- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Critical: mozilla security update
Advisory ID:       RHSA-2005:323-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2005:323.html
Issue date:        2005-03-23
Updated on:        2005-03-23
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0906 CAN-2004-1380 CAN-2004-1613 CAN-2005-0141 CAN-2005-0144 CAN-2005-0147 CAN-2005-0149 CAN-2005-0232 CAN-2005-0399
- ---------------------------------------------------------------------1. Summary:

Updated mozilla packages that fix various bugs are now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

A buffer overflow bug was found in the way Mozilla processes GIF images. It
is possible for an attacker to create a specially crafted GIF image, which
when viewed by a victim will execute arbitrary code as the victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0399 to this issue.

A bug was found in the way Mozilla displays dialog windows. It is possible
that a malicious web page which is being displayed in a background tab
could present the user with a dialog window appearing to come from the
active page. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1380 to this issue.

A bug was found in the way Firefox allowed plug-ins to load privileged
content into a frame. It is possible that a malicious webpage could trick a
user into clicking in certain places to modify configuration settings or
execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0232 to this issue.

A bug was found in the way Mozilla Mail handles cookies when loading
content over HTTP regardless of the user's preference. It is possible that
a particular user could be tracked through the use of malicious mail
messages which load content over HTTP. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0149 to
this issue.

A bug was found in the way Mozilla responds to proxy auth requests. It is
possible for a malicious webserver to steal credentials from a victims
browser by issuing a 407 proxy authentication request. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0147 to this issue.

A bug was found in the way Mozilla handles certain start tags followed by a
NULL character.  A malicious web page could cause Mozilla to crash when
viewed by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1613 to this issue.

A bug was found in the way Mozilla sets file permissions when installing
XPI packages.  It is possible for an XPI package to install some files
world readable or writable, allowing a malicious local user to steal
information or execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0906 to
this issue.

A bug was found in the way Mozilla loads links in a new tab which are
middle clicked. A malicious web page could read local files or modify
privileged chrom settings. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0141 to this issue.

A bug was found in the way Mozilla displays the secure site icon. A
malicious web page can use a view-source URL targetted at a secure page,
while loading an insecure page, yet the secure site icon shows the previous
secure state. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0144 to this issue.

Users of Mozilla are advised to upgrade to this updated package which
contains Mozilla version 1.4.4 and additional backported patches to correct
these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

145597 - CAN-2005-0141 Link opened in new tab can load a local file
145609 - CAN-2005-0144 Secure site lock can be spoofed with view-source:
145610 - CAN-2004-1380 Input stealing from other tabs (CAN-2004-1381)
145614 - CAN-2005-0147 Browser responds to proxy auth request from non-proxy server (ssl/https)
145615 - CAN-2005-0149 Mail responds to cookie requests
151209 - 
151492 - CAN-2004-1613 Mozilla start tag NULL character DoS
151494 - CAN-2004-0906 Mozilla XPI installer insecure file creation
151496 - CAN-2005-0232 fireflashing vulnerability (CAN-2005-0527)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
bfa6d2b47049ca23b8b8b320749b7ea2  galeon-1.2.13-6.2.1.src.rpm
492ba66de02ce249a94226f7da5cb1a8  mozilla-1.4.4-1.2.3.src.rpm

i386:
640ead171aa0fc4cdf6367e63df5652c  galeon-1.2.13-6.2.1.i386.rpm
6f3df40d9ceea897b0b4d6bbcf08f32f  mozilla-1.4.4-1.2.3.i386.rpm
1b885fa495058785d4d726c52119ef6e  mozilla-chat-1.4.4-1.2.3.i386.rpm
af7ed1e862811a591b6d70df4c21ee95  mozilla-devel-1.4.4-1.2.3.i386.rpm
ae51fad443b9f7f86019f9da87534499  mozilla-dom-inspector-1.4.4-1.2.3.i386.rpm
b5f9b2fd48e520c0548024f062d3be4a  mozilla-js-debugger-1.4.4-1.2.3.i386.rpm
26f5a720479169d6ee2618a1df2876cf  mozilla-mail-1.4.4-1.2.3.i386.rpm
53988d7daa3f6b92dbbf8a4638fde336  mozilla-nspr-1.4.4-1.2.3.i386.rpm
fd1a43ab2e3dfa370989a2806ee7fa10  mozilla-nspr-devel-1.4.4-1.2.3.i386.rpm
38851672d0ec94d06447bf082cf58d96  mozilla-nss-1.4.4-1.2.3.i386.rpm
6e826549e1c1526af249034bd6c3de26  mozilla-nss-devel-1.4.4-1.2.3.i386.rpm

ia64:
32ad65318604c36cf95b25f2124ec223  galeon-1.2.13-6.2.1.ia64.rpm
6cb59d01995e11204ab23a54568c9f9f  mozilla-1.4.4-1.2.3.ia64.rpm
1f25d7f9d3c80cade1f8efd8b0ee98b7  mozilla-chat-1.4.4-1.2.3.ia64.rpm
01cc33ec4c371a843a411ac869f94ca0  mozilla-devel-1.4.4-1.2.3.ia64.rpm
5d779ebb2e5dab692710ca931fed6f79  mozilla-dom-inspector-1.4.4-1.2.3.ia64.rpm
2fc3624b90c331946afdf14352711f27  mozilla-js-debugger-1.4.4-1.2.3.ia64.rpm
e20163a2bc4cb9237735bebb5949bd09  mozilla-mail-1.4.4-1.2.3.ia64.rpm
280721615940ff5cf20592b0aff50cd3  mozilla-nspr-1.4.4-1.2.3.ia64.rpm
dedc936c50f2d93712a1a85ed391fb49  mozilla-nspr-devel-1.4.4-1.2.3.ia64.rpm
bb0524cc191752bbd6c1e4380d978640  mozilla-nss-1.4.4-1.2.3.ia64.rpm
62c1a1ebb38cc6374697247699c121df  mozilla-nss-devel-1.4.4-1.2.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
bfa6d2b47049ca23b8b8b320749b7ea2  galeon-1.2.13-6.2.1.src.rpm
492ba66de02ce249a94226f7da5cb1a8  mozilla-1.4.4-1.2.3.src.rpm

ia64:
32ad65318604c36cf95b25f2124ec223  galeon-1.2.13-6.2.1.ia64.rpm
6cb59d01995e11204ab23a54568c9f9f  mozilla-1.4.4-1.2.3.ia64.rpm
1f25d7f9d3c80cade1f8efd8b0ee98b7  mozilla-chat-1.4.4-1.2.3.ia64.rpm
01cc33ec4c371a843a411ac869f94ca0  mozilla-devel-1.4.4-1.2.3.ia64.rpm
5d779ebb2e5dab692710ca931fed6f79  mozilla-dom-inspector-1.4.4-1.2.3.ia64.rpm
2fc3624b90c331946afdf14352711f27  mozilla-js-debugger-1.4.4-1.2.3.ia64.rpm
e20163a2bc4cb9237735bebb5949bd09  mozilla-mail-1.4.4-1.2.3.ia64.rpm
280721615940ff5cf20592b0aff50cd3  mozilla-nspr-1.4.4-1.2.3.ia64.rpm
dedc936c50f2d93712a1a85ed391fb49  mozilla-nspr-devel-1.4.4-1.2.3.ia64.rpm
bb0524cc191752bbd6c1e4380d978640  mozilla-nss-1.4.4-1.2.3.ia64.rpm
62c1a1ebb38cc6374697247699c121df  mozilla-nss-devel-1.4.4-1.2.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
bfa6d2b47049ca23b8b8b320749b7ea2  galeon-1.2.13-6.2.1.src.rpm
492ba66de02ce249a94226f7da5cb1a8  mozilla-1.4.4-1.2.3.src.rpm

i386:
640ead171aa0fc4cdf6367e63df5652c  galeon-1.2.13-6.2.1.i386.rpm
6f3df40d9ceea897b0b4d6bbcf08f32f  mozilla-1.4.4-1.2.3.i386.rpm
1b885fa495058785d4d726c52119ef6e  mozilla-chat-1.4.4-1.2.3.i386.rpm
af7ed1e862811a591b6d70df4c21ee95  mozilla-devel-1.4.4-1.2.3.i386.rpm
ae51fad443b9f7f86019f9da87534499  mozilla-dom-inspector-1.4.4-1.2.3.i386.rpm
b5f9b2fd48e520c0548024f062d3be4a  mozilla-js-debugger-1.4.4-1.2.3.i386.rpm
26f5a720479169d6ee2618a1df2876cf  mozilla-mail-1.4.4-1.2.3.i386.rpm
53988d7daa3f6b92dbbf8a4638fde336  mozilla-nspr-1.4.4-1.2.3.i386.rpm
fd1a43ab2e3dfa370989a2806ee7fa10  mozilla-nspr-devel-1.4.4-1.2.3.i386.rpm
38851672d0ec94d06447bf082cf58d96  mozilla-nss-1.4.4-1.2.3.i386.rpm
6e826549e1c1526af249034bd6c3de26  mozilla-nss-devel-1.4.4-1.2.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
bfa6d2b47049ca23b8b8b320749b7ea2  galeon-1.2.13-6.2.1.src.rpm
492ba66de02ce249a94226f7da5cb1a8  mozilla-1.4.4-1.2.3.src.rpm

i386:
640ead171aa0fc4cdf6367e63df5652c  galeon-1.2.13-6.2.1.i386.rpm
6f3df40d9ceea897b0b4d6bbcf08f32f  mozilla-1.4.4-1.2.3.i386.rpm
1b885fa495058785d4d726c52119ef6e  mozilla-chat-1.4.4-1.2.3.i386.rpm
af7ed1e862811a591b6d70df4c21ee95  mozilla-devel-1.4.4-1.2.3.i386.rpm
ae51fad443b9f7f86019f9da87534499  mozilla-dom-inspector-1.4.4-1.2.3.i386.rpm
b5f9b2fd48e520c0548024f062d3be4a  mozilla-js-debugger-1.4.4-1.2.3.i386.rpm
26f5a720479169d6ee2618a1df2876cf  mozilla-mail-1.4.4-1.2.3.i386.rpm
53988d7daa3f6b92dbbf8a4638fde336  mozilla-nspr-1.4.4-1.2.3.i386.rpm
fd1a43ab2e3dfa370989a2806ee7fa10  mozilla-nspr-devel-1.4.4-1.2.3.i386.rpm
38851672d0ec94d06447bf082cf58d96  mozilla-nss-1.4.4-1.2.3.i386.rpm
6e826549e1c1526af249034bd6c3de26  mozilla-nss-devel-1.4.4-1.2.3.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
56deb276290446e580ffd03b99f00a36  mozilla-1.4.4-1.3.5.src.rpm

i386:
d3b673160835e792151148f10fda5ed6  mozilla-1.4.4-1.3.5.i386.rpm
324e811245840ab2ec24307a4d0e7256  mozilla-chat-1.4.4-1.3.5.i386.rpm
750a4982a9eb9094a65ada2c00caa4a1  mozilla-devel-1.4.4-1.3.5.i386.rpm
98b5256945b2da77115f9a1332222b2e  mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm
02de930daf3662e48bbe40fef64ede15  mozilla-js-debugger-1.4.4-1.3.5.i386.rpm
bc76919e0e6cbbb9d6e3af1d8890ffa9  mozilla-mail-1.4.4-1.3.5.i386.rpm
2ed41ea030dad2f34bf005ab71d1f7a7  mozilla-nspr-1.4.4-1.3.5.i386.rpm
0a92c035db2cabb1d9bcdf6d14e766ac  mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm
140ff2ec99a45e891adfa52c799a1a79  mozilla-nss-1.4.4-1.3.5.i386.rpm
17510499ca4880110cfdb82924a791a7  mozilla-nss-devel-1.4.4-1.3.5.i386.rpm

ia64:
0d7d91dad11ae959d141d18ea19b079c  mozilla-1.4.4-1.3.5.ia64.rpm
fbd29b9381da91a7425c4c1534d7726f  mozilla-chat-1.4.4-1.3.5.ia64.rpm
44edbce53caa6cd7e182232209c5d40b  mozilla-devel-1.4.4-1.3.5.ia64.rpm
482435ed8f2a040e2ec0326909fae3c3  mozilla-dom-inspector-1.4.4-1.3.5.ia64.rpm
532d2fd41430b9455bc3188be7c637c2  mozilla-js-debugger-1.4.4-1.3.5.ia64.rpm
80db174298676c72b910f8c81c2405c3  mozilla-mail-1.4.4-1.3.5.ia64.rpm
f40ffd6e3a1aeee6879ddf049060b151  mozilla-nspr-1.4.4-1.3.5.ia64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7  mozilla-nspr-1.4.4-1.3.5.i386.rpm
03ca5f59bac9685b1eed7870c9f3a5a1  mozilla-nspr-devel-1.4.4-1.3.5.ia64.rpm
604b09728acd2bd90c2331cefd1b6ed0  mozilla-nss-1.4.4-1.3.5.ia64.rpm
140ff2ec99a45e891adfa52c799a1a79  mozilla-nss-1.4.4-1.3.5.i386.rpm
d328d20773f0af370f89a0113844557d  mozilla-nss-devel-1.4.4-1.3.5.ia64.rpm

ppc:
696f7f714ea9bf4e9c85aa76fb05fc43  mozilla-1.4.4-1.3.5.ppc.rpm
e633b0cc0581ba5cb69307dd7c1d3501  mozilla-chat-1.4.4-1.3.5.ppc.rpm
94a938d734de1cca883de9d442b9cf48  mozilla-devel-1.4.4-1.3.5.ppc.rpm
c7b55219bf541e824163e816eeba3d72  mozilla-dom-inspector-1.4.4-1.3.5.ppc.rpm
08b74fe5d8232682ce1f35a0cf75e88e  mozilla-js-debugger-1.4.4-1.3.5.ppc.rpm
0343e582869923b903ed7ae8d56e017a  mozilla-mail-1.4.4-1.3.5.ppc.rpm
ab2df03107e250927edfc3cba6691545  mozilla-nspr-1.4.4-1.3.5.ppc.rpm
b2da2cdfeb834c96805884424791100e  mozilla-nspr-devel-1.4.4-1.3.5.ppc.rpm
ec1ecbe8ca70613e62bfdbbedf079baf  mozilla-nss-1.4.4-1.3.5.ppc.rpm
ba0a5df973bc99840589cddfb616e8ad  mozilla-nss-devel-1.4.4-1.3.5.ppc.rpm

s390:
69c69d46957f35f9569ffbed352e14f6  mozilla-1.4.4-1.3.5.s390.rpm
63180be7a03aad0ca5522eadb7ff1400  mozilla-chat-1.4.4-1.3.5.s390.rpm
b9610f2d1ff6aa38c02cfaad1470f83e  mozilla-devel-1.4.4-1.3.5.s390.rpm
13113afec61e781a5b610e2a04456297  mozilla-dom-inspector-1.4.4-1.3.5.s390.rpm
5a30f4a136abc86024480c40dfadeb6a  mozilla-js-debugger-1.4.4-1.3.5.s390.rpm
c1f3021e4a7c3dcd2acda6a7e5887c54  mozilla-mail-1.4.4-1.3.5.s390.rpm
d324540741c273908a4a00936dbd59b1  mozilla-nspr-1.4.4-1.3.5.s390.rpm
e2d51cbdc8f6fdbf514c1a5be547c8df  mozilla-nspr-devel-1.4.4-1.3.5.s390.rpm
9db13f5be1e758119e136db280f71527  mozilla-nss-1.4.4-1.3.5.s390.rpm
d947f511e8a48536fd2b06ee53a4cabb  mozilla-nss-devel-1.4.4-1.3.5.s390.rpm

s390x:
ff3936f6df6c69f5125ed9f2b2030cc5  mozilla-1.4.4-1.3.5.s390x.rpm
a462bb974a53dd44a3e894b6b343ac7e  mozilla-chat-1.4.4-1.3.5.s390x.rpm
ff84589153c55746448ea1bf219f27ce  mozilla-devel-1.4.4-1.3.5.s390x.rpm
99bf1ba3f5a7ecdb5723f0d8e869414b  mozilla-dom-inspector-1.4.4-1.3.5.s390x.rpm
407ddbbeb04586281f8ffcdbba602d0b  mozilla-js-debugger-1.4.4-1.3.5.s390x.rpm
4472d0efc6042c1ef09219f3952eb942  mozilla-mail-1.4.4-1.3.5.s390x.rpm
c9b3244b5f18e625cbcd5e8e78c4a655  mozilla-nspr-1.4.4-1.3.5.s390x.rpm
d324540741c273908a4a00936dbd59b1  mozilla-nspr-1.4.4-1.3.5.s390.rpm
090e7e4d9e68ee705d8f91e31bfd82b3  mozilla-nspr-devel-1.4.4-1.3.5.s390x.rpm
8d903c5aa0038c9c241eac3e37e99335  mozilla-nss-1.4.4-1.3.5.s390x.rpm
9db13f5be1e758119e136db280f71527  mozilla-nss-1.4.4-1.3.5.s390.rpm
dcc2b2d9dc3499d7235eed6473c6a7fb  mozilla-nss-devel-1.4.4-1.3.5.s390x.rpm

x86_64:
d7497f99749a268d76820f09af460174  mozilla-1.4.4-1.3.5.x86_64.rpm
d3b673160835e792151148f10fda5ed6  mozilla-1.4.4-1.3.5.i386.rpm
3315e273014d7dc28d8363e4e140eca6  mozilla-chat-1.4.4-1.3.5.x86_64.rpm
7841d99372a61f3432a98745f707dff9  mozilla-devel-1.4.4-1.3.5.x86_64.rpm
c7b97fae2a4427bca52878168c0bac31  mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm
f2377c82623e615338b916d1e18d2138  mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm
663be710f1808de2112010ae65018f61  mozilla-mail-1.4.4-1.3.5.x86_64.rpm
747dc266316d11a04692801353e41ac5  mozilla-nspr-1.4.4-1.3.5.x86_64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7  mozilla-nspr-1.4.4-1.3.5.i386.rpm
94a2afad4561d6d18271bfe4d9b1f1db  mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm
72005829614f14512916a5e4e1044cff  mozilla-nss-1.4.4-1.3.5.x86_64.rpm
140ff2ec99a45e891adfa52c799a1a79  mozilla-nss-1.4.4-1.3.5.i386.rpm
6c7c2e51226bde6c1484290e21ed1e14  mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
56deb276290446e580ffd03b99f00a36  mozilla-1.4.4-1.3.5.src.rpm

i386:
d3b673160835e792151148f10fda5ed6  mozilla-1.4.4-1.3.5.i386.rpm
324e811245840ab2ec24307a4d0e7256  mozilla-chat-1.4.4-1.3.5.i386.rpm
750a4982a9eb9094a65ada2c00caa4a1  mozilla-devel-1.4.4-1.3.5.i386.rpm
98b5256945b2da77115f9a1332222b2e  mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm
02de930daf3662e48bbe40fef64ede15  mozilla-js-debugger-1.4.4-1.3.5.i386.rpm
bc76919e0e6cbbb9d6e3af1d8890ffa9  mozilla-mail-1.4.4-1.3.5.i386.rpm
2ed41ea030dad2f34bf005ab71d1f7a7  mozilla-nspr-1.4.4-1.3.5.i386.rpm
0a92c035db2cabb1d9bcdf6d14e766ac  mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm
140ff2ec99a45e891adfa52c799a1a79  mozilla-nss-1.4.4-1.3.5.i386.rpm
17510499ca4880110cfdb82924a791a7  mozilla-nss-devel-1.4.4-1.3.5.i386.rpm

