Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-487
2006-05-03
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : mozilla
Version     : 1.7.13
Release     : 1.1.fc5
Summary     : Web browser and mail reader
Description :
Mozilla is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------
Update Information:

Updated mozilla packages that fix several security bugs are
now available.

This update has been rated as having critical security
impact by the Fedora Security Response Team.

Mozilla is an open source Web browser, advanced email and
newsgroup client, IRC chat client, and HTML editor.

Several bugs were found in the way Mozilla processes
malformed JavaScript. A malicious web page could modify the
content of a different open web page, possibly stealing
sensitive information or conducting a cross-site scripting
attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Mozilla processes certain
JavaScript actions. A malicious web page could execute
arbitrary JavaScript instructions with the permissions of
"chrome", allowing the page to steal sensitive information
or install browser malware. (CVE-2006-1727, CVE-2006-1728,
CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)

Several bugs were found in the way Mozilla processes
malformed web pages. A carefully crafted malicious web page
could cause the execution of arbitrary code as the user
running Mozilla. (CVE-2006-0748, CVE-2006-0749,
CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
CVE-2006-1790)

A bug was found in the way Mozilla displays the secure site
icon. If a browser is configured to display the non-default
secure site modal warning dialog, it may be possible to
trick a user into believing they are viewing a secure site.
(CVE-2006-1740)

A bug was found in the way Mozilla allows JavaScript
mutation events on "input" form elements. A malicious web
page could be created in such a way that when a user submits
a form, an arbitrary file could be uploaded to the attacker.
(CVE-2006-1729)

A bug was found in the way Mozilla executes in-line mail
forwarding. If a user can be tricked into forwarding a
maliciously crafted mail message as in-line content, it is
possible for the message to execute JavaScript with the
permissions of "chrome". (CVE-2006-0884)

Users of Mozilla are advised to upgrade to these updated
packages containing Mozilla version 1.7.13 which corrects
these issues.

---------------------------------------------------------------------
* Wed Apr 26 2006 Christopher Aillon <caillon@redhat.com> - 37:1.7.13-1.1.fc5
- Update to 1.7.13

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

7f7b1e3ec0a6b5a3f2ca4f37d602158d84a72173  SRPMS/mozilla-1.7.13-1.1.fc5.src.rpm
5d56a003f20adbfd6720267892b30ac4833aea0e  ppc/mozilla-1.7.13-1.1.fc5.ppc.rpm
9e65af92e5371d42d5c1685f204841ebf3ad860e  ppc/mozilla-devel-1.7.13-1.1.fc5.ppc.rpm
6178722e6f185a58334624f06a6b8f9623a3b3f4  ppc/mozilla-mail-1.7.13-1.1.fc5.ppc.rpm
3338c04cb0c610106770e6c16d9b1e9549bfdcf9  ppc/mozilla-chat-1.7.13-1.1.fc5.ppc.rpm
2c3203b1b7743d075e997dec1cede73063d97ebd  ppc/mozilla-js-debugger-1.7.13-1.1.fc5.ppc.rpm
c18fd8d211c0aadc8171f931abf0ced976d2547c  ppc/mozilla-dom-inspector-1.7.13-1.1.fc5.ppc.rpm
592d7f6a9f2ca4f39b220a36ad468a632eb27754  ppc/debug/mozilla-debuginfo-1.7.13-1.1.fc5.ppc.rpm
ad2c3446d09eaa5cfcca1f5586c517a0cfc2b4bd  x86_64/mozilla-1.7.13-1.1.fc5.x86_64.rpm
b34ae0cbc8e2e5adce509aa2966bbd94ab196ab3  x86_64/mozilla-devel-1.7.13-1.1.fc5.x86_64.rpm
95b7a09b8216e4b863e46a2068fbac8e7f21372e  x86_64/mozilla-mail-1.7.13-1.1.fc5.x86_64.rpm
3c8488c4f7ae371fef5b10c2d7b8fcd6d44f577e  x86_64/mozilla-chat-1.7.13-1.1.fc5.x86_64.rpm
be69f11ead8e386508bc978cd0c6d28329239989  x86_64/mozilla-js-debugger-1.7.13-1.1.fc5.x86_64.rpm
1db67d53d0bde849dc3f3165d004bb249802de97  x86_64/mozilla-dom-inspector-1.7.13-1.1.fc5.x86_64.rpm
5bf5c233b12e0ca9d8904fed5672e6f06337592a  x86_64/debug/mozilla-debuginfo-1.7.13-1.1.fc5.x86_64.rpm
c02eb2b008b74b57ddd76bba7e2fa5022dedafc9  i386/mozilla-1.7.13-1.1.fc5.i386.rpm
2a422c1568197e62917f7e7fc783727ea8064b43  i386/mozilla-devel-1.7.13-1.1.fc5.i386.rpm
dd39ec10b1239fe5cab4eba0c0976f3746ba4cc0  i386/mozilla-mail-1.7.13-1.1.fc5.i386.rpm
f4f86a19434ccf6d0c0ff2857d572c67c6bfebd6  i386/mozilla-chat-1.7.13-1.1.fc5.i386.rpm
a98b27aa1bb3040edacbf2fb239c4178f34d985d  i386/mozilla-js-debugger-1.7.13-1.1.fc5.i386.rpm
5f58bdf8f0df08a69f893fdbb61aaf4b707751c4  i386/mozilla-dom-inspector-1.7.13-1.1.fc5.i386.rpm
b2c70317b32a68be70cc1f3bd81388db7a8570c4  i386/debug/mozilla-debuginfo-1.7.13-1.1.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------