RedHat: Important: Mozilla security update
Posted by Benjamin D. Thomas   
RedHat Linux Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: Mozilla security update
Advisory ID:       RHSA-2005:384-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-384.html
Issue date:        2005-04-28
Updated on:        2005-04-28
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-1156 CAN-2005-0142 CAN-2005-0143 CAN-2005-0146 CAN-2005-0231 CAN-2005-0232 CAN-2005-0233 CAN-2005-0401 CAN-2005-0527 CAN-2005-0578 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588 CAN-2005-0590 CAN-2005-0591 CAN-2005-0593 CAN-2005-0989 CAN-2005-1153 CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1159 CAN-2005-1160
- ---------------------------------------------------------------------

1. Summary:

Updated Mozilla packages that fix various security bugs are now available.

This update has been rated as having Important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

Several bugs were found with the way Mozilla displays the secure site icon.
It is possible that a malicious website could display the secure site icon
along with incorrect certificate information. (CAN-2005-0143 CAN-2005-0593)

A bug was found in the way Mozilla handles synthetic middle click events.
It is possible for a malicious web page to steal the contents of a victims
clipboard. (CAN-2005-0146)

Several bugs were found with the way Mozilla handles temporary files. A
local user could view sensitive temporary information or delete arbitrary
files. (CAN-2005-0142 CAN-2005-0578)

A bug was found in the way Mozilla handles pop-up windows. It is possible
for a malicious website to control the content in an unrelated site's
pop-up window. (CAN-2004-1156)

A flaw was found in the way Mozilla displays international domain names. It
is possible for an attacker to display a valid URL, tricking the user into
thinking they are viewing a legitimate webpage when they are not.
(CAN-2005-0233)

A bug was found in the way Mozilla processes XUL content. If a malicious
web page can trick a user into dragging an object, it is possible to load
malicious XUL content. (CAN-2005-0401)

A bug was found in the way Mozilla handles xsl:include and xsl:import
directives. It is possible for a malicious website to import XSLT
stylesheets from a domain behind a firewall, leaking information to an
attacker. (CAN-2005-0588)

Several bugs were found in the way Mozilla displays alert dialogs. It is
possible for a malicious webserver or website to trick a user into thinking
the dialog window is being generated from a trusted site. (CAN-2005-0586
CAN-2005-0591 CAN-2005-0585 CAN-2005-0590 CAN-2005-0584)

A bug was found in the Mozilla javascript security manager. If a user drags
a malicious link to a tab, the javascript security manager is bypassed,
which could result in remote code execution or information disclosure.
(CAN-2005-0231)

A bug was found in the way Mozilla allows plug-ins to load privileged
content into a frame. It is possible that a malicious webpage could trick a
user into clicking in certain places to modify configuration settings or
execute arbitrary code. (CAN-2005-0232 and CAN-2005-0527)

A bug was found in the way Mozilla handles anonymous functions during
regular expression string replacement. It is possible for a malicious web
page to capture a random block of browser memory. (CAN-2005-0989)

A bug was found in the way Mozilla displays pop-up windows. If a user
choses to open a pop-up window whose URL is malicious javascript, the
script will be executed with elevated privileges. (CAN-2005-1153)

A bug was found in the way Mozilla installed search plugins. If a user
chooses to install a search plugin from a malicious site, the new plugin
could silently overwrite an existing plugin. This could allow the malicious
plugin to execute arbitrary code and stealm sensitive information.
(CAN-2005-1156 CAN-2005-1157)

Several bugs were found in the Mozilla javascript engine. A malicious web
page could leverage these issues to execute javascript with elevated
privileges or steal sensitive information. (CAN-2005-1154 CAN-2005-1155
CAN-2005-1159 CAN-2005-1160)

Users of Mozilla are advised to upgrade to this updated package which
contains Mozilla version 1.7.7 to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

142390 - CAN-2004-1156 Frame injection vulnerability.
144080 - CAN-2005-0585 download dialog URL spoofing
145606 - CAN-2005-0142 Opened attachments are temporarily saved world-readable
145607 - CAN-2005-0143 Secure site lock can be spoofed with a binary download
145613 - CAN-2005-0146 Synthetic middle-click event can steal clipboard contents
147397 - homograph spoofing
152580 - CAN-2005-0578 Mozilla issues (CAN-2005-0232 CAN-2005-0527 CAN-2005-0231 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588 CAN-2005-0590 CAN-2005-0591 CAN-2005-0593)
155117 - CAN-2005-0989 Multiple Mozilla issues. (CAN-2005-1153  CAN-2005-1154  CAN-2005-1155  CAN-2005-1156  CAN-2005-1157  CAN-2005-1159  CAN-2005-1160)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/galeon-1.2.14-1.2.3.src.rpm
07d56551ec862e8f31a6de9ec9b46485  galeon-1.2.14-1.2.3.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.7.7-1.1.2.1.src.rpm
4b4ed11ca58571c793c613c4bdddb6cc  mozilla-1.7.7-1.1.2.1.src.rpm

i386:
b1666209547c01469430edc30ad56eca  galeon-1.2.14-1.2.3.i386.rpm
9c657d56f41bdf683c6e32ee7725f80e  mozilla-1.7.7-1.1.2.1.i386.rpm
2790d364098c4967ccaaa2e066910f4d  mozilla-chat-1.7.7-1.1.2.1.i386.rpm
2d962e0048ee7bf28fe46b10ff4f7995  mozilla-devel-1.7.7-1.1.2.1.i386.rpm
cb841f2bca59e91836fb9fc789e71b7d  mozilla-dom-inspector-1.7.7-1.1.2.1.i386.rpm
3065f5bbddfe2847d5086ec7a9fecf25  mozilla-js-debugger-1.7.7-1.1.2.1.i386.rpm
11a5bebb1e5a2bb03c91bc4af799c63f  mozilla-mail-1.7.7-1.1.2.1.i386.rpm
3ff3a556dbeb5e230cfea37a09758a18  mozilla-nspr-1.7.7-1.1.2.1.i386.rpm
75596eac1b481ecbb2cec1b1395f9430  mozilla-nspr-devel-1.7.7-1.1.2.1.i386.rpm
283e705b2bf5b614bb2c06406bb3912d  mozilla-nss-1.7.7-1.1.2.1.i386.rpm
8f1be6c41914a462802a7d08f9964dce  mozilla-nss-devel-1.7.7-1.1.2.1.i386.rpm

ia64:
24355dff0a64b0e3db3b8dcb42fb0d9f  galeon-1.2.14-1.2.3.ia64.rpm
13ed50f691e34fd5c4589731edb3b68c  mozilla-1.7.7-1.1.2.1.ia64.rpm
6cd0cc13580862862fd2ed20739f50f0  mozilla-chat-1.7.7-1.1.2.1.ia64.rpm
ec70a66a20196c8bc164f1edbc0ecaad  mozilla-devel-1.7.7-1.1.2.1.ia64.rpm
4ddbb18866e5744e53049967d4072e8f  mozilla-dom-inspector-1.7.7-1.1.2.1.ia64.rpm
7b8583815c6bd27fc6614a9e8d299e22  mozilla-js-debugger-1.7.7-1.1.2.1.ia64.rpm
9e43b191a19de44c30651a6b7cf435b4  mozilla-mail-1.7.7-1.1.2.1.ia64.rpm
1f76d9355ebb0ff70160f3f10d865c61  mozilla-nspr-1.7.7-1.1.2.1.ia64.rpm
19e27678ace617f22e73c886a56f4c6a  mozilla-nspr-devel-1.7.7-1.1.2.1.ia64.rpm
b173b8a89edc37dfab359f1d20c2efa8  mozilla-nss-1.7.7-1.1.2.1.ia64.rpm
d1700e681b74e1653684bd079b8d8bd0  mozilla-nss-devel-1.7.7-1.1.2.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/galeon-1.2.14-1.2.3.src.rpm
07d56551ec862e8f31a6de9ec9b46485  galeon-1.2.14-1.2.3.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.7.7-1.1.2.1.src.rpm
4b4ed11ca58571c793c613c4bdddb6cc  mozilla-1.7.7-1.1.2.1.src.rpm

ia64:
24355dff0a64b0e3db3b8dcb42fb0d9f  galeon-1.2.14-1.2.3.ia64.rpm
13ed50f691e34fd5c4589731edb3b68c  mozilla-1.7.7-1.1.2.1.ia64.rpm
6cd0cc13580862862fd2ed20739f50f0  mozilla-chat-1.7.7-1.1.2.1.ia64.rpm
ec70a66a20196c8bc164f1edbc0ecaad  mozilla-devel-1.7.7-1.1.2.1.ia64.rpm
4ddbb18866e5744e53049967d4072e8f  mozilla-dom-inspector-1.7.7-1.1.2.1.ia64.rpm
7b8583815c6bd27fc6614a9e8d299e22  mozilla-js-debugger-1.7.7-1.1.2.1.ia64.rpm
9e43b191a19de44c30651a6b7cf435b4  mozilla-mail-1.7.7-1.1.2.1.ia64.rpm
1f76d9355ebb0ff70160f3f10d865c61  mozilla-nspr-1.7.7-1.1.2.1.ia64.rpm
19e27678ace617f22e73c886a56f4c6a  mozilla-nspr-devel-1.7.7-1.1.2.1.ia64.rpm
b173b8a89edc37dfab359f1d20c2efa8  mozilla-nss-1.7.7-1.1.2.1.ia64.rpm
d1700e681b74e1653684bd079b8d8bd0  mozilla-nss-devel-1.7.7-1.1.2.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/galeon-1.2.14-1.2.3.src.rpm
07d56551ec862e8f31a6de9ec9b46485  galeon-1.2.14-1.2.3.src.rpm
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.7.7-1.1.2.1.src.rpm
4b4ed11ca58571c793c613c4bdddb6cc  mozilla-1.7.7-1.1.2.1.src.rpm

i386:
b1666209547c01469430edc30ad56eca  galeon-1.2.14-1.2.3.i386.rpm
9c657d56f41bdf683c6e32ee7725f80e  mozilla-1.7.7-1.1.2.1.i386.rpm
2790d364098c4967ccaaa2e066910f4d  mozilla-chat-1.7.7-1.1.2.1.i386.rpm
2d962e0048ee7bf28fe46b10ff4f7995  mozilla-devel-1.7.7-1.1.2.1.i386.rpm
cb841f2bca59e91836fb9fc789e71b7d  mozilla-dom-inspector-1.7.7-1.1.2.1.i386.rpm
3065f5bbddfe2847d5086ec7a9fecf25  mozilla-js-debugger-1.7.7-1.1.2.1.i386.rpm
11a5bebb1e5a2bb03c91bc4af799c63f  mozilla-mail-1.7.7-1.1.2.1.i386.rpm
3ff3a556dbeb5e230cfea37a09758a18  mozilla-nspr-1.7.7-1.1.2.1.i386.rpm
75596eac1b481ecbb2cec1b1395f9430  mozilla-nspr-devel-1.7.7-1.1.2.1.i386.rpm
283e705b2bf5b614bb2c06406bb3912d  mozilla-nss-1.7.7-1.1.2.1.i386.rpm
8f1be6c41914a462802a7d08f9964dce  mozilla-nss-devel-1.7.7-1.1.2.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/galeon-1.2.14-1.2.3.src.rpm
07d56551ec862e8f31a6de9ec9b46485  galeon-1.2.14-1.2.3.src.rpm
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.7.7-1.1.2.1.src.rpm
4b4ed11ca58571c793c613c4bdddb6cc  mozilla-1.7.7-1.1.2.1.src.rpm

i386:
b1666209547c01469430edc30ad56eca  galeon-1.2.14-1.2.3.i386.rpm
9c657d56f41bdf683c6e32ee7725f80e  mozilla-1.7.7-1.1.2.1.i386.rpm
2790d364098c4967ccaaa2e066910f4d  mozilla-chat-1.7.7-1.1.2.1.i386.rpm
2d962e0048ee7bf28fe46b10ff4f7995  mozilla-devel-1.7.7-1.1.2.1.i386.rpm
cb841f2bca59e91836fb9fc789e71b7d  mozilla-dom-inspector-1.7.7-1.1.2.1.i386.rpm
3065f5bbddfe2847d5086ec7a9fecf25  mozilla-js-debugger-1.7.7-1.1.2.1.i386.rpm
11a5bebb1e5a2bb03c91bc4af799c63f  mozilla-mail-1.7.7-1.1.2.1.i386.rpm
3ff3a556dbeb5e230cfea37a09758a18  mozilla-nspr-1.7.7-1.1.2.1.i386.rpm
75596eac1b481ecbb2cec1b1395f9430  mozilla-nspr-devel-1.7.7-1.1.2.1.i386.rpm
283e705b2bf5b614bb2c06406bb3912d  mozilla-nss-1.7.7-1.1.2.1.i386.rpm
8f1be6c41914a462802a7d08f9964dce  mozilla-nss-devel-1.7.7-1.1.2.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.7.7-1.1.3.4.src.rpm
525e2ee941a69669a06b2522e3806f19  mozilla-1.7.7-1.1.3.4.src.rpm