x86_64:
d7497f99749a268d76820f09af460174  mozilla-1.4.4-1.3.5.x86_64.rpm
d3b673160835e792151148f10fda5ed6  mozilla-1.4.4-1.3.5.i386.rpm
3315e273014d7dc28d8363e4e140eca6  mozilla-chat-1.4.4-1.3.5.x86_64.rpm
7841d99372a61f3432a98745f707dff9  mozilla-devel-1.4.4-1.3.5.x86_64.rpm
c7b97fae2a4427bca52878168c0bac31  mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm
f2377c82623e615338b916d1e18d2138  mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm
663be710f1808de2112010ae65018f61  mozilla-mail-1.4.4-1.3.5.x86_64.rpm
747dc266316d11a04692801353e41ac5  mozilla-nspr-1.4.4-1.3.5.x86_64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7  mozilla-nspr-1.4.4-1.3.5.i386.rpm
94a2afad4561d6d18271bfe4d9b1f1db  mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm
72005829614f14512916a5e4e1044cff  mozilla-nss-1.4.4-1.3.5.x86_64.rpm
140ff2ec99a45e891adfa52c799a1a79  mozilla-nss-1.4.4-1.3.5.i386.rpm
6c7c2e51226bde6c1484290e21ed1e14  mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
56deb276290446e580ffd03b99f00a36  mozilla-1.4.4-1.3.5.src.rpm

i386:
d3b673160835e792151148f10fda5ed6  mozilla-1.4.4-1.3.5.i386.rpm
324e811245840ab2ec24307a4d0e7256  mozilla-chat-1.4.4-1.3.5.i386.rpm
750a4982a9eb9094a65ada2c00caa4a1  mozilla-devel-1.4.4-1.3.5.i386.rpm
98b5256945b2da77115f9a1332222b2e  mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm
02de930daf3662e48bbe40fef64ede15  mozilla-js-debugger-1.4.4-1.3.5.i386.rpm
bc76919e0e6cbbb9d6e3af1d8890ffa9  mozilla-mail-1.4.4-1.3.5.i386.rpm
2ed41ea030dad2f34bf005ab71d1f7a7  mozilla-nspr-1.4.4-1.3.5.i386.rpm
0a92c035db2cabb1d9bcdf6d14e766ac  mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm
140ff2ec99a45e891adfa52c799a1a79  mozilla-nss-1.4.4-1.3.5.i386.rpm
17510499ca4880110cfdb82924a791a7  mozilla-nss-devel-1.4.4-1.3.5.i386.rpm

ia64:
0d7d91dad11ae959d141d18ea19b079c  mozilla-1.4.4-1.3.5.ia64.rpm
fbd29b9381da91a7425c4c1534d7726f  mozilla-chat-1.4.4-1.3.5.ia64.rpm
44edbce53caa6cd7e182232209c5d40b  mozilla-devel-1.4.4-1.3.5.ia64.rpm
482435ed8f2a040e2ec0326909fae3c3  mozilla-dom-inspector-1.4.4-1.3.5.ia64.rpm
532d2fd41430b9455bc3188be7c637c2  mozilla-js-debugger-1.4.4-1.3.5.ia64.rpm
80db174298676c72b910f8c81c2405c3  mozilla-mail-1.4.4-1.3.5.ia64.rpm
f40ffd6e3a1aeee6879ddf049060b151  mozilla-nspr-1.4.4-1.3.5.ia64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7  mozilla-nspr-1.4.4-1.3.5.i386.rpm
03ca5f59bac9685b1eed7870c9f3a5a1  mozilla-nspr-devel-1.4.4-1.3.5.ia64.rpm
604b09728acd2bd90c2331cefd1b6ed0  mozilla-nss-1.4.4-1.3.5.ia64.rpm
140ff2ec99a45e891adfa52c799a1a79  mozilla-nss-1.4.4-1.3.5.i386.rpm
d328d20773f0af370f89a0113844557d  mozilla-nss-devel-1.4.4-1.3.5.ia64.rpm

x86_64:
d7497f99749a268d76820f09af460174  mozilla-1.4.4-1.3.5.x86_64.rpm
d3b673160835e792151148f10fda5ed6  mozilla-1.4.4-1.3.5.i386.rpm
3315e273014d7dc28d8363e4e140eca6  mozilla-chat-1.4.4-1.3.5.x86_64.rpm
7841d99372a61f3432a98745f707dff9  mozilla-devel-1.4.4-1.3.5.x86_64.rpm
c7b97fae2a4427bca52878168c0bac31  mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm
f2377c82623e615338b916d1e18d2138  mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm
663be710f1808de2112010ae65018f61  mozilla-mail-1.4.4-1.3.5.x86_64.rpm
747dc266316d11a04692801353e41ac5  mozilla-nspr-1.4.4-1.3.5.x86_64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7  mozilla-nspr-1.4.4-1.3.5.i386.rpm
94a2afad4561d6d18271bfe4d9b1f1db  mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm
72005829614f14512916a5e4e1044cff  mozilla-nss-1.4.4-1.3.5.x86_64.rpm
140ff2ec99a45e891adfa52c799a1a79  mozilla-nss-1.4.4-1.3.5.i386.rpm
6c7c2e51226bde6c1484290e21ed1e14  mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
56deb276290446e580ffd03b99f00a36  mozilla-1.4.4-1.3.5.src.rpm

i386:
d3b673160835e792151148f10fda5ed6  mozilla-1.4.4-1.3.5.i386.rpm
324e811245840ab2ec24307a4d0e7256  mozilla-chat-1.4.4-1.3.5.i386.rpm
750a4982a9eb9094a65ada2c00caa4a1  mozilla-devel-1.4.4-1.3.5.i386.rpm
98b5256945b2da77115f9a1332222b2e  mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm
02de930daf3662e48bbe40fef64ede15  mozilla-js-debugger-1.4.4-1.3.5.i386.rpm
bc76919e0e6cbbb9d6e3af1d8890ffa9  mozilla-mail-1.4.4-1.3.5.i386.rpm
2ed41ea030dad2f34bf005ab71d1f7a7  mozilla-nspr-1.4.4-1.3.5.i386.rpm
0a92c035db2cabb1d9bcdf6d14e766ac  mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm
140ff2ec99a45e891adfa52c799a1a79  mozilla-nss-1.4.4-1.3.5.i386.rpm
17510499ca4880110cfdb82924a791a7  mozilla-nss-devel-1.4.4-1.3.5.i386.rpm

ia64:
0d7d91dad11ae959d141d18ea19b079c  mozilla-1.4.4-1.3.5.ia64.rpm
fbd29b9381da91a7425c4c1534d7726f  mozilla-chat-1.4.4-1.3.5.ia64.rpm
44edbce53caa6cd7e182232209c5d40b  mozilla-devel-1.4.4-1.3.5.ia64.rpm
482435ed8f2a040e2ec0326909fae3c3  mozilla-dom-inspector-1.4.4-1.3.5.ia64.rpm
532d2fd41430b9455bc3188be7c637c2  mozilla-js-debugger-1.4.4-1.3.5.ia64.rpm
80db174298676c72b910f8c81c2405c3  mozilla-mail-1.4.4-1.3.5.ia64.rpm
f40ffd6e3a1aeee6879ddf049060b151  mozilla-nspr-1.4.4-1.3.5.ia64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7  mozilla-nspr-1.4.4-1.3.5.i386.rpm
03ca5f59bac9685b1eed7870c9f3a5a1  mozilla-nspr-devel-1.4.4-1.3.5.ia64.rpm
604b09728acd2bd90c2331cefd1b6ed0  mozilla-nss-1.4.4-1.3.5.ia64.rpm
140ff2ec99a45e891adfa52c799a1a79  mozilla-nss-1.4.4-1.3.5.i386.rpm
d328d20773f0af370f89a0113844557d  mozilla-nss-devel-1.4.4-1.3.5.ia64.rpm

x86_64:
d7497f99749a268d76820f09af460174  mozilla-1.4.4-1.3.5.x86_64.rpm
d3b673160835e792151148f10fda5ed6  mozilla-1.4.4-1.3.5.i386.rpm
3315e273014d7dc28d8363e4e140eca6  mozilla-chat-1.4.4-1.3.5.x86_64.rpm
7841d99372a61f3432a98745f707dff9  mozilla-devel-1.4.4-1.3.5.x86_64.rpm
c7b97fae2a4427bca52878168c0bac31  mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm
f2377c82623e615338b916d1e18d2138  mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm
663be710f1808de2112010ae65018f61  mozilla-mail-1.4.4-1.3.5.x86_64.rpm
747dc266316d11a04692801353e41ac5  mozilla-nspr-1.4.4-1.3.5.x86_64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7  mozilla-nspr-1.4.4-1.3.5.i386.rpm
94a2afad4561d6d18271bfe4d9b1f1db  mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm
72005829614f14512916a5e4e1044cff  mozilla-nss-1.4.4-1.3.5.x86_64.rpm
140ff2ec99a45e891adfa52c799a1a79  mozilla-nss-1.4.4-1.3.5.i386.rpm
6c7c2e51226bde6c1484290e21ed1e14  mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

RedHat: Critical: mozilla security update

Updated mozilla packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Summary



Summary

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0399 to this issue. A bug was found in the way Mozilla displays dialog windows. It is possible that a malicious web page which is being displayed in a background tab could present the user with a dialog window appearing to come from the active page. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1380 to this issue. A bug was found in the way Firefox allowed plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0232 to this issue. A bug was found in the way Mozilla Mail handles cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0149 to this issue. A bug was found in the way Mozilla responds to proxy auth requests. It is possible for a malicious webserver to steal credentials from a victims browser by issuing a 407 proxy authentication request. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0147 to this issue. A bug was found in the way Mozilla handles certain start tags followed by a NULL character. A malicious web page could cause Mozilla to crash when viewed by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1613 to this issue. A bug was found in the way Mozilla sets file permissions when installing XPI packages. It is possible for an XPI package to install some files world readable or writable, allowing a malicious local user to steal information or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0906 to this issue. A bug was found in the way Mozilla loads links in a new tab which are middle clicked. A malicious web page could read local files or modify privileged chrom settings. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0141 to this issue. A bug was found in the way Mozilla displays the secure site icon. A malicious web page can use a view-source URL targetted at a secure page, while loading an insecure page, yet the secure site icon shows the previous secure state. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0144 to this issue. Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.4.4 and additional backported patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
145597 - CAN-2005-0141 Link opened in new tab can load a local file 145609 - CAN-2005-0144 Secure site lock can be spoofed with view-source: 145610 - CAN-2004-1380 Input stealing from other tabs (CAN-2004-1381) 145614 - CAN-2005-0147 Browser responds to proxy auth request from non-proxy server (ssl/https) 145615 - CAN-2005-0149 Mail responds to cookie requests 151209 - 151492 - CAN-2004-1613 Mozilla start tag NULL character DoS 151494 - CAN-2004-0906 Mozilla XPI installer insecure file creation 151496 - CAN-2005-0232 fireflashing vulnerability (CAN-2005-0527)
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS: bfa6d2b47049ca23b8b8b320749b7ea2 galeon-1.2.13-6.2.1.src.rpm 492ba66de02ce249a94226f7da5cb1a8 mozilla-1.4.4-1.2.3.src.rpm
i386: 640ead171aa0fc4cdf6367e63df5652c galeon-1.2.13-6.2.1.i386.rpm 6f3df40d9ceea897b0b4d6bbcf08f32f mozilla-1.4.4-1.2.3.i386.rpm 1b885fa495058785d4d726c52119ef6e mozilla-chat-1.4.4-1.2.3.i386.rpm af7ed1e862811a591b6d70df4c21ee95 mozilla-devel-1.4.4-1.2.3.i386.rpm ae51fad443b9f7f86019f9da87534499 mozilla-dom-inspector-1.4.4-1.2.3.i386.rpm b5f9b2fd48e520c0548024f062d3be4a mozilla-js-debugger-1.4.4-1.2.3.i386.rpm 26f5a720479169d6ee2618a1df2876cf mozilla-mail-1.4.4-1.2.3.i386.rpm 53988d7daa3f6b92dbbf8a4638fde336 mozilla-nspr-1.4.4-1.2.3.i386.rpm fd1a43ab2e3dfa370989a2806ee7fa10 mozilla-nspr-devel-1.4.4-1.2.3.i386.rpm 38851672d0ec94d06447bf082cf58d96 mozilla-nss-1.4.4-1.2.3.i386.rpm 6e826549e1c1526af249034bd6c3de26 mozilla-nss-devel-1.4.4-1.2.3.i386.rpm
ia64: 32ad65318604c36cf95b25f2124ec223 galeon-1.2.13-6.2.1.ia64.rpm 6cb59d01995e11204ab23a54568c9f9f mozilla-1.4.4-1.2.3.ia64.rpm 1f25d7f9d3c80cade1f8efd8b0ee98b7 mozilla-chat-1.4.4-1.2.3.ia64.rpm 01cc33ec4c371a843a411ac869f94ca0 mozilla-devel-1.4.4-1.2.3.ia64.rpm 5d779ebb2e5dab692710ca931fed6f79 mozilla-dom-inspector-1.4.4-1.2.3.ia64.rpm 2fc3624b90c331946afdf14352711f27 mozilla-js-debugger-1.4.4-1.2.3.ia64.rpm e20163a2bc4cb9237735bebb5949bd09 mozilla-mail-1.4.4-1.2.3.ia64.rpm 280721615940ff5cf20592b0aff50cd3 mozilla-nspr-1.4.4-1.2.3.ia64.rpm dedc936c50f2d93712a1a85ed391fb49 mozilla-nspr-devel-1.4.4-1.2.3.ia64.rpm bb0524cc191752bbd6c1e4380d978640 mozilla-nss-1.4.4-1.2.3.ia64.rpm 62c1a1ebb38cc6374697247699c121df mozilla-nss-devel-1.4.4-1.2.3.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS: bfa6d2b47049ca23b8b8b320749b7ea2 galeon-1.2.13-6.2.1.src.rpm 492ba66de02ce249a94226f7da5cb1a8 mozilla-1.4.4-1.2.3.src.rpm
ia64: 32ad65318604c36cf95b25f2124ec223 galeon-1.2.13-6.2.1.ia64.rpm 6cb59d01995e11204ab23a54568c9f9f mozilla-1.4.4-1.2.3.ia64.rpm 1f25d7f9d3c80cade1f8efd8b0ee98b7 mozilla-chat-1.4.4-1.2.3.ia64.rpm 01cc33ec4c371a843a411ac869f94ca0 mozilla-devel-1.4.4-1.2.3.ia64.rpm 5d779ebb2e5dab692710ca931fed6f79 mozilla-dom-inspector-1.4.4-1.2.3.ia64.rpm 2fc3624b90c331946afdf14352711f27 mozilla-js-debugger-1.4.4-1.2.3.ia64.rpm e20163a2bc4cb9237735bebb5949bd09 mozilla-mail-1.4.4-1.2.3.ia64.rpm 280721615940ff5cf20592b0aff50cd3 mozilla-nspr-1.4.4-1.2.3.ia64.rpm dedc936c50f2d93712a1a85ed391fb49 mozilla-nspr-devel-1.4.4-1.2.3.ia64.rpm bb0524cc191752bbd6c1e4380d978640 mozilla-nss-1.4.4-1.2.3.ia64.rpm 62c1a1ebb38cc6374697247699c121df mozilla-nss-devel-1.4.4-1.2.3.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS: bfa6d2b47049ca23b8b8b320749b7ea2 galeon-1.2.13-6.2.1.src.rpm 492ba66de02ce249a94226f7da5cb1a8 mozilla-1.4.4-1.2.3.src.rpm
i386: 640ead171aa0fc4cdf6367e63df5652c galeon-1.2.13-6.2.1.i386.rpm 6f3df40d9ceea897b0b4d6bbcf08f32f mozilla-1.4.4-1.2.3.i386.rpm 1b885fa495058785d4d726c52119ef6e mozilla-chat-1.4.4-1.2.3.i386.rpm af7ed1e862811a591b6d70df4c21ee95 mozilla-devel-1.4.4-1.2.3.i386.rpm ae51fad443b9f7f86019f9da87534499 mozilla-dom-inspector-1.4.4-1.2.3.i386.rpm b5f9b2fd48e520c0548024f062d3be4a mozilla-js-debugger-1.4.4-1.2.3.i386.rpm 26f5a720479169d6ee2618a1df2876cf mozilla-mail-1.4.4-1.2.3.i386.rpm 53988d7daa3f6b92dbbf8a4638fde336 mozilla-nspr-1.4.4-1.2.3.i386.rpm fd1a43ab2e3dfa370989a2806ee7fa10 mozilla-nspr-devel-1.4.4-1.2.3.i386.rpm 38851672d0ec94d06447bf082cf58d96 mozilla-nss-1.4.4-1.2.3.i386.rpm 6e826549e1c1526af249034bd6c3de26 mozilla-nss-devel-1.4.4-1.2.3.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS: bfa6d2b47049ca23b8b8b320749b7ea2 galeon-1.2.13-6.2.1.src.rpm 492ba66de02ce249a94226f7da5cb1a8 mozilla-1.4.4-1.2.3.src.rpm
i386: 640ead171aa0fc4cdf6367e63df5652c galeon-1.2.13-6.2.1.i386.rpm 6f3df40d9ceea897b0b4d6bbcf08f32f mozilla-1.4.4-1.2.3.i386.rpm 1b885fa495058785d4d726c52119ef6e mozilla-chat-1.4.4-1.2.3.i386.rpm af7ed1e862811a591b6d70df4c21ee95 mozilla-devel-1.4.4-1.2.3.i386.rpm ae51fad443b9f7f86019f9da87534499 mozilla-dom-inspector-1.4.4-1.2.3.i386.rpm b5f9b2fd48e520c0548024f062d3be4a mozilla-js-debugger-1.4.4-1.2.3.i386.rpm 26f5a720479169d6ee2618a1df2876cf mozilla-mail-1.4.4-1.2.3.i386.rpm 53988d7daa3f6b92dbbf8a4638fde336 mozilla-nspr-1.4.4-1.2.3.i386.rpm fd1a43ab2e3dfa370989a2806ee7fa10 mozilla-nspr-devel-1.4.4-1.2.3.i386.rpm 38851672d0ec94d06447bf082cf58d96 mozilla-nss-1.4.4-1.2.3.i386.rpm 6e826549e1c1526af249034bd6c3de26 mozilla-nss-devel-1.4.4-1.2.3.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS: 56deb276290446e580ffd03b99f00a36 mozilla-1.4.4-1.3.5.src.rpm
i386: d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm 324e811245840ab2ec24307a4d0e7256 mozilla-chat-1.4.4-1.3.5.i386.rpm 750a4982a9eb9094a65ada2c00caa4a1 mozilla-devel-1.4.4-1.3.5.i386.rpm 98b5256945b2da77115f9a1332222b2e mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm 02de930daf3662e48bbe40fef64ede15 mozilla-js-debugger-1.4.4-1.3.5.i386.rpm bc76919e0e6cbbb9d6e3af1d8890ffa9 mozilla-mail-1.4.4-1.3.5.i386.rpm 2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm 0a92c035db2cabb1d9bcdf6d14e766ac mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm 140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm 17510499ca4880110cfdb82924a791a7 mozilla-nss-devel-1.4.4-1.3.5.i386.rpm
ia64: 0d7d91dad11ae959d141d18ea19b079c mozilla-1.4.4-1.3.5.ia64.rpm fbd29b9381da91a7425c4c1534d7726f mozilla-chat-1.4.4-1.3.5.ia64.rpm 44edbce53caa6cd7e182232209c5d40b mozilla-devel-1.4.4-1.3.5.ia64.rpm 482435ed8f2a040e2ec0326909fae3c3 mozilla-dom-inspector-1.4.4-1.3.5.ia64.rpm 532d2fd41430b9455bc3188be7c637c2 mozilla-js-debugger-1.4.4-1.3.5.ia64.rpm 80db174298676c72b910f8c81c2405c3 mozilla-mail-1.4.4-1.3.5.ia64.rpm f40ffd6e3a1aeee6879ddf049060b151 mozilla-nspr-1.4.4-1.3.5.ia64.rpm 2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm 03ca5f59bac9685b1eed7870c9f3a5a1 mozilla-nspr-devel-1.4.4-1.3.5.ia64.rpm 604b09728acd2bd90c2331cefd1b6ed0 mozilla-nss-1.4.4-1.3.5.ia64.rpm 140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm d328d20773f0af370f89a0113844557d mozilla-nss-devel-1.4.4-1.3.5.ia64.rpm
ppc: 696f7f714ea9bf4e9c85aa76fb05fc43 mozilla-1.4.4-1.3.5.ppc.rpm e633b0cc0581ba5cb69307dd7c1d3501 mozilla-chat-1.4.4-1.3.5.ppc.rpm 94a938d734de1cca883de9d442b9cf48 mozilla-devel-1.4.4-1.3.5.ppc.rpm c7b55219bf541e824163e816eeba3d72 mozilla-dom-inspector-1.4.4-1.3.5.ppc.rpm 08b74fe5d8232682ce1f35a0cf75e88e mozilla-js-debugger-1.4.4-1.3.5.ppc.rpm 0343e582869923b903ed7ae8d56e017a mozilla-mail-1.4.4-1.3.5.ppc.rpm ab2df03107e250927edfc3cba6691545 mozilla-nspr-1.4.4-1.3.5.ppc.rpm b2da2cdfeb834c96805884424791100e mozilla-nspr-devel-1.4.4-1.3.5.ppc.rpm ec1ecbe8ca70613e62bfdbbedf079baf mozilla-nss-1.4.4-1.3.5.ppc.rpm ba0a5df973bc99840589cddfb616e8ad mozilla-nss-devel-1.4.4-1.3.5.ppc.rpm
s390: 69c69d46957f35f9569ffbed352e14f6 mozilla-1.4.4-1.3.5.s390.rpm 63180be7a03aad0ca5522eadb7ff1400 mozilla-chat-1.4.4-1.3.5.s390.rpm b9610f2d1ff6aa38c02cfaad1470f83e mozilla-devel-1.4.4-1.3.5.s390.rpm 13113afec61e781a5b610e2a04456297 mozilla-dom-inspector-1.4.4-1.3.5.s390.rpm 5a30f4a136abc86024480c40dfadeb6a mozilla-js-debugger-1.4.4-1.3.5.s390.rpm c1f3021e4a7c3dcd2acda6a7e5887c54 mozilla-mail-1.4.4-1.3.5.s390.rpm d324540741c273908a4a00936dbd59b1 mozilla-nspr-1.4.4-1.3.5.s390.rpm e2d51cbdc8f6fdbf514c1a5be547c8df mozilla-nspr-devel-1.4.4-1.3.5.s390.rpm 9db13f5be1e758119e136db280f71527 mozilla-nss-1.4.4-1.3.5.s390.rpm d947f511e8a48536fd2b06ee53a4cabb mozilla-nss-devel-1.4.4-1.3.5.s390.rpm
s390x: ff3936f6df6c69f5125ed9f2b2030cc5 mozilla-1.4.4-1.3.5.s390x.rpm a462bb974a53dd44a3e894b6b343ac7e mozilla-chat-1.4.4-1.3.5.s390x.rpm ff84589153c55746448ea1bf219f27ce mozilla-devel-1.4.4-1.3.5.s390x.rpm 99bf1ba3f5a7ecdb5723f0d8e869414b mozilla-dom-inspector-1.4.4-1.3.5.s390x.rpm 407ddbbeb04586281f8ffcdbba602d0b mozilla-js-debugger-1.4.4-1.3.5.s390x.rpm 4472d0efc6042c1ef09219f3952eb942 mozilla-mail-1.4.4-1.3.5.s390x.rpm c9b3244b5f18e625cbcd5e8e78c4a655 mozilla-nspr-1.4.4-1.3.5.s390x.rpm d324540741c273908a4a00936dbd59b1 mozilla-nspr-1.4.4-1.3.5.s390.rpm 090e7e4d9e68ee705d8f91e31bfd82b3 mozilla-nspr-devel-1.4.4-1.3.5.s390x.rpm 8d903c5aa0038c9c241eac3e37e99335 mozilla-nss-1.4.4-1.3.5.s390x.rpm 9db13f5be1e758119e136db280f71527 mozilla-nss-1.4.4-1.3.5.s390.rpm dcc2b2d9dc3499d7235eed6473c6a7fb mozilla-nss-devel-1.4.4-1.3.5.s390x.rpm
x86_64: d7497f99749a268d76820f09af460174 mozilla-1.4.4-1.3.5.x86_64.rpm d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm 3315e273014d7dc28d8363e4e140eca6 mozilla-chat-1.4.4-1.3.5.x86_64.rpm 7841d99372a61f3432a98745f707dff9 mozilla-devel-1.4.4-1.3.5.x86_64.rpm c7b97fae2a4427bca52878168c0bac31 mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm f2377c82623e615338b916d1e18d2138 mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm 663be710f1808de2112010ae65018f61 mozilla-mail-1.4.4-1.3.5.x86_64.rpm 747dc266316d11a04692801353e41ac5 mozilla-nspr-1.4.4-1.3.5.x86_64.rpm 2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm 94a2afad4561d6d18271bfe4d9b1f1db mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm 72005829614f14512916a5e4e1044cff mozilla-nss-1.4.4-1.3.5.x86_64.rpm 140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm 6c7c2e51226bde6c1484290e21ed1e14 mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: 56deb276290446e580ffd03b99f00a36 mozilla-1.4.4-1.3.5.src.rpm
i386: d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm 324e811245840ab2ec24307a4d0e7256 mozilla-chat-1.4.4-1.3.5.i386.rpm 750a4982a9eb9094a65ada2c00caa4a1 mozilla-devel-1.4.4-1.3.5.i386.rpm 98b5256945b2da77115f9a1332222b2e mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm 02de930daf3662e48bbe40fef64ede15 mozilla-js-debugger-1.4.4-1.3.5.i386.rpm bc76919e0e6cbbb9d6e3af1d8890ffa9 mozilla-mail-1.4.4-1.3.5.i386.rpm 2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm 0a92c035db2cabb1d9bcdf6d14e766ac mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm 140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm 17510499ca4880110cfdb82924a791a7 mozilla-nss-devel-1.4.4-1.3.5.i386.rpm
x86_64: d7497f99749a268d76820f09af460174 mozilla-1.4.4-1.3.5.x86_64.rpm d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm 3315e273014d7dc28d8363e4e140eca6 mozilla-chat-1.4.4-1.3.5.x86_64.rpm 7841d99372a61f3432a98745f707dff9 mozilla-devel-1.4.4-1.3.5.x86_64.rpm c7b97fae2a4427bca52878168c0bac31 mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm f2377c82623e615338b916d1e18d2138 mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm 663be710f1808de2112010ae65018f61 mozilla-mail-1.4.4-1.3.5.x86_64.rpm 747dc266316d11a04692801353e41ac5 mozilla-nspr-1.4.4-1.3.5.x86_64.rpm 2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm 94a2afad4561d6d18271bfe4d9b1f1db mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm 72005829614f14512916a5e4e1044cff mozilla-nss-1.4.4-1.3.5.x86_64.rpm 140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm 6c7c2e51226bde6c1484290e21ed1e14 mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: 56deb276290446e580ffd03b99f00a36 mozilla-1.4.4-1.3.5.src.rpm
i386: d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm 324e811245840ab2ec24307a4d0e7256 mozilla-chat-1.4.4-1.3.5.i386.rpm 750a4982a9eb9094a65ada2c00caa4a1 mozilla-devel-1.4.4-1.3.5.i386.rpm 98b5256945b2da77115f9a1332222b2e mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm 02de930daf3662e48bbe40fef64ede15 mozilla-js-debugger-1.4.4-1.3.5.i386.rpm bc76919e0e6cbbb9d6e3af1d8890ffa9 mozilla-mail-1.4.4-1.3.5.i386.rpm 2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm 0a92c035db2cabb1d9bcdf6d14e766ac mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm 140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm 17510499ca4880110cfdb82924a791a7 mozilla-nss-devel-1.4.4-1.3.5.i386.rpm
ia64: 0d7d91dad11ae959d141d18ea19b079c mozilla-1.4.4-1.3.5.ia64.rpm fbd29b9381da91a7425c4c1534d7726f mozilla-chat-1.4.4-1.3.5.ia64.rpm 44edbce53caa6cd7e182232209c5d40b mozilla-devel-1.4.4-1.3.5.ia64.rpm 482435ed8f2a040e2ec0326909fae3c3 mozilla-dom-inspector-1.4.4-1.3.5.ia64.rpm 532d2fd41430b9455bc3188be7c637c2 mozilla-js-debugger-1.4.4-1.3.5.ia64.rpm 80db174298676c72b910f8c81c2405c3 mozilla-mail-1.4.4-1.3.5.ia64.rpm f40ffd6e3a1aeee6879ddf049060b151 mozilla-nspr-1.4.4-1.3.5.ia64.rpm 2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm 03ca5f59bac9685b1eed7870c9f3a5a1 mozilla-nspr-devel-1.4.4-1.3.5.ia64.rpm 604b09728acd2bd90c2331cefd1b6ed0 mozilla-nss-1.4.4-1.3.5.ia64.rpm 140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm d328d20773f0af370f89a0113844557d mozilla-nss-devel-1.4.4-1.3.5.ia64.rpm
x86_64: d7497f99749a268d76820f09af460174 mozilla-1.4.4-1.3.5.x86_64.rpm d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm 3315e273014d7dc28d8363e4e140eca6 mozilla-chat-1.4.4-1.3.5.x86_64.rpm 7841d99372a61f3432a98745f707dff9 mozilla-devel-1.4.4-1.3.5.x86_64.rpm c7b97fae2a4427bca52878168c0bac31 mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm f2377c82623e615338b916d1e18d2138 mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm 663be710f1808de2112010ae65018f61 mozilla-mail-1.4.4-1.3.5.x86_64.rpm 747dc266316d11a04692801353e41ac5 mozilla-nspr-1.4.4-1.3.5.x86_64.rpm 2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm 94a2afad4561d6d18271bfe4d9b1f1db mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm 72005829614f14512916a5e4e1044cff mozilla-nss-1.4.4-1.3.5.x86_64.rpm 140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm 6c7c2e51226bde6c1484290e21ed1e14 mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: 56deb276290446e580ffd03b99f00a36 mozilla-1.4.4-1.3.5.src.rpm
i386: d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm 324e811245840ab2ec24307a4d0e7256 mozilla-chat-1.4.4-1.3.5.i386.rpm 750a4982a9eb9094a65ada2c00caa4a1 mozilla-devel-1.4.4-1.3.5.i386.rpm 98b5256945b2da77115f9a1332222b2e mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm 02de930daf3662e48bbe40fef64ede15 mozilla-js-debugger-1.4.4-1.3.5.i386.rpm bc76919e0e6cbbb9d6e3af1d8890ffa9 mozilla-mail-1.4.4-1.3.5.i386.rpm 2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm 0a92c035db2cabb1d9bcdf6d14e766ac mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm 140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm 17510499ca4880110cfdb82924a791a7 mozilla-nss-devel-1.4.4-1.3.5.i386.rpm
ia64: 0d7d91dad11ae959d141d18ea19b079c mozilla-1.4.4-1.3.5.ia64.rpm fbd29b9381da91a7425c4c1534d7726f mozilla-chat-1.4.4-1.3.5.ia64.rpm 44edbce53caa6cd7e182232209c5d40b mozilla-devel-1.4.4-1.3.5.ia64.rpm 482435ed8f2a040e2ec0326909fae3c3 mozilla-dom-inspector-1.4.4-1.3.5.ia64.rpm 532d2fd41430b9455bc3188be7c637c2 mozilla-js-debugger-1.4.4-1.3.5.ia64.rpm 80db174298676c72b910f8c81c2405c3 mozilla-mail-1.4.4-1.3.5.ia64.rpm f40ffd6e3a1aeee6879ddf049060b151 mozilla-nspr-1.4.4-1.3.5.ia64.rpm 2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm 03ca5f59bac9685b1eed7870c9f3a5a1 mozilla-nspr-devel-1.4.4-1.3.5.ia64.rpm 604b09728acd2bd90c2331cefd1b6ed0 mozilla-nss-1.4.4-1.3.5.ia64.rpm 140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm d328d20773f0af370f89a0113844557d mozilla-nss-devel-1.4.4-1.3.5.ia64.rpm
x86_64: d7497f99749a268d76820f09af460174 mozilla-1.4.4-1.3.5.x86_64.rpm d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm 3315e273014d7dc28d8363e4e140eca6 mozilla-chat-1.4.4-1.3.5.x86_64.rpm 7841d99372a61f3432a98745f707dff9 mozilla-devel-1.4.4-1.3.5.x86_64.rpm c7b97fae2a4427bca52878168c0bac31 mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm f2377c82623e615338b916d1e18d2138 mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm 663be710f1808de2112010ae65018f61 mozilla-mail-1.4.4-1.3.5.x86_64.rpm 747dc266316d11a04692801353e41ac5 mozilla-nspr-1.4.4-1.3.5.x86_64.rpm 2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm 94a2afad4561d6d18271bfe4d9b1f1db mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm 72005829614f14512916a5e4e1044cff mozilla-nss-1.4.4-1.3.5.x86_64.rpm 140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm 6c7c2e51226bde6c1484290e21ed1e14 mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0149 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399

Package List


Severity
Advisory ID: RHSA-2005:323-01
Advisory URL: https://access.redhat.com/errata/RHSA-2005:323.html
Issued Date: : 2005-03-23
Updated on: 2005-03-23
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0906 CAN-2004-1380 CAN-2004-1613 CAN-2005-0141 CAN-2005-0144 CAN-2005-0147 CAN-2005-0149 CAN-2005-0232 CAN-2005-0399 Updated mozilla packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64


Bugs Fixed


Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved