---------------------------------------------------------------------Fedora Update Notification
FEDORA-2006-075
2006-02-02
---------------------------------------------------------------------Product     : Fedora Core 4
Name        : mozilla
Version     : 1.7.12                      
Release     : 1.5.2                  
Summary     : Web browser and mail reader
Description :
Mozilla is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------Update Information:

Mozilla is an open source Web browser, advanced email and
newsgroup client, IRC chat client, and HTML editor. 

Igor Bukanov discovered a bug in the way Mozilla's
JavaScript interpreter dereferences objects. If a user
visits a malicious web page, Mozilla could crash or execute
arbitrary code as the user running Mozilla. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Mozilla's
XULDocument.persist() function. A malicious web page could
inject arbitrary RDF data into a user's localstore.rdf file,
which can cause Mozilla to execute arbitrary JavaScript when
a user runs Mozilla. (CVE-2006-0296)

A denial of service bug was found in the way Mozilla saves
history information. If a user visits a web page with a very
long title, it is possible Mozilla will crash or take a very
long time to start the next time it is run. (CVE-2005-4134)
---------------------------------------------------------------------* Sun Jan 29 2006 Christopher Aillon  37:1.7.12-1.5.2
- Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296

---------------------------------------------------------------------This update can be downloaded from:
  
2d63b67eca3a37cfd58d0fe898c94b7f07428f3f  SRPMS/mozilla-1.7.12-1.5.2.src.rpm
5792fd158f6c9de07b6fc33dac63f63964fc5372  ppc/mozilla-1.7.12-1.5.2.ppc.rpm
22fb55e6c03609948e71645750e446dbcf7a6342  ppc/mozilla-nspr-1.7.12-1.5.2.ppc.rpm
c4e5209f64788a1f68cfceaecb9e86d706d2dc4a  ppc/mozilla-nspr-devel-1.7.12-1.5.2.ppc.rpm
866ece106827a85431f4dd769f477707ce5726f4  ppc/mozilla-nss-1.7.12-1.5.2.ppc.rpm
372ac7c5d9c7092db5e89b1b2c32ff655ed4bc13  ppc/mozilla-nss-devel-1.7.12-1.5.2.ppc.rpm
bfb343549a0f61a3e4af02ce1eb504970a95b84a  ppc/mozilla-devel-1.7.12-1.5.2.ppc.rpm
83653b993a3c1f939f1228746bab5999f4aa641e  ppc/mozilla-mail-1.7.12-1.5.2.ppc.rpm
925c0ac3ea1b2bd90442cbebaf17b64a5bde7ff4  ppc/mozilla-chat-1.7.12-1.5.2.ppc.rpm
c904061f97fa70e2dbddfde39a9fafe365c998a6  ppc/mozilla-js-debugger-1.7.12-1.5.2.ppc.rpm
a809b5149d1386bd63e231f73d8053608fcda795  ppc/mozilla-dom-inspector-1.7.12-1.5.2.ppc.rpm
fe503337dacdf1a458f8a6b1b3537d32352eb410  ppc/debug/mozilla-debuginfo-1.7.12-1.5.2.ppc.rpm
1eb5c26cea0db6e73fe6dfc17ff2213d01c580cf  x86_64/mozilla-1.7.12-1.5.2.x86_64.rpm
a7f7bedc70223aa12d694dcf391c162898618bc1  x86_64/mozilla-nspr-1.7.12-1.5.2.x86_64.rpm
8ff7d0c8475d443365aa6e6b8d4a20ffe8b6f8c9  x86_64/mozilla-nspr-devel-1.7.12-1.5.2.x86_64.rpm
ecbbdaebf5f0926db5b06abeb28cd7f26f644f4e  x86_64/mozilla-nss-1.7.12-1.5.2.x86_64.rpm
d7949c70bc730ce4fa9670a90b2870169e35c574  x86_64/mozilla-nss-devel-1.7.12-1.5.2.x86_64.rpm
0c39728a2e6ef28c87159aaa95189ec3bc7b0e0e  x86_64/mozilla-devel-1.7.12-1.5.2.x86_64.rpm
ce814bf566fe2e8b0fcd78ef8f2b77ec3041620d  x86_64/mozilla-mail-1.7.12-1.5.2.x86_64.rpm
36ff9cdd4d72510eaedd2e98eaae4d2d67b2f27a  x86_64/mozilla-chat-1.7.12-1.5.2.x86_64.rpm
73e3a60f9e9e7ef2d613ecbd7a516e0347fd52c2  x86_64/mozilla-js-debugger-1.7.12-1.5.2.x86_64.rpm
0da54002f43f92b6810b408b1d0fca9f81eba5cc  x86_64/mozilla-dom-inspector-1.7.12-1.5.2.x86_64.rpm
aec63cc8952bcdeedca64d5c13bbaaaa9accef74  x86_64/debug/mozilla-debuginfo-1.7.12-1.5.2.x86_64.rpm
f5f1cf060f250fd274e560e55dd2ee1c866218e5  i386/mozilla-1.7.12-1.5.2.i386.rpm
15beac21ff0ff6b43117b5d128a81834d8d755d5  i386/mozilla-nspr-1.7.12-1.5.2.i386.rpm
51525231e79de34a335acf40b47bbf800b1d85ab  i386/mozilla-nspr-devel-1.7.12-1.5.2.i386.rpm
6d65ad231025054b6797828346d679d111019523  i386/mozilla-nss-1.7.12-1.5.2.i386.rpm
f54042f6f450db77d4ffbc83cd87864c683cd7dc  i386/mozilla-nss-devel-1.7.12-1.5.2.i386.rpm
93ee64fdfbc8eb4fcdf4c7317f859d98c72963f3  i386/mozilla-devel-1.7.12-1.5.2.i386.rpm
61027b28a80358a0cb874f3e4ebfeb29b0a34a1b  i386/mozilla-mail-1.7.12-1.5.2.i386.rpm
350263359cdbe1959e0f24299109cb1d7efc1e5a  i386/mozilla-chat-1.7.12-1.5.2.i386.rpm
e15edc081719380528c5e17b166c05191e98d168  i386/mozilla-js-debugger-1.7.12-1.5.2.i386.rpm
020cf3c6252e44adb37e3680a6e7ae7216e8670e  i386/mozilla-dom-inspector-1.7.12-1.5.2.i386.rpm
c9ea96428af2ef0a90c0f509e1ba48670cc4471a  i386/debug/mozilla-debuginfo-1.7.12-1.5.2.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at .
----------------------------------------------------------------------- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 4 Update: mozilla-1.7.12-1.5.2

February 2, 2006
Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor

Summary

Mozilla is an open-source web browser, designed for standards

compliance, performance and portability.

Mozilla is an open source Web browser, advanced email and

newsgroup client, IRC chat client, and HTML editor.

Igor Bukanov discovered a bug in the way Mozilla's

JavaScript interpreter dereferences objects. If a user

visits a malicious web page, Mozilla could crash or execute

arbitrary code as the user running Mozilla. The Common

Vulnerabilities and Exposures project assigned the name

CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Mozilla's

XULDocument.persist() function. A malicious web page could

inject arbitrary RDF data into a user's localstore.rdf file,

which can cause Mozilla to execute arbitrary JavaScript when

a user runs Mozilla. (CVE-2006-0296)

A denial of service bug was found in the way Mozilla saves

history information. If a user visits a web page with a very

long title, it is possible Mozilla will crash or take a very

long time to start the next time it is run. (CVE-2005-4134)

- Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296

2d63b67eca3a37cfd58d0fe898c94b7f07428f3f SRPMS/mozilla-1.7.12-1.5.2.src.rpm

5792fd158f6c9de07b6fc33dac63f63964fc5372 ppc/mozilla-1.7.12-1.5.2.ppc.rpm

22fb55e6c03609948e71645750e446dbcf7a6342 ppc/mozilla-nspr-1.7.12-1.5.2.ppc.rpm

c4e5209f64788a1f68cfceaecb9e86d706d2dc4a ppc/mozilla-nspr-devel-1.7.12-1.5.2.ppc.rpm

866ece106827a85431f4dd769f477707ce5726f4 ppc/mozilla-nss-1.7.12-1.5.2.ppc.rpm

372ac7c5d9c7092db5e89b1b2c32ff655ed4bc13 ppc/mozilla-nss-devel-1.7.12-1.5.2.ppc.rpm

bfb343549a0f61a3e4af02ce1eb504970a95b84a ppc/mozilla-devel-1.7.12-1.5.2.ppc.rpm

83653b993a3c1f939f1228746bab5999f4aa641e ppc/mozilla-mail-1.7.12-1.5.2.ppc.rpm

925c0ac3ea1b2bd90442cbebaf17b64a5bde7ff4 ppc/mozilla-chat-1.7.12-1.5.2.ppc.rpm

c904061f97fa70e2dbddfde39a9fafe365c998a6 ppc/mozilla-js-debugger-1.7.12-1.5.2.ppc.rpm

a809b5149d1386bd63e231f73d8053608fcda795 ppc/mozilla-dom-inspector-1.7.12-1.5.2.ppc.rpm

fe503337dacdf1a458f8a6b1b3537d32352eb410 ppc/debug/mozilla-debuginfo-1.7.12-1.5.2.ppc.rpm

1eb5c26cea0db6e73fe6dfc17ff2213d01c580cf x86_64/mozilla-1.7.12-1.5.2.x86_64.rpm

a7f7bedc70223aa12d694dcf391c162898618bc1 x86_64/mozilla-nspr-1.7.12-1.5.2.x86_64.rpm

8ff7d0c8475d443365aa6e6b8d4a20ffe8b6f8c9 x86_64/mozilla-nspr-devel-1.7.12-1.5.2.x86_64.rpm

ecbbdaebf5f0926db5b06abeb28cd7f26f644f4e x86_64/mozilla-nss-1.7.12-1.5.2.x86_64.rpm

d7949c70bc730ce4fa9670a90b2870169e35c574 x86_64/mozilla-nss-devel-1.7.12-1.5.2.x86_64.rpm

0c39728a2e6ef28c87159aaa95189ec3bc7b0e0e x86_64/mozilla-devel-1.7.12-1.5.2.x86_64.rpm

ce814bf566fe2e8b0fcd78ef8f2b77ec3041620d x86_64/mozilla-mail-1.7.12-1.5.2.x86_64.rpm

36ff9cdd4d72510eaedd2e98eaae4d2d67b2f27a x86_64/mozilla-chat-1.7.12-1.5.2.x86_64.rpm

73e3a60f9e9e7ef2d613ecbd7a516e0347fd52c2 x86_64/mozilla-js-debugger-1.7.12-1.5.2.x86_64.rpm

0da54002f43f92b6810b408b1d0fca9f81eba5cc x86_64/mozilla-dom-inspector-1.7.12-1.5.2.x86_64.rpm

aec63cc8952bcdeedca64d5c13bbaaaa9accef74 x86_64/debug/mozilla-debuginfo-1.7.12-1.5.2.x86_64.rpm

f5f1cf060f250fd274e560e55dd2ee1c866218e5 i386/mozilla-1.7.12-1.5.2.i386.rpm

15beac21ff0ff6b43117b5d128a81834d8d755d5 i386/mozilla-nspr-1.7.12-1.5.2.i386.rpm

51525231e79de34a335acf40b47bbf800b1d85ab i386/mozilla-nspr-devel-1.7.12-1.5.2.i386.rpm

6d65ad231025054b6797828346d679d111019523 i386/mozilla-nss-1.7.12-1.5.2.i386.rpm

f54042f6f450db77d4ffbc83cd87864c683cd7dc i386/mozilla-nss-devel-1.7.12-1.5.2.i386.rpm

93ee64fdfbc8eb4fcdf4c7317f859d98c72963f3 i386/mozilla-devel-1.7.12-1.5.2.i386.rpm

61027b28a80358a0cb874f3e4ebfeb29b0a34a1b i386/mozilla-mail-1.7.12-1.5.2.i386.rpm

350263359cdbe1959e0f24299109cb1d7efc1e5a i386/mozilla-chat-1.7.12-1.5.2.i386.rpm

e15edc081719380528c5e17b166c05191e98d168 i386/mozilla-js-debugger-1.7.12-1.5.2.i386.rpm

020cf3c6252e44adb37e3680a6e7ae7216e8670e i386/mozilla-dom-inspector-1.7.12-1.5.2.i386.rpm

c9ea96428af2ef0a90c0f509e1ba48670cc4471a i386/debug/mozilla-debuginfo-1.7.12-1.5.2.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

fedora-announce-list mailing list

fedora-announce-list@redhat.com

https://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2006-075 2006-02-02 Name : mozilla Version : 1.7.12 Release : 1.5.2 Summary : Web browser and mail reader Description : Mozilla is an open-source web browser, designed for standards compliance, performance and portability. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Igor Bukanov discovered a bug in the way Mozilla's JavaScript interpreter dereferences objects. If a user visits a malicious web page, Mozilla could crash or execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Mozilla to execute arbitrary JavaScript when a user runs Mozilla. (CVE-2006-0296) A denial of service bug was found in the way Mozilla saves history information. If a user visits a web page with a very long title, it is possible Mozilla will crash or take a very long time to start the next time it is run. (CVE-2005-4134) - Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296 2d63b67eca3a37cfd58d0fe898c94b7f07428f3f SRPMS/mozilla-1.7.12-1.5.2.src.rpm 5792fd158f6c9de07b6fc33dac63f63964fc5372 ppc/mozilla-1.7.12-1.5.2.ppc.rpm 22fb55e6c03609948e71645750e446dbcf7a6342 ppc/mozilla-nspr-1.7.12-1.5.2.ppc.rpm c4e5209f64788a1f68cfceaecb9e86d706d2dc4a ppc/mozilla-nspr-devel-1.7.12-1.5.2.ppc.rpm 866ece106827a85431f4dd769f477707ce5726f4 ppc/mozilla-nss-1.7.12-1.5.2.ppc.rpm 372ac7c5d9c7092db5e89b1b2c32ff655ed4bc13 ppc/mozilla-nss-devel-1.7.12-1.5.2.ppc.rpm bfb343549a0f61a3e4af02ce1eb504970a95b84a ppc/mozilla-devel-1.7.12-1.5.2.ppc.rpm 83653b993a3c1f939f1228746bab5999f4aa641e ppc/mozilla-mail-1.7.12-1.5.2.ppc.rpm 925c0ac3ea1b2bd90442cbebaf17b64a5bde7ff4 ppc/mozilla-chat-1.7.12-1.5.2.ppc.rpm c904061f97fa70e2dbddfde39a9fafe365c998a6 ppc/mozilla-js-debugger-1.7.12-1.5.2.ppc.rpm a809b5149d1386bd63e231f73d8053608fcda795 ppc/mozilla-dom-inspector-1.7.12-1.5.2.ppc.rpm fe503337dacdf1a458f8a6b1b3537d32352eb410 ppc/debug/mozilla-debuginfo-1.7.12-1.5.2.ppc.rpm 1eb5c26cea0db6e73fe6dfc17ff2213d01c580cf x86_64/mozilla-1.7.12-1.5.2.x86_64.rpm a7f7bedc70223aa12d694dcf391c162898618bc1 x86_64/mozilla-nspr-1.7.12-1.5.2.x86_64.rpm 8ff7d0c8475d443365aa6e6b8d4a20ffe8b6f8c9 x86_64/mozilla-nspr-devel-1.7.12-1.5.2.x86_64.rpm ecbbdaebf5f0926db5b06abeb28cd7f26f644f4e x86_64/mozilla-nss-1.7.12-1.5.2.x86_64.rpm d7949c70bc730ce4fa9670a90b2870169e35c574 x86_64/mozilla-nss-devel-1.7.12-1.5.2.x86_64.rpm 0c39728a2e6ef28c87159aaa95189ec3bc7b0e0e x86_64/mozilla-devel-1.7.12-1.5.2.x86_64.rpm ce814bf566fe2e8b0fcd78ef8f2b77ec3041620d x86_64/mozilla-mail-1.7.12-1.5.2.x86_64.rpm 36ff9cdd4d72510eaedd2e98eaae4d2d67b2f27a x86_64/mozilla-chat-1.7.12-1.5.2.x86_64.rpm 73e3a60f9e9e7ef2d613ecbd7a516e0347fd52c2 x86_64/mozilla-js-debugger-1.7.12-1.5.2.x86_64.rpm 0da54002f43f92b6810b408b1d0fca9f81eba5cc x86_64/mozilla-dom-inspector-1.7.12-1.5.2.x86_64.rpm aec63cc8952bcdeedca64d5c13bbaaaa9accef74 x86_64/debug/mozilla-debuginfo-1.7.12-1.5.2.x86_64.rpm f5f1cf060f250fd274e560e55dd2ee1c866218e5 i386/mozilla-1.7.12-1.5.2.i386.rpm 15beac21ff0ff6b43117b5d128a81834d8d755d5 i386/mozilla-nspr-1.7.12-1.5.2.i386.rpm 51525231e79de34a335acf40b47bbf800b1d85ab i386/mozilla-nspr-devel-1.7.12-1.5.2.i386.rpm 6d65ad231025054b6797828346d679d111019523 i386/mozilla-nss-1.7.12-1.5.2.i386.rpm f54042f6f450db77d4ffbc83cd87864c683cd7dc i386/mozilla-nss-devel-1.7.12-1.5.2.i386.rpm 93ee64fdfbc8eb4fcdf4c7317f859d98c72963f3 i386/mozilla-devel-1.7.12-1.5.2.i386.rpm 61027b28a80358a0cb874f3e4ebfeb29b0a34a1b i386/mozilla-mail-1.7.12-1.5.2.i386.rpm 350263359cdbe1959e0f24299109cb1d7efc1e5a i386/mozilla-chat-1.7.12-1.5.2.i386.rpm e15edc081719380528c5e17b166c05191e98d168 i386/mozilla-js-debugger-1.7.12-1.5.2.i386.rpm 020cf3c6252e44adb37e3680a6e7ae7216e8670e i386/mozilla-dom-inspector-1.7.12-1.5.2.i386.rpm c9ea96428af2ef0a90c0f509e1ba48670cc4471a i386/debug/mozilla-debuginfo-1.7.12-1.5.2.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . fedora-announce-list mailing list fedora-announce-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : mozilla
Version : 1.7.12
Release : 1.5.2
Summary : Web browser and mail reader

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved