LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: mozilla Multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake A large number of Mozilla vulnerabilites is addressed by this update.

Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           mozilla
 Advisory ID:            MDKSA-2004:082
 Date:                   August 12th, 2004

 Affected versions:	 10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 A number of security vulnerabilities in mozilla are addressed by this
 update for Mandrakelinux 10.0 users, including a fix for frame
 spoofing, a fixed popup XPInstall/security dialog bug, a fix for
 untrusted chrome calls, a fix for SSL certificate spoofing, a fix
 for stealing secure HTTP Auth passwords via DNS spoofing, a fix for
 insecure matching of cert names for non-FQDNs, a fix for focus
 redefinition from another domain, a fix for a SOAP parameter overflow,
 a fix for text drag on file entry, a fix for certificate DoS, and a
 fix for lock icon and cert spoofing.
 
 Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been
 rebuilt to use the system libjpeg and libpng which addresses
 vulnerabilities discovered in libpng (ref: MDKSA-2004:079).
 _______________________________________________________________________

 References:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
   http://bugzilla.mozilla.org/show_bug.cgi?id=246448
   http://bugzilla.mozilla.org/show_bug.cgi?id=162020
   http://bugzilla.mozilla.org/show_bug.cgi?id=149478
   http://bugzilla.mozilla.org/show_bug.cgi?id=239580
   http://bugzilla.mozilla.org/show_bug.cgi?id=244965
   http://bugzilla.mozilla.org/show_bug.cgi?id=229374
   http://bugzilla.mozilla.org/show_bug.cgi?id=240053
   http://bugzilla.mozilla.org/show_bug.cgi?id=226278
   http://bugzilla.mozilla.org/show_bug.cgi?id=234058
   http://bugzilla.mozilla.org/show_bug.cgi?id=86028
   http://bugzilla.mozilla.org/show_bug.cgi?id=236618
   http://bugzilla.mozilla.org/show_bug.cgi?id=206859
   http://bugzilla.mozilla.org/show_bug.cgi?id=249004
   http://bugzilla.mozilla.org/show_bug.cgi?id=253121
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 19b31b7ed83a5bfd62872777f48c2251  10.0/RPMS/libnspr4-1.6-12.1.100mdk.i586.rpm
 2c751db4638e066a8089dde8eb2b940b  10.0/RPMS/libnspr4-devel-1.6-12.1.100mdk.i586.rpm
 f44262d9e905090a756ebee318b00e14  10.0/RPMS/libnss3-1.6-12.1.100mdk.i586.rpm
 ac3f3659e97a43a62ce6e574885a7ddf  10.0/RPMS/libnss3-devel-1.6-12.1.100mdk.i586.rpm
 c60181755c6de63f125940311bb0d075  10.0/RPMS/mozilla-1.6-12.1.100mdk.i586.rpm
 880ed64c45f293c64f9756b39334b82d  10.0/RPMS/mozilla-devel-1.6-12.1.100mdk.i586.rpm
 f14a0240536662e2a43b4133ba2fd1b2  10.0/RPMS/mozilla-dom-inspector-1.6-12.1.100mdk.i586.rpm
 0f5f524ff411923f3c542a40d81caab3  10.0/RPMS/mozilla-enigmail-1.6-12.1.100mdk.i586.rpm
 2138a4308f6287b2a26a0ee509c732a4  10.0/RPMS/mozilla-enigmime-1.6-12.1.100mdk.i586.rpm
 ac4f3906cf8db1d57722a2485eb5fba5  10.0/RPMS/mozilla-irc-1.6-12.1.100mdk.i586.rpm
 bc535199a712e47ca30d93ad448513c1  10.0/RPMS/mozilla-js-debugger-1.6-12.1.100mdk.i586.rpm
 4e1c2b9fae3b96a8a4821386f8cde4a0  10.0/RPMS/mozilla-mail-1.6-12.1.100mdk.i586.rpm
 60384666732ca5895ea1696fd0088d45  10.0/RPMS/mozilla-spellchecker-1.6-12.1.100mdk.i586.rpm
 4261307ca2dfbc1bf7ee53fa0d9cadda  10.0/SRPMS/mozilla-1.6-12.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 f950ed0e8c533c272b89242b285bfb51  amd64/10.0/RPMS/lib64nspr4-1.6-12.1.100mdk.amd64.rpm
 1da39ad805ac3dfb6e15f4e2a4b81395  amd64/10.0/RPMS/lib64nspr4-devel-1.6-12.1.100mdk.amd64.rpm
 82541944b78f9ae28b8fbaad7d8cff7f  amd64/10.0/RPMS/lib64nss3-1.6-12.1.100mdk.amd64.rpm
 7a1755840c9e86c6d9d3b0700fe22a64  amd64/10.0/RPMS/lib64nss3-devel-1.6-12.1.100mdk.amd64.rpm
 bbad752b3e6173227dbe3e10d2e22b7e  amd64/10.0/RPMS/mozilla-1.6-12.1.100mdk.amd64.rpm
 160581d9505230143d3af6c0a68dbb50  amd64/10.0/RPMS/mozilla-devel-1.6-12.1.100mdk.amd64.rpm
 a1e933df64ffb535c48f58efcb56f744  amd64/10.0/RPMS/mozilla-dom-inspector-1.6-12.1.100mdk.amd64.rpm
 5b72c641ece4f0f086b9aac12623e4a5  amd64/10.0/RPMS/mozilla-enigmail-1.6-12.1.100mdk.amd64.rpm
 6c55c3641ce9af81569179f2e0883571  amd64/10.0/RPMS/mozilla-enigmime-1.6-12.1.100mdk.amd64.rpm
 de69eccc5e36ee64808b6465cdd2f2cf  amd64/10.0/RPMS/mozilla-irc-1.6-12.1.100mdk.amd64.rpm
 c8bfd663339969ee8ed98f5fcb489772  amd64/10.0/RPMS/mozilla-js-debugger-1.6-12.1.100mdk.amd64.rpm
 36aaa030ab4cce56c7e213f36e899662  amd64/10.0/RPMS/mozilla-mail-1.6-12.1.100mdk.amd64.rpm
 f617cce1aca29d7b55c22c7d71cbe706  amd64/10.0/RPMS/mozilla-spellchecker-1.6-12.1.100mdk.amd64.rpm
 4261307ca2dfbc1bf7ee53fa0d9cadda  amd64/10.0/SRPMS/mozilla-1.6-12.1.100mdk.src.rpm

