Red Hat Security Advisory

Synopsis:          Updated mozilla packages fix security issues
Advisory ID:       RHSA-2004:421-01
Issue date:        2004-08-04
Updated on:        2004-08-04
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0597 CAN-2004-0599 CAN-2004-0718 CAN-2004-0722 CAN-2004-0757 CAN-2004-0758 CAN-2004-0759 CAN-2004-0760 CAN-2004-0761 CAN-2004-0762 CAN-2004-0763 CAN-2004-0764 CAN-2004-0765
- ---------------------------------------------------------------------

1. Summary:

Updated mozilla packages based on version 1.4.3 that fix a number of
security issues for Red Hat Enterprise Linux are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

A number of flaws have been found in Mozilla 1.4 that have been fixed in
the Mozilla 1.4.3 release: 

Zen Parse reported improper input validation to the SOAPParameter object
constructor leading to an integer overflow and controllable heap
corruption.  Malicious JavaScript could be written to utilize this flaw and
could allow arbitrary code execution.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0722 to
this issue.

During a source code audit, Chris Evans discovered a buffer overflow and
integer overflows which affect the libpng code inside Mozilla. An attacker
could create a carefully crafted PNG file in such a way that it would cause
Mozilla to crash or execute arbitrary code when the image was viewed.
(CAN-2004-0597, CAN-2004-0599)

Zen Parse reported a flaw in the POP3 capability.  A malicious POP3 server
could send a carefully crafted response that would cause a heap overflow
and potentially allow execution of arbitrary code as the user running
Mozilla. (CAN-2004-0757)

Marcel Boesch found a flaw that allows a CA certificate to be imported with
a DN the same as that of the built-in CA root certificates, which can cause
a denial of service to SSL pages, as the malicious certificate is treated
as invalid. (CAN-2004-0758)

Met - Martin Hassman reported a flaw in Mozilla that could allow malicious
Javascript code to upload local files from a users machine without
requiring confirmation. (CAN-2004-0759)

Mindlock Security reported a flaw in ftp URI handling.  By using a NULL
character (%00) in a ftp URI, Mozilla can be confused into opening a
resource as a different MIME type. (CAN-2004-0760)

Mozilla does not properly prevent a frame in one domain from injecting
content into a frame that belongs to another domain, which facilitates
website spoofing and other attacks, also known as the frame injection
vulnerability.  (CAN-2004-0718)

Tolga Tarhan reported a flaw that can allow a malicious webpage to use a
redirect sequence to spoof the security lock icon that makes a webpage
appear to be encrypted.  (CAN-2004-0761)

Jesse Ruderman reported a security issue that affects a number of browsersincluding Mozilla that could allow malicious websites to install arbitrary
extensions by using interactive events to manipulate the XPInstall Security
dialog box. (CAN-2004-0762)

Emmanouel Kellinis discovered a caching flaw in Mozilla which allows
malicious websites to spoof certificates of trusted websites via
redirects and Javascript that uses the "onunload" method. (CAN-2004-0763)

Mozilla allowed malicious websites to hijack the user interface via the
"chrome" flag and XML User Interface Language (XUL) files. (CAN-2004-0764)

The cert_TestHostName function in Mozilla only checks the hostname portion
of a certificate when the hostname portion of the URI is not a fully
qualified domain name (FQDN).  This flaw could be used for spoofing if an
attacker had control of machines on a default DNS search path. (CAN-2004-0765)

All users are advised to update to these erratum packages which contain a
snapshot of Mozilla 1.4.3 including backported fixes and are not vulnerable
to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

     http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed  (http://bugzilla.redhat.com/ for more info):

127338 - CAN-2004-0718 frame injection (spoofing) vuln in Mozilla before 1.7
127186 - CAN-2004-0758 Overriding built-in certificate leading to error -8182 (DoS), especially exploitable by email

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: 

7e094aa0324b56f4fba3ede27ae1b19b  galeon-1.2.13-3.2.1.src.rpm 

66fcc1e820208b3024de369469250df5  mozilla-1.4.3-2.1.2.src.rpm

i386:
d170284b6a6d01f85ee974bb6c984390  galeon-1.2.13-3.2.1.i386.rpm
57a81a30a9d79e77adec334f96e7cea9  mozilla-1.4.3-2.1.2.i386.rpm
fa6d63828129887e1cc3c42df47e4190  mozilla-chat-1.4.3-2.1.2.i386.rpm
b13cb1114fa16a75fd81c6cb504db17e  mozilla-devel-1.4.3-2.1.2.i386.rpm
9d4714cbd6c2077efa557430b8b89b63  mozilla-dom-inspector-1.4.3-2.1.2.i386.rpm
01686edf59fa5945b8f9ae69fa4ac5c0  mozilla-js-debugger-1.4.3-2.1.2.i386.rpm
623213465b181f6fb14698e73f9a6a89  mozilla-mail-1.4.3-2.1.2.i386.rpm
68cb569585436ce430c4aee335c01d4e  mozilla-nspr-1.4.3-2.1.2.i386.rpm
3c4e08b8106d4718c30fcf06e7633abc  mozilla-nspr-devel-1.4.3-2.1.2.i386.rpm
494563d83a7b6a77642c73986d50092c  mozilla-nss-1.4.3-2.1.2.i386.rpm
fb6f0a11c5312f7822055f45c35435f2  mozilla-nss-devel-1.4.3-2.1.2.i386.rpm

ia64:
e13f36d06fa5714337e074fca3a7a211  galeon-1.2.13-3.2.1.ia64.rpm
7841dd11df85a69d6e03a3c4730e987c  mozilla-1.4.3-2.1.2.ia64.rpm
b022a33b0ad1715f363b8e2be245e704  mozilla-chat-1.4.3-2.1.2.ia64.rpm
73599c671b8d07d86a82ae4006aeb184  mozilla-devel-1.4.3-2.1.2.ia64.rpm
bb57be095e37a959e8a9216820dd2fd9  mozilla-dom-inspector-1.4.3-2.1.2.ia64.rpm
0879b99da78ee8393577ca3b17c3c95c  mozilla-js-debugger-1.4.3-2.1.2.ia64.rpm
c018093969ef4ae1e26f203a67e74d87  mozilla-mail-1.4.3-2.1.2.ia64.rpm
e1fe8f1eeff222e7d1cd35d305a20e4d  mozilla-nspr-1.4.3-2.1.2.ia64.rpm
93e2cac5380515450b5201ef082fe427  mozilla-nspr-devel-1.4.3-2.1.2.ia64.rpm
afe930bc2c9d6174754b79d9119bc77d  mozilla-nss-1.4.3-2.1.2.ia64.rpm
1413ffceb82030a07863e79917c8d3ea  mozilla-nss-devel-1.4.3-2.1.2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: 

7e094aa0324b56f4fba3ede27ae1b19b  galeon-1.2.13-3.2.1.src.rpm 

66fcc1e820208b3024de369469250df5  mozilla-1.4.3-2.1.2.src.rpm

ia64:
e13f36d06fa5714337e074fca3a7a211  galeon-1.2.13-3.2.1.ia64.rpm
7841dd11df85a69d6e03a3c4730e987c  mozilla-1.4.3-2.1.2.ia64.rpm
b022a33b0ad1715f363b8e2be245e704  mozilla-chat-1.4.3-2.1.2.ia64.rpm
73599c671b8d07d86a82ae4006aeb184  mozilla-devel-1.4.3-2.1.2.ia64.rpm
bb57be095e37a959e8a9216820dd2fd9  mozilla-dom-inspector-1.4.3-2.1.2.ia64.rpm
0879b99da78ee8393577ca3b17c3c95c  mozilla-js-debugger-1.4.3-2.1.2.ia64.rpm
c018093969ef4ae1e26f203a67e74d87  mozilla-mail-1.4.3-2.1.2.ia64.rpm
e1fe8f1eeff222e7d1cd35d305a20e4d  mozilla-nspr-1.4.3-2.1.2.ia64.rpm
93e2cac5380515450b5201ef082fe427  mozilla-nspr-devel-1.4.3-2.1.2.ia64.rpm
afe930bc2c9d6174754b79d9119bc77d  mozilla-nss-1.4.3-2.1.2.ia64.rpm
1413ffceb82030a07863e79917c8d3ea  mozilla-nss-devel-1.4.3-2.1.2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: 

