---------------------------------------------------------------------Fedora Update Notification
FEDORA-2005-619
2005-07-22
---------------------------------------------------------------------Product     : Fedora Core 4
Name        : mozilla
Version     : 1.7.10                      
Release     : 1.5.1                  
Summary     : A Web browser.
Description :
Mozilla is an open-source Web browser, designed for standards
compliance, performance, and portability.

---------------------------------------------------------------------Update Information:

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

A bug was found in the way Mozilla handled synthetic events. It is possible
that Web content could generate events such as keystrokes or mouse clicks
that could be used to steal data or execute malicious Javascript code. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-2260 to this issue.

A bug was found in the way Mozilla executed Javascript in XBL controls. It
is possible for a malicious webpage to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261)

A bug was found in the way Mozilla installed its extensions. If a user can
be tricked into visiting a malicious webpage, it may be possible to obtain
sensitive information such as cookies or passwords. (CAN-2005-2263)

A bug was found in the way Mozilla handled certain Javascript functions. It
is possible for a malicious webpage to crash the browser by executing
malformed Javascript code. (CAN-2005-2265)

A bug was found in the way Mozilla handled multiple frame domains. It is
possible for a frame as part of a malicious website to inject content into
a frame that belongs to another domain. This issue was previously fixed as
CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937)

A bug was found in the way Mozilla handled child frames. It is possible for
a malicious framed page to steal sensitive information from its parent
page. (CAN-2005-2266)

A bug was found in the way Mozilla opened URLs from media players. If a
media player opens a URL which is Javascript, the Javascript executes
with access to the currently open webpage. (CAN-2005-2267)

A design flaw was found in the way Mozilla displayed alerts and prompts.
Alerts and prompts were given the generic title [JavaScript Application]
which prevented a user from knowing which site created them. (CAN-2005-2268)

A bug was found in the way Mozilla handled DOM node names. It is possible
for a malicious site to overwrite a DOM node name, allowing certain
privileged chrome actions to execute the malicious Javascript. (CAN-2005-2269)

A bug was found in the way Mozilla cloned base objects. It is possible for
Web content to traverse the prototype chain to gain access to privileged
chrome objects. (CAN-2005-2270)

Users of Mozilla are advised to upgrade to these updated packages, which
contain Mozilla version 1.7.10 and are not vulnerable to these issues. 
---------------------------------------------------------------------* Tue Jul 19 2005 Christopher Aillon  37:1.7.10-1.5.1
- Update to 1.7.10
- Fix a crash on 64bit platforms (#160330)


---------------------------------------------------------------------This update can be downloaded from:
  
