what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

FLSA-2006-189137-2.txt

FLSA-2006-189137-2.txt
Posted Jun 11, 2006
Site fedoralegacy.org

Fedora Legacy Update Advisory - FLSA:189137-2: Updated firefox package fixes security issues

tags | advisory
systems | linux, fedora
SHA-256 | 1189511be1c0e21641f364b95652d17f5914444802fc8e1456be26d57672b02c

FLSA-2006-189137-2.txt

Change Mirror Download
---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated firefox package fixes security issues
Advisory ID: FLSA:189137-2
Issue date: 2006-06-06
Product: Fedora Core
Keywords: Bugfix, Security
CVE Names: CVE-2006-0748 CVE-2006-0749 CVE-2006-1724 CVE-2006-1727
CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731
CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735
CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740
CVE-2006-1741 CVE-2006-1742 CVE-2006-1790
---------------------------------------------------------------------


---------------------------------------------------------------------
1. Topic:

An updated firefox package that fixes several security bugs is now
available.

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

2. Relevant releases/architectures:

Fedora Core 3 - i386, x86_64

3. Problem description:

Several bugs were found in the way Firefox processes malformed
javascript. A malicious web page could modify the content of a different
open web page, possibly stealing sensitive information or conducting a
cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732,
CVE-2006-1741)

Several bugs were found in the way Firefox processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of "chrome", allowing the page to
steal sensitive information or install browser malware. (CVE-2006-1727,
CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735,
CVE-2006-1742)

Several bugs were found in the way Firefox processes malformed web
pages. A carefully crafted malicious web page could cause the execution
of arbitrary code as the user running Firefox. (CVE-2006-0748,
CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737,
CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)

A bug was found in the way Firefox displays the secure site icon. If a
browser is configured to display the non-default secure site modal
warning dialog, it may be possible to trick a user into believing they
are viewing a secure site. (CVE-2006-1740)

A bug was found in the way Firefox allows javascript mutation events on
"input" form elements. A malicious web page could be created in such a
way that when a user submits a form, an arbitrary file could be uploaded
to the attacker. (CVE-2006-1729)

Users of Firefox are advised to upgrade to these updated packages
containing Firefox version 1.0.8 which corrects these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189137

6. RPMs required:

Fedora Core 3:

SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/firefox-1.0.8-1.1.fc3.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/firefox-1.0.8-1.1.fc3.1.legacy.i386.rpm

x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/firefox-1.0.8-1.1.fc3.1.legacy.x86_64.rpm


7. Verification:

SHA1 sum Package Name
---------------------------------------------------------------------

8b719bb18c6dfe14b472c684ac5133d82d1b96d0
fedora/3/updates/i386/firefox-1.0.8-1.1.fc3.1.legacy.i386.rpm
946f2ccbc412675ee6959a3dee50c2cb3ba90c3a
fedora/3/updates/x86_64/firefox-1.0.8-1.1.fc3.1.legacy.x86_64.rpm
0747aa65730e328a9274ec66c0de8dc30645dc1d
fedora/3/updates/SRPMS/firefox-1.0.8-1.1.fc3.1.legacy.src.rpm


These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org

---------------------------------------------------------------------

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close