7e094aa0324b56f4fba3ede27ae1b19b  galeon-1.2.13-3.2.1.src.rpm 

66fcc1e820208b3024de369469250df5  mozilla-1.4.3-2.1.2.src.rpm

i386:
d170284b6a6d01f85ee974bb6c984390  galeon-1.2.13-3.2.1.i386.rpm
57a81a30a9d79e77adec334f96e7cea9  mozilla-1.4.3-2.1.2.i386.rpm
fa6d63828129887e1cc3c42df47e4190  mozilla-chat-1.4.3-2.1.2.i386.rpm
b13cb1114fa16a75fd81c6cb504db17e  mozilla-devel-1.4.3-2.1.2.i386.rpm
9d4714cbd6c2077efa557430b8b89b63  mozilla-dom-inspector-1.4.3-2.1.2.i386.rpm
01686edf59fa5945b8f9ae69fa4ac5c0  mozilla-js-debugger-1.4.3-2.1.2.i386.rpm
623213465b181f6fb14698e73f9a6a89  mozilla-mail-1.4.3-2.1.2.i386.rpm
68cb569585436ce430c4aee335c01d4e  mozilla-nspr-1.4.3-2.1.2.i386.rpm
3c4e08b8106d4718c30fcf06e7633abc  mozilla-nspr-devel-1.4.3-2.1.2.i386.rpm
494563d83a7b6a77642c73986d50092c  mozilla-nss-1.4.3-2.1.2.i386.rpm
fb6f0a11c5312f7822055f45c35435f2  mozilla-nss-devel-1.4.3-2.1.2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: 

7e094aa0324b56f4fba3ede27ae1b19b  galeon-1.2.13-3.2.1.src.rpm 

66fcc1e820208b3024de369469250df5  mozilla-1.4.3-2.1.2.src.rpm

i386:
d170284b6a6d01f85ee974bb6c984390  galeon-1.2.13-3.2.1.i386.rpm
57a81a30a9d79e77adec334f96e7cea9  mozilla-1.4.3-2.1.2.i386.rpm
fa6d63828129887e1cc3c42df47e4190  mozilla-chat-1.4.3-2.1.2.i386.rpm
b13cb1114fa16a75fd81c6cb504db17e  mozilla-devel-1.4.3-2.1.2.i386.rpm
9d4714cbd6c2077efa557430b8b89b63  mozilla-dom-inspector-1.4.3-2.1.2.i386.rpm
01686edf59fa5945b8f9ae69fa4ac5c0  mozilla-js-debugger-1.4.3-2.1.2.i386.rpm
623213465b181f6fb14698e73f9a6a89  mozilla-mail-1.4.3-2.1.2.i386.rpm
68cb569585436ce430c4aee335c01d4e  mozilla-nspr-1.4.3-2.1.2.i386.rpm
3c4e08b8106d4718c30fcf06e7633abc  mozilla-nspr-devel-1.4.3-2.1.2.i386.rpm
494563d83a7b6a77642c73986d50092c  mozilla-nss-1.4.3-2.1.2.i386.rpm
fb6f0a11c5312f7822055f45c35435f2  mozilla-nss-devel-1.4.3-2.1.2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: 

a8fef126836c7ea73c80ac7e2792e142  mozilla-1.4.3-3.0.2.src.rpm

i386:
76e94d5ea03f131a723c97207297ee1b  mozilla-1.4.3-3.0.2.i386.rpm
75c2959a065a6b6ae8c90b56165e43a6  mozilla-chat-1.4.3-3.0.2.i386.rpm
6c90c0a77bdbee2cb0d84be83fead1b1  mozilla-devel-1.4.3-3.0.2.i386.rpm
58b9cfad95dfc69d1e0d80a23f383ad4  mozilla-dom-inspector-1.4.3-3.0.2.i386.rpm
431ed1323ae5217a0b31dc1f1bcca1bd  mozilla-js-debugger-1.4.3-3.0.2.i386.rpm
3a95aa702f1cc2205c10b957c3fd452e  mozilla-mail-1.4.3-3.0.2.i386.rpm
2877a54a8c7a2de5fe58b39ee626d214  mozilla-nspr-1.4.3-3.0.2.i386.rpm
46ccae94f0269a2b92d2b4a5d5dcd480  mozilla-nspr-devel-1.4.3-3.0.2.i386.rpm
545d3867e6077c15f64aa5ee192c8d43  mozilla-nss-1.4.3-3.0.2.i386.rpm
f3fccea16c2bed1be5038399d0c42bad  mozilla-nss-devel-1.4.3-3.0.2.i386.rpm

ia64:
7493acb019f4cc706b6cf952444a975a  mozilla-1.4.3-3.0.2.ia64.rpm
542bb7e67ff4eba5ed228e5db5a78f25  mozilla-chat-1.4.3-3.0.2.ia64.rpm
d5cbf0f7c03d71ed0c51a27430fe7f60  mozilla-devel-1.4.3-3.0.2.ia64.rpm
049bbde10a886f65d539579a311a24af  mozilla-dom-inspector-1.4.3-3.0.2.ia64.rpm
1c96bbc0bbbf649e3a851b0295694847  mozilla-js-debugger-1.4.3-3.0.2.ia64.rpm
cea7a67877727f4436ac554408db7832  mozilla-mail-1.4.3-3.0.2.ia64.rpm
28047d1dd3264f882f9c4f8a7b628910  mozilla-nspr-1.4.3-3.0.2.ia64.rpm
a903c680602a74dd0feaeb12b6cc32ec  mozilla-nspr-devel-1.4.3-3.0.2.ia64.rpm
d3ff697bca53a52fe164614d77432046  mozilla-nss-1.4.3-3.0.2.ia64.rpm
7cd4e05706eb4b4b57f5eca3f1bc470f  mozilla-nss-devel-1.4.3-3.0.2.ia64.rpm

ppc:
e2d78f6aac22bfbcb825867dbac82ebb  mozilla-1.4.3-3.0.2.ppc.rpm
b61167a98f8673f8f3f03ae28a50bc92  mozilla-chat-1.4.3-3.0.2.ppc.rpm
d0fb8b199c689e7c8b214f3e0ec962c3  mozilla-devel-1.4.3-3.0.2.ppc.rpm
53a571868dad0c9d3672013fb406570a  mozilla-dom-inspector-1.4.3-3.0.2.ppc.rpm
734e3f74f8592e2fd94e2dd257e01095  mozilla-js-debugger-1.4.3-3.0.2.ppc.rpm
82ac07ab7ef497194c65f7251cb62e33  mozilla-mail-1.4.3-3.0.2.ppc.rpm
398540c49c50030cbad5b4b9e96c783b  mozilla-nspr-1.4.3-3.0.2.ppc.rpm
d022b91ac348e6077625be5dc83b35dc  mozilla-nspr-devel-1.4.3-3.0.2.ppc.rpm
271be6a6ba49964733a28e0dc9f07378  mozilla-nss-1.4.3-3.0.2.ppc.rpm
ce1b77ddb74d136ec38330cc11b7f54d  mozilla-nss-devel-1.4.3-3.0.2.ppc.rpm

s390:
19ad37a2396c2776175d0e59662a7652  mozilla-1.4.3-3.0.2.s390.rpm
4baac171cf9ba457f1c3faf8f03b88cf  mozilla-chat-1.4.3-3.0.2.s390.rpm
2ec9bd8e61073a3f6056e9cecc419ba3  mozilla-devel-1.4.3-3.0.2.s390.rpm
32a1d2e1c29ea3b094f35164710cfc0e  mozilla-dom-inspector-1.4.3-3.0.2.s390.rpm
8e977a243825a35ee77e22ed651bd499  mozilla-js-debugger-1.4.3-3.0.2.s390.rpm
e4afa3661f104caa24079761af089dbb  mozilla-mail-1.4.3-3.0.2.s390.rpm
18f0e4b19190656df0eab0c98121a067  mozilla-nspr-1.4.3-3.0.2.s390.rpm
cf3ac9649c38000fca54d319d546e298  mozilla-nspr-devel-1.4.3-3.0.2.s390.rpm
695903fa5cbe21f7aa7e54fca237bcc0  mozilla-nss-1.4.3-3.0.2.s390.rpm
3d50c59229138d886971374d92d2927c  mozilla-nss-devel-1.4.3-3.0.2.s390.rpm

s390x:
d7b8a517df946cc4e1872468882eb28d  mozilla-1.4.3-3.0.2.s390x.rpm
79bf2338e9d3c6e3835137ba58db84b8  mozilla-chat-1.4.3-3.0.2.s390x.rpm
c88a798cf6b3143d98e7ea35d7e4c463  mozilla-devel-1.4.3-3.0.2.s390x.rpm
b76f9cc6c0c17568799c06630b6b66c9  mozilla-dom-inspector-1.4.3-3.0.2.s390x.rpm
ced9955739e509de217dab3e193b603d  mozilla-js-debugger-1.4.3-3.0.2.s390x.rpm
a360c8ef42f27b4b19cd4447833cd6a7  mozilla-mail-1.4.3-3.0.2.s390x.rpm
8bba98c72a31e16541f9a34b6cfd4f8c  mozilla-nspr-1.4.3-3.0.2.s390x.rpm
0870ce645aab9d015c68921ebee5fa1a  mozilla-nspr-devel-1.4.3-3.0.2.s390x.rpm
82f324eb81988b15db97cc44bcc187f8  mozilla-nss-1.4.3-3.0.2.s390x.rpm
e95e7faa635d02ce0be4f3b019dc106a  mozilla-nss-devel-1.4.3-3.0.2.s390x.rpm

x86_64:
809d992f5b8de1d8d2929d853b01069a  mozilla-1.4.3-3.0.2.x86_64.rpm
0c4b1fd1560188277950e7df67e0c1a5  mozilla-chat-1.4.3-3.0.2.x86_64.rpm
353be79ae25e35d1768f98c21fba07b0  mozilla-devel-1.4.3-3.0.2.x86_64.rpm
6f29bdc0c13bdf52db9103d979eb0a19  mozilla-dom-inspector-1.4.3-3.0.2.x86_64.rpm
ea25530cfeb09b9ddb2fdcd4f270b9b4  mozilla-js-debugger-1.4.3-3.0.2.x86_64.rpm
86ed3c2207a0745275720a87520cf249  mozilla-mail-1.4.3-3.0.2.x86_64.rpm
caf8df9aa11bf0eed5d3ca3ee4d4c3fe  mozilla-nspr-1.4.3-3.0.2.x86_64.rpm
a061fd746ad180573d640051e2cf0f92  mozilla-nspr-devel-1.4.3-3.0.2.x86_64.rpm
4139bc49b0a141edac659b62a27c7322  mozilla-nss-1.4.3-3.0.2.x86_64.rpm
9df3f9b35276f8c0bb54f3a45a994668  mozilla-nss-devel-1.4.3-3.0.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: 

a8fef126836c7ea73c80ac7e2792e142  mozilla-1.4.3-3.0.2.src.rpm

i386:
76e94d5ea03f131a723c97207297ee1b  mozilla-1.4.3-3.0.2.i386.rpm
75c2959a065a6b6ae8c90b56165e43a6  mozilla-chat-1.4.3-3.0.2.i386.rpm
6c90c0a77bdbee2cb0d84be83fead1b1  mozilla-devel-1.4.3-3.0.2.i386.rpm
58b9cfad95dfc69d1e0d80a23f383ad4  mozilla-dom-inspector-1.4.3-3.0.2.i386.rpm
431ed1323ae5217a0b31dc1f1bcca1bd  mozilla-js-debugger-1.4.3-3.0.2.i386.rpm
3a95aa702f1cc2205c10b957c3fd452e  mozilla-mail-1.4.3-3.0.2.i386.rpm
2877a54a8c7a2de5fe58b39ee626d214  mozilla-nspr-1.4.3-3.0.2.i386.rpm
46ccae94f0269a2b92d2b4a5d5dcd480  mozilla-nspr-devel-1.4.3-3.0.2.i386.rpm
545d3867e6077c15f64aa5ee192c8d43  mozilla-nss-1.4.3-3.0.2.i386.rpm
f3fccea16c2bed1be5038399d0c42bad  mozilla-nss-devel-1.4.3-3.0.2.i386.rpm

x86_64:
809d992f5b8de1d8d2929d853b01069a  mozilla-1.4.3-3.0.2.x86_64.rpm
0c4b1fd1560188277950e7df67e0c1a5  mozilla-chat-1.4.3-3.0.2.x86_64.rpm
353be79ae25e35d1768f98c21fba07b0  mozilla-devel-1.4.3-3.0.2.x86_64.rpm
6f29bdc0c13bdf52db9103d979eb0a19  mozilla-dom-inspector-1.4.3-3.0.2.x86_64.rpm
ea25530cfeb09b9ddb2fdcd4f270b9b4  mozilla-js-debugger-1.4.3-3.0.2.x86_64.rpm
86ed3c2207a0745275720a87520cf249  mozilla-mail-1.4.3-3.0.2.x86_64.rpm
caf8df9aa11bf0eed5d3ca3ee4d4c3fe  mozilla-nspr-1.4.3-3.0.2.x86_64.rpm
a061fd746ad180573d640051e2cf0f92  mozilla-nspr-devel-1.4.3-3.0.2.x86_64.rpm
4139bc49b0a141edac659b62a27c7322  mozilla-nss-1.4.3-3.0.2.x86_64.rpm
9df3f9b35276f8c0bb54f3a45a994668  mozilla-nss-devel-1.4.3-3.0.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: 

a8fef126836c7ea73c80ac7e2792e142  mozilla-1.4.3-3.0.2.src.rpm

i386:
76e94d5ea03f131a723c97207297ee1b  mozilla-1.4.3-3.0.2.i386.rpm
75c2959a065a6b6ae8c90b56165e43a6  mozilla-chat-1.4.3-3.0.2.i386.rpm
6c90c0a77bdbee2cb0d84be83fead1b1  mozilla-devel-1.4.3-3.0.2.i386.rpm
58b9cfad95dfc69d1e0d80a23f383ad4  mozilla-dom-inspector-1.4.3-3.0.2.i386.rpm
431ed1323ae5217a0b31dc1f1bcca1bd  mozilla-js-debugger-1.4.3-3.0.2.i386.rpm
3a95aa702f1cc2205c10b957c3fd452e  mozilla-mail-1.4.3-3.0.2.i386.rpm
2877a54a8c7a2de5fe58b39ee626d214  mozilla-nspr-1.4.3-3.0.2.i386.rpm
46ccae94f0269a2b92d2b4a5d5dcd480  mozilla-nspr-devel-1.4.3-3.0.2.i386.rpm
545d3867e6077c15f64aa5ee192c8d43  mozilla-nss-1.4.3-3.0.2.i386.rpm
f3fccea16c2bed1be5038399d0c42bad  mozilla-nss-devel-1.4.3-3.0.2.i386.rpm

