb33993350562b7e2d1963b mozilla-nspr-1.7.6-1.4.1.ia64.rpm 7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm cdca5118d08f05bb29a26ad854d13c77 mozilla-nspr-devel-1.7.6-1.4.1.ia64.rpm 630b9e378acc232bf9c0001f80ac0918 mozilla-nss-1.7.6-1.4.1.ia64.rpm ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm 441e53acf432bbd125f71b6da1830ed7 mozilla-nss-devel-1.7.6-1.4.1.ia64.rpm
ppc: b080555e3af4b61bbd4687093b1cc94c devhelp-0.9.2-2.4.3.ppc.rpm 9e2f3f5f8ce57636f797ebc5c1de5406 devhelp-devel-0.9.2-2.4.3.ppc.rpm f743d2ff927f9304b6fa8ebf7f4670ac evolution-2.0.2-14.ppc.rpm 5c652488e5e4fd37d6542d2da9b64d35 evolution-devel-2.0.2-14.ppc.rpm ca8a8ad82aca60da1a95e1f54b08899b mozilla-1.7.6-1.4.1.ppc.rpm 2eec8a5422770fe7f35fe89d598571a2 mozilla-chat-1.7.6-1.4.1.ppc.rpm 5efaf95c9cd4ac44ebde3c6405b293cb mozilla-devel-1.7.6-1.4.1.ppc.rpm fb39503b07ebf91540be47f4efa8949d mozilla-dom-inspector-1.7.6-1.4.1.ppc.rpm 6e42d70993bde8d68019ec87d7be6049 mozilla-js-debugger-1.7.6-1.4.1.ppc.rpm b80b956d16eccaef17a4a351e9c44512 mozilla-mail-1.7.6-1.4.1.ppc.rpm 7f0d47ec94e5c85beaa96944e89f5fe8 mozilla-nspr-1.7.6-1.4.1.ppc.rpm d71529511834bdbdd606ee0fa4455543 mozilla-nspr-devel-1.7.6-1.4.1.ppc.rpm f4e2a91859a1808c0ea2731c6d776654 mozilla-nss-1.7.6-1.4.1.ppc.rpm c9affd85ff05952f9351314417ba68ab mozilla-nss-devel-1.7.6-1.4.1.ppc.rpm
s390: be028cead30042d2d0a6ccfb3b1acd60 evolution-2.0.2-14.s390.rpm f753f3408222e3c3505b51551bbabf15 evolution-devel-2.0.2-14.s390.rpm 6a2768f0e8dfadb73f91e725da238fa4 mozilla-1.7.6-1.4.1.s390.rpm b816dbdda317776c96119267fbf72fbf mozilla-chat-1.7.6-1.4.1.s390.rpm 6aa47533e291b1a11f5d2df9c5d6e3fc mozilla-devel-1.7.6-1.4.1.s390.rpm 0589218bfb8df65d70fc84e5f82ae094 mozilla-dom-inspector-1.7.6-1.4.1.s390.rpm 156b9cb6a790554cdede32f4e95a1f2a mozilla-js-debugger-1.7.6-1.4.1.s390.rpm 0808078b09f3066189b504b594f4c9a7 mozilla-mail-1.7.6-1.4.1.s390.rpm b6a56eedf837d24b952fa5398f43abc5 mozilla-nspr-1.7.6-1.4.1.s390.rpm 8f45563bfe7df84230204f23a92e2c30 mozilla-nspr-devel-1.7.6-1.4.1.s390.rpm ee14089af4fac8e42c1265dfce8a0d16 mozilla-nss-1.7.6-1.4.1.s390.rpm 0b13dd9da58f22a3e54ec99f7b7f165f mozilla-nss-devel-1.7.6-1.4.1.s390.rpm
s390x: ecca54c1461b85910609fc149d32b7f5 evolution-2.0.2-14.s390x.rpm d922cf9a4f01be35ab40da5e1a1bacbd evolution-devel-2.0.2-14.s390x.rpm bab0d846cb27f006b26f9539fb23858f mozilla-1.7.6-1.4.1.s390x.rpm 62045b915cf20d7df0f189ac71a714c7 mozilla-chat-1.7.6-1.4.1.s390x.rpm 4a828b4ce571b106c7431782df7b7301 mozilla-devel-1.7.6-1.4.1.s390x.rpm 23c2b0a864a2afa8bb833bd58e901cef mozilla-dom-inspector-1.7.6-1.4.1.s390x.rpm 380384518578ab1aab19d52d55718c72 mozilla-js-debugger-1.7.6-1.4.1.s390x.rpm 7e82eab7a3aa4fa93c3885af7d918de8 mozilla-mail-1.7.6-1.4.1.s390x.rpm fe60363934e4aeeb063a5e74e133b3e6 mozilla-nspr-1.7.6-1.4.1.s390x.rpm b6a56eedf837d24b952fa5398f43abc5 mozilla-nspr-1.7.6-1.4.1.s390.rpm 527e7c92da0bcfe40d493a04aa4cc6a6 mozilla-nspr-devel-1.7.6-1.4.1.s390x.rpm 19bd01a9c77355bbd3868364faa53e3f mozilla-nss-1.7.6-1.4.1.s390x.rpm ee14089af4fac8e42c1265dfce8a0d16 mozilla-nss-1.7.6-1.4.1.s390.rpm 7d73d9a7d0de4a4df5a1734a47b8a1b1 mozilla-nss-devel-1.7.6-1.4.1.s390x.rpm
x86_64: 5a7a6b72629d066a3830f59fb04593a2 devhelp-0.9.2-2.4.3.x86_64.rpm 895f1fd3c661b98e803a923884c2effc devhelp-devel-0.9.2-2.4.3.x86_64.rpm 28f97d232c0bf557426da1a8bbcc9be4 evolution-2.0.2-14.x86_64.rpm 3f54339b8b1a8837af14fa3937e67c09 evolution-devel-2.0.2-14.x86_64.rpm 01309838e0abdfa4b89b649fa945e80b mozilla-1.7.6-1.4.1.x86_64.rpm 00782ab9ca7504c15deb016246fc7581 mozilla-chat-1.7.6-1.4.1.x86_64.rpm fa881165f821dc8b2f613cc10c48b81b mozilla-devel-1.7.6-1.4.1.x86_64.rpm d17299423d61ccd0dd7ccb8c771677de mozilla-dom-inspector-1.7.6-1.4.1.x86_64.rpm 58dd6924cc0596a5a6380518b660f5e7 mozilla-js-debugger-1.7.6-1.4.1.x86_64.rpm 51bc9b4fb28fe0e076137d7f31360eee mozilla-mail-1.7.6-1.4.1.x86_64.rpm e897cf784cb23d147d6fdb0acb33d309 mozilla-nspr-1.7.6-1.4.1.x86_64.rpm 7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm aa28118dc28d21f47f2d61f8601595e7 mozilla-nspr-devel-1.7.6-1.4.1.x86_64.rpm 341cafa4e39a9e0cb2919e2a1800fed5 mozilla-nss-1.7.6-1.4.1.x86_64.rpm ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm 19166638b89d32e156c333bed457888a mozilla-nss-devel-1.7.6-1.4.1.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: ef655aef074fe9d1bb2d4275e18a30c3 devhelp-0.9.2-2.4.3.src.rpm 796caefedf5087511b137f14512aafa3 evolution-2.0.2-14.src.rpm 2822baa29d8d22062fd1e314fec1c084 mozilla-1.7.6-1.4.1.src.rpm
i386: c4a062574f5620e321f81c47b6c78913 devhelp-0.9.2-2.4.3.i386.rpm 7de6b81d78f3dba752a3c06d664777b8 devhelp-devel-0.9.2-2.4.3.i386.rpm 5e224cefdc65509b24fd29728caecc6b evolution-2.0.2-14.i386.rpm b02187784c02324afd1723c24f2d17ab evolution-devel-2.0.2-14.i386.rpm a7838d2c5ad3eb580b4a2157e2d0aac5 mozilla-1.7.6-1.4.1.i386.rpm b7dd0f25824fd1a9e0cf160553e75cec mozilla-chat-1.7.6-1.4.1.i386.rpm c88d27f8741cc22d794fa76ca001bcf2 mozilla-devel-1.7.6-1.4.1.i386.rpm ef0444924c443bf1ef63efb291b15017 mozilla-dom-inspector-1.7.6-1.4.1.i386.rpm 3c523a0ae96a601b0c3014a8b3cdec3d mozilla-js-debugger-1.7.6-1.4.1.i386.rpm aa4ee2f37944777f5c6f2128bfe4051f mozilla-mail-1.7.6-1.4.1.i386.rpm 7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm 2319f305324b19e2a343e946b0cb6909 mozilla-nspr-devel-1.7.6-1.4.1.i386.rpm ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm 3fc1fdb6ceed5740a428047652faee3c mozilla-nss-devel-1.7.6-1.4.1.i386.rpm
x86_64: 5a7a6b72629d066a3830f59fb04593a2 devhelp-0.9.2-2.4.3.x86_64.rpm 895f1fd3c661b98e803a923884c2effc devhelp-devel-0.9.2-2.4.3.x86_64.rpm 28f97d232c0bf557426da1a8bbcc9be4 evolution-2.0.2-14.x86_64.rpm 3f54339b8b1a8837af14fa3937e67c09 evolution-devel-2.0.2-14.x86_64.rpm 01309838e0abdfa4b89b649fa945e80b mozilla-1.7.6-1.4.1.x86_64.rpm 00782ab9ca7504c15deb016246fc7581 mozilla-chat-1.7.6-1.4.1.x86_64.rpm fa881165f821dc8b2f613cc10c48b81b mozilla-devel-1.7.6-1.4.1.x86_64.rpm d17299423d61ccd0dd7ccb8c771677de mozilla-dom-inspector-1.7.6-1.4.1.x86_64.rpm 58dd6924cc0596a5a6380518b660f5e7 mozilla-js-debugger-1.7.6-1.4.1.x86_64.rpm 51bc9b4fb28fe0e076137d7f31360eee mozilla-mail-1.7.6-1.4.1.x86_64.rpm e897cf784cb23d147d6fdb0acb33d309 mozilla-nspr-1.7.6-1.4.1.x86_64.rpm 7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm aa28118dc28d21f47f2d61f8601595e7 mozilla-nspr-devel-1.7.6-1.4.1.x86_64.rpm 341cafa4e39a9e0cb2919e2a1800fed5 mozilla-nss-1.7.6-1.4.1.x86_64.rpm ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm 19166638b89d32e156c333bed457888a mozilla-nss-devel-1.7.6-1.4.1.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: ef655aef074fe9d1bb2d4275e18a30c3 devhelp-0.9.2-2.4.3.src.rpm 796caefedf5087511b137f14512aafa3 evolution-2.0.2-14.src.rpm 2822baa29d8d22062fd1e314fec1c084 mozilla-1.7.6-1.4.1.src.rpm
i386: c4a062574f5620e321f81c47b6c78913 devhelp-0.9.2-2.4.3.i386.rpm 7de6b81d78f3dba752a3c06d664777b8 devhelp-devel-0.9.2-2.4.3.i386.rpm 5e224cefdc65509b24fd29728caecc6b evolution-2.0.2-14.i386.rpm b02187784c02324afd1723c24f2d17ab evolution-devel-2.0.2-14.i386.rpm a7838d2c5ad3eb580b4a2157e2d0aac5 mozilla-1.7.6-1.4.1.i386.rpm b7dd0f25824fd1a9e0cf160553e75cec mozilla-chat-1.7.6-1.4.1.i386.rpm c88d27f8741cc22d794fa76ca001bcf2 mozilla-devel-1.7.6-1.4.1.i386.rpm ef0444924c443bf1ef63efb291b15017 mozilla-dom-inspector-1.7.6-1.4.1.i386.rpm 3c523a0ae96a601b0c3014a8b3cdec3d mozilla-js-debugger-1.7.6-1.4.1.i386.rpm aa4ee2f37944777f5c6f2128bfe4051f mozilla-mail-1.7.6-1.4.1.i386.rpm 7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm 2319f305324b19e2a343e946b0cb6909 mozilla-nspr-devel-1.7.6-1.4.1.i386.rpm ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm 3fc1fdb6ceed5740a428047652faee3c mozilla-nss-devel-1.7.6-1.4.1.i386.rpm
ia64: 36b554c9d5d4f2520c885e2c8b05786a evolution-2.0.2-14.ia64.rpm 2edbcadc3c88a51ad077bae90d9b116f evolution-devel-2.0.2-14.ia64.rpm bb6ffe8c693c6009597f2cffdbdfa115 mozilla-1.7.6-1.4.1.ia64.rpm 034d4270363faaf097bca06360c25e5b mozilla-chat-1.7.6-1.4.1.ia64.rpm f5e5865fd0bd8c22ccde7316815deef4 mozilla-devel-1.7.6-1.4.1.ia64.rpm 6614e0cffaa568c1afb300a3c95d82cb mozilla-dom-inspector-1.7.6-1.4.1.ia64.rpm 128a218e1765ef3b93f9bc76a808768f mozilla-js-debugger-1.7.6-1.4.1.ia64.rpm d3aec46e412923de975ca9444125b568 mozilla-mail-1.7.6-1.4.1.ia64.rpm 4b552fed5eb33993350562b7e2d1963b mozilla-nspr-1.7.6-1.4.1.ia64.rpm 7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm cdca5118d08f05bb29a26ad854d13c77 mozilla-nspr-devel-1.7.6-1.4.1.ia64.rpm 630b9e378acc232bf9c0001f80ac0918 mozilla-nss-1.7.6-1.4.1.ia64.rpm ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm 441e53acf432bbd125f71b6da1830ed7 mozilla-nss-devel-1.7.6-1.4.1.ia64.rpm
x86_64: 5a7a6b72629d066a3830f59fb04593a2 devhelp-0.9.2-2.4.3.x86_64.rpm 895f1fd3c661b98e803a923884c2effc devhelp-devel-0.9.2-2.4.3.x86_64.rpm 28f97d232c0bf557426da1a8bbcc9be4 evolution-2.0.2-14.x86_64.rpm 3f54339b8b1a8837af14fa3937e67c09 evolution-devel-2.0.2-14.x86_64.rpm 01309838e0abdfa4b89b649fa945e80b mozilla-1.7.6-1.4.1.x86_64.rpm 00782ab9ca7504c15deb016246fc7581 mozilla-chat-1.7.6-1.4.1.x86_64.rpm fa881165f821dc8b2f613cc10c48b81b mozilla-devel-1.7.6-1.4.1.x86_64.rpm d17299423d61ccd0dd7ccb8c771677de mozilla-dom-inspector-1.7.6-1.4.1.x86_64.rpm 58dd6924cc0596a5a6380518b660f5e7 mozilla-js-debugger-1.7.6-1.4.1.x86_64.rpm 51bc9b4fb28fe0e076137d7f31360eee mozilla-mail-1.7.6-1.4.1.x86_64.rpm e897cf784cb23d147d6fdb0acb33d309 mozilla-nspr-1.7.6-1.4.1.x86_64.rpm 7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm aa28118dc28d21f47f2d61f8601595e7 mozilla-nspr-devel-1.7.6-1.4.1.x86_64.rpm 341cafa4e39a9e0cb2919e2a1800fed5 mozilla-nss-1.7.6-1.4.1.x86_64.rpm ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm 19166638b89d32e156c333bed457888a mozilla-nss-devel-1.7.6-1.4.1.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: ef655aef074fe9d1bb2d4275e18a30c3 devhelp-0.9.2-2.4.3.src.rpm 796caefedf5087511b137f14512aafa3 evolution-2.0.2-14.src.rpm 2822baa29d8d22062fd1e314fec1c084 mozilla-1.7.6-1.4.1.src.rpm
i386: c4a062574f5620e321f81c47b6c78913 devhelp-0.9.2-2.4.3.i386.rpm 7de6b81d78f3dba752a3c06d664777b8 devhelp-devel-0.9.2-2.4.3.i386.rpm 5e224cefdc65509b24fd29728caecc6b evolution-2.0.2-14.i386.rpm b02187784c02324afd1723c24f2d17ab evolution-devel-2.0.2-14.i386.rpm a7838d2c5ad3eb580b4a2157e2d0aac5 mozilla-1.7.6-1.4.1.i386.rpm b7dd0f25824fd1a9e0cf160553e75cec mozilla-chat-1.7.6-1.4.1.i386.rpm c88d27f8741cc22d794fa76ca001bcf2 mozilla-devel-1.7.6-1.4.1.i386.rpm ef0444924c443bf1ef63efb291b15017 mozilla-dom-inspector-1.7.6-1.4.1.i386.rpm 3c523a0ae96a601b0c3014a8b3cdec3d mozilla-js-debugger-1.7.6-1.4.1.i386.rpm aa4ee2f37944777f5c6f2128bfe4051f mozilla-mail-1.7.6-1.4.1.i386.rpm 7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm 2319f305324b19e2a343e946b0cb6909 mozilla-nspr-devel-1.7.6-1.4.1.i386.rpm ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm 3fc1fdb6ceed5740a428047652faee3c mozilla-nss-devel-1.7.6-1.4.1.i386.rpm
ia64: 36b554c9d5d4f2520c885e2c8b05786a evolution-2.0.2-14.ia64.rpm 2edbcadc3c88a51ad077bae90d9b116f evolution-devel-2.0.2-14.ia64.rpm bb6ffe8c693c6009597f2cffdbdfa115 mozilla-1.7.6-1.4.1.ia64.rpm 034d4270363faaf097bca06360c25e5b mozilla-chat-1.7.6-1.4.1.ia64.rpm f5e5865fd0bd8c22ccde7316815deef4 mozilla-devel-1.7.6-1.4.1.ia64.rpm 6614e0cffaa568c1afb300a3c95d82cb mozilla-dom-inspector-1.7.6-1.4.1.ia64.rpm 128a218e1765ef3b93f9bc76a808768f mozilla-js-debugger-1.7.6-1.4.1.ia64.rpm d3aec46e412923de975ca9444125b568 mozilla-mail-1.7.6-1.4.1.ia64.rpm 4b552fed5eb33993350562b7e2d1963b mozilla-nspr-1.7.6-1.4.1.ia64.rpm 7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm cdca5118d08f05bb29a26ad854d13c77 mozilla-nspr-devel-1.7.6-1.4.1.ia64.rpm 630b9e378acc232bf9c0001f80ac0918 mozilla-nss-1.7.6-1.4.1.ia64.rpm ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm 441e53acf432bbd125f71b6da1830ed7 mozilla-nss-devel-1.7.6-1.4.1.ia64.rpm
x86_64: 5a7a6b72629d066a3830f59fb04593a2 devhelp-0.9.2-2.4.3.x86_64.rpm 895f1fd3c661b98e803a923884c2effc devhelp-devel-0.9.2-2.4.3.x86_64.rpm 28f97d232c0bf557426da1a8bbcc9be4 evolution-2.0.2-14.x86_64.rpm 3f54339b8b1a8837af14fa3937e67c09 evolution-devel-2.0.2-14.x86_64.rpm 01309838e0abdfa4b89b649fa945e80b mozilla-1.7.6-1.4.1.x86_64.rpm 00782ab9ca7504c15deb016246fc7581 mozilla-chat-1.7.6-1.4.1.x86_64.rpm fa881165f821dc8b2f613cc10c48b81b mozilla-devel-1.7.6-1.4.1.x86_64.rpm d17299423d61ccd0dd7ccb8c771677de mozilla-dom-inspector-1.7.6-1.4.1.x86_64.rpm 58dd6924cc0596a5a6380518b660f5e7 mozilla-js-debugger-1.7.6-1.4.1.x86_64.rpm 51bc9b4fb28fe0e076137d7f31360eee mozilla-mail-1.7.6-1.4.1.x86_64.rpm e897cf784cb23d147d6fdb0acb33d309 mozilla-nspr-1.7.6-1.4.1.x86_64.rpm 7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm aa28118dc28d21f47f2d61f8601595e7 mozilla-nspr-devel-1.7.6-1.4.1.x86_64.rpm 341cafa4e39a9e0cb2919e2a1800fed5 mozilla-nss-1.7.6-1.4.1.x86_64.rpm ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm 19166638b89d32e156c333bed457888a mozilla-nss-devel-1.7.6-1.4.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0149 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401

Package List


Severity
Advisory ID: RHSA-2005:335-01
Advisory URL: https://access.redhat.com/errata/RHSA-2005:335.html
Issued Date: : 2005-03-23
Updated on: 2005-03-23
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1380 CAN-2005-0141 CAN-2005-0142 CAN-2005-0143 CAN-2005-0144 CAN-2005-0146 CAN-2005-0149 CAN-2005-0399 CAN-2005-0401 Updated mozilla packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


Bugs Fixed


Related News

1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved