---------------------------------------------------------------------Fedora Update Notification
FEDORA-2005-246
2005-03-23
---------------------------------------------------------------------Product     : Fedora Core 3
Name        : firefox
Version     : 1.0.2
Release     : 1.3.1
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------Update Information:


A buffer overflow bug was found in the way Firefox processes GIF images. 
It is possible for an attacker to create a specially crafted GIF image, 
which when viewed by a victim will execute arbitrary code as the victim. 
The Common Vulnerabilities and Exposures project (cve.mitre.org) has 
assigned the name CAN-2005-0399 to this issue.

A bug was found in the way Firefox processes XUL content. If a malicious
web page can trick a user into dragging an object, it is possible to 
load malicious XUL content. The Common Vulnerabilities and Exposures 
project (cve.mitre.org) has assigned the name CAN-2005-0401 to this issue.

A bug was found in the way Firefox bookmarks content to the sidebar. If 
a user can be tricked into bookmarking a malicious web page into the 
sidebar panel, that page could execute arbitrary programs. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the 
name CAN-2005-0402 to this issue.

Users of Firefox are advised to upgrade to this updated package which
contains Firefox version 1.0.2 and is not vulnerable to these issues.

Additionally, there was a bug found in the way Firefox rendered some 
fonts, notably the Tahoma font while italicized.  This issue has been 
filed as Bug 150041 (bugzilla.redhat.com).  This updated package 
contains a fix for this issue.


---------------------------------------------------------------------* Wed Mar 23 2005 Christopher Aillon  0:1.0.2-1.3.1

- Firefox 1.0.2
- Fix issues with italic rendering using certain fonts (e.g. Tahoma)
- Add upstream fix to reduce round trips to xserver during remote control
- Add upstream fix to call g_set_application_name


---------------------------------------------------------------------This update can be downloaded from:
   
a461bc4e69e10779b3a46944f6b3fd23  SRPMS/firefox-1.0.2-1.3.1.src.rpm
1951b68e390da2f45177df9c016240a0  x86_64/firefox-1.0.2-1.3.1.x86_64.rpm
a81f4837b641ae78f3f6559cbf05715c 
x86_64/debug/firefox-debuginfo-1.0.2-1.3.1.x86_64.rpm
9b19361c8a3dc98edaa07eb1043c11b3  i386/firefox-1.0.2-1.3.1.i386.rpm
a97e425d13c5abb994520829b16b8063 
i386/debug/firefox-debuginfo-1.0.2-1.3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
-----------------------------------------------------------------------fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 3 Update: firefox-1.0.2-1.3.1

March 23, 2005
A buffer overflow bug was found in the way Firefox processes GIF images

Summary

Mozilla Firefox is an open-source web browser, designed for standards

compliance, performance and portability.

A buffer overflow bug was found in the way Firefox processes GIF images.

It is possible for an attacker to create a specially crafted GIF image,

which when viewed by a victim will execute arbitrary code as the victim.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the name CAN-2005-0399 to this issue.

A bug was found in the way Firefox processes XUL content. If a malicious

web page can trick a user into dragging an object, it is possible to

load malicious XUL content. The Common Vulnerabilities and Exposures

project (cve.mitre.org) has assigned the name CAN-2005-0401 to this issue.

A bug was found in the way Firefox bookmarks content to the sidebar. If

a user can be tricked into bookmarking a malicious web page into the

sidebar panel, that page could execute arbitrary programs. The Common

Vulnerabilities and Exposures project (cve.mitre.org) has assigned the

name CAN-2005-0402 to this issue.

Users of Firefox are advised to upgrade to this updated package which

contains Firefox version 1.0.2 and is not vulnerable to these issues.

Additionally, there was a bug found in the way Firefox rendered some

fonts, notably the Tahoma font while italicized. This issue has been

filed as Bug 150041 (bugzilla.redhat.com). This updated package

contains a fix for this issue.

- Firefox 1.0.2

- Fix issues with italic rendering using certain fonts (e.g. Tahoma)

- Add upstream fix to reduce round trips to xserver during remote control

- Add upstream fix to call g_set_application_name

a461bc4e69e10779b3a46944f6b3fd23 SRPMS/firefox-1.0.2-1.3.1.src.rpm

1951b68e390da2f45177df9c016240a0 x86_64/firefox-1.0.2-1.3.1.x86_64.rpm

a81f4837b641ae78f3f6559cbf05715c

x86_64/debug/firefox-debuginfo-1.0.2-1.3.1.x86_64.rpm

9b19361c8a3dc98edaa07eb1043c11b3 i386/firefox-1.0.2-1.3.1.i386.rpm

a97e425d13c5abb994520829b16b8063

i386/debug/firefox-debuginfo-1.0.2-1.3.1.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2005-246 2005-03-23 Name : firefox Version : 1.0.2 Release : 1.3.1 Summary : Mozilla Firefox Web browser. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. A buffer overflow bug was found in the way Firefox processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0399 to this issue. A bug was found in the way Firefox processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0401 to this issue. A bug was found in the way Firefox bookmarks content to the sidebar. If a user can be tricked into bookmarking a malicious web page into the sidebar panel, that page could execute arbitrary programs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0402 to this issue. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.2 and is not vulnerable to these issues. Additionally, there was a bug found in the way Firefox rendered some fonts, notably the Tahoma font while italicized. This issue has been filed as Bug 150041 (bugzilla.redhat.com). This updated package contains a fix for this issue. - Firefox 1.0.2 - Fix issues with italic rendering using certain fonts (e.g. Tahoma) - Add upstream fix to reduce round trips to xserver during remote control - Add upstream fix to call g_set_application_name a461bc4e69e10779b3a46944f6b3fd23 SRPMS/firefox-1.0.2-1.3.1.src.rpm 1951b68e390da2f45177df9c016240a0 x86_64/firefox-1.0.2-1.3.1.x86_64.rpm a81f4837b641ae78f3f6559cbf05715c x86_64/debug/firefox-debuginfo-1.0.2-1.3.1.x86_64.rpm 9b19361c8a3dc98edaa07eb1043c11b3 i386/firefox-1.0.2-1.3.1.i386.rpm a97e425d13c5abb994520829b16b8063 i386/debug/firefox-debuginfo-1.0.2-1.3.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : firefox
Version : 1.0.2
Release : 1.3.1
Summary : Mozilla Firefox Web browser.

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved