Fedora Legacy Test Update Notification: mozilla
- Fedora Legacy Test Update Notification FEDORALEGACY-2006-189137-1 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189137 2006-05-15 - Name: mozilla Versions: rh7.3: mozilla-1.7.13-0.73.1.legacy Versions: rh9: mozilla-1.7.13-0.90.1.legacy Versions: fc1: mozilla-1.7.13-1.1.1.legacy Versions: fc2: mozilla-1.7.13-1.2.1.legacy Versions: fc3: mozilla-1.7.13-1.3.1.legacy Summary : A Web browser. Description : Mozilla is an open-source Web browser, designed for standards compliance, performance, and portability. - Update Information: Updated mozilla packages that fix several security bugs are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla processes malformed javascript. A malicious web page could modify the content of a different open web page, possibly stealing sensitive information or conducting a cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741) Several bugs were found in the way Mozilla processes certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of chrome, allowing the page to steal sensitive information or install browser malware. (CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742) Several bugs were found in the way Mozilla processes malformed web pages. A carefully crafted malicious web page could cause the execution of arbitrary code as the user running Mozilla. (CVE-2006-0748, CVE-2006-0749, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790) A bug was found in the way Mozilla displays the secure site icon. If a browser is configured to display the non-default secure site modal warning dialog, it may be possible to trick a user into believing they are viewing a secure site. (CVE-2006-1740) A bug was found in the way Mozilla allows javascript mutation events on input form elements. A malicious web page could be created in such a way that when a user submits a form, an arbitrary file could be uploaded to the attacker. (CVE-2006-1729) A bug was found in the way Mozilla executes in-line mail forwarding. If a user can be tricked into forwarding a maliciously crafted mail message as in-line content, it is possible for the message to execute javascript with the permissions of chrome. (CVE-2006-0884) Users of Mozilla are advised to upgrade to these updated packages containing Mozilla version 1.7.13 which corrects these issues. - Changelogs rh7.3: * Sat Apr 22 2006 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.13-0.73.1.legacy - Updated to 1.7.13 to fix security issues rh9: * Sat Apr 22 2006 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.13-0.90.1.legacy - Updated to 1.7.13 to fix security issues fc1: * Fri Apr 21 2006 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.13-1.1.1.legacy - Updated to 1.7.13 to fix security issues fc2: * Fri Apr 21 2006 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.13-1.2.1.legacy - Updated to 1.7.13 to fix security issues fc3: * Fri Apr 21 2006 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.13-1.3.1.legacy - Updated to 1.7.13 to fix security issues - This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: b7616c52ee2776f3577fcda0a0628c5ec6cffae7 redhat/7.3/updates-testing/i386/mozilla-1.7.13-0.73.1.legacy.i386.rpm a6234bd3b89616ce5b924a36c95ba1421b6b8ecf redhat/7.3/updates-testing/i386/mozilla-chat-1.7.13-0.73.1.legacy.i386.rpm 3d7b92d47b825f5a936c54ca63679916f428917e redhat/7.3/updates-testing/i386/mozilla-devel-1.7.13-0.73.1.legacy.i386.rpm 2b4c765543b3f4fc5ac04127ca70c70a33fddaec redhat/7.3/updates-testing/i386/mozilla-dom-inspector-1.7.13-0.73.1.legacy.i386.rpm c15eceb55105a87f8d5dc0db24b9cf95e815a5a2 redhat/7.3/updates-testing/i386/mozilla-js-debugger-1.7.13-0.73.1.legacy.i386.rpm 09dcdb176779a013efc6b1819e5391854d94a751 redhat/7.3/updates-testing/i386/mozilla-mail-1.7.13-0.73.1.legacy.i386.rpm 5126d56d8ff98dfdcd69ed6864821120fc959c55 redhat/7.3/updates-testing/i386/mozilla-nspr-1.7.13-0.73.1.legacy.i386.rpm d2db357f5fe0d1ffce22db18f7d95c96dcfcffa3 redhat/7.3/updates-testing/i386/mozilla-nspr-devel-1.7.13-0.73.1.legacy.i386.rpm 7b3a403f4981d5ffa676aa38e5699fca9e7c2f18 redhat/7.3/updates-testing/i386/mozilla-nss-1.7.13-0.73.1.legacy.i386.rpm 3eea1812fa6a6ef13ed8826cd7734bd266c9b0fb redhat/7.3/updates-testing/i386/mozilla-nss-devel-1.7.13-0.73.1.legacy.i386.rpm 46393b4afb72fcd8100de2c61b6531d9ffe1dbf5 redhat/7.3/updates-testing/i386/galeon-1.2.14-0.73.6.legacy.i386.rpm
Fedora Legacy Test Update Notification: mozilla
- Fedora Legacy Test Update Notification FEDORALEGACY-2006-180036-1 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180036 2006-02-11 - Name: mozilla Versions: rh7.3: mozilla-1.7.12-0.73.3.legacy Versions: rh9: mozilla-1.7.12-0.90.2.legacy Versions: fc1: mozilla-1.7.12-1.1.2.legacy Versions: fc2: mozilla-1.7.12-1.2.3.legacy Versions: fc3: mozilla-1.7.12-1.3.3.legacy Summary : A Web browser. Description : Mozilla is an open-source Web browser, designed for standards compliance, performance, and portability. - Update Information: Updated mozilla packages that fix several security bugs are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Igor Bukanov discovered a bug in the way Mozilla's Javascript interpreter dereferences objects. If a user visits a malicious web page, Mozilla could crash or execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Mozilla to execute arbitrary javascript when a user runs Mozilla. (CVE-2006-0296) A denial of service bug was found in the way Mozilla saves history information. If a user visits a web page with a very long title, it is possible Mozilla will crash or take a very long time the next time it is run. (CVE-2005-4134) Users of Mozilla are advised to upgrade to these updated packages, which contain backported patches to correct these issues. - Changelogs rh7.3: * Sun Feb 05 2006 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.12-0.73.3.legacy - Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296 rh9: * Mon Feb 06 2006 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.12-0.90.2.legacy - Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296 fc1: * Sun Feb 05 2006 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.12-1.1.2.legacy - Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296 fc2: * Fri Feb 10 2006 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.12-1.2.3.legacy - Added mozilla-nspr to BuildPrereq * Sun Feb 05 2006 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.12-1.2.2.legacy - Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296 fc3: * Fri Feb 10 2006 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.12-1.3.3.legacy - Added mozilla-nspr, gnome-vfs2-devel, desktop-file-utils, and krb5-devel to BuildPrereq * Sun Feb 05 2006 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.12-1.3.2.legacy - Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296 - This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: baf937574b92b01271c70169e5e6465eb7736c81 redhat/7.3/updates-testing/i386/mozilla-1.7.12-0.73.3.legacy.i386.rpm 4e401f2064201c290aa00527d148141904532d8a redhat/7.3/updates-testing/i386/mozilla-chat-1.7.12-0.73.3.legacy.i386.rpm d97acf0463781ac5600754b02b5a902125df5fd4 redhat/7.3/updates-testing/i386/mozilla-devel-1.7.12-0.73.3.legacy.i386.rpm 251eb4a2d0e0f8cf63b7b7975c9819a7e58fd5b3 redhat/7.3/updates-testing/i386/mozilla-dom-inspector-1.7.12-0.73.3.legacy.i386.rpm 584062b1c063fb8c2375693b49e48b8ae7530a00 redhat/7.3/updates-testing/i386/mozilla-js-debugger-1.7.12-0.73.3.legacy.i386.rpm aa3594680a3224f6b8b7abb9a6b9585fa6f519c1 redhat/7.3/updates-testing/i386/mozilla-mail-1.7.12-0.73.3.legacy.i386.rpm 1676c32cd8143b9ff939b45269b2423b50d062f1 redhat/7.3/updates-testing/i386/mozilla-nspr-1.7.12-0.73.3.legacy.i386.rpm 9d9d350082b38b94d45e458e02f3345b0a4e3ed0 redhat/7.3/updates-testing/i386/mozilla-nspr-devel-1.7.12-0.73.3.legacy.i386.rpm 33753a720edea798966550963426db05a409a6c4 redhat/7.3/updates-testing/i386/mozilla-nss-1.7.12-0.73.3.legacy.i386.rpm b17dec4e9eab3acca07dc0345d01fa522c3f43d8 redhat/7.3/updates-testing/i386/mozilla-nss-devel-1.7.12-0.73.3.legacy.i386.rpm 169c96bd3eae5e8f4220ed87291ceb176bf1f6b2 redhat/7.3/updates-testing/SRPMS/mozilla-1.7.12-0.73.3.legacy.src.rpm rh9: ffa6d9ff83d69b2aa32fb92a660775cbb92f2b53 redhat/9/updates-testing/i386/mozilla-1.7.12-0.90.2.legacy.i386.rpm d4bc650d1652ae30bb4df3037bcd1f9f77781774 redhat/9/updates-testing/i386/mozilla-chat-1.7.12-0.90.2.legacy.i386.rpm 0148688359ca6168c0c77160c8891315ac319147 redhat/9/updates-testing/i386/mozilla-devel-1.7.12-0.90.2.legacy.i386.rpm 2be970089280e3b23401402e5ea5019cc57b95ba redhat/9/updates-testing/i386/mozilla-dom-inspector-1.7.12-0.90.2.legacy.i386.rpm 653ceef20cbbd2d415ab8453b5c6d6e81193b6b3 redhat/9/updates-testing/i386/mozilla-js-debugger-1.7.12-0.90.2.legacy.i386.rpm
Fedora Legacy Test Update Notification: mozilla
- Fedora Legacy Test Update Notification FEDORALEGACY-2005-160202 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202 2005-08-12 - Name: mozilla Versions: rh7.3: mozilla-1.7.10-0.73.1.legacy Versions: rh9: mozilla-1.7.10-0.90.1.legacy Versions: fc1: mozilla-1.7.10-1.1.1.legacy Versions: fc2: mozilla-1.7.10-1.2.1.legacy Summary : A Web browser. Description : Mozilla is an open-source Web browser, designed for standards compliance, performance, and portability. - Update Information: Updated mozilla packages that fix various security issues are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla handled synthetic events. It is possible that Web content could generate events such as keystrokes or mouse clicks that could be used to steal data or execute malicious Javascript code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2260 to this issue. A bug was found in the way Mozilla executed Javascript in XBL controls. It is possible for a malicious webpage to leverage this vulnerability to execute other JavaScript based attacks even when JavaScript is disabled. (CAN-2005-2261) A bug was found in the way Mozilla installed its extensions. If a user can be tricked into visiting a malicious webpage, it may be possible to obtain sensitive information such as cookies or passwords. (CAN-2005-2263) A bug was found in the way Mozilla handled certain Javascript functions. It is possible for a malicious webpage to crash the browser by executing malformed Javascript code. (CAN-2005-2265) A bug was found in the way Mozilla handled multiple frame domains. It is possible for a frame as part of a malicious website to inject content into a frame that belongs to another domain. This issue was previously fixed as CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937) A bug was found in the way Mozilla handled child frames. It is possible for a malicious framed page to steal sensitive information from its parent page. (CAN-2005-2266) A bug was found in the way Mozilla opened URLs from media players. If a media player opens a URL which is Javascript, the Javascript executes with access to the currently open webpage. (CAN-2005-2267) A design flaw was found in the way Mozilla displayed alerts and prompts. Alerts and prompts were given the generic title [JavaScript Application] which prevented a user from knowing which site created them. (CAN-2005-2268) A bug was found in the way Mozilla handled DOM node names. It is possible for a malicious site to overwrite a DOM node name, allowing certain privileged chrome actions to execute the malicious Javascript. (CAN-2005-2269) A bug was found in the way Mozilla cloned base objects. It is possible for Web content to traverse the prototype chain to gain access to privileged chrome objects. (CAN-2005-2270) Users of Mozilla are advised to upgrade to these updated packages, which contain Mozilla version 1.7.10 and are not vulnerable to these issues. - Changelogs rh7.3: * Wed Jul 27 2005 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.10-0.73.1.legacy - Rebuild as a Fedora Legacy update for Red Hat Linux 7.3 - Added missing freetype-devel BuildRequires - Fix missing icons in desktop files rh9: * Thu Jul 28 2005 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.10-0.90.1.legacy - Rebuilt as a Fedora Legacy update for Red Hat Linux 9 - Disabled desktop-file-utils - Disabled gtk2 - Added missing BuildRequires - Force build with gcc296 to remain compatible with plugins - Added xft font preferences and patch back in - Removed mozilla-compose.desktop fc1: * Thu Jul 28 2005 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.10-1.1.1.legacy - Rebuilt as Fedora Legacy update for Fedora Core 1 - Changed useragent vendor tag to Fedora - Removed Network category from mozilla.desktop - Added missing gnome-vfs2-devel and desktop-file-utils to BuildRequires fc2: * Sat Jul 30 2005 Marc Deslauriers [EMAIL PROTECTED] 37:1.7.10-1.2.1.legacy - Rebuilt as a Fedora Legacy update to Fedora Core 2 - Reverted to desktop-file-utils 0.4 - Removed desktop-update-database - Disabled pango support - Added missing gnome-vfs2-devel, desktop-file-utils and krb5-devel BuildPrereq - This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 21ef0fc3fb4a4b1bab035a3ca39f05793980f96c redhat/7.3/updates-testing/i386/mozilla-1.7.10-0.73.1.legacy.i386.rpm bd577e6f2da710d29e4b80178c06824dc49f777e redhat/7.3/updates-testing/i386/mozilla-chat-1.7.10-0.73.1.legacy.i386.rpm
