LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated mozilla packages to address DoS vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Mozilla and Mozilla Firefox allow remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. (CVE-2005-4134) The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:036
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mozilla
 Date    : February 7, 2006
 Affected: Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Mozilla and Mozilla Firefox allow remote attackers to cause a denial of
 service (CPU consumption and delayed application startup) via a web
 site with a large title, which is recorded in history.dat but not
 processed efficiently during startup. (CVE-2005-4134)
 
 The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before
 1.5.1 does not properly dereference objects, which allows remote
 attackers to cause a denial of service (crash) or execute arbitrary
 code via unknown attack vectors related to garbage collection.
 (CVE-2006-0292)
 
 The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1,
 and SeaMonkey before 1.0 does not validate the attribute name, which
 allows remote attackers to execute arbitrary Javascript by injecting
 RDF data into the user's localstore.rdf file. (CVE-2006-0296)
 
 Updated packages are patched to address these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 8d1376d6440bc1602ab2b1c74262a30c  corporate/3.0/RPMS/libnspr4-1.7.8-0.7.C30mdk.i586.rpm
 ceae80feec83d84891234f8bcf546247  corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.7.C30mdk.i586.rpm
 4be42f4a2297322ac93e6c4e635a225b  corporate/3.0/RPMS/libnss3-1.7.8-0.7.C30mdk.i586.rpm
 f7490d1448b0ef6fe8eaa7561066095f  corporate/3.0/RPMS/libnss3-devel-1.7.8-0.7.C30mdk.i586.rpm
 d3c71d0217099e4586818dc40f819308  corporate/3.0/RPMS/mozilla-1.7.8-0.7.C30mdk.i586.rpm
 5d73ae4396714d8b5bf9892090c22724  corporate/3.0/RPMS/mozilla-devel-1.7.8-0.7.C30mdk.i586.rpm
 005998ef07bd769563084275c27928ec  corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.7.C30mdk.i586.rpm
 0774d333844c7d27b560146e632a33b2  corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.7.C30mdk.i586.rpm
 72bda6c0dfc17eb36b5f64aced6da5a3  corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.7.C30mdk.i586.rpm
 b425cbdf6b2f2261799869327527d1c7  corporate/3.0/RPMS/mozilla-irc-1.7.8-0.7.C30mdk.i586.rpm
 a2ba40970fd46883f707979925553074  corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.7.C30mdk.i586.rpm
 3f786a780a2355f4605886287fc489c3  corporate/3.0/RPMS/mozilla-mail-1.7.8-0.7.C30mdk.i586.rpm
 4dc8edd930a75430e84520b3b2f00859  corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.7.C30mdk.i586.rpm
 4f1024a56ad3c8f3aef13ff2ea881ceb  corporate/3.0/SRPMS/mozilla-1.7.8-0.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 990fd040a970e2fe393665bc87f9d964  x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.7.C30mdk.x86_64.rpm
 e70615c6a988f23636f7bf3d642d2028  x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.7.C30mdk.x86_64.rpm
 69e14625db53e49b4d1fcd9d346218db  x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.7.C30mdk.x86_64.rpm
 17f22cc0913232f4d0cd3efbffd17af1  x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.7.C30mdk.x86_64.rpm
 23d7b49cde6c2e96742f45625845d825  x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.7.C30mdk.x86_64.rpm
 a14cde7bc834e298f9b1ff97d0faa04c  x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.7.C30mdk.x86_64.rpm
 7b6a92d89e3771330e69b24eef80d02b  x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.7.C30mdk.x86_64.rpm
 88510e96eee3232f5dd931de50ef9878  x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.7.C30mdk.x86_64.rpm
 71e44f63b296849361d5733b0e6824d1  x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.7.C30mdk.x86_64.rpm
 1740b993c3c30a35dcd37d7c88bd6187  x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.7.C30mdk.x86_64.rpm
 13b44d4ab0a1b80fb50ad8c881d94253  x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.7.C30mdk.x86_64.rpm
 b9683c1834c25ab3d78606b912714780  x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.7.C30mdk.x86_64.rpm
 7ccb971d176e3e3a1a924bfc23f34b1e  x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.7.C30mdk.x86_64.rpm
 4f1024a56ad3c8f3aef13ff2ea881ceb  x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.7.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
'Snowden effect' has changed cloud data security assumption, survey claims
Galaxy S5 fingerprint scanner hacked with glue mould
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.