MDKSA-2005:173 - Updated mozilla-firefox packages fix vulnerabilities
Posted on: 10/06/2005 11:22 PM

The Mandriva Security Team published a new security update: MDKSA-2005:173 - Updated mozilla-firefox packages fix vulnerabilities for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: mozilla-firefox
Advisory ID: MDKSA-2005:173
Date: October 6th, 2005

Affected versions: 10.2, 2006.0
______________________________________________________________________

Problem Description:

New updates are available for Mozilla Firefox:

A regression in the LE2005 Firefox package caused problems with cursor
movement that has been fixed.

The run-mozilla.sh script, with debugging enabled, would allow local
users to create or overwrite arbitrary files via a symlink attack on
temporary files (CAN-2005-2353).

nsScriptSecurityManager::GetBaseURIScheme didn't handle
jar:view-source:... correctly because the jar: and view-source: cases
didn't use recursion as they were supposed to. This was corrected in
Firefox 1.0.4 and only affects the LE2005 package.

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2353
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.2:
8802442f13b423d32f90beab90b57b39 10.2/RPMS/libnspr4-1.0.2-10.1.102mdk.i586.rpm
490de6be6ed37670b498f1b32ce9911d 10.2/RPMS/libnspr4-devel-1.0.2-10.1.102mdk.i586.rpm
15bd80dbb1661d1991d7cb5d882de84b 10.2/RPMS/libnss3-1.0.2-10.1.102mdk.i586.rpm
abb90d3203f570d84e0228214244c16a 10.2/RPMS/libnss3-devel-1.0.2-10.1.102mdk.i586.rpm
692a964ae2a2fc96bad0926ba57f6608 10.2/RPMS/mozilla-firefox-1.0.2-10.1.102mdk.i586.rpm
3d88f5181f16a5ac731c183af04973c0 10.2/RPMS/mozilla-firefox-devel-1.0.2-10.1.102mdk.i586.rpm
915ff77d3dabc2c821f7355d0fc379db 10.2/SRPMS/mozilla-firefox-1.0.2-10.1.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
a5b17c8a1142e20db9d69b934f54607d x86_64/10.2/RPMS/lib64nspr4-1.0.2-10.1.102mdk.x86_64.rpm
f041b7de49dd120ddb63ba6b2d466feb x86_64/10.2/RPMS/lib64nspr4-devel-1.0.2-10.1.102mdk.x86_64.rpm
8802442f13b423d32f90beab90b57b39 x86_64/10.2/RPMS/libnspr4-1.0.2-10.1.102mdk.i586.rpm
490de6be6ed37670b498f1b32ce9911d x86_64/10.2/RPMS/libnspr4-devel-1.0.2-10.1.102mdk.i586.rpm
13b1057af97d829a4aae52cdb5f3bcab x86_64/10.2/RPMS/lib64nss3-1.0.2-10.1.102mdk.x86_64.rpm
42cbcf8cf37d45472d7d1d742cc91e22 x86_64/10.2/RPMS/lib64nss3-devel-1.0.2-10.1.102mdk.x86_64.rpm
15bd80dbb1661d1991d7cb5d882de84b x86_64/10.2/RPMS/libnss3-1.0.2-10.1.102mdk.i586.rpm
abb90d3203f570d84e0228214244c16a x86_64/10.2/RPMS/libnss3-devel-1.0.2-10.1.102mdk.i586.rpm
83cb2e763eac7d6117daf62a4adb14ab x86_64/10.2/RPMS/mozilla-firefox-1.0.2-10.1.102mdk.x86_64.rpm
76ba06daf1900bbaa357744daec1060a x86_64/10.2/RPMS/mozilla-firefox-devel-1.0.2-10.1.102mdk.x86_64.rpm
915ff77d3dabc2c821f7355d0fc379db x86_64/10.2/SRPMS/mozilla-firefox-1.0.2-10.1.102mdk.src.rpm

Mandrivalinux 2006.0:
4729fc4e3d1b10f2e16e94c23a5d55e9 2006.0/RPMS/libnspr4-1.0.6-16.1.20060mdk.i586.rpm
bf450dbb8f1f20abfcc57b9decb30eb4 2006.0/RPMS/libnspr4-devel-1.0.6-16.1.20060mdk.i586.rpm
760d6ab6f917091183818d6946c4482f 2006.0/RPMS/libnss3-1.0.6-16.1.20060mdk.i586.rpm
a9b14f14a73c89950b445c747f9c306c 2006.0/RPMS/libnss3-devel-1.0.6-16.1.20060mdk.i586.rpm
94adfb3dbdb796da0d2ab01b842e8351 2006.0/RPMS/mozilla-firefox-1.0.6-16.1.20060mdk.i586.rpm
01947ebf2c815bc36e955cc98ce23f27 2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.1.20060mdk.i586.rpm
93f3763d032cd82e7b214afeecccd4a9 2006.0/SRPMS/mozilla-firefox-1.0.6-16.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
68542f490600d394fd8246081a899894 x86_64/2006.0/RPMS/lib64nspr4-1.0.6-16.1.20060mdk.x86_64.rpm
3589f6d4e900c9c400c881861e50a927 x86_64/2006.0/RPMS/lib64nspr4-devel-1.0.6-16.1.20060mdk.x86_64.rpm
4729fc4e3d1b10f2e16e94c23a5d55e9 x86_64/2006.0/RPMS/libnspr4-1.0.6-16.1.20060mdk.i586.rpm
bf450dbb8f1f20abfcc57b9decb30eb4 x86_64/2006.0/RPMS/libnspr4-devel-1.0.6-16.1.20060mdk.i586.rpm
7a7d70dd78e89ef04b1c1f69b3711bfe x86_64/2006.0/RPMS/lib64nss3-1.0.6-16.1.20060mdk.x86_64.rpm
8f7a198febbcd4c819b93eee2e4822ad x86_64/2006.0/RPMS/lib64nss3-devel-1.0.6-16.1.20060mdk.x86_64.rpm
760d6ab6f917091183818d6946c4482f x86_64/2006.0/RPMS/libnss3-1.0.6-16.1.20060mdk.i586.rpm
a9b14f14a73c89950b445c747f9c306c x86_64/2006.0/RPMS/libnss3-devel-1.0.6-16.1.20060mdk.i586.rpm
8d72c505c3634bee91ed8a6d1add342d x86_64/2006.0/RPMS/mozilla-firefox-1.0.6-16.1.20060mdk.x86_64.rpm
a1e80b35074ce98d49812d46f4f0de47 x86_64/2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.1.20060mdk.x86_64.rpm
93f3763d032cd82e7b214afeecccd4a9 x86_64/2006.0/SRPMS/mozilla-firefox-1.0.6-16.1.20060mdk.src.rpm
_______________________________________________________________________

Bug IDs fixed (see http://qa.mandriva.com for more information):

18980 - left/right keys on input text jump over several words
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDReWqmqjQ0CJFipgRAmCkAJ9H8FBb+mttPOvoDbAbs1aDdjAoTQCbBIvB
kb0UpSg5nxWw1XKVAu6BqgI=
=bcU2
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/_mdksa_2005173__updated_mozilla_firefox__packages_fix_vulnerabilities.html)