Updated mozilla packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: mozilla
Advisory ID: MDKSA-2005:088
Date: May 13th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A number of security vulnerabilities were fixed in the Mozilla Firefox 1.0.4 and Mozilla Suite 1.7.8 releases. Patches have been backported where appropriate; Corporate 3.0 is receiving the new Mozilla Suite 1.7.8 release.
The following issues have been fixed in both Mozilla Firefox and Mozilla Suite:
- A flaw in the Javascript regular expression handling could lead to a disclosure of browser memory, potentially exposing private data from web pages viewed, passwords, or similar data sent to other web pages. It could also crash the browser itself (CAN-2005-0989, MFSA 2005-33)
- With manual Plugin install, it was possible for the Plugin to execute javascript code with the installing user's privileges (CAN-2005-0752 and MFSA 2005-34)
- The popup for showing blocked javascript used the wrong privilege context which could be sued for privilege escalation (CAN-2005-1153 and MFSA 2005-35)
- Cross-site scripting through global scope pollution could lead an attacker to being able to run code in foreign websites context, leading to the potential sniffing of information or performing actions in that context (CAN-2005-1154 and MFSA 2005-36)
- Code execution through javascript via favicons ("firelinking") could be used for privilege escalation (CAN-2005-1155 and MFSA 2005-37)
- Search plugin cross-site scripting ("firesearching") (CAN-2005-1156, CAN-2005-1157, and MFSA 2005-38)
- Arbitrary code execution via the Firefox sidebar panel II (CAN-2005-1158 and MFSA 2005-39)
- Missing Install object instance checks (CAN-2005-1159 and MFSA 2005-40)
- Privilege escalation via DOM property overrides (CAN-2005-1160 and MFSA 2005-41)
- Code execution via javacript: IconURL (MFSA 2005-42)
- Security check bypass by wrapping a javascript: URL in the view-source: pseudo protocol (MFSA 2005-43)
- Privilege escalation via non-DOM property overrides (MFSA 2005-44)
In addition to the vulnerabilities previously noted, the following issues have been fixed in the Mozilla Suite 1.7.2 packages:
- Bypass restriction on opening privileged XUL (CAN-2005-0401 and MSF 2005-32)
- Arbitrary code execution via a GIF processing error when parsing obsolete Netscape extension 2 leading to an exploitable heap overrun (CAN-2005-0401 and MFSA 2005-32)
- International Domain Name support could allow for characters that look similar to other english letters to be used in constructing nearly perfect phishing sites (MFSA 2005-29)
- Predictable plugin temporary directory name (MFSA 2005-28)
- Plugins can be used to load privileged content into a frame (CAN-2005-0527 and MFSA 2005-27)
- Cross-site scripting attack via dropping javascript: links on a tab (MFSA 2005-26)
- Image dragging-and-drop from a web page to the desktop preserve their original name and extension; if this were an executable extension then the file would be executed rather than opened in a media application (MFSA 2005-25)
- HTTP authentication prompt tab spoofing (MFSA 2005-24)
- Download dialog source can be disguised by using a host name long enough that most significant parts are truncated, allowing a malicious site to spoof the origin of the file (MFSA 2005-23)
- Download dialog spoofing via supplied Content-Disposition header could allow for a file to look like a safe file (ie. a JPEG image) and when downloaded saved with an executable extension (MFSA 2005-22)
- XSLT can include stylesheets from arbitrary hosts (MFSA 2005-20)
- Memory handling flaw in Mozilla string classes that could overwrite memory at a fixed location if reallocation fails during string growth (MFSA 2005-18)
- Install source spoofing with user:pass@host (MFSA 2005-17)
- Spoofing download and security dialogs with overlapping windows (MFSA 2005-16)
- It is possible for a UTF8 string with invalid sequences to trigger a heap overflow of converted Unicode data (MFSA 2005-15)
- SSL "secure site" indicator spoofing (MFSA 2005-14)
- Mozilla mail clients responded to cookie requests accompanying content loaded over HTTP, ignoring the setting of the preference "network.cookie.disableCookieForMailNews" which could be used to track people (MFSA 2005-11)
- Browser responds to proxy authentication requests from non-proxy servers (SSL/HTTPS) (MFSA 2005-09)
- Snythetic middle-click event can steal clipboard contents (MFSA 2005-08)
- In windows with multiple tabs, malicious content in a background tab can attempt to steal information intended for the topmost tab by popping up a prompt dialog that appears to come from the trusted site, or by silently redirecting input focus to a background tab hoping to catch the user inputting something sensitive (MFSA 2005-05)
- Secure site lock can be spoofed with "view-source:" (MFSA 2005-04)
- An insecure page triggering a load of a binary file from a secure server will cause the SSL lock icon to appear; the certificate information is that of the binary file's host and the location bar URL shows the original insecure page (MFSA 2005-03)
- Temporary files are saved with world-readable permissions (MFSA 2005-02)
- A vulnerability in the NNTP handling code could cause a heap overflow and execute arbitrary code on the client machine (isec-0020)
- A number of other minor bugs were fixed as well.
Mandriva recommends all users to upgrade to these packages immediately.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160
http://www.mozilla.org/security/announce/mfsa2005-02.html
http://www.mozilla.org/security/announce/mfsa2005-03.html
http://www.mozilla.org/security/announce/mfsa2005-04.html
http://www.mozilla.org/security/announce/mfsa2005-05.html
http://www.mozilla.org/security/announce/mfsa2005-08.html
http://www.mozilla.org/security/announce/mfsa2005-09.html
http://www.mozilla.org/security/announce/mfsa2005-11.html
http://www.mozilla.org/security/announce/mfsa2005-14.html
http://www.mozilla.org/security/announce/mfsa2005-15.html
http://www.mozilla.org/security/announce/mfsa2005-16.html
http://www.mozilla.org/security/announce/mfsa2005-17.html
http://www.mozilla.org/security/announce/mfsa2005-18.html
http://www.mozilla.org/security/announce/mfsa2005-20.html
http://www.mozilla.org/security/announce/mfsa2005-22.html
http://www.mozilla.org/security/announce/mfsa2005-23.html
http://www.mozilla.org/security/announce/mfsa2005-24.html
http://www.mozilla.org/security/announce/mfsa2005-25.html
http://www.mozilla.org/security/announce/mfsa2005-26.html
http://www.mozilla.org/security/announce/mfsa2005-27.html
http://www.mozilla.org/security/announce/mfsa2005-28.html
http://www.mozilla.org/security/announce/mfsa2005-29.html
http://www.mozilla.org/security/announce/mfsa2005-30.html
http://www.mozilla.org/security/announce/mfsa2005-32.html
http://www.mozilla.org/security/announce/mfsa2005-33.html
http://www.mozilla.org/security/announce/mfsa2005-34.html
http://www.mozilla.org/security/announce/mfsa2005-35.html
http://www.mozilla.org/security/announce/mfsa2005-36.html
http://www.mozilla.org/security/announce/mfsa2005-37.html
http://www.mozilla.org/security/announce/mfsa2005-38.html
http://www.mozilla.org/security/announce/mfsa2005-39.html
http://www.mozilla.org/security/announce/mfsa2005-40.html
http://www.mozilla.org/security/announce/mfsa2005-41.html
http://www.mozilla.org/security/announce/mfsa2005-42.html
http://isec.pl/vulnerabilities/isec-0020-mozilla.txt
https://bugzilla.mozilla.org/show_bug.cgi?id=290777
https://bugzilla.mozilla.org/show_bug.cgi?id=290476
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
b3c4d6b408121c1696e860eaf139ac17 10.1/RPMS/epiphany-1.2.8-4.2.101mdk.i586.rpm
87449a5b8d95ec5038842d794e6ae7a4 10.1/RPMS/epiphany-devel-1.2.8-4.2.101mdk.i586.rpm
cc55f2b32db3a925a31d0e8f7bae475a 10.1/RPMS/galeon-1.3.17-3.2.101mdk.i586.rpm
9f15765b7ed59d295864c47672768f85 10.1/RPMS/libnspr4-1.7.2-12.2.101mdk.i586.rpm
c24d1485007b9d05b4ee1936e6157dcc 10.1/RPMS/libnspr4-devel-1.7.2-12.2.101mdk.i586.rpm
e936fa7fc9e9956bb25b5a096f049d8a 10.1/RPMS/libnss3-1.7.2-12.2.101mdk.i586.rpm
357f36e151a0ae8d3c090573874d5ce5 10.1/RPMS/libnss3-devel-1.7.2-12.2.101mdk.i586.rpm
d0830c67ddcdf8b37a53cd39e497cd88 10.1/RPMS/mozilla-1.7.2-12.2.101mdk.i586.rpm
61b60f30c676d451709f4afcbdb8ab70 10.1/RPMS/mozilla-devel-1.7.2-12.2.101mdk.i586.rpm
97914412759faccc7d2cbaea2a66aabc 10.1/RPMS/mozilla-dom-inspector-1.7.2-12.2.101mdk.i586.rpm
0d919875e79250522fb0067b832eb299 10.1/RPMS/mozilla-enigmail-1.7.2-12.2.101mdk.i586.rpm
ff42754f66787c540b3ad17a7b06e399 10.1/RPMS/mozilla-enigmime-1.7.2-12.2.101mdk.i586.rpm
56ec1c9a61ce42af78ded3f255bfe837 10.1/RPMS/mozilla-irc-1.7.2-12.2.101mdk.i586.rpm
e14ba88b79f6525030f948103ae0a716 10.1/RPMS/mozilla-js-debugger-1.7.2-12.2.101mdk.i586.rpm
922e6a2c2aebb4ca7673b081c0027a6f 10.1/RPMS/mozilla-mail-1.7.2-12.2.101mdk.i586.rpm
dc3783bc550ad9a5190c44598281d604 10.1/RPMS/mozilla-spellchecker-1.7.2-12.2.101mdk.i586.rpm
fb95936e6542a9b742c2b655916d7ded 10.1/SRPMS/epiphany-1.2.8-4.2.101mdk.src.rpm
e88e547cbd1a17ba6c1beba66d9d73b1 10.1/SRPMS/galeon-1.3.17-3.2.101mdk.src.rpm
8f37c650c202e94a416272d4ea8c4500 10.1/SRPMS/mozilla-1.7.2-12.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
f23f3e2ea31308ddbfc0c7c81beb3cb6 x86_64/10.1/RPMS/epiphany-1.2.8-4.2.101mdk.x86_64.rpm
c65413cb7cbdcb568e1dc9af59f6778c x86_64/10.1/RPMS/epiphany-devel-1.2.8-4.2.101mdk.x86_64.rpm
22da554c0181d9d26376b07fac329749 x86_64/10.1/RPMS/galeon-1.3.17-3.2.101mdk.x86_64.rpm
31b4e24da450171995e45a80bd5c7def x86_64/10.1/RPMS/lib64nspr4-1.7.2-12.2.101mdk.x86_64.rpm
c54cd3b1d5367dc118e9bd7703ceea4b x86_64/10.1/RPMS/lib64nspr4-devel-1.7.2-12.2.101mdk.x86_64.rpm
05d58ffce6c8d7e98b9e2a987ba96a69 x86_64/10.1/RPMS/lib64nss3-1.7.2-12.2.101mdk.x86_64.rpm
8fa07eca2df677de6847640db775e486 x86_64/10.1/RPMS/lib64nss3-devel-1.7.2-12.2.101mdk.x86_64.rpm
9f15765b7ed59d295864c47672768f85 x86_64/10.1/RPMS/libnspr4-1.7.2-12.2.101mdk.i586.rpm
e936fa7fc9e9956bb25b5a096f049d8a x86_64/10.1/RPMS/libnss3-1.7.2-12.2.101mdk.i586.rpm
f505404f493d4de6dc48c8ae40598a7c x86_64/10.1/RPMS/mozilla-1.7.2-12.2.101mdk.x86_64.rpm
3380d33ab5f3118987fe1b38cb3685d2 x86_64/10.1/RPMS/mozilla-devel-1.7.2-12.2.101mdk.x86_64.rpm
281f743c9af8d4082c9154fda36e79e6 x86_64/10.1/RPMS/mozilla-dom-inspector-1.7.2-12.2.101mdk.x86_64.rpm
e1828b71e9f57a730d1966277b6384ad x86_64/10.1/RPMS/mozilla-enigmail-1.7.2-12.2.101mdk.x86_64.rpm
3b95ba000a3f2d8a029d57784a3b9b1a x86_64/10.1/RPMS/mozilla-enigmime-1.7.2-12.2.101mdk.x86_64.rpm
195989fdbedecaff963783515fb2b1fb x86_64/10.1/RPMS/mozilla-irc-1.7.2-12.2.101mdk.x86_64.rpm
184ed89834f4c90b7b9239a783a1875a x86_64/10.1/RPMS/mozilla-js-debugger-1.7.2-12.2.101mdk.x86_64.rpm
6b21577a9de375cff96fc39611a618a9 x86_64/10.1/RPMS/mozilla-mail-1.7.2-12.2.101mdk.x86_64.rpm
500945687fac07ae26ca67e1708e173d x86_64/10.1/RPMS/mozilla-spellchecker-1.7.2-12.2.101mdk.x86_64.rpm
fb95936e6542a9b742c2b655916d7ded x86_64/10.1/SRPMS/epiphany-1.2.8-4.2.101mdk.src.rpm
e88e547cbd1a17ba6c1beba66d9d73b1 x86_64/10.1/SRPMS/galeon-1.3.17-3.2.101mdk.src.rpm
8f37c650c202e94a416272d4ea8c4500 x86_64/10.1/SRPMS/mozilla-1.7.2-12.2.101mdk.src.rpm
Mandrakelinux 10.2:
432ceddcdecf8ffa3c922831c3842fa1 10.2/RPMS/epiphany-1.4.8-8.3.102mdk.i586.rpm
d017bf41fd7f2247791aaf36653041b1 10.2/RPMS/epiphany-devel-1.4.8-8.3.102mdk.i586.rpm
13dbb2eafd03a4479c305467bd9c8941 10.2/RPMS/galeon-1.3.19-7.3.102mdk.i586.rpm
f4df4d9ef1cc5f52c0ed1af892f57403 10.2/RPMS/libnspr4-1.0.2-5.2.102mdk.i586.rpm
865b005e614b20ea1ea703e3a0ad171e 10.2/RPMS/libnspr4-devel-1.0.2-5.2.102mdk.i586.rpm
f16bb3d949137bdb2c37c619aa65364e 10.2/RPMS/libnss3-1.0.2-5.2.102mdk.i586.rpm
2421b7b9075d329d4515ed333a93e010 10.2/RPMS/libnss3-devel-1.0.2-5.2.102mdk.i586.rpm
962080f2d13b102ae8edd6824e1db801 10.2/RPMS/mozilla-firefox-1.0.2-5.2.102mdk.i586.rpm
57201fcc5a8081ff6e4fb410f07e63a3 10.2/RPMS/mozilla-firefox-devel-1.0.2-5.2.102mdk.i586.rpm
b4f782a0bef113deb2c40b85385c0f50 10.2/SRPMS/epiphany-1.4.8-8.3.102mdk.src.rpm
d2ee6b21b9a65a9df4ba083f27d1edc7 10.2/SRPMS/galeon-1.3.19-7.3.102mdk.src.rpm
bc1d09a4cb7db4bff20921cf41051d73 10.2/SRPMS/mozilla-firefox-1.0.2-5.2.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
134ffca6c7d0eb957ed151db9c11dcc0 x86_64/10.2/RPMS/epiphany-1.4.8-8.3.102mdk.x86_64.rpm
b4eab24b0ff48136a78ff6de39939a72 x86_64/10.2/RPMS/epiphany-devel-1.4.8-8.3.102mdk.x86_64.rpm
c7a47651dc7e2431447afc9caea80c4e x86_64/10.2/RPMS/galeon-1.3.19-7.3.102mdk.x86_64.rpm
8ec41e6a6fcef03b83d434b2346c6abb x86_64/10.2/RPMS/lib64nspr4-1.0.2-5.2.102mdk.x86_64.rpm
e69c94325ea27c3af5d6ace6fe08cbe5 x86_64/10.2/RPMS/lib64nspr4-devel-1.0.2-5.2.102mdk.x86_64.rpm
c4083d449bf913db24752bc20f86722f x86_64/10.2/RPMS/lib64nss3-1.0.2-5.2.102mdk.x86_64.rpm
86a2350545675c82e0a9fcda33c81555 x86_64/10.2/RPMS/lib64nss3-devel-1.0.2-5.2.102mdk.x86_64.rpm
7dda2b19a93617019607e6272f2f497a x86_64/10.2/RPMS/mozilla-firefox-1.0.2-5.2.102mdk.x86_64.rpm
5154a795097d31eef36eb3af8d4a3f76 x86_64/10.2/RPMS/mozilla-firefox-devel-1.0.2-5.2.102mdk.x86_64.rpm
b4f782a0bef113deb2c40b85385c0f50 x86_64/10.2/SRPMS/epiphany-1.4.8-8.3.102mdk.src.rpm
d2ee6b21b9a65a9df4ba083f27d1edc7 x86_64/10.2/SRPMS/galeon-1.3.19-7.3.102mdk.src.rpm
bc1d09a4cb7db4bff20921cf41051d73 x86_64/10.2/SRPMS/mozilla-firefox-1.0.2-5.2.102mdk.src.rpm
Corporate 3.0:
1b575054db479133d9074b353b24643a corporate/3.0/RPMS/epiphany-1.0.7-10.1.C30mdk.i586.rpm
2cf77439d1f8a871fb603a48a6b4a46b corporate/3.0/RPMS/epiphany-devel-1.0.7-10.1.C30mdk.i586.rpm
ad5e8fece246ff38151a9b49b6245166 corporate/3.0/RPMS/galeon-1.3.14a-1.2.C30mdk.i586.rpm
f87c5da027c71d69c6fcc3c08d5073b4 corporate/3.0/RPMS/libnspr4-1.7.8-0.1.C30mdk.i586.rpm
d27d9566db5916e3ab848a0b879905eb corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.1.C30mdk.i586.rpm
0b9adda77f7337b37f7808dbd0e46737 corporate/3.0/RPMS/libnss3-1.7.8-0.1.C30mdk.i586.rpm
cad18be2610337b8638db17820f5c8d6 corporate/3.0/RPMS/libnss3-devel-1.7.8-0.1.C30mdk.i586.rpm
ea250bafe6c91ca5e80b2cd2ca105120 corporate/3.0/RPMS/mozilla-1.7.8-0.1.C30mdk.i586.rpm
777b677b8644026dce3bf9e22c83f128 corporate/3.0/RPMS/mozilla-devel-1.7.8-0.1.C30mdk.i586.rpm
09082a6e9fde40997f398be72438877b corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.1.C30mdk.i586.rpm
e0091e3010b0496332b555ff6d3952cb corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.1.C30mdk.i586.rpm
1025304f46ab0d4675dcd236f4dd6051 corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.1.C30mdk.i586.rpm
30891bd053be585092792760f26c5c69 corporate/3.0/RPMS/mozilla-irc-1.7.8-0.1.C30mdk.i586.rpm
888c32669a338dcd9d04440d0e4abf42 corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.1.C30mdk.i586.rpm
087d646f0fc295c5d9e51df89f43404b corporate/3.0/RPMS/mozilla-mail-1.7.8-0.1.C30mdk.i586.rpm
95242ad52530b37d32b40ef895dd74c7 corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.1.C30mdk.i586.rpm
9d48c6c622604df5f24aa471f0a22f7c corporate/3.0/SRPMS/epiphany-1.0.7-10.1.C30mdk.src.rpm
cc8843abc24e7c2b20bf0bf3184c3112 corporate/3.0/SRPMS/galeon-1.3.14a-1.2.C30mdk.src.rpm
924e55c6cee5fbf0c562ecc3c1e8c107 corporate/3.0/SRPMS/mozilla-1.7.8-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
ce73e19116ba0793b7842963523cd489 x86_64/corporate/3.0/RPMS/epiphany-1.0.7-10.1.C30mdk.x86_64.rpm
c44577a59ecf06ebf4a9ebbd79d2fcbe x86_64/corporate/3.0/RPMS/epiphany-devel-1.0.7-10.1.C30mdk.x86_64.rpm
cf4bb334da0701792f029a1746243e22 x86_64/corporate/3.0/RPMS/galeon-1.3.14a-1.2.C30mdk.x86_64.rpm
ce5e5e13f66981c4975cc488ae5752da x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.1.C30mdk.x86_64.rpm
1bc038d4998885beff0b8bf23c62e5ff x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.1.C30mdk.x86_64.rpm
b02330a44d80d09b31df00792940b4bd x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.1.C30mdk.x86_64.rpm
a6b06da0efcd2e86977380756178cae8 x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.1.C30mdk.x86_64.rpm
28c8e8e3f8fa45d594af24699c6f1d37 x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.1.C30mdk.x86_64.rpm
69734b67f3d3c90202dc2e0f4acf7a6c x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.1.C30mdk.x86_64.rpm
58f8dadb1efdb5dee27cc0a2664ef49d x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.1.C30mdk.x86_64.rpm
16a7c35758f2c550b8352fe2258bc077 x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.1.C30mdk.x86_64.rpm
8682f2a853e5193ae520199da228a3dd x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.1.C30mdk.x86_64.rpm
de14f90fab98cf65d53cee8bc87fe3f8 x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.1.C30mdk.x86_64.rpm
239763cdf73516e99ed5f61e1723aa54 x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.1.C30mdk.x86_64.rpm
d760c35115b0b9d08dc30fcc169491be x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.1.C30mdk.x86_64.rpm
c19346dbec82bda1d36bd4b57cd1cbaf x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.1.C30mdk.x86_64.rpm
9d48c6c622604df5f24aa471f0a22f7c x86_64/corporate/3.0/SRPMS/epiphany-1.0.7-10.1.C30mdk.src.rpm
cc8843abc24e7c2b20bf0bf3184c3112 x86_64/corporate/3.0/SRPMS/galeon-1.3.14a-1.2.C30mdk.src.rpm
924e55c6cee5fbf0c562ecc3c1e8c107 x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: mozilla
Advisory ID: MDKSA-2005:088
Date: May 13th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A number of security vulnerabilities were fixed in the Mozilla Firefox 1.0.4 and Mozilla Suite 1.7.8 releases. Patches have been backported where appropriate; Corporate 3.0 is receiving the new Mozilla Suite 1.7.8 release.
The following issues have been fixed in both Mozilla Firefox and Mozilla Suite:
- A flaw in the Javascript regular expression handling could lead to a disclosure of browser memory, potentially exposing private data from web pages viewed, passwords, or similar data sent to other web pages. It could also crash the browser itself (CAN-2005-0989, MFSA 2005-33)
- With manual Plugin install, it was possible for the Plugin to execute javascript code with the installing user's privileges (CAN-2005-0752 and MFSA 2005-34)
- The popup for showing blocked javascript used the wrong privilege context which could be sued for privilege escalation (CAN-2005-1153 and MFSA 2005-35)
- Cross-site scripting through global scope pollution could lead an attacker to being able to run code in foreign websites context, leading to the potential sniffing of information or performing actions in that context (CAN-2005-1154 and MFSA 2005-36)
- Code execution through javascript via favicons ("firelinking") could be used for privilege escalation (CAN-2005-1155 and MFSA 2005-37)
- Search plugin cross-site scripting ("firesearching") (CAN-2005-1156, CAN-2005-1157, and MFSA 2005-38)
- Arbitrary code execution via the Firefox sidebar panel II (CAN-2005-1158 and MFSA 2005-39)
- Missing Install object instance checks (CAN-2005-1159 and MFSA 2005-40)
- Privilege escalation via DOM property overrides (CAN-2005-1160 and MFSA 2005-41)
- Code execution via javacript: IconURL (MFSA 2005-42)
- Security check bypass by wrapping a javascript: URL in the view-source: pseudo protocol (MFSA 2005-43)
- Privilege escalation via non-DOM property overrides (MFSA 2005-44)
In addition to the vulnerabilities previously noted, the following issues have been fixed in the Mozilla Suite 1.7.2 packages:
- Bypass restriction on opening privileged XUL (CAN-2005-0401 and MSF 2005-32)
- Arbitrary code execution via a GIF processing error when parsing obsolete Netscape extension 2 leading to an exploitable heap overrun (CAN-2005-0401 and MFSA 2005-32)
- International Domain Name support could allow for characters that look similar to other english letters to be used in constructing nearly perfect phishing sites (MFSA 2005-29)
- Predictable plugin temporary directory name (MFSA 2005-28)
- Plugins can be used to load privileged content into a frame (CAN-2005-0527 and MFSA 2005-27)
- Cross-site scripting attack via dropping javascript: links on a tab (MFSA 2005-26)
- Image dragging-and-drop from a web page to the desktop preserve their original name and extension; if this were an executable extension then the file would be executed rather than opened in a media application (MFSA 2005-25)
- HTTP authentication prompt tab spoofing (MFSA 2005-24)
- Download dialog source can be disguised by using a host name long enough that most significant parts are truncated, allowing a malicious site to spoof the origin of the file (MFSA 2005-23)
- Download dialog spoofing via supplied Content-Disposition header could allow for a file to look like a safe file (ie. a JPEG image) and when downloaded saved with an executable extension (MFSA 2005-22)
- XSLT can include stylesheets from arbitrary hosts (MFSA 2005-20)
- Memory handling flaw in Mozilla string classes that could overwrite memory at a fixed location if reallocation fails during string growth (MFSA 2005-18)
- Install source spoofing with user:pass@host (MFSA 2005-17)
- Spoofing download and security dialogs with overlapping windows (MFSA 2005-16)
- It is possible for a UTF8 string with invalid sequences to trigger a heap overflow of converted Unicode data (MFSA 2005-15)
- SSL "secure site" indicator spoofing (MFSA 2005-14)
- Mozilla mail clients responded to cookie requests accompanying content loaded over HTTP, ignoring the setting of the preference "network.cookie.disableCookieForMailNews" which could be used to track people (MFSA 2005-11)
- Browser responds to proxy authentication requests from non-proxy servers (SSL/HTTPS) (MFSA 2005-09)
- Snythetic middle-click event can steal clipboard contents (MFSA 2005-08)
- In windows with multiple tabs, malicious content in a background tab can attempt to steal information intended for the topmost tab by popping up a prompt dialog that appears to come from the trusted site, or by silently redirecting input focus to a background tab hoping to catch the user inputting something sensitive (MFSA 2005-05)
- Secure site lock can be spoofed with "view-source:" (MFSA 2005-04)
- An insecure page triggering a load of a binary file from a secure server will cause the SSL lock icon to appear; the certificate information is that of the binary file's host and the location bar URL shows the original insecure page (MFSA 2005-03)
- Temporary files are saved with world-readable permissions (MFSA 2005-02)
- A vulnerability in the NNTP handling code could cause a heap overflow and execute arbitrary code on the client machine (isec-0020)
- A number of other minor bugs were fixed as well.
Mandriva recommends all users to upgrade to these packages immediately.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160
http://www.mozilla.org/security/announce/mfsa2005-02.html
http://www.mozilla.org/security/announce/mfsa2005-03.html
http://www.mozilla.org/security/announce/mfsa2005-04.html
http://www.mozilla.org/security/announce/mfsa2005-05.html
http://www.mozilla.org/security/announce/mfsa2005-08.html
http://www.mozilla.org/security/announce/mfsa2005-09.html
http://www.mozilla.org/security/announce/mfsa2005-11.html
http://www.mozilla.org/security/announce/mfsa2005-14.html
http://www.mozilla.org/security/announce/mfsa2005-15.html
http://www.mozilla.org/security/announce/mfsa2005-16.html
http://www.mozilla.org/security/announce/mfsa2005-17.html
http://www.mozilla.org/security/announce/mfsa2005-18.html
http://www.mozilla.org/security/announce/mfsa2005-20.html
http://www.mozilla.org/security/announce/mfsa2005-22.html
http://www.mozilla.org/security/announce/mfsa2005-23.html
http://www.mozilla.org/security/announce/mfsa2005-24.html
http://www.mozilla.org/security/announce/mfsa2005-25.html
http://www.mozilla.org/security/announce/mfsa2005-26.html
http://www.mozilla.org/security/announce/mfsa2005-27.html
http://www.mozilla.org/security/announce/mfsa2005-28.html
http://www.mozilla.org/security/announce/mfsa2005-29.html
http://www.mozilla.org/security/announce/mfsa2005-30.html
http://www.mozilla.org/security/announce/mfsa2005-32.html
http://www.mozilla.org/security/announce/mfsa2005-33.html
http://www.mozilla.org/security/announce/mfsa2005-34.html
http://www.mozilla.org/security/announce/mfsa2005-35.html
http://www.mozilla.org/security/announce/mfsa2005-36.html
http://www.mozilla.org/security/announce/mfsa2005-37.html
http://www.mozilla.org/security/announce/mfsa2005-38.html
http://www.mozilla.org/security/announce/mfsa2005-39.html
http://www.mozilla.org/security/announce/mfsa2005-40.html
http://www.mozilla.org/security/announce/mfsa2005-41.html
http://www.mozilla.org/security/announce/mfsa2005-42.html
http://isec.pl/vulnerabilities/isec-0020-mozilla.txt
https://bugzilla.mozilla.org/show_bug.cgi?id=290777
https://bugzilla.mozilla.org/show_bug.cgi?id=290476
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
b3c4d6b408121c1696e860eaf139ac17 10.1/RPMS/epiphany-1.2.8-4.2.101mdk.i586.rpm
87449a5b8d95ec5038842d794e6ae7a4 10.1/RPMS/epiphany-devel-1.2.8-4.2.101mdk.i586.rpm
cc55f2b32db3a925a31d0e8f7bae475a 10.1/RPMS/galeon-1.3.17-3.2.101mdk.i586.rpm
9f15765b7ed59d295864c47672768f85 10.1/RPMS/libnspr4-1.7.2-12.2.101mdk.i586.rpm
c24d1485007b9d05b4ee1936e6157dcc 10.1/RPMS/libnspr4-devel-1.7.2-12.2.101mdk.i586.rpm
e936fa7fc9e9956bb25b5a096f049d8a 10.1/RPMS/libnss3-1.7.2-12.2.101mdk.i586.rpm
357f36e151a0ae8d3c090573874d5ce5 10.1/RPMS/libnss3-devel-1.7.2-12.2.101mdk.i586.rpm
d0830c67ddcdf8b37a53cd39e497cd88 10.1/RPMS/mozilla-1.7.2-12.2.101mdk.i586.rpm
61b60f30c676d451709f4afcbdb8ab70 10.1/RPMS/mozilla-devel-1.7.2-12.2.101mdk.i586.rpm
97914412759faccc7d2cbaea2a66aabc 10.1/RPMS/mozilla-dom-inspector-1.7.2-12.2.101mdk.i586.rpm
0d919875e79250522fb0067b832eb299 10.1/RPMS/mozilla-enigmail-1.7.2-12.2.101mdk.i586.rpm
ff42754f66787c540b3ad17a7b06e399 10.1/RPMS/mozilla-enigmime-1.7.2-12.2.101mdk.i586.rpm
56ec1c9a61ce42af78ded3f255bfe837 10.1/RPMS/mozilla-irc-1.7.2-12.2.101mdk.i586.rpm
e14ba88b79f6525030f948103ae0a716 10.1/RPMS/mozilla-js-debugger-1.7.2-12.2.101mdk.i586.rpm
922e6a2c2aebb4ca7673b081c0027a6f 10.1/RPMS/mozilla-mail-1.7.2-12.2.101mdk.i586.rpm
dc3783bc550ad9a5190c44598281d604 10.1/RPMS/mozilla-spellchecker-1.7.2-12.2.101mdk.i586.rpm
fb95936e6542a9b742c2b655916d7ded 10.1/SRPMS/epiphany-1.2.8-4.2.101mdk.src.rpm
e88e547cbd1a17ba6c1beba66d9d73b1 10.1/SRPMS/galeon-1.3.17-3.2.101mdk.src.rpm
8f37c650c202e94a416272d4ea8c4500 10.1/SRPMS/mozilla-1.7.2-12.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
f23f3e2ea31308ddbfc0c7c81beb3cb6 x86_64/10.1/RPMS/epiphany-1.2.8-4.2.101mdk.x86_64.rpm
c65413cb7cbdcb568e1dc9af59f6778c x86_64/10.1/RPMS/epiphany-devel-1.2.8-4.2.101mdk.x86_64.rpm
22da554c0181d9d26376b07fac329749 x86_64/10.1/RPMS/galeon-1.3.17-3.2.101mdk.x86_64.rpm
31b4e24da450171995e45a80bd5c7def x86_64/10.1/RPMS/lib64nspr4-1.7.2-12.2.101mdk.x86_64.rpm
c54cd3b1d5367dc118e9bd7703ceea4b x86_64/10.1/RPMS/lib64nspr4-devel-1.7.2-12.2.101mdk.x86_64.rpm
05d58ffce6c8d7e98b9e2a987ba96a69 x86_64/10.1/RPMS/lib64nss3-1.7.2-12.2.101mdk.x86_64.rpm
8fa07eca2df677de6847640db775e486 x86_64/10.1/RPMS/lib64nss3-devel-1.7.2-12.2.101mdk.x86_64.rpm
9f15765b7ed59d295864c47672768f85 x86_64/10.1/RPMS/libnspr4-1.7.2-12.2.101mdk.i586.rpm
e936fa7fc9e9956bb25b5a096f049d8a x86_64/10.1/RPMS/libnss3-1.7.2-12.2.101mdk.i586.rpm
f505404f493d4de6dc48c8ae40598a7c x86_64/10.1/RPMS/mozilla-1.7.2-12.2.101mdk.x86_64.rpm
3380d33ab5f3118987fe1b38cb3685d2 x86_64/10.1/RPMS/mozilla-devel-1.7.2-12.2.101mdk.x86_64.rpm
281f743c9af8d4082c9154fda36e79e6 x86_64/10.1/RPMS/mozilla-dom-inspector-1.7.2-12.2.101mdk.x86_64.rpm
e1828b71e9f57a730d1966277b6384ad x86_64/10.1/RPMS/mozilla-enigmail-1.7.2-12.2.101mdk.x86_64.rpm
3b95ba000a3f2d8a029d57784a3b9b1a x86_64/10.1/RPMS/mozilla-enigmime-1.7.2-12.2.101mdk.x86_64.rpm
195989fdbedecaff963783515fb2b1fb x86_64/10.1/RPMS/mozilla-irc-1.7.2-12.2.101mdk.x86_64.rpm
184ed89834f4c90b7b9239a783a1875a x86_64/10.1/RPMS/mozilla-js-debugger-1.7.2-12.2.101mdk.x86_64.rpm
6b21577a9de375cff96fc39611a618a9 x86_64/10.1/RPMS/mozilla-mail-1.7.2-12.2.101mdk.x86_64.rpm
500945687fac07ae26ca67e1708e173d x86_64/10.1/RPMS/mozilla-spellchecker-1.7.2-12.2.101mdk.x86_64.rpm
fb95936e6542a9b742c2b655916d7ded x86_64/10.1/SRPMS/epiphany-1.2.8-4.2.101mdk.src.rpm
e88e547cbd1a17ba6c1beba66d9d73b1 x86_64/10.1/SRPMS/galeon-1.3.17-3.2.101mdk.src.rpm
8f37c650c202e94a416272d4ea8c4500 x86_64/10.1/SRPMS/mozilla-1.7.2-12.2.101mdk.src.rpm
Mandrakelinux 10.2:
432ceddcdecf8ffa3c922831c3842fa1 10.2/RPMS/epiphany-1.4.8-8.3.102mdk.i586.rpm
d017bf41fd7f2247791aaf36653041b1 10.2/RPMS/epiphany-devel-1.4.8-8.3.102mdk.i586.rpm
13dbb2eafd03a4479c305467bd9c8941 10.2/RPMS/galeon-1.3.19-7.3.102mdk.i586.rpm
f4df4d9ef1cc5f52c0ed1af892f57403 10.2/RPMS/libnspr4-1.0.2-5.2.102mdk.i586.rpm
865b005e614b20ea1ea703e3a0ad171e 10.2/RPMS/libnspr4-devel-1.0.2-5.2.102mdk.i586.rpm
f16bb3d949137bdb2c37c619aa65364e 10.2/RPMS/libnss3-1.0.2-5.2.102mdk.i586.rpm
2421b7b9075d329d4515ed333a93e010 10.2/RPMS/libnss3-devel-1.0.2-5.2.102mdk.i586.rpm
962080f2d13b102ae8edd6824e1db801 10.2/RPMS/mozilla-firefox-1.0.2-5.2.102mdk.i586.rpm
57201fcc5a8081ff6e4fb410f07e63a3 10.2/RPMS/mozilla-firefox-devel-1.0.2-5.2.102mdk.i586.rpm
b4f782a0bef113deb2c40b85385c0f50 10.2/SRPMS/epiphany-1.4.8-8.3.102mdk.src.rpm
d2ee6b21b9a65a9df4ba083f27d1edc7 10.2/SRPMS/galeon-1.3.19-7.3.102mdk.src.rpm
bc1d09a4cb7db4bff20921cf41051d73 10.2/SRPMS/mozilla-firefox-1.0.2-5.2.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
134ffca6c7d0eb957ed151db9c11dcc0 x86_64/10.2/RPMS/epiphany-1.4.8-8.3.102mdk.x86_64.rpm
b4eab24b0ff48136a78ff6de39939a72 x86_64/10.2/RPMS/epiphany-devel-1.4.8-8.3.102mdk.x86_64.rpm
c7a47651dc7e2431447afc9caea80c4e x86_64/10.2/RPMS/galeon-1.3.19-7.3.102mdk.x86_64.rpm
8ec41e6a6fcef03b83d434b2346c6abb x86_64/10.2/RPMS/lib64nspr4-1.0.2-5.2.102mdk.x86_64.rpm
e69c94325ea27c3af5d6ace6fe08cbe5 x86_64/10.2/RPMS/lib64nspr4-devel-1.0.2-5.2.102mdk.x86_64.rpm
c4083d449bf913db24752bc20f86722f x86_64/10.2/RPMS/lib64nss3-1.0.2-5.2.102mdk.x86_64.rpm
86a2350545675c82e0a9fcda33c81555 x86_64/10.2/RPMS/lib64nss3-devel-1.0.2-5.2.102mdk.x86_64.rpm
7dda2b19a93617019607e6272f2f497a x86_64/10.2/RPMS/mozilla-firefox-1.0.2-5.2.102mdk.x86_64.rpm
5154a795097d31eef36eb3af8d4a3f76 x86_64/10.2/RPMS/mozilla-firefox-devel-1.0.2-5.2.102mdk.x86_64.rpm
b4f782a0bef113deb2c40b85385c0f50 x86_64/10.2/SRPMS/epiphany-1.4.8-8.3.102mdk.src.rpm
d2ee6b21b9a65a9df4ba083f27d1edc7 x86_64/10.2/SRPMS/galeon-1.3.19-7.3.102mdk.src.rpm
bc1d09a4cb7db4bff20921cf41051d73 x86_64/10.2/SRPMS/mozilla-firefox-1.0.2-5.2.102mdk.src.rpm
Corporate 3.0:
1b575054db479133d9074b353b24643a corporate/3.0/RPMS/epiphany-1.0.7-10.1.C30mdk.i586.rpm
2cf77439d1f8a871fb603a48a6b4a46b corporate/3.0/RPMS/epiphany-devel-1.0.7-10.1.C30mdk.i586.rpm
ad5e8fece246ff38151a9b49b6245166 corporate/3.0/RPMS/galeon-1.3.14a-1.2.C30mdk.i586.rpm
f87c5da027c71d69c6fcc3c08d5073b4 corporate/3.0/RPMS/libnspr4-1.7.8-0.1.C30mdk.i586.rpm
d27d9566db5916e3ab848a0b879905eb corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.1.C30mdk.i586.rpm
0b9adda77f7337b37f7808dbd0e46737 corporate/3.0/RPMS/libnss3-1.7.8-0.1.C30mdk.i586.rpm
cad18be2610337b8638db17820f5c8d6 corporate/3.0/RPMS/libnss3-devel-1.7.8-0.1.C30mdk.i586.rpm
ea250bafe6c91ca5e80b2cd2ca105120 corporate/3.0/RPMS/mozilla-1.7.8-0.1.C30mdk.i586.rpm
777b677b8644026dce3bf9e22c83f128 corporate/3.0/RPMS/mozilla-devel-1.7.8-0.1.C30mdk.i586.rpm
09082a6e9fde40997f398be72438877b corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.1.C30mdk.i586.rpm
e0091e3010b0496332b555ff6d3952cb corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.1.C30mdk.i586.rpm
1025304f46ab0d4675dcd236f4dd6051 corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.1.C30mdk.i586.rpm
30891bd053be585092792760f26c5c69 corporate/3.0/RPMS/mozilla-irc-1.7.8-0.1.C30mdk.i586.rpm
888c32669a338dcd9d04440d0e4abf42 corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.1.C30mdk.i586.rpm
087d646f0fc295c5d9e51df89f43404b corporate/3.0/RPMS/mozilla-mail-1.7.8-0.1.C30mdk.i586.rpm
95242ad52530b37d32b40ef895dd74c7 corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.1.C30mdk.i586.rpm
9d48c6c622604df5f24aa471f0a22f7c corporate/3.0/SRPMS/epiphany-1.0.7-10.1.C30mdk.src.rpm
cc8843abc24e7c2b20bf0bf3184c3112 corporate/3.0/SRPMS/galeon-1.3.14a-1.2.C30mdk.src.rpm
924e55c6cee5fbf0c562ecc3c1e8c107 corporate/3.0/SRPMS/mozilla-1.7.8-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
ce73e19116ba0793b7842963523cd489 x86_64/corporate/3.0/RPMS/epiphany-1.0.7-10.1.C30mdk.x86_64.rpm
c44577a59ecf06ebf4a9ebbd79d2fcbe x86_64/corporate/3.0/RPMS/epiphany-devel-1.0.7-10.1.C30mdk.x86_64.rpm
cf4bb334da0701792f029a1746243e22 x86_64/corporate/3.0/RPMS/galeon-1.3.14a-1.2.C30mdk.x86_64.rpm
ce5e5e13f66981c4975cc488ae5752da x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.1.C30mdk.x86_64.rpm
1bc038d4998885beff0b8bf23c62e5ff x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.1.C30mdk.x86_64.rpm
b02330a44d80d09b31df00792940b4bd x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.1.C30mdk.x86_64.rpm
a6b06da0efcd2e86977380756178cae8 x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.1.C30mdk.x86_64.rpm
28c8e8e3f8fa45d594af24699c6f1d37 x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.1.C30mdk.x86_64.rpm
69734b67f3d3c90202dc2e0f4acf7a6c x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.1.C30mdk.x86_64.rpm
58f8dadb1efdb5dee27cc0a2664ef49d x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.1.C30mdk.x86_64.rpm
16a7c35758f2c550b8352fe2258bc077 x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.1.C30mdk.x86_64.rpm
8682f2a853e5193ae520199da228a3dd x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.1.C30mdk.x86_64.rpm
de14f90fab98cf65d53cee8bc87fe3f8 x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.1.C30mdk.x86_64.rpm
239763cdf73516e99ed5f61e1723aa54 x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.1.C30mdk.x86_64.rpm
d760c35115b0b9d08dc30fcc169491be x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.1.C30mdk.x86_64.rpm
c19346dbec82bda1d36bd4b57cd1cbaf x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.1.C30mdk.x86_64.rpm
9d48c6c622604df5f24aa471f0a22f7c x86_64/corporate/3.0/SRPMS/epiphany-1.0.7-10.1.C30mdk.src.rpm
cc8843abc24e7c2b20bf0bf3184c3112 x86_64/corporate/3.0/SRPMS/galeon-1.3.14a-1.2.C30mdk.src.rpm
924e55c6cee5fbf0c562ecc3c1e8c107 x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com