i386:
7c50a099153179bd7e827078bf14c83e  mozilla-1.7.7-1.1.3.4.i386.rpm
670951ea2ecd2c7b5d1f25f731128e88  mozilla-chat-1.7.7-1.1.3.4.i386.rpm
43b9801777c7b6bc7864a21cb8ab4152  mozilla-devel-1.7.7-1.1.3.4.i386.rpm
e0adc24c19a8ed053e83160639075b81  mozilla-dom-inspector-1.7.7-1.1.3.4.i386.rpm
a6841f7b1d18f2c896dd9487996f62cb  mozilla-js-debugger-1.7.7-1.1.3.4.i386.rpm
0c84662fa8f1e47a643c57df3da44030  mozilla-mail-1.7.7-1.1.3.4.i386.rpm
883d4402fc93a9d7bc625770a283d50a  mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
33471adde84e88497d856dfa3dffc92d  mozilla-nspr-devel-1.7.7-1.1.3.4.i386.rpm
2de53f7f4895fb721497434e005a3d55  mozilla-nss-1.7.7-1.1.3.4.i386.rpm
87ea0f26e60f94d7af5cfb163136582e  mozilla-nss-devel-1.7.7-1.1.3.4.i386.rpm

ia64:
9684baa99edfe6fc6f916ec9b5f28b50  mozilla-1.7.7-1.1.3.4.ia64.rpm
c33f36bcbc038317150e760f67e41d3c  mozilla-chat-1.7.7-1.1.3.4.ia64.rpm
cd5961bd88a27043d983af13e1c5cef2  mozilla-devel-1.7.7-1.1.3.4.ia64.rpm
d92e4f6402ff510254c35989d10c2089  mozilla-dom-inspector-1.7.7-1.1.3.4.ia64.rpm
c858591aadf8c93e39fdf90fdef231a0  mozilla-js-debugger-1.7.7-1.1.3.4.ia64.rpm
33788ff7918c7f8f5d9fcfd460021145  mozilla-mail-1.7.7-1.1.3.4.ia64.rpm
52d0b70455ae9b8048f8c4b3c46d9118  mozilla-nspr-1.7.7-1.1.3.4.ia64.rpm
883d4402fc93a9d7bc625770a283d50a  mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
4ebb3bac874ee388f192613e89d534ea  mozilla-nspr-devel-1.7.7-1.1.3.4.ia64.rpm
d6605e746509e017cd1567eadc74c122  mozilla-nss-1.7.7-1.1.3.4.ia64.rpm
2de53f7f4895fb721497434e005a3d55  mozilla-nss-1.7.7-1.1.3.4.i386.rpm
815c377c2b59e835043f6bf07e7f19fa  mozilla-nss-devel-1.7.7-1.1.3.4.ia64.rpm

ppc:
82ce3674b9d9db22222a8b72dd34061d  mozilla-1.7.7-1.1.3.4.ppc.rpm
056b8f52aac99b70d84ded1620c95418  mozilla-chat-1.7.7-1.1.3.4.ppc.rpm
082833ec7036f4cb47d6b8ed7814fb54  mozilla-devel-1.7.7-1.1.3.4.ppc.rpm
9b5a4c1c00a8ef9fb9aa63cc175384d6  mozilla-dom-inspector-1.7.7-1.1.3.4.ppc.rpm
f36d4cec9b4ac80f9e2fd785be5b6b23  mozilla-js-debugger-1.7.7-1.1.3.4.ppc.rpm
61106e7cb958bcd8a55e10589c8f1e29  mozilla-mail-1.7.7-1.1.3.4.ppc.rpm
f41cb54d95bbcc44bfdf8a2dbf79b5d5  mozilla-nspr-1.7.7-1.1.3.4.ppc.rpm
cb6ff101259cdf151f0f822f8ca7d44d  mozilla-nspr-devel-1.7.7-1.1.3.4.ppc.rpm
7981a23fee3e9ef832e597e0dce30998  mozilla-nss-1.7.7-1.1.3.4.ppc.rpm
c6661a837e3d72bec2b71c29cd71b8b9  mozilla-nss-devel-1.7.7-1.1.3.4.ppc.rpm

s390:
af2e3f29e3ea2b4bb148eecde6bcbbad  mozilla-1.7.7-1.1.3.4.s390.rpm
8020d607c3d895e4df7f95727081b86c  mozilla-chat-1.7.7-1.1.3.4.s390.rpm
f0eb5fdee9ae6b5cc4f7b963442b2f03  mozilla-devel-1.7.7-1.1.3.4.s390.rpm
12c83501adae55a1566f7c30e621ca66  mozilla-dom-inspector-1.7.7-1.1.3.4.s390.rpm
ff17631810875a25fc7c6830e9fe0a91  mozilla-js-debugger-1.7.7-1.1.3.4.s390.rpm
66f9bb37047ffeb94d10e3f2097b9f2e  mozilla-mail-1.7.7-1.1.3.4.s390.rpm
7712acaf8bbf1dd5358f8cc320cf65a0  mozilla-nspr-1.7.7-1.1.3.4.s390.rpm
486f77b46386a97165388dc783fb39d0  mozilla-nspr-devel-1.7.7-1.1.3.4.s390.rpm
5e2c404600d52830bd877f43ebee10b1  mozilla-nss-1.7.7-1.1.3.4.s390.rpm
c986626308a59c958bae9c57cdc41976  mozilla-nss-devel-1.7.7-1.1.3.4.s390.rpm

s390x:
cc71398c2c966c772557e475d7c1c87f  mozilla-1.7.7-1.1.3.4.s390x.rpm
1c2d3e25a90bcfc349323755ded97980  mozilla-chat-1.7.7-1.1.3.4.s390x.rpm
a628dee5c31f9751649a35c4e27d433a  mozilla-devel-1.7.7-1.1.3.4.s390x.rpm
960fcdabcba69c0c5f522ebf595602ef  mozilla-dom-inspector-1.7.7-1.1.3.4.s390x.rpm
85d780a2fcbddbd801a66199ad1b9963  mozilla-js-debugger-1.7.7-1.1.3.4.s390x.rpm
d7ca7fdafffd021e48b5bb0b96f796fb  mozilla-mail-1.7.7-1.1.3.4.s390x.rpm
a64c95f8bd0a75495fe80e3aae854a8e  mozilla-nspr-1.7.7-1.1.3.4.s390x.rpm
7712acaf8bbf1dd5358f8cc320cf65a0  mozilla-nspr-1.7.7-1.1.3.4.s390.rpm
a1722ffbd1b54fa6afafce7715810e00  mozilla-nspr-devel-1.7.7-1.1.3.4.s390x.rpm
15f771ca3258ae5960ed88971fc5b068  mozilla-nss-1.7.7-1.1.3.4.s390x.rpm
5e2c404600d52830bd877f43ebee10b1  mozilla-nss-1.7.7-1.1.3.4.s390.rpm
2614becf48fa3034c34b817a9dfbb05e  mozilla-nss-devel-1.7.7-1.1.3.4.s390x.rpm

x86_64:
ed19956043c95bec234e018203544860  mozilla-1.7.7-1.1.3.4.x86_64.rpm
7c50a099153179bd7e827078bf14c83e  mozilla-1.7.7-1.1.3.4.i386.rpm
5677542c97ad598ebfc6df1889820e74  mozilla-chat-1.7.7-1.1.3.4.x86_64.rpm
8aa3920fbb6d18630efb9d03aa645e89  mozilla-devel-1.7.7-1.1.3.4.x86_64.rpm
168c85ac07b7b4c5f264c08d5dd38181  mozilla-dom-inspector-1.7.7-1.1.3.4.x86_64.rpm
9d8f08e81e14ddacb3b5da8c713cf853  mozilla-js-debugger-1.7.7-1.1.3.4.x86_64.rpm
91dfca37aa00624af1fed85f366a8536  mozilla-mail-1.7.7-1.1.3.4.x86_64.rpm
87250e5cf971736d8351f246a51398ca  mozilla-nspr-1.7.7-1.1.3.4.x86_64.rpm
883d4402fc93a9d7bc625770a283d50a  mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
cf03afb1121b772e306548f225c05c10  mozilla-nspr-devel-1.7.7-1.1.3.4.x86_64.rpm
75eb06b5cb399d672708d614d610e748  mozilla-nss-1.7.7-1.1.3.4.x86_64.rpm
2de53f7f4895fb721497434e005a3d55  mozilla-nss-1.7.7-1.1.3.4.i386.rpm
c84d40146508befb92293ca2e922a5cc  mozilla-nss-devel-1.7.7-1.1.3.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mozilla-1.7.7-1.1.3.4.src.rpm
525e2ee941a69669a06b2522e3806f19  mozilla-1.7.7-1.1.3.4.src.rpm

i386:
7c50a099153179bd7e827078bf14c83e  mozilla-1.7.7-1.1.3.4.i386.rpm
670951ea2ecd2c7b5d1f25f731128e88  mozilla-chat-1.7.7-1.1.3.4.i386.rpm
43b9801777c7b6bc7864a21cb8ab4152  mozilla-devel-1.7.7-1.1.3.4.i386.rpm
e0adc24c19a8ed053e83160639075b81  mozilla-dom-inspector-1.7.7-1.1.3.4.i386.rpm
a6841f7b1d18f2c896dd9487996f62cb  mozilla-js-debugger-1.7.7-1.1.3.4.i386.rpm
0c84662fa8f1e47a643c57df3da44030  mozilla-mail-1.7.7-1.1.3.4.i386.rpm
883d4402fc93a9d7bc625770a283d50a  mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
33471adde84e88497d856dfa3dffc92d  mozilla-nspr-devel-1.7.7-1.1.3.4.i386.rpm
2de53f7f4895fb721497434e005a3d55  mozilla-nss-1.7.7-1.1.3.4.i386.rpm
87ea0f26e60f94d7af5cfb163136582e  mozilla-nss-devel-1.7.7-1.1.3.4.i386.rpm

x86_64:
ed19956043c95bec234e018203544860  mozilla-1.7.7-1.1.3.4.x86_64.rpm
7c50a099153179bd7e827078bf14c83e  mozilla-1.7.7-1.1.3.4.i386.rpm
5677542c97ad598ebfc6df1889820e74  mozilla-chat-1.7.7-1.1.3.4.x86_64.rpm
8aa3920fbb6d18630efb9d03aa645e89  mozilla-devel-1.7.7-1.1.3.4.x86_64.rpm
168c85ac07b7b4c5f264c08d5dd38181  mozilla-dom-inspector-1.7.7-1.1.3.4.x86_64.rpm
9d8f08e81e14ddacb3b5da8c713cf853  mozilla-js-debugger-1.7.7-1.1.3.4.x86_64.rpm
91dfca37aa00624af1fed85f366a8536  mozilla-mail-1.7.7-1.1.3.4.x86_64.rpm
87250e5cf971736d8351f246a51398ca  mozilla-nspr-1.7.7-1.1.3.4.x86_64.rpm
883d4402fc93a9d7bc625770a283d50a  mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
cf03afb1121b772e306548f225c05c10  mozilla-nspr-devel-1.7.7-1.1.3.4.x86_64.rpm
75eb06b5cb399d672708d614d610e748  mozilla-nss-1.7.7-1.1.3.4.x86_64.rpm
2de53f7f4895fb721497434e005a3d55  mozilla-nss-1.7.7-1.1.3.4.i386.rpm
c84d40146508befb92293ca2e922a5cc  mozilla-nss-devel-1.7.7-1.1.3.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mozilla-1.7.7-1.1.3.4.src.rpm
525e2ee941a69669a06b2522e3806f19  mozilla-1.7.7-1.1.3.4.src.rpm

i386:
7c50a099153179bd7e827078bf14c83e  mozilla-1.7.7-1.1.3.4.i386.rpm
670951ea2ecd2c7b5d1f25f731128e88  mozilla-chat-1.7.7-1.1.3.4.i386.rpm
43b9801777c7b6bc7864a21cb8ab4152  mozilla-devel-1.7.7-1.1.3.4.i386.rpm
e0adc24c19a8ed053e83160639075b81  mozilla-dom-inspector-1.7.7-1.1.3.4.i386.rpm
a6841f7b1d18f2c896dd9487996f62cb  mozilla-js-debugger-1.7.7-1.1.3.4.i386.rpm
0c84662fa8f1e47a643c57df3da44030  mozilla-mail-1.7.7-1.1.3.4.i386.rpm
883d4402fc93a9d7bc625770a283d50a  mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
33471adde84e88497d856dfa3dffc92d  mozilla-nspr-devel-1.7.7-1.1.3.4.i386.rpm
2de53f7f4895fb721497434e005a3d55  mozilla-nss-1.7.7-1.1.3.4.i386.rpm
87ea0f26e60f94d7af5cfb163136582e  mozilla-nss-devel-1.7.7-1.1.3.4.i386.rpm

ia64:
9684baa99edfe6fc6f916ec9b5f28b50  mozilla-1.7.7-1.1.3.4.ia64.rpm
c33f36bcbc038317150e760f67e41d3c  mozilla-chat-1.7.7-1.1.3.4.ia64.rpm
cd5961bd88a27043d983af13e1c5cef2  mozilla-devel-1.7.7-1.1.3.4.ia64.rpm
d92e4f6402ff510254c35989d10c2089  mozilla-dom-inspector-1.7.7-1.1.3.4.ia64.rpm
c858591aadf8c93e39fdf90fdef231a0  mozilla-js-debugger-1.7.7-1.1.3.4.ia64.rpm
33788ff7918c7f8f5d9fcfd460021145  mozilla-mail-1.7.7-1.1.3.4.ia64.rpm
52d0b70455ae9b8048f8c4b3c46d9118  mozilla-nspr-1.7.7-1.1.3.4.ia64.rpm
883d4402fc93a9d7bc625770a283d50a  mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
4ebb3bac874ee388f192613e89d534ea  mozilla-nspr-devel-1.7.7-1.1.3.4.ia64.rpm
d6605e746509e017cd1567eadc74c122  mozilla-nss-1.7.7-1.1.3.4.ia64.rpm
2de53f7f4895fb721497434e005a3d55  mozilla-nss-1.7.7-1.1.3.4.i386.rpm
815c377c2b59e835043f6bf07e7f19fa  mozilla-nss-devel-1.7.7-1.1.3.4.ia64.rpm

x86_64:
ed19956043c95bec234e018203544860  mozilla-1.7.7-1.1.3.4.x86_64.rpm
7c50a099153179bd7e827078bf14c83e  mozilla-1.7.7-1.1.3.4.i386.rpm
5677542c97ad598ebfc6df1889820e74  mozilla-chat-1.7.7-1.1.3.4.x86_64.rpm
8aa3920fbb6d18630efb9d03aa645e89  mozilla-devel-1.7.7-1.1.3.4.x86_64.rpm
168c85ac07b7b4c5f264c08d5dd38181  mozilla-dom-inspector-1.7.7-1.1.3.4.x86_64.rpm
9d8f08e81e14ddacb3b5da8c713cf853  mozilla-js-debugger-1.7.7-1.1.3.4.x86_64.rpm
91dfca37aa00624af1fed85f366a8536  mozilla-mail-1.7.7-1.1.3.4.x86_64.rpm
87250e5cf971736d8351f246a51398ca  mozilla-nspr-1.7.7-1.1.3.4.x86_64.rpm
883d4402fc93a9d7bc625770a283d50a  mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
cf03afb1121b772e306548f225c05c10  mozilla-nspr-devel-1.7.7-1.1.3.4.x86_64.rpm
75eb06b5cb399d672708d614d610e748  mozilla-nss-1.7.7-1.1.3.4.x86_64.rpm
2de53f7f4895fb721497434e005a3d55  mozilla-nss-1.7.7-1.1.3.4.i386.rpm
c84d40146508befb92293ca2e922a5cc  mozilla-nss-devel-1.7.7-1.1.3.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mozilla-1.7.7-1.1.3.4.src.rpm
525e2ee941a69669a06b2522e3806f19  mozilla-1.7.7-1.1.3.4.src.rpm

i386:
7c50a099153179bd7e827078bf14c83e  mozilla-1.7.7-1.1.3.4.i386.rpm
670951ea2ecd2c7b5d1f25f731128e88  mozilla-chat-1.7.7-1.1.3.4.i386.rpm
43b9801777c7b6bc7864a21cb8ab4152  mozilla-devel-1.7.7-1.1.3.4.i386.rpm
e0adc24c19a8ed053e83160639075b81  mozilla-dom-inspector-1.7.7-1.1.3.4.i386.rpm
a6841f7b1d18f2c896dd9487996f62cb  mozilla-js-debugger-1.7.7-1.1.3.4.i386.rpm
0c84662fa8f1e47a643c57df3da44030  mozilla-mail-1.7.7-1.1.3.4.i386.rpm
883d4402fc93a9d7bc625770a283d50a  mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
33471adde84e88497d856dfa3dffc92d  mozilla-nspr-devel-1.7.7-1.1.3.4.i386.rpm
2de53f7f4895fb721497434e005a3d55  mozilla-nss-1.7.7-1.1.3.4.i386.rpm
87ea0f26e60f94d7af5cfb163136582e  mozilla-nss-devel-1.7.7-1.1.3.4.i386.rpm

ia64:
9684baa99edfe6fc6f916ec9b5f28b50  mozilla-1.7.7-1.1.3.4.ia64.rpm
c33f36bcbc038317150e760f67e41d3c  mozilla-chat-1.7.7-1.1.3.4.ia64.rpm
cd5961bd88a27043d983af13e1c5cef2  mozilla-devel-1.7.7-1.1.3.4.ia64.rpm
d92e4f6402ff510254c35989d10c2089  mozilla-dom-inspector-1.7.7-1.1.3.4.ia64.rpm
c858591aadf8c93e39fdf90fdef231a0  mozilla-js-debugger-1.7.7-1.1.3.4.ia64.rpm
33788ff7918c7f8f5d9fcfd460021145  mozilla-mail-1.7.7-1.1.3.4.ia64.rpm
52d0b70455ae9b8048f8c4b3c46d9118  mozilla-nspr-1.7.7-1.1.3.4.ia64.rpm
883d4402fc93a9d7bc625770a283d50a  mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
4ebb3bac874ee388f192613e89d534ea  mozilla-nspr-devel-1.7.7-1.1.3.4.ia64.rpm
d6605e746509e017cd1567eadc74c122  mozilla-nss-1.7.7-1.1.3.4.ia64.rpm
2de53f7f4895fb721497434e005a3d55  mozilla-nss-1.7.7-1.1.3.4.i386.rpm
815c377c2b59e835043f6bf07e7f19fa  mozilla-nss-devel-1.7.7-1.1.3.4.ia64.rpm

x86_64:
ed19956043c95bec234e018203544860  mozilla-1.7.7-1.1.3.4.x86_64.rpm
7c50a099153179bd7e827078bf14c83e  mozilla-1.7.7-1.1.3.4.i386.rpm
5677542c97ad598ebfc6df1889820e74  mozilla-chat-1.7.7-1.1.3.4.x86_64.rpm
8aa3920fbb6d18630efb9d03aa645e89  mozilla-devel-1.7.7-1.1.3.4.x86_64.rpm
168c85ac07b7b4c5f264c08d5dd38181  mozilla-dom-inspector-1.7.7-1.1.3.4.x86_64.rpm
9d8f08e81e14ddacb3b5da8c713cf853  mozilla-js-debugger-1.7.7-1.1.3.4.x86_64.rpm
91dfca37aa00624af1fed85f366a8536  mozilla-mail-1.7.7-1.1.3.4.x86_64.rpm
87250e5cf971736d8351f246a51398ca  mozilla-nspr-1.7.7-1.1.3.4.x86_64.rpm
883d4402fc93a9d7bc625770a283d50a  mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
cf03afb1121b772e306548f225c05c10  mozilla-nspr-devel-1.7.7-1.1.3.4.x86_64.rpm
75eb06b5cb399d672708d614d610e748  mozilla-nss-1.7.7-1.1.3.4.x86_64.rpm
2de53f7f4895fb721497434e005a3d55  mozilla-nss-1.7.7-1.1.3.4.i386.rpm
c84d40146508befb92293ca2e922a5cc  mozilla-nss-devel-1.7.7-1.1.3.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.