 Mandrakelinux 9.2:
 39f8a9919bf499e7e889d2f857fa930c  9.2/RPMS/libnspr4-1.4-13.3.92mdk.i586.rpm
 0ca14f5d18f20b75015140db28c18751  9.2/RPMS/libnspr4-devel-1.4-13.3.92mdk.i586.rpm
 f663c0295b8b27489802a913115660e1  9.2/RPMS/libnss3-1.4-13.3.92mdk.i586.rpm
 cf80137d87041af69f724f4d3bae21ee  9.2/RPMS/libnss3-devel-1.4-13.3.92mdk.i586.rpm
 eb592c81a204899305540827f831178f  9.2/RPMS/mozilla-1.4-13.3.92mdk.i586.rpm
 7cef1eab0eb7c38aed0743570912dbc1  9.2/RPMS/mozilla-devel-1.4-13.3.92mdk.i586.rpm
 cbbcb63f5db34ab4342bd79d9a0edbaa  9.2/RPMS/mozilla-dom-inspector-1.4-13.3.92mdk.i586.rpm
 4a16188a7091803a643278d27c0bedd9  9.2/RPMS/mozilla-enigmail-1.4-13.3.92mdk.i586.rpm
 2f247ec2b03fa15358bef296cbf5b5fa  9.2/RPMS/mozilla-enigmime-1.4-13.3.92mdk.i586.rpm
 d372cb79f4137257a5ecc2f8bba50058  9.2/RPMS/mozilla-irc-1.4-13.3.92mdk.i586.rpm
 7123054edd8308a9389eef15204db3f3  9.2/RPMS/mozilla-js-debugger-1.4-13.3.92mdk.i586.rpm
 f4a920a8b551d78066dc23eb8c7a6520  9.2/RPMS/mozilla-mail-1.4-13.3.92mdk.i586.rpm
 4b486d04fbf4c34217ec1fe272bde217  9.2/RPMS/mozilla-spellchecker-1.4-13.3.92mdk.i586.rpm
 bbd208cba121308110ff629941999d4e  9.2/SRPMS/mozilla-1.4-13.3.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 5a5ce0f34c6d517dac5bd796539d727b  amd64/9.2/RPMS/lib64nspr4-1.4-13.3.92mdk.amd64.rpm
 95ff73b58ff07df8658ba7db479a6409  amd64/9.2/RPMS/lib64nspr4-devel-1.4-13.3.92mdk.amd64.rpm
 f47f3edc3305680e4dfe6fc4f11da651  amd64/9.2/RPMS/lib64nss3-1.4-13.3.92mdk.amd64.rpm
 9ffc28e6db6dae88d3f61f647407a863  amd64/9.2/RPMS/lib64nss3-devel-1.4-13.3.92mdk.amd64.rpm
 986fff85fd8f3826df7a503da6123cd8  amd64/9.2/RPMS/mozilla-1.4-13.3.92mdk.amd64.rpm
 0b3800d499e9b0a38e7d45af293f93cc  amd64/9.2/RPMS/mozilla-devel-1.4-13.3.92mdk.amd64.rpm
 786af5e02f3a30b091155c7fbe361052  amd64/9.2/RPMS/mozilla-dom-inspector-1.4-13.3.92mdk.amd64.rpm
 65987dda19d9f901d84e2bd364395970  amd64/9.2/RPMS/mozilla-enigmail-1.4-13.3.92mdk.amd64.rpm
 0b4d182f8aeac8e5189aa58475de3368  amd64/9.2/RPMS/mozilla-enigmime-1.4-13.3.92mdk.amd64.rpm
 7fefe5af19372137780d21fc286cce3c  amd64/9.2/RPMS/mozilla-irc-1.4-13.3.92mdk.amd64.rpm
 7dd3a9b2be038019e19a7839f015f952  amd64/9.2/RPMS/mozilla-js-debugger-1.4-13.3.92mdk.amd64.rpm
 90e24a878db2c4dbad41322595c0f67c  amd64/9.2/RPMS/mozilla-mail-1.4-13.3.92mdk.amd64.rpm
 2225c48c1e6ef9113fffad76a278b7f8  amd64/9.2/RPMS/mozilla-spellchecker-1.4-13.3.92mdk.amd64.rpm
 bbd208cba121308110ff629941999d4e  amd64/9.2/SRPMS/mozilla-1.4-13.3.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

   http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.