eb361c708dddc1af05158ce6759a61b9  SRPMS/mozilla-1.7.10-1.5.1.src.rpm
c5cfc540316ed7679b562ce6e4431a53  ppc/mozilla-1.7.10-1.5.1.ppc.rpm
69ea1fde672e04a4f6913025870ae28e  ppc/mozilla-nspr-1.7.10-1.5.1.ppc.rpm
26ccb88f78bb5142aa07325fd4c5a8c2  ppc/mozilla-nspr-devel-1.7.10-1.5.1.ppc.rpm
465c71611974982178a4acbd03e79848  ppc/mozilla-nss-1.7.10-1.5.1.ppc.rpm
6c3043f14271ce087413b667de05e04c  ppc/mozilla-nss-devel-1.7.10-1.5.1.ppc.rpm
5489a8676730b06e32e18f375b83b55d  ppc/mozilla-devel-1.7.10-1.5.1.ppc.rpm
b672a31b9bf29f2a593d870f694aa014  ppc/mozilla-mail-1.7.10-1.5.1.ppc.rpm
51be9cdb1510a8b045104bf8956cd174  ppc/mozilla-chat-1.7.10-1.5.1.ppc.rpm
fc3b1d1ecbfcb7a26bbfd2cb18153ec3  ppc/mozilla-js-debugger-1.7.10-1.5.1.ppc.rpm
76f4786b961fa856c99f7a6d60e53ef6  ppc/mozilla-dom-inspector-1.7.10-1.5.1.ppc.rpm
2e3612c10f295f670de5cdf5537b8d18  ppc/debug/mozilla-debuginfo-1.7.10-1.5.1.ppc.rpm
e01cf2f85658577773f84c27be82a981  x86_64/mozilla-1.7.10-1.5.1.x86_64.rpm
78ea2f828bdf576072d5b1d8a117ac18  x86_64/mozilla-nspr-1.7.10-1.5.1.x86_64.rpm
6ed062540e8729a0fe20603dd81a4555  x86_64/mozilla-nspr-devel-1.7.10-1.5.1.x86_64.rpm
900e1bdda17a57a40734e4632216b09b  x86_64/mozilla-nss-1.7.10-1.5.1.x86_64.rpm
0835f3a6eb0d3a28e571c659f62b58b5  x86_64/mozilla-nss-devel-1.7.10-1.5.1.x86_64.rpm
46366778caa6bbc28ac2fd7ab601b3e6  x86_64/mozilla-devel-1.7.10-1.5.1.x86_64.rpm
d484918f9a9aacaa3244dfe9aa00724c  x86_64/mozilla-mail-1.7.10-1.5.1.x86_64.rpm
a91f3fdebba315d7a904dce6ca078a71  x86_64/mozilla-chat-1.7.10-1.5.1.x86_64.rpm
b7c81fc35699665628b08becab581d89  x86_64/mozilla-js-debugger-1.7.10-1.5.1.x86_64.rpm
e2159457c9cb315bb58ea141fcb61f58  x86_64/mozilla-dom-inspector-1.7.10-1.5.1.x86_64.rpm
bee07c4cc4a2334c6c659b9a78b5dd27  x86_64/debug/mozilla-debuginfo-1.7.10-1.5.1.x86_64.rpm
9e00889d8cf0e0cf6e05b9e2bfa4aa59  x86_64/mozilla-nspr-1.7.10-1.5.1.i386.rpm
d3debda6d568aaf48caec6f01d2c4bb5  x86_64/mozilla-nss-1.7.10-1.5.1.i386.rpm
0170da6538e34da1618ae3b496e19191  i386/mozilla-1.7.10-1.5.1.i386.rpm
9e00889d8cf0e0cf6e05b9e2bfa4aa59  i386/mozilla-nspr-1.7.10-1.5.1.i386.rpm
4284565ab14530bc3a3b9c67f19b5ef3  i386/mozilla-nspr-devel-1.7.10-1.5.1.i386.rpm
d3debda6d568aaf48caec6f01d2c4bb5  i386/mozilla-nss-1.7.10-1.5.1.i386.rpm
29207a796c6f6467afaf012f4102e51f  i386/mozilla-nss-devel-1.7.10-1.5.1.i386.rpm
46c2a725f16211cf11c6f247c4865baf  i386/mozilla-devel-1.7.10-1.5.1.i386.rpm
6875846f0350c548aea6bc80c248f97f  i386/mozilla-mail-1.7.10-1.5.1.i386.rpm
ed5d8fa1b534c8226dca48c30fbab7c0  i386/mozilla-chat-1.7.10-1.5.1.i386.rpm
3cd9b40c026c9bc7ff0f1688eddb0a55  i386/mozilla-js-debugger-1.7.10-1.5.1.i386.rpm
30dea8f03254fa2b7504099592c5c073  i386/mozilla-dom-inspector-1.7.10-1.5.1.i386.rpm
e85b37cef808ba529a228cec8b205a82  i386/debug/mozilla-debuginfo-1.7.10-1.5.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
-----------------------------------------------------------------------fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 4 Update: mozilla-1.7.10-1.5.1

July 22, 2005

Package repairs various vulnerabilities.

Summary

Mozilla is an open-source Web browser, designed for standards

compliance, performance, and portability.

Mozilla is an open source Web browser, advanced email and newsgroup client,

IRC chat client, and HTML editor.

A bug was found in the way Mozilla handled synthetic events. It is possible

that Web content could generate events such as keystrokes or mouse clicks

that could be used to steal data or execute malicious Javascript code. The

Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned

the name CAN-2005-2260 to this issue.

A bug was found in the way Mozilla executed Javascript in XBL controls. It

is possible for a malicious webpage to leverage this vulnerability to

execute other JavaScript based attacks even when JavaScript is disabled.

(CAN-2005-2261)

A bug was found in the way Mozilla installed its extensions. If a user can

be tricked into visiting a malicious webpage, it may be possible to obtain

sensitive information such as cookies or passwords. (CAN-2005-2263)

A bug was found in the way Mozilla handled certain Javascript functions. It

is possible for a malicious webpage to crash the browser by executing

malformed Javascript code. (CAN-2005-2265)

A bug was found in the way Mozilla handled multiple frame domains. It is

possible for a frame as part of a malicious website to inject content into

a frame that belongs to another domain. This issue was previously fixed as

CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937)

A bug was found in the way Mozilla handled child frames. It is possible for

a malicious framed page to steal sensitive information from its parent

page. (CAN-2005-2266)

A bug was found in the way Mozilla opened URLs from media players. If a

media player opens a URL which is Javascript, the Javascript executes

with access to the currently open webpage. (CAN-2005-2267)

A design flaw was found in the way Mozilla displayed alerts and prompts.

Alerts and prompts were given the generic title [JavaScript Application]

which prevented a user from knowing which site created them. (CAN-2005-2268)

A bug was found in the way Mozilla handled DOM node names. It is possible

for a malicious site to overwrite a DOM node name, allowing certain

privileged chrome actions to execute the malicious Javascript. (CAN-2005-2269)

A bug was found in the way Mozilla cloned base objects. It is possible for

Web content to traverse the prototype chain to gain access to privileged

chrome objects. (CAN-2005-2270)

Users of Mozilla are advised to upgrade to these updated packages, which

contain Mozilla version 1.7.10 and are not vulnerable to these issues.

- Update to 1.7.10

- Fix a crash on 64bit platforms (#160330)

eb361c708dddc1af05158ce6759a61b9 SRPMS/mozilla-1.7.10-1.5.1.src.rpm

c5cfc540316ed7679b562ce6e4431a53 ppc/mozilla-1.7.10-1.5.1.ppc.rpm

69ea1fde672e04a4f6913025870ae28e ppc/mozilla-nspr-1.7.10-1.5.1.ppc.rpm

26ccb88f78bb5142aa07325fd4c5a8c2 ppc/mozilla-nspr-devel-1.7.10-1.5.1.ppc.rpm

465c71611974982178a4acbd03e79848 ppc/mozilla-nss-1.7.10-1.5.1.ppc.rpm

6c3043f14271ce087413b667de05e04c ppc/mozilla-nss-devel-1.7.10-1.5.1.ppc.rpm

5489a8676730b06e32e18f375b83b55d ppc/mozilla-devel-1.7.10-1.5.1.ppc.rpm

b672a31b9bf29f2a593d870f694aa014 ppc/mozilla-mail-1.7.10-1.5.1.ppc.rpm

51be9cdb1510a8b045104bf8956cd174 ppc/mozilla-chat-1.7.10-1.5.1.ppc.rpm

fc3b1d1ecbfcb7a26bbfd2cb18153ec3 ppc/mozilla-js-debugger-1.7.10-1.5.1.ppc.rpm

76f4786b961fa856c99f7a6d60e53ef6 ppc/mozilla-dom-inspector-1.7.10-1.5.1.ppc.rpm

2e3612c10f295f670de5cdf5537b8d18 ppc/debug/mozilla-debuginfo-1.7.10-1.5.1.ppc.rpm

e01cf2f85658577773f84c27be82a981 x86_64/mozilla-1.7.10-1.5.1.x86_64.rpm

78ea2f828bdf576072d5b1d8a117ac18 x86_64/mozilla-nspr-1.7.10-1.5.1.x86_64.rpm

6ed062540e8729a0fe20603dd81a4555 x86_64/mozilla-nspr-devel-1.7.10-1.5.1.x86_64.rpm

900e1bdda17a57a40734e4632216b09b x86_64/mozilla-nss-1.7.10-1.5.1.x86_64.rpm

0835f3a6eb0d3a28e571c659f62b58b5 x86_64/mozilla-nss-devel-1.7.10-1.5.1.x86_64.rpm

46366778caa6bbc28ac2fd7ab601b3e6 x86_64/mozilla-devel-1.7.10-1.5.1.x86_64.rpm

d484918f9a9aacaa3244dfe9aa00724c x86_64/mozilla-mail-1.7.10-1.5.1.x86_64.rpm

a91f3fdebba315d7a904dce6ca078a71 x86_64/mozilla-chat-1.7.10-1.5.1.x86_64.rpm

b7c81fc35699665628b08becab581d89 x86_64/mozilla-js-debugger-1.7.10-1.5.1.x86_64.rpm

e2159457c9cb315bb58ea141fcb61f58 x86_64/mozilla-dom-inspector-1.7.10-1.5.1.x86_64.rpm

bee07c4cc4a2334c6c659b9a78b5dd27 x86_64/debug/mozilla-debuginfo-1.7.10-1.5.1.x86_64.rpm

9e00889d8cf0e0cf6e05b9e2bfa4aa59 x86_64/mozilla-nspr-1.7.10-1.5.1.i386.rpm

d3debda6d568aaf48caec6f01d2c4bb5 x86_64/mozilla-nss-1.7.10-1.5.1.i386.rpm

0170da6538e34da1618ae3b496e19191 i386/mozilla-1.7.10-1.5.1.i386.rpm

9e00889d8cf0e0cf6e05b9e2bfa4aa59 i386/mozilla-nspr-1.7.10-1.5.1.i386.rpm

4284565ab14530bc3a3b9c67f19b5ef3 i386/mozilla-nspr-devel-1.7.10-1.5.1.i386.rpm

d3debda6d568aaf48caec6f01d2c4bb5 i386/mozilla-nss-1.7.10-1.5.1.i386.rpm

29207a796c6f6467afaf012f4102e51f i386/mozilla-nss-devel-1.7.10-1.5.1.i386.rpm

46c2a725f16211cf11c6f247c4865baf i386/mozilla-devel-1.7.10-1.5.1.i386.rpm

6875846f0350c548aea6bc80c248f97f i386/mozilla-mail-1.7.10-1.5.1.i386.rpm

ed5d8fa1b534c8226dca48c30fbab7c0 i386/mozilla-chat-1.7.10-1.5.1.i386.rpm

3cd9b40c026c9bc7ff0f1688eddb0a55 i386/mozilla-js-debugger-1.7.10-1.5.1.i386.rpm

30dea8f03254fa2b7504099592c5c073 i386/mozilla-dom-inspector-1.7.10-1.5.1.i386.rpm

e85b37cef808ba529a228cec8b205a82 i386/debug/mozilla-debuginfo-1.7.10-1.5.1.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2005-619 2005-07-22 Name : mozilla Version : 1.7.10 Release : 1.5.1 Summary : A Web browser. Description : Mozilla is an open-source Web browser, designed for standards compliance, performance, and portability. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla handled synthetic events. It is possible that Web content could generate events such as keystrokes or mouse clicks that could be used to steal data or execute malicious Javascript code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2260 to this issue. A bug was found in the way Mozilla executed Javascript in XBL controls. It is possible for a malicious webpage to leverage this vulnerability to execute other JavaScript based attacks even when JavaScript is disabled. (CAN-2005-2261) A bug was found in the way Mozilla installed its extensions. If a user can be tricked into visiting a malicious webpage, it may be possible to obtain sensitive information such as cookies or passwords. (CAN-2005-2263) A bug was found in the way Mozilla handled certain Javascript functions. It is possible for a malicious webpage to crash the browser by executing malformed Javascript code. (CAN-2005-2265) A bug was found in the way Mozilla handled multiple frame domains. It is possible for a frame as part of a malicious website to inject content into a frame that belongs to another domain. This issue was previously fixed as CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937) A bug was found in the way Mozilla handled child frames. It is possible for a malicious framed page to steal sensitive information from its parent page. (CAN-2005-2266) A bug was found in the way Mozilla opened URLs from media players. If a media player opens a URL which is Javascript, the Javascript executes with access to the currently open webpage. (CAN-2005-2267) A design flaw was found in the way Mozilla displayed alerts and prompts. Alerts and prompts were given the generic title [JavaScript Application] which prevented a user from knowing which site created them. (CAN-2005-2268) A bug was found in the way Mozilla handled DOM node names. It is possible for a malicious site to overwrite a DOM node name, allowing certain privileged chrome actions to execute the malicious Javascript. (CAN-2005-2269) A bug was found in the way Mozilla cloned base objects. It is possible for Web content to traverse the prototype chain to gain access to privileged chrome objects. (CAN-2005-2270) Users of Mozilla are advised to upgrade to these updated packages, which contain Mozilla version 1.7.10 and are not vulnerable to these issues. - Update to 1.7.10 - Fix a crash on 64bit platforms (#160330) eb361c708dddc1af05158ce6759a61b9 SRPMS/mozilla-1.7.10-1.5.1.src.rpm c5cfc540316ed7679b562ce6e4431a53 ppc/mozilla-1.7.10-1.5.1.ppc.rpm 69ea1fde672e04a4f6913025870ae28e ppc/mozilla-nspr-1.7.10-1.5.1.ppc.rpm 26ccb88f78bb5142aa07325fd4c5a8c2 ppc/mozilla-nspr-devel-1.7.10-1.5.1.ppc.rpm 465c71611974982178a4acbd03e79848 ppc/mozilla-nss-1.7.10-1.5.1.ppc.rpm 6c3043f14271ce087413b667de05e04c ppc/mozilla-nss-devel-1.7.10-1.5.1.ppc.rpm 5489a8676730b06e32e18f375b83b55d ppc/mozilla-devel-1.7.10-1.5.1.ppc.rpm b672a31b9bf29f2a593d870f694aa014 ppc/mozilla-mail-1.7.10-1.5.1.ppc.rpm 51be9cdb1510a8b045104bf8956cd174 ppc/mozilla-chat-1.7.10-1.5.1.ppc.rpm fc3b1d1ecbfcb7a26bbfd2cb18153ec3 ppc/mozilla-js-debugger-1.7.10-1.5.1.ppc.rpm 76f4786b961fa856c99f7a6d60e53ef6 ppc/mozilla-dom-inspector-1.7.10-1.5.1.ppc.rpm 2e3612c10f295f670de5cdf5537b8d18 ppc/debug/mozilla-debuginfo-1.7.10-1.5.1.ppc.rpm e01cf2f85658577773f84c27be82a981 x86_64/mozilla-1.7.10-1.5.1.x86_64.rpm 78ea2f828bdf576072d5b1d8a117ac18 x86_64/mozilla-nspr-1.7.10-1.5.1.x86_64.rpm 6ed062540e8729a0fe20603dd81a4555 x86_64/mozilla-nspr-devel-1.7.10-1.5.1.x86_64.rpm 900e1bdda17a57a40734e4632216b09b x86_64/mozilla-nss-1.7.10-1.5.1.x86_64.rpm 0835f3a6eb0d3a28e571c659f62b58b5 x86_64/mozilla-nss-devel-1.7.10-1.5.1.x86_64.rpm 46366778caa6bbc28ac2fd7ab601b3e6 x86_64/mozilla-devel-1.7.10-1.5.1.x86_64.rpm d484918f9a9aacaa3244dfe9aa00724c x86_64/mozilla-mail-1.7.10-1.5.1.x86_64.rpm a91f3fdebba315d7a904dce6ca078a71 x86_64/mozilla-chat-1.7.10-1.5.1.x86_64.rpm b7c81fc35699665628b08becab581d89 x86_64/mozilla-js-debugger-1.7.10-1.5.1.x86_64.rpm e2159457c9cb315bb58ea141fcb61f58 x86_64/mozilla-dom-inspector-1.7.10-1.5.1.x86_64.rpm bee07c4cc4a2334c6c659b9a78b5dd27 x86_64/debug/mozilla-debuginfo-1.7.10-1.5.1.x86_64.rpm 9e00889d8cf0e0cf6e05b9e2bfa4aa59 x86_64/mozilla-nspr-1.7.10-1.5.1.i386.rpm d3debda6d568aaf48caec6f01d2c4bb5 x86_64/mozilla-nss-1.7.10-1.5.1.i386.rpm 0170da6538e34da1618ae3b496e19191 i386/mozilla-1.7.10-1.5.1.i386.rpm 9e00889d8cf0e0cf6e05b9e2bfa4aa59 i386/mozilla-nspr-1.7.10-1.5.1.i386.rpm 4284565ab14530bc3a3b9c67f19b5ef3 i386/mozilla-nspr-devel-1.7.10-1.5.1.i386.rpm d3debda6d568aaf48caec6f01d2c4bb5 i386/mozilla-nss-1.7.10-1.5.1.i386.rpm 29207a796c6f6467afaf012f4102e51f i386/mozilla-nss-devel-1.7.10-1.5.1.i386.rpm 46c2a725f16211cf11c6f247c4865baf i386/mozilla-devel-1.7.10-1.5.1.i386.rpm 6875846f0350c548aea6bc80c248f97f i386/mozilla-mail-1.7.10-1.5.1.i386.rpm ed5d8fa1b534c8226dca48c30fbab7c0 i386/mozilla-chat-1.7.10-1.5.1.i386.rpm 3cd9b40c026c9bc7ff0f1688eddb0a55 i386/mozilla-js-debugger-1.7.10-1.5.1.i386.rpm 30dea8f03254fa2b7504099592c5c073 i386/mozilla-dom-inspector-1.7.10-1.5.1.i386.rpm e85b37cef808ba529a228cec8b205a82 i386/debug/mozilla-debuginfo-1.7.10-1.5.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list