A new update is available for Fedora Core - [SECURITY] Fedora Core 5 Update: firefox-1.5.0.2-1.1.fc5. Here the announcement:
Fedora Update Notification
FEDORA-2006-411
2006-04-18
---------------------------------------------------------------------
Product : Fedora Core 5
Name : firefox
Version : 1.5.0.2
Release : 1.1.fc5
Summary : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
---------------------------------------------------------------------
Update Information:
Several bugs were found in the way Firefox processes
malformed javascript. A malicious web page could modify the
content of a different open web page, possibly stealing
sensitive information or conducting a cross-site scripting
attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)
Several bugs were found in the way Firefox processes certain
javascript actions. A malicious web page could execute
arbitrary javascript instructions with the permissions of
"chrome", allowing the page to steal sensitive information
or install browser malware. (CVE-2006-1727, CVE-2006-1728,
CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)
Several bugs were found in the way Firefox processes
malformed web pages. A carefully crafted malicious web page
could cause the execution of arbitrary code as the user
running Firefox. (CVE-2006-0749, CVE-2006-1724,
CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
CVE-2006-1790)
A bug was found in the way Firefox displays the secure site
icon. If a browser is configured to display the non-default
secure site modal warning dialog, it may be possible to
trick a user into believing they are viewing a secure site.
(CVE-2006-1740)
A bug was found in the way Firefox allows javascript
mutation events on "input" form elements. A malicious web
page could be created in such a way that when a user submits
a form, an arbitrary file could be uploaded to the attacker.
(CVE-2006-1729)
---------------------------------------------------------------------
* Wed Apr 19 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.2-1.1.fc5
- Update to 1.5.0.2
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
aba3a17adde822ac4d3bb900c65e87a06a8d331f SRPMS/firefox-1.5.0.2-1.1.fc5.src.rpm
1c80c1fd6561c3cc7f3e54463bc6d25445956e30 ppc/firefox-1.5.0.2-1.1.fc5.ppc.rpm
42b8356caa72dafaa84977bf987c6650c715fd7c ppc/debug/firefox-debuginfo-1.5.0.2-1.1.fc5.ppc.rpm
bc79140dc00183aeecf8dccd36565a4f78f6bbcd x86_64/firefox-1.5.0.2-1.1.fc5.x86_64.rpm
95babbc4143fa8164ad71ce9da67469171b4d66f x86_64/debug/firefox-debuginfo-1.5.0.2-1.1.fc5.x86_64.rpm
d89a1acecd42915ce7571dc1759661f01985e4f8 i386/firefox-1.5.0.2-1.1.fc5.i386.rpm
4f87d27853e5122b941afbfbb3a1788ffb338b4d i386/debug/firefox-debuginfo-1.5.0.2-1.1.fc5.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list