ia64:
7493acb019f4cc706b6cf952444a975a  mozilla-1.4.3-3.0.2.ia64.rpm
542bb7e67ff4eba5ed228e5db5a78f25  mozilla-chat-1.4.3-3.0.2.ia64.rpm
d5cbf0f7c03d71ed0c51a27430fe7f60  mozilla-devel-1.4.3-3.0.2.ia64.rpm
049bbde10a886f65d539579a311a24af  mozilla-dom-inspector-1.4.3-3.0.2.ia64.rpm
1c96bbc0bbbf649e3a851b0295694847  mozilla-js-debugger-1.4.3-3.0.2.ia64.rpm
cea7a67877727f4436ac554408db7832  mozilla-mail-1.4.3-3.0.2.ia64.rpm
28047d1dd3264f882f9c4f8a7b628910  mozilla-nspr-1.4.3-3.0.2.ia64.rpm
a903c680602a74dd0feaeb12b6cc32ec  mozilla-nspr-devel-1.4.3-3.0.2.ia64.rpm
d3ff697bca53a52fe164614d77432046  mozilla-nss-1.4.3-3.0.2.ia64.rpm
7cd4e05706eb4b4b57f5eca3f1bc470f  mozilla-nss-devel-1.4.3-3.0.2.ia64.rpm

x86_64:
809d992f5b8de1d8d2929d853b01069a  mozilla-1.4.3-3.0.2.x86_64.rpm
0c4b1fd1560188277950e7df67e0c1a5  mozilla-chat-1.4.3-3.0.2.x86_64.rpm
353be79ae25e35d1768f98c21fba07b0  mozilla-devel-1.4.3-3.0.2.x86_64.rpm
6f29bdc0c13bdf52db9103d979eb0a19  mozilla-dom-inspector-1.4.3-3.0.2.x86_64.rpm
ea25530cfeb09b9ddb2fdcd4f270b9b4  mozilla-js-debugger-1.4.3-3.0.2.x86_64.rpm
86ed3c2207a0745275720a87520cf249  mozilla-mail-1.4.3-3.0.2.x86_64.rpm
caf8df9aa11bf0eed5d3ca3ee4d4c3fe  mozilla-nspr-1.4.3-3.0.2.x86_64.rpm
a061fd746ad180573d640051e2cf0f92  mozilla-nspr-devel-1.4.3-3.0.2.x86_64.rpm
4139bc49b0a141edac659b62a27c7322  mozilla-nss-1.4.3-3.0.2.x86_64.rpm
9df3f9b35276f8c0bb54f3a45a994668  mozilla-nss-devel-1.4.3-3.0.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: 

a8fef126836c7ea73c80ac7e2792e142  mozilla-1.4.3-3.0.2.src.rpm

i386:
76e94d5ea03f131a723c97207297ee1b  mozilla-1.4.3-3.0.2.i386.rpm
75c2959a065a6b6ae8c90b56165e43a6  mozilla-chat-1.4.3-3.0.2.i386.rpm
6c90c0a77bdbee2cb0d84be83fead1b1  mozilla-devel-1.4.3-3.0.2.i386.rpm
58b9cfad95dfc69d1e0d80a23f383ad4  mozilla-dom-inspector-1.4.3-3.0.2.i386.rpm
431ed1323ae5217a0b31dc1f1bcca1bd  mozilla-js-debugger-1.4.3-3.0.2.i386.rpm
3a95aa702f1cc2205c10b957c3fd452e  mozilla-mail-1.4.3-3.0.2.i386.rpm
2877a54a8c7a2de5fe58b39ee626d214  mozilla-nspr-1.4.3-3.0.2.i386.rpm
46ccae94f0269a2b92d2b4a5d5dcd480  mozilla-nspr-devel-1.4.3-3.0.2.i386.rpm
545d3867e6077c15f64aa5ee192c8d43  mozilla-nss-1.4.3-3.0.2.i386.rpm
f3fccea16c2bed1be5038399d0c42bad  mozilla-nss-devel-1.4.3-3.0.2.i386.rpm

ia64:
7493acb019f4cc706b6cf952444a975a  mozilla-1.4.3-3.0.2.ia64.rpm
542bb7e67ff4eba5ed228e5db5a78f25  mozilla-chat-1.4.3-3.0.2.ia64.rpm
d5cbf0f7c03d71ed0c51a27430fe7f60  mozilla-devel-1.4.3-3.0.2.ia64.rpm
049bbde10a886f65d539579a311a24af  mozilla-dom-inspector-1.4.3-3.0.2.ia64.rpm
1c96bbc0bbbf649e3a851b0295694847  mozilla-js-debugger-1.4.3-3.0.2.ia64.rpm
cea7a67877727f4436ac554408db7832  mozilla-mail-1.4.3-3.0.2.ia64.rpm
28047d1dd3264f882f9c4f8a7b628910  mozilla-nspr-1.4.3-3.0.2.ia64.rpm
a903c680602a74dd0feaeb12b6cc32ec  mozilla-nspr-devel-1.4.3-3.0.2.ia64.rpm
d3ff697bca53a52fe164614d77432046  mozilla-nss-1.4.3-3.0.2.ia64.rpm
7cd4e05706eb4b4b57f5eca3f1bc470f  mozilla-nss-devel-1.4.3-3.0.2.ia64.rpm

x86_64:
809d992f5b8de1d8d2929d853b01069a  mozilla-1.4.3-3.0.2.x86_64.rpm
0c4b1fd1560188277950e7df67e0c1a5  mozilla-chat-1.4.3-3.0.2.x86_64.rpm
353be79ae25e35d1768f98c21fba07b0  mozilla-devel-1.4.3-3.0.2.x86_64.rpm
6f29bdc0c13bdf52db9103d979eb0a19  mozilla-dom-inspector-1.4.3-3.0.2.x86_64.rpm
ea25530cfeb09b9ddb2fdcd4f270b9b4  mozilla-js-debugger-1.4.3-3.0.2.x86_64.rpm
86ed3c2207a0745275720a87520cf249  mozilla-mail-1.4.3-3.0.2.x86_64.rpm
caf8df9aa11bf0eed5d3ca3ee4d4c3fe  mozilla-nspr-1.4.3-3.0.2.x86_64.rpm
a061fd746ad180573d640051e2cf0f92  mozilla-nspr-devel-1.4.3-3.0.2.x86_64.rpm
4139bc49b0a141edac659b62a27c7322  mozilla-nss-1.4.3-3.0.2.x86_64.rpm
9df3f9b35276f8c0bb54f3a45a994668  mozilla-nss-devel-1.4.3-3.0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
 

7. References:
 
236618 - Netscape SOAPParameter Constructor Integer Overflow Vulnerability 
251381 - new libpng buffer overflow vulnerabilities 
229374 - more to do for bug #157644... 
249004 - Importing false CA certificate leading to error -8182 (perm DoS), especially exploitable by email 
241924 - Mozilla can upload files without user confirmation 
250906 - null (%00) in filename fakes extension (ftp, file) 
246448 - can spoof framed sites by changing frame contents 
240053 - SSL Certificate Spoof -- Allows malicious page to present SSL certificate from another site 
162020 - pop up XPInstall/security dialog when user is about to click 
253121 - lock icon and certificates spoofable with onunload document.write 
244965 - Untrusted web content can display content using "chrome" flag in window.open 
234058 - Certificate name matching for non-FQDNs is insecure 
CVE -CVE-2004-0597 
CVE -CVE-2004-0599 
CVE -CVE-2004-0718 
CVE -CVE-2004-0722 
CVE -CVE-2004-0757 
CVE -CVE-2004-0758 
CVE -CVE-2004-0759 
CVE -CVE-2004-0760 
CVE -CVE-2004-0761 
CVE -CVE-2004-0762 
CVE -CVE-2004-0763 
CVE -CVE-2004-0764 
CVE -CVE-2004-0765

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at  

Copyright 2004 Red Hat, Inc.

Red Hat: mozilla Multiple vulnerabilities

Updated mozilla packages based on version 1.4.3 that fix a number of security issues for Red Hat Enterprise Linux are now available.

Summary



Summary

Mozilla is an open source Web browser, advanced email and newsgroupclient, IRC chat client, and HTML editor.A number of flaws have been found in Mozilla 1.4 that have been fixed inthe Mozilla 1.4.3 release: Zen Parse reported improper input validation to the SOAPParameter objectconstructor leading to an integer overflow and controllable heapcorruption. Malicious JavaScript could be written to utilize this flaw andcould allow arbitrary code execution. The Common Vulnerabilities andExposures project (cve.mitre.org) has assigned the name CAN-2004-0722 tothis issue.During a source code audit, Chris Evans discovered a buffer overflow andinteger overflows which affect the libpng code inside Mozilla. An attackercould create a carefully crafted PNG file in such a way that it would causeMozilla to crash or execute arbitrary code when the image was viewed.(CAN-2004-0597, CAN-2004-0599)Zen Parse reported a flaw in the POP3 capability. A malicious POP3 servercould send a carefully crafted response that would cause a heap overflowand potentially allow execution of arbitrary code as the user runningMozilla. (CAN-2004-0757)Marcel Boesch found a flaw that allows a CA certificate to be imported witha DN the same as that of the built-in CA root certificates, which can causea denial of service to SSL pages, as the malicious certificate is treatedas invalid. (CAN-2004-0758)Met - Martin Hassman reported a flaw in Mozilla that could allow maliciousJavascript code to upload local files from a users machine withoutrequiring confirmation. (CAN-2004-0759)Mindlock Security reported a flaw in ftp URI handling. By using a NULLcharacter (%00) in a ftp URI, Mozilla can be confused into opening aresource as a different MIME type. (CAN-2004-0760)Mozilla does not properly prevent a frame in one domain from injectingcontent into a frame that belongs to another domain, which facilitateswebsite spoofing and other attacks, also known as the frame injectionvulnerability. (CAN-2004-0718)Tolga Tarhan reported a flaw that can allow a malicious webpage to use aredirect sequence to spoof the security lock icon that makes a webpageappear to be encrypted. (CAN-2004-0761)Jesse Ruderman reported a security issue that affects a number of browsersincluding Mozilla that could allow malicious websites to install arbitraryextensions by using interactive events to manipulate the XPInstall Securitydialog box. (CAN-2004-0762)Emmanouel Kellinis discovered a caching flaw in Mozilla which allowsmalicious websites to spoof certificates of trusted websites viaredirects and Javascript that uses the "onunload" method. (CAN-2004-0763)Mozilla allowed malicious websites to hijack the user interface via the"chrome" flag and XML User Interface Language (XUL) files. (CAN-2004-0764)The cert_TestHostName function in Mozilla only checks the hostname portionof a certificate when the hostname portion of the URI is not a fullyqualified domain name (FQDN). This flaw could be used for spoofing if anattacker had control of machines on a default DNS search path. (CAN-2004-0765)All users are advised to update to these erratum packages which contain asnapshot of Mozilla 1.4.3 including backported fixes and are not vulnerableto these issues.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
127338 - CAN-2004-0718 frame injection (spoofing) vuln in Mozilla before 1.7 127186 - CAN-2004-0758 Overriding built-in certificate leading to error -8182 (DoS), especially exploitable by email
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
7e094aa0324b56f4fba3ede27ae1b19b galeon-1.2.13-3.2.1.src.rpm
66fcc1e820208b3024de369469250df5 mozilla-1.4.3-2.1.2.src.rpm
i386: d170284b6a6d01f85ee974bb6c984390 galeon-1.2.13-3.2.1.i386.rpm 57a81a30a9d79e77adec334f96e7cea9 mozilla-1.4.3-2.1.2.i386.rpm fa6d63828129887e1cc3c42df47e4190 mozilla-chat-1.4.3-2.1.2.i386.rpm b13cb1114fa16a75fd81c6cb504db17e mozilla-devel-1.4.3-2.1.2.i386.rpm 9d4714cbd6c2077efa557430b8b89b63 mozilla-dom-inspector-1.4.3-2.1.2.i386.rpm 01686edf59fa5945b8f9ae69fa4ac5c0 mozilla-js-debugger-1.4.3-2.1.2.i386.rpm 623213465b181f6fb14698e73f9a6a89 mozilla-mail-1.4.3-2.1.2.i386.rpm 68cb569585436ce430c4aee335c01d4e mozilla-nspr-1.4.3-2.1.2.i386.rpm 3c4e08b8106d4718c30fcf06e7633abc mozilla-nspr-devel-1.4.3-2.1.2.i386.rpm 494563d83a7b6a77642c73986d50092c mozilla-nss-1.4.3-2.1.2.i386.rpm fb6f0a11c5312f7822055f45c35435f2 mozilla-nss-devel-1.4.3-2.1.2.i386.rpm
ia64: e13f36d06fa5714337e074fca3a7a211 galeon-1.2.13-3.2.1.ia64.rpm 7841dd11df85a69d6e03a3c4730e987c mozilla-1.4.3-2.1.2.ia64.rpm b022a33b0ad1715f363b8e2be245e704 mozilla-chat-1.4.3-2.1.2.ia64.rpm 73599c671b8d07d86a82ae4006aeb184 mozilla-devel-1.4.3-2.1.2.ia64.rpm bb57be095e37a959e8a9216820dd2fd9 mozilla-dom-inspector-1.4.3-2.1.2.ia64.rpm 0879b99da78ee8393577ca3b17c3c95c mozilla-js-debugger-1.4.3-2.1.2.ia64.rpm c018093969ef4ae1e26f203a67e74d87 mozilla-mail-1.4.3-2.1.2.ia64.rpm e1fe8f1eeff222e7d1cd35d305a20e4d mozilla-nspr-1.4.3-2.1.2.ia64.rpm 93e2cac5380515450b5201ef082fe427 mozilla-nspr-devel-1.4.3-2.1.2.ia64.rpm afe930bc2c9d6174754b79d9119bc77d mozilla-nss-1.4.3-2.1.2.ia64.rpm 1413ffceb82030a07863e79917c8d3ea mozilla-nss-devel-1.4.3-2.1.2.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
7e094aa0324b56f4fba3ede27ae1b19b galeon-1.2.13-3.2.1.src.rpm
66fcc1e820208b3024de369469250df5 mozilla-1.4.3-2.1.2.src.rpm
ia64: e13f36d06fa5714337e074fca3a7a211 galeon-1.2.13-3.2.1.ia64.rpm 7841dd11df85a69d6e03a3c4730e987c mozilla-1.4.3-2.1.2.ia64.rpm b022a33b0ad1715f363b8e2be245e704 mozilla-chat-1.4.3-2.1.2.ia64.rpm 73599c671b8d07d86a82ae4006aeb184 mozilla-devel-1.4.3-2.1.2.ia64.rpm bb57be095e37a959e8a9216820dd2fd9 mozilla-dom-inspector-1.4.3-2.1.2.ia64.rpm 0879b99da78ee8393577ca3b17c3c95c mozilla-js-debugger-1.4.3-2.1.2.ia64.rpm c018093969ef4ae1e26f203a67e74d87 mozilla-mail-1.4.3-2.1.2.ia64.rpm e1fe8f1eeff222e7d1cd35d305a20e4d mozilla-nspr-1.4.3-2.1.2.ia64.rpm 93e2cac5380515450b5201ef082fe427 mozilla-nspr-devel-1.4.3-2.1.2.ia64.rpm afe930bc2c9d6174754b79d9119bc77d mozilla-nss-1.4.3-2.1.2.ia64.rpm 1413ffceb82030a07863e79917c8d3ea mozilla-nss-devel-1.4.3-2.1.2.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
7e094aa0324b56f4fba3ede27ae1b19b galeon-1.2.13-3.2.1.src.rpm
66fcc1e820208b3024de369469250df5 mozilla-1.4.3-2.1.2.src.rpm
i386: d170284b6a6d01f85ee974bb6c984390 galeon-1.2.13-3.2.1.i386.rpm 57a81a30a9d79e77adec334f96e7cea9 mozilla-1.4.3-2.1.2.i386.rpm fa6d63828129887e1cc3c42df47e4190 mozilla-chat-1.4.3-2.1.2.i386.rpm b13cb1114fa16a75fd81c6cb504db17e mozilla-devel-1.4.3-2.1.2.i386.rpm 9d4714cbd6c2077efa557430b8b89b63 mozilla-dom-inspector-1.4.3-2.1.2.i386.rpm 01686edf59fa5945b8f9ae69fa4ac5c0 mozilla-js-debugger-1.4.3-2.1.2.i386.rpm 623213465b181f6fb14698e73f9a6a89 mozilla-mail-1.4.3-2.1.2.i386.rpm 68cb569585436ce430c4aee335c01d4e mozilla-nspr-1.4.3-2.1.2.i386.rpm 3c4e08b8106d4718c30fcf06e7633abc mozilla-nspr-devel-1.4.3-2.1.2.i386.rpm 494563d83a7b6a77642c73986d50092c mozilla-nss-1.4.3-2.1.2.i386.rpm fb6f0a11c5312f7822055f45c35435f2 mozilla-nss-devel-1.4.3-2.1.2.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
7e094aa0324b56f4fba3ede27ae1b19b galeon-1.2.13-3.2.1.src.rpm
66fcc1e820208b3024de369469250df5 mozilla-1.4.3-2.1.2.src.rpm
i386: d170284b6a6d01f85ee974bb6c984390 galeon-1.2.13-3.2.1.i386.rpm 57a81a30a9d79e77adec334f96e7cea9 mozilla-1.4.3-2.1.2.i386.rpm fa6d63828129887e1cc3c42df47e4190 mozilla-chat-1.4.3-2.1.2.i386.rpm b13cb1114fa16a75fd81c6cb504db17e mozilla-devel-1.4.3-2.1.2.i386.rpm 9d4714cbd6c2077efa557430b8b89b63 mozilla-dom-inspector-1.4.3-2.1.2.i386.rpm 01686edf59fa5945b8f9ae69fa4ac5c0 mozilla-js-debugger-1.4.3-2.1.2.i386.rpm 623213465b181f6fb14698e73f9a6a89 mozilla-mail-1.4.3-2.1.2.i386.rpm 68cb569585436ce430c4aee335c01d4e mozilla-nspr-1.4.3-2.1.2.i386.rpm 3c4e08b8106d4718c30fcf06e7633abc mozilla-nspr-devel-1.4.3-2.1.2.i386.rpm 494563d83a7b6a77642c73986d50092c mozilla-nss-1.4.3-2.1.2.i386.rpm fb6f0a11c5312f7822055f45c35435f2 mozilla-nss-devel-1.4.3-2.1.2.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
a8fef126836c7ea73c80ac7e2792e142 mozilla-1.4.3-3.0.2.src.rpm
i386: 76e94d5ea03f131a723c97207297ee1b mozilla-1.4.3-3.0.2.i386.rpm 75c2959a065a6b6ae8c90b56165e43a6 mozilla-chat-1.4.3-3.0.2.i386.rpm 6c90c0a77bdbee2cb0d84be83fead1b1 mozilla-devel-1.4.3-3.0.2.i386.rpm 58b9cfad95dfc69d1e0d80a23f383ad4 mozilla-dom-inspector-1.4.3-3.0.2.i386.rpm 431ed1323ae5217a0b31dc1f1bcca1bd mozilla-js-debugger-1.4.3-3.0.2.i386.rpm 3a95aa702f1cc2205c10b957c3fd452e mozilla-mail-1.4.3-3.0.2.i386.rpm 2877a54a8c7a2de5fe58b39ee626d214 mozilla-nspr-1.4.3-3.0.2.i386.rpm 46ccae94f0269a2b92d2b4a5d5dcd480 mozilla-nspr-devel-1.4.3-3.0.2.i386.rpm 545d3867e6077c15f64aa5ee192c8d43 mozilla-nss-1.4.3-3.0.2.i386.rpm f3fccea16c2bed1be5038399d0c42bad mozilla-nss-devel-1.4.3-3.0.2.i386.rpm
ia64: 7493acb019f4cc706b6cf952444a975a mozilla-1.4.3-3.0.2.ia64.rpm 542bb7e67ff4eba5ed228e5db5a78f25 mozilla-chat-1.4.3-3.0.2.ia64.rpm d5cbf0f7c03d71ed0c51a27430fe7f60 mozilla-devel-1.4.3-3.0.2.ia64.rpm 049bbde10a886f65d539579a311a24af mozilla-dom-inspector-1.4.3-3.0.2.ia64.rpm 1c96bbc0bbbf649e3a851b0295694847 mozilla-js-debugger-1.4.3-3.0.2.ia64.rpm cea7a67877727f4436ac554408db7832 mozilla-mail-1.4.3-3.0.2.ia64.rpm 28047d1dd3264f882f9c4f8a7b628910 mozilla-nspr-1.4.3-3.0.2.ia64.rpm a903c680602a74dd0feaeb12b6cc32ec mozilla-nspr-devel-1.4.3-3.0.2.ia64.rpm d3ff697bca53a52fe164614d77432046 mozilla-nss-1.4.3-3.0.2.ia64.rpm 7cd4e05706eb4b4b57f5eca3f1bc470f mozilla-nss-devel-1.4.3-3.0.2.ia64.rpm
ppc: e2d78f6aac22bfbcb825867dbac82ebb mozilla-1.4.3-3.0.2.ppc.rpm b61167a98f8673f8f3f03ae28a50bc92 mozilla-chat-1.4.3-3.0.2.ppc.rpm d0fb8b199c689e7c8b214f3e0ec962c3 mozilla-devel-1.4.3-3.0.2.ppc.rpm 53a571868dad0c9d3672013fb406570a mozilla-dom-inspector-1.4.3-3.0.2.ppc.rpm 734e3f74f8592e2fd94e2dd257e01095 mozilla-js-debugger-1.4.3-3.0.2.ppc.rpm 82ac07ab7ef497194c65f7251cb62e33 mozilla-mail-1.4.3-3.0.2.ppc.rpm 398540c49c50030cbad5b4b9e96c783b mozilla-nspr-1.4.3-3.0.2.ppc.rpm d022b91ac348e6077625be5dc83b35dc mozilla-nspr-devel-1.4.3-3.0.2.ppc.rpm 271be6a6ba49964733a28e0dc9f07378 mozilla-nss-1.4.3-3.0.2.ppc.rpm ce1b77ddb74d136ec38330cc11b7f54d mozilla-nss-devel-1.4.3-3.0.2.ppc.rpm
s390: 19ad37a2396c2776175d0e59662a7652 mozilla-1.4.3-3.0.2.s390.rpm 4baac171cf9ba457f1c3faf8f03b88cf mozilla-chat-1.4.3-3.0.2.s390.rpm 2ec9bd8e61073a3f6056e9cecc419ba3 mozilla-devel-1.4.3-3.0.2.s390.rpm 32a1d2e1c29ea3b094f35164710cfc0e mozilla-dom-inspector-1.4.3-3.0.2.s390.rpm 8e977a243825a35ee77e22ed651bd499 mozilla-js-debugger-1.4.3-3.0.2.s390.rpm e4afa3661f104caa24079761af089dbb mozilla-mail-1.4.3-3.0.2.s390.rpm 18f0e4b19190656df0eab0c98121a067 mozilla-nspr-1.4.3-3.0.2.s390.rpm cf3ac9649c38000fca54d319d546e298 mozilla-nspr-devel-1.4.3-3.0.2.s390.rpm 695903fa5cbe21f7aa7e54fca237bcc0 mozilla-nss-1.4.3-3.0.2.s390.rpm 3d50c59229138d886971374d92d2927c mozilla-nss-devel-1.4.3-3.0.2.s390.rpm
s390x: d7b8a517df946cc4e1872468882eb28d mozilla-1.4.3-3.0.2.s390x.rpm 79bf2338e9d3c6e3835137ba58db84b8 mozilla-chat-1.4.3-3.0.2.s390x.rpm c88a798cf6b3143d98e7ea35d7e4c463 mozilla-devel-1.4.3-3.0.2.s390x.rpm b76f9cc6c0c17568799c06630b6b66c9 mozilla-dom-inspector-1.4.3-3.0.2.s390x.rpm ced9955739e509de217dab3e193b603d mozilla-js-debugger-1.4.3-3.0.2.s390x.rpm a360c8ef42f27b4b19cd4447833cd6a7 mozilla-mail-1.4.3-3.0.2.s390x.rpm 8bba98c72a31e16541f9a34b6cfd4f8c mozilla-nspr-1.4.3-3.0.2.s390x.rpm 0870ce645aab9d015c68921ebee5fa1a mozilla-nspr-devel-1.4.3-3.0.2.s390x.rpm 82f324eb81988b15db97cc44bcc187f8 mozilla-nss-1.4.3-3.0.2.s390x.rpm e95e7faa635d02ce0be4f3b019dc106a mozilla-nss-devel-1.4.3-3.0.2.s390x.rpm
x86_64: 809d992f5b8de1d8d2929d853b01069a mozilla-1.4.3-3.0.2.x86_64.rpm 0c4b1fd1560188277950e7df67e0c1a5 mozilla-chat-1.4.3-3.0.2.x86_64.rpm 353be79ae25e35d1768f98c21fba07b0 mozilla-devel-1.4.3-3.0.2.x86_64.rpm 6f29bdc0c13bdf52db9103d979eb0a19 mozilla-dom-inspector-1.4.3-3.0.2.x86_64.rpm ea25530cfeb09b9ddb2fdcd4f270b9b4 mozilla-js-debugger-1.4.3-3.0.2.x86_64.rpm 86ed3c2207a0745275720a87520cf249 mozilla-mail-1.4.3-3.0.2.x86_64.rpm caf8df9aa11bf0eed5d3ca3ee4d4c3fe mozilla-nspr-1.4.3-3.0.2.x86_64.rpm a061fd746ad180573d640051e2cf0f92 mozilla-nspr-devel-1.4.3-3.0.2.x86_64.rpm 4139bc49b0a141edac659b62a27c7322 mozilla-nss-1.4.3-3.0.2.x86_64.rpm 9df3f9b35276f8c0bb54f3a45a994668 mozilla-nss-devel-1.4.3-3.0.2.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
a8fef126836c7ea73c80ac7e2792e142 mozilla-1.4.3-3.0.2.src.rpm
i386: 76e94d5ea03f131a723c97207297ee1b mozilla-1.4.3-3.0.2.i386.rpm 75c2959a065a6b6ae8c90b56165e43a6 mozilla-chat-1.4.3-3.0.2.i386.rpm 6c90c0a77bdbee2cb0d84be83fead1b1 mozilla-devel-1.4.3-3.0.2.i386.rpm 58b9cfad95dfc69d1e0d80a23f383ad4 mozilla-dom-inspector-1.4.3-3.0.2.i386.rpm 431ed1323ae5217a0b31dc1f1bcca1bd mozilla-js-debugger-1.4.3-3.0.2.i386.rpm 3a95aa702f1cc2205c10b957c3fd452e mozilla-mail-1.4.3-3.0.2.i386.rpm 2877a54a8c7a2de5fe58b39ee626d214 mozilla-nspr-1.4.3-3.0.2.i386.rpm 46ccae94f0269a2b92d2b4a5d5dcd480 mozilla-nspr-devel-1.4.3-3.0.2.i386.rpm 545d3867e6077c15f64aa5ee192c8d43 mozilla-nss-1.4.3-3.0.2.i386.rpm f3fccea16c2bed1be5038399d0c42bad mozilla-nss-devel-1.4.3-3.0.2.i386.rpm
x86_64: 809d992f5b8de1d8d2929d853b01069a mozilla-1.4.3-3.0.2.x86_64.rpm 0c4b1fd1560188277950e7df67e0c1a5 mozilla-chat-1.4.3-3.0.2.x86_64.rpm 353be79ae25e35d1768f98c21fba07b0 mozilla-devel-1.4.3-3.0.2.x86_64.rpm 6f29bdc0c13bdf52db9103d979eb0a19 mozilla-dom-inspector-1.4.3-3.0.2.x86_64.rpm ea25530cfeb09b9ddb2fdcd4f270b9b4 mozilla-js-debugger-1.4.3-3.0.2.x86_64.rpm 86ed3c2207a0745275720a87520cf249 mozilla-mail-1.4.3-3.0.2.x86_64.rpm caf8df9aa11bf0eed5d3ca3ee4d4c3fe mozilla-nspr-1.4.3-3.0.2.x86_64.rpm a061fd746ad180573d640051e2cf0f92 mozilla-nspr-devel-1.4.3-3.0.2.x86_64.rpm 4139bc49b0a141edac659b62a27c7322 mozilla-nss-1.4.3-3.0.2.x86_64.rpm 9df3f9b35276f8c0bb54f3a45a994668 mozilla-nss-devel-1.4.3-3.0.2.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
a8fef126836c7ea73c80ac7e2792e142 mozilla-1.4.3-3.0.2.src.rpm
i386: 76e94d5ea03f131a723c97207297ee1b mozilla-1.4.3-3.0.2.i386.rpm 75c2959a065a6b6ae8c90b56165e43a6 mozilla-chat-1.4.3-3.0.2.i386.rpm 6c90c0a77bdbee2cb0d84be83fead1b1 mozilla-devel-1.4.3-3.0.2.i386.rpm 58b9cfad95dfc69d1e0d80a23f383ad4 mozilla-dom-inspector-1.4.3-3.0.2.i386.rpm 431ed1323ae5217a0b31dc1f1bcca1bd mozilla-js-debugger-1.4.3-3.0.2.i386.rpm 3a95aa702f1cc2205c10b957c3fd452e mozilla-mail-1.4.3-3.0.2.i386.rpm 2877a54a8c7a2de5fe58b39ee626d214 mozilla-nspr-1.4.3-3.0.2.i386.rpm 46ccae94f0269a2b92d2b4a5d5dcd480 mozilla-nspr-devel-1.4.3-3.0.2.i386.rpm 545d3867e6077c15f64aa5ee192c8d43 mozilla-nss-1.4.3-3.0.2.i386.rpm f3fccea16c2bed1be5038399d0c42bad mozilla-nss-devel-1.4.3-3.0.2.i386.rpm
ia64: 7493acb019f4cc706b6cf952444a975a mozilla-1.4.3-3.0.2.ia64.rpm 542bb7e67ff4eba5ed228e5db5a78f25 mozilla-chat-1.4.3-3.0.2.ia64.rpm d5cbf0f7c03d71ed0c51a27430fe7f60 mozilla-devel-1.4.3-3.0.2.ia64.rpm 049bbde10a886f65d539579a311a24af mozilla-dom-inspector-1.4.3-3.0.2.ia64.rpm 1c96bbc0bbbf649e3a851b0295694847 mozilla-js-debugger-1.4.3-3.0.2.ia64.rpm cea7a67877727f4436ac554408db7832 mozilla-mail-1.4.3-3.0.2.ia64.rpm 28047d1dd3264f882f9c4f8a7b628910 mozilla-nspr-1.4.3-3.0.2.ia64.rpm a903c680602a74dd0feaeb12b6cc32ec mozilla-nspr-devel-1.4.3-3.0.2.ia64.rpm d3ff697bca53a52fe164614d77432046 mozilla-nss-1.4.3-3.0.2.ia64.rpm 7cd4e05706eb4b4b57f5eca3f1bc470f mozilla-nss-devel-1.4.3-3.0.2.ia64.rpm
x86_64: 809d992f5b8de1d8d2929d853b01069a mozilla-1.4.3-3.0.2.x86_64.rpm 0c4b1fd1560188277950e7df67e0c1a5 mozilla-chat-1.4.3-3.0.2.x86_64.rpm 353be79ae25e35d1768f98c21fba07b0 mozilla-devel-1.4.3-3.0.2.x86_64.rpm 6f29bdc0c13bdf52db9103d979eb0a19 mozilla-dom-inspector-1.4.3-3.0.2.x86_64.rpm ea25530cfeb09b9ddb2fdcd4f270b9b4 mozilla-js-debugger-1.4.3-3.0.2.x86_64.rpm 86ed3c2207a0745275720a87520cf249 mozilla-mail-1.4.3-3.0.2.x86_64.rpm caf8df9aa11bf0eed5d3ca3ee4d4c3fe mozilla-nspr-1.4.3-3.0.2.x86_64.rpm a061fd746ad180573d640051e2cf0f92 mozilla-nspr-devel-1.4.3-3.0.2.x86_64.rpm 4139bc49b0a141edac659b62a27c7322 mozilla-nss-1.4.3-3.0.2.x86_64.rpm 9df3f9b35276f8c0bb54f3a45a994668 mozilla-nss-devel-1.4.3-3.0.2.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
a8fef126836c7ea73c80ac7e2792e142 mozilla-1.4.3-3.0.2.src.rpm
i386: 76e94d5ea03f131a723c97207297ee1b mozilla-1.4.3-3.0.2.i386.rpm 75c2959a065a6b6ae8c90b56165e43a6 mozilla-chat-1.4.3-3.0.2.i386.rpm 6c90c0a77bdbee2cb0d84be83fead1b1 mozilla-devel-1.4.3-3.0.2.i386.rpm 58b9cfad95dfc69d1e0d80a23f383ad4 mozilla-dom-inspector-1.4.3-3.0.2.i386.rpm 431ed1323ae5217a0b31dc1f1bcca1bd mozilla-js-debugger-1.4.3-3.0.2.i386.rpm 3a95aa702f1cc2205c10b957c3fd452e mozilla-mail-1.4.3-3.0.2.i386.rpm 2877a54a8c7a2de5fe58b39ee626d214 mozilla-nspr-1.4.3-3.0.2.i386.rpm 46ccae94f0269a2b92d2b4a5d5dcd480 mozilla-nspr-devel-1.4.3-3.0.2.i386.rpm 545d3867e6077c15f64aa5ee192c8d43 mozilla-nss-1.4.3-3.0.2.i386.rpm f3fccea16c2bed1be5038399d0c42bad mozilla-nss-devel-1.4.3-3.0.2.i386.rpm
ia64: 7493acb019f4cc706b6cf952444a975a mozilla-1.4.3-3.0.2.ia64.rpm 542bb7e67ff4eba5ed228e5db5a78f25 mozilla-chat-1.4.3-3.0.2.ia64.rpm d5cbf0f7c03d71ed0c51a27430fe7f60 mozilla-devel-1.4.3-3.0.2.ia64.rpm 049bbde10a886f65d539579a311a24af mozilla-dom-inspector-1.4.3-3.0.2.ia64.rpm 1c96bbc0bbbf649e3a851b0295694847 mozilla-js-debugger-1.4.3-3.0.2.ia64.rpm cea7a67877727f4436ac554408db7832 mozilla-mail-1.4.3-3.0.2.ia64.rpm 28047d1dd3264f882f9c4f8a7b628910 mozilla-nspr-1.4.3-3.0.2.ia64.rpm a903c680602a74dd0feaeb12b6cc32ec mozilla-nspr-devel-1.4.3-3.0.2.ia64.rpm d3ff697bca53a52fe164614d77432046 mozilla-nss-1.4.3-3.0.2.ia64.rpm 7cd4e05706eb4b4b57f5eca3f1bc470f mozilla-nss-devel-1.4.3-3.0.2.ia64.rpm
x86_64: 809d992f5b8de1d8d2929d853b01069a mozilla-1.4.3-3.0.2.x86_64.rpm 0c4b1fd1560188277950e7df67e0c1a5 mozilla-chat-1.4.3-3.0.2.x86_64.rpm 353be79ae25e35d1768f98c21fba07b0 mozilla-devel-1.4.3-3.0.2.x86_64.rpm 6f29bdc0c13bdf52db9103d979eb0a19 mozilla-dom-inspector-1.4.3-3.0.2.x86_64.rpm ea25530cfeb09b9ddb2fdcd4f270b9b4 mozilla-js-debugger-1.4.3-3.0.2.x86_64.rpm 86ed3c2207a0745275720a87520cf249 mozilla-mail-1.4.3-3.0.2.x86_64.rpm caf8df9aa11bf0eed5d3ca3ee4d4c3fe mozilla-nspr-1.4.3-3.0.2.x86_64.rpm a061fd746ad180573d640051e2cf0f92 mozilla-nspr-devel-1.4.3-3.0.2.x86_64.rpm 4139bc49b0a141edac659b62a27c7322 mozilla-nss-1.4.3-3.0.2.x86_64.rpm 9df3f9b35276f8c0bb54f3a45a994668 mozilla-nss-devel-1.4.3-3.0.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from

References

236618 - Netscape SOAPParameter Constructor Integer Overflow Vulnerability 251381 - new libpng buffer overflow vulnerabilities 229374 - more to do for bug #157644... 249004 - Importing false CA certificate leading to error -8182 (perm DoS), especially exploitable by email 241924 - Mozilla can upload files without user confirmation 250906 - null (%00) in filename fakes extension (ftp, file) 246448 - can spoof framed sites by changing frame contents 240053 - SSL Certificate Spoof -- Allows malicious page to present SSL certificate from another site 162020 - pop up XPInstall/security dialog when user is about to click 253121 - lock icon and certificates spoofable with onunload document.write 244965 - Untrusted web content can display content using "chrome" flag in window.open 234058 - Certificate name matching for non-FQDNs is insecure CVE -CVE-2004-0597 CVE -CVE-2004-0599 CVE -CVE-2004-0718 CVE -CVE-2004-0722 CVE -CVE-2004-0757 CVE -CVE-2004-0758 CVE -CVE-2004-0759 CVE -CVE-2004-0760 CVE -CVE-2004-0761 CVE -CVE-2004-0762 CVE -CVE-2004-0763 CVE -CVE-2004-0764 CVE -CVE-2004-0765

Package List


Severity
Advisory ID: RHSA-2004:421-01
Issued Date: : 2004-08-04
Updated on: 2004-08-04
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0597 CAN-2004-0599 CAN-2004-0718 CAN-2004-0722 CAN-2004-0757 CAN-2004-0758 CAN-2004-0759 CAN-2004-0760 CAN-2004-0761 CAN-2004-0762 CAN-2004-0763 CAN-2004-0764 CAN-2004-0765

Topic

Updated mozilla packages based on version 1.4.3 that fix a number ofsecurity issues for Red Hat Enterprise Linux are now available.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64


Bugs Fixed


Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved