LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora Core 4 Update: firefox-1.0.7-1.2.fc4 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's JavaScript interpreter dereferences objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Firefox to execute arbitrary JavaScript when a user runs Firefox. (CVE-2006-0296) A denial of service bug was found in the way Firefox saves history information. If a user visits a web page with a very long title, it is possible Firefox will crash or take a very long time to start the next time it is run. (CVE-2005-4134)
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-076
2006-02-02
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : firefox
Version     : 1.0.7                      
Release     : 1.2.fc4                  
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------
Update Information:

Mozilla Firefox is an open source Web browser.

Igor Bukanov discovered a bug in the way Firefox's
JavaScript interpreter dereferences objects. If a user
visits a malicious web page, Firefox could crash or execute
arbitrary code as the user running Firefox. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Firefox's
XULDocument.persist() function. A malicious web page could
inject arbitrary RDF data into a user's localstore.rdf file,
which can cause Firefox to execute arbitrary JavaScript when
a user runs Firefox. (CVE-2006-0296)

A denial of service bug was found in the way Firefox saves
history information. If a user visits a web page with a very
long title, it is possible Firefox will crash or take a very
long time to start the next time it is run. (CVE-2005-4134)
---------------------------------------------------------------------
* Sun Jan 29 2006 Christopher Aillon  0:1.0.7-1.2.fc4
- Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

d37a19a1ad285f0605ed0a7fc3603c289e4d33a0  SRPMS/firefox-1.0.7-1.2.fc4.src.rpm
46d0d5698126e86ce6d2e844e113d230cd4f23ea  ppc/firefox-1.0.7-1.2.fc4.ppc.rpm
822405f5a6de3e18324b2a1270a0e9a08aabb234  ppc/debug/firefox-debuginfo-1.0.7-1.2.fc4.ppc.rpm
42c8d63a8dd251c505e19dfff2c61450c149c774  x86_64/firefox-1.0.7-1.2.fc4.x86_64.rpm
f737d3deb0c8791ed31caff83226d4b1a17a58d8  x86_64/debug/firefox-debuginfo-1.0.7-1.2.fc4.x86_64.rpm
c6d0a31bd2106ae7ffe65ff9c780209fa3edcd9a  i386/firefox-1.0.7-1.2.fc4.i386.rpm
6635d0ddc685bb7579f2701971704a4bec7d1dc8  i386/debug/firefox-debuginfo-1.0.7-1.2.fc4.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

-- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
University of California, Berkeley Hacked, Data Compromised
London teen pleads guilty to Spamhaus DDoS
New England security group shares threat intelligence, strives to bolster region
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.