RHSA-2005:384-01: Important: Mozilla security update
Posted on: 04/28/2005 02:30 PM

A Mozilla security update has been released for Red Hat Enterprise Linux 2.1 and 3

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: Mozilla security update
Advisory ID: RHSA-2005:384-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-384.html
Issue date: 2005-04-28
Updated on: 2005-04-28
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1156 CAN-2005-0142 CAN-2005-0143 CAN-2005-0146 CAN-2005-0231 CAN-2005-0232 CAN-2005-0233 CAN-2005-0401 CAN-2005-0527 CAN-2005-0578 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588 CAN-2005-0590 CAN-2005-0591 CAN-2005-0593 CAN-2005-0989 CAN-2005-1153 CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1159 CAN-2005-1160
----------------------------------------------------------------------

1. Summary:

Updated Mozilla packages that fix various security bugs are now available.

This update has been rated as having Important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several bugs were found with the way Mozilla displays the secure site icon. It is possible that a malicious website could display the secure site icon along with incorrect certificate information. (CAN-2005-0143 CAN-2005-0593)

A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CAN-2005-0146)

Several bugs were found with the way Mozilla handles temporary files. A local user could view sensitive temporary information or delete arbitrary files. (CAN-2005-0142 CAN-2005-0578)

A bug was found in the way Mozilla handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CAN-2004-1156)

A flaw was found in the way Mozilla displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CAN-2005-0233)

A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CAN-2005-0401)

A bug was found in the way Mozilla handles xsl:include and xsl:import directives. It is possible for a malicious website to import XSLT stylesheets from a domain behind a firewall, leaking information to an attacker. (CAN-2005-0588)

Several bugs were found in the way Mozilla displays alert dialogs. It is possible for a malicious webserver or website to trick a user into thinking the dialog window is being generated from a trusted site. (CAN-2005-0586 CAN-2005-0591 CAN-2005-0585 CAN-2005-0590 CAN-2005-0584)

A bug was found in the Mozilla javascript security manager. If a user drags a malicious link to a tab, the javascript security manager is bypassed, which could result in remote code execution or information disclosure. (CAN-2005-0231)

A bug was found in the way Mozilla allows plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. (CAN-2005-0232 and CAN-2005-0527)

A bug was found in the way Mozilla handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. (CAN-2005-0989)

A bug was found in the way Mozilla displays pop-up windows. If a user choses to open a pop-up window whose URL is malicious javascript, the script will be executed with elevated privileges. (CAN-2005-1153)

A bug was found in the way Mozilla installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and stealm sensitive information.
(CAN-2005-1156 CAN-2005-1157)

Several bugs were found in the Mozilla javascript engine. A malicious web page could leverage these issues to execute javascript with elevated privileges or steal sensitive information. (CAN-2005-1154 CAN-2005-1155 CAN-2005-1159 CAN-2005-1160)

Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.7 to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

142390 - CAN-2004-1156 Frame injection vulnerability.
144080 - CAN-2005-0585 download dialog URL spoofing
145606 - CAN-2005-0142 Opened attachments are temporarily saved world-readable
145607 - CAN-2005-0143 Secure site lock can be spoofed with a binary download
145613 - CAN-2005-0146 Synthetic middle-click event can steal clipboard contents
147397 - homograph spoofing
152580 - CAN-2005-0578 Mozilla issues (CAN-2005-0232 CAN-2005-0527 CAN-2005-0231 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588 CAN-2005-0590 CAN-2005-0591 CAN-2005-0593)
155117 - CAN-2005-0989 Multiple Mozilla issues. (CAN-2005-1153 CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1159 CAN-2005-1160)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/galeon-1.2.14-1.2.3.src.rpm
07d56551ec862e8f31a6de9ec9b46485 galeon-1.2.14-1.2.3.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.7.7-1.1.2.1.src.rpm
4b4ed11ca58571c793c613c4bdddb6cc mozilla-1.7.7-1.1.2.1.src.rpm

i386:
b1666209547c01469430edc30ad56eca galeon-1.2.14-1.2.3.i386.rpm
9c657d56f41bdf683c6e32ee7725f80e mozilla-1.7.7-1.1.2.1.i386.rpm
2790d364098c4967ccaaa2e066910f4d mozilla-chat-1.7.7-1.1.2.1.i386.rpm
2d962e0048ee7bf28fe46b10ff4f7995 mozilla-devel-1.7.7-1.1.2.1.i386.rpm
cb841f2bca59e91836fb9fc789e71b7d mozilla-dom-inspector-1.7.7-1.1.2.1.i386.rpm
3065f5bbddfe2847d5086ec7a9fecf25 mozilla-js-debugger-1.7.7-1.1.2.1.i386.rpm
11a5bebb1e5a2bb03c91bc4af799c63f mozilla-mail-1.7.7-1.1.2.1.i386.rpm
3ff3a556dbeb5e230cfea37a09758a18 mozilla-nspr-1.7.7-1.1.2.1.i386.rpm
75596eac1b481ecbb2cec1b1395f9430 mozilla-nspr-devel-1.7.7-1.1.2.1.i386.rpm
283e705b2bf5b614bb2c06406bb3912d mozilla-nss-1.7.7-1.1.2.1.i386.rpm
8f1be6c41914a462802a7d08f9964dce mozilla-nss-devel-1.7.7-1.1.2.1.i386.rpm

ia64:
24355dff0a64b0e3db3b8dcb42fb0d9f galeon-1.2.14-1.2.3.ia64.rpm
13ed50f691e34fd5c4589731edb3b68c mozilla-1.7.7-1.1.2.1.ia64.rpm
6cd0cc13580862862fd2ed20739f50f0 mozilla-chat-1.7.7-1.1.2.1.ia64.rpm
ec70a66a20196c8bc164f1edbc0ecaad mozilla-devel-1.7.7-1.1.2.1.ia64.rpm
4ddbb18866e5744e53049967d4072e8f mozilla-dom-inspector-1.7.7-1.1.2.1.ia64.rpm
7b8583815c6bd27fc6614a9e8d299e22 mozilla-js-debugger-1.7.7-1.1.2.1.ia64.rpm
9e43b191a19de44c30651a6b7cf435b4 mozilla-mail-1.7.7-1.1.2.1.ia64.rpm
1f76d9355ebb0ff70160f3f10d865c61 mozilla-nspr-1.7.7-1.1.2.1.ia64.rpm
19e27678ace617f22e73c886a56f4c6a mozilla-nspr-devel-1.7.7-1.1.2.1.ia64.rpm
b173b8a89edc37dfab359f1d20c2efa8 mozilla-nss-1.7.7-1.1.2.1.ia64.rpm
d1700e681b74e1653684bd079b8d8bd0 mozilla-nss-devel-1.7.7-1.1.2.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/galeon-1.2.14-1.2.3.src.rpm
07d56551ec862e8f31a6de9ec9b46485 galeon-1.2.14-1.2.3.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.7.7-1.1.2.1.src.rpm
4b4ed11ca58571c793c613c4bdddb6cc mozilla-1.7.7-1.1.2.1.src.rpm

ia64:
24355dff0a64b0e3db3b8dcb42fb0d9f galeon-1.2.14-1.2.3.ia64.rpm
13ed50f691e34fd5c4589731edb3b68c mozilla-1.7.7-1.1.2.1.ia64.rpm
6cd0cc13580862862fd2ed20739f50f0 mozilla-chat-1.7.7-1.1.2.1.ia64.rpm
ec70a66a20196c8bc164f1edbc0ecaad mozilla-devel-1.7.7-1.1.2.1.ia64.rpm
4ddbb18866e5744e53049967d4072e8f mozilla-dom-inspector-1.7.7-1.1.2.1.ia64.rpm
7b8583815c6bd27fc6614a9e8d299e22 mozilla-js-debugger-1.7.7-1.1.2.1.ia64.rpm
9e43b191a19de44c30651a6b7cf435b4 mozilla-mail-1.7.7-1.1.2.1.ia64.rpm
1f76d9355ebb0ff70160f3f10d865c61 mozilla-nspr-1.7.7-1.1.2.1.ia64.rpm
19e27678ace617f22e73c886a56f4c6a mozilla-nspr-devel-1.7.7-1.1.2.1.ia64.rpm
b173b8a89edc37dfab359f1d20c2efa8 mozilla-nss-1.7.7-1.1.2.1.ia64.rpm
d1700e681b74e1653684bd079b8d8bd0 mozilla-nss-devel-1.7.7-1.1.2.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/galeon-1.2.14-1.2.3.src.rpm
07d56551ec862e8f31a6de9ec9b46485 galeon-1.2.14-1.2.3.src.rpm
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.7.7-1.1.2.1.src.rpm
4b4ed11ca58571c793c613c4bdddb6cc mozilla-1.7.7-1.1.2.1.src.rpm

i386:
b1666209547c01469430edc30ad56eca galeon-1.2.14-1.2.3.i386.rpm
9c657d56f41bdf683c6e32ee7725f80e mozilla-1.7.7-1.1.2.1.i386.rpm
2790d364098c4967ccaaa2e066910f4d mozilla-chat-1.7.7-1.1.2.1.i386.rpm
2d962e0048ee7bf28fe46b10ff4f7995 mozilla-devel-1.7.7-1.1.2.1.i386.rpm
cb841f2bca59e91836fb9fc789e71b7d mozilla-dom-inspector-1.7.7-1.1.2.1.i386.rpm
3065f5bbddfe2847d5086ec7a9fecf25 mozilla-js-debugger-1.7.7-1.1.2.1.i386.rpm
11a5bebb1e5a2bb03c91bc4af799c63f mozilla-mail-1.7.7-1.1.2.1.i386.rpm
3ff3a556dbeb5e230cfea37a09758a18 mozilla-nspr-1.7.7-1.1.2.1.i386.rpm
75596eac1b481ecbb2cec1b1395f9430 mozilla-nspr-devel-1.7.7-1.1.2.1.i386.rpm
283e705b2bf5b614bb2c06406bb3912d mozilla-nss-1.7.7-1.1.2.1.i386.rpm
8f1be6c41914a462802a7d08f9964dce mozilla-nss-devel-1.7.7-1.1.2.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/galeon-1.2.14-1.2.3.src.rpm
07d56551ec862e8f31a6de9ec9b46485 galeon-1.2.14-1.2.3.src.rpm
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.7.7-1.1.2.1.src.rpm
4b4ed11ca58571c793c613c4bdddb6cc mozilla-1.7.7-1.1.2.1.src.rpm

i386:
b1666209547c01469430edc30ad56eca galeon-1.2.14-1.2.3.i386.rpm
9c657d56f41bdf683c6e32ee7725f80e mozilla-1.7.7-1.1.2.1.i386.rpm
2790d364098c4967ccaaa2e066910f4d mozilla-chat-1.7.7-1.1.2.1.i386.rpm
2d962e0048ee7bf28fe46b10ff4f7995 mozilla-devel-1.7.7-1.1.2.1.i386.rpm
cb841f2bca59e91836fb9fc789e71b7d mozilla-dom-inspector-1.7.7-1.1.2.1.i386.rpm
3065f5bbddfe2847d5086ec7a9fecf25 mozilla-js-debugger-1.7.7-1.1.2.1.i386.rpm
11a5bebb1e5a2bb03c91bc4af799c63f mozilla-mail-1.7.7-1.1.2.1.i386.rpm
3ff3a556dbeb5e230cfea37a09758a18 mozilla-nspr-1.7.7-1.1.2.1.i386.rpm
75596eac1b481ecbb2cec1b1395f9430 mozilla-nspr-devel-1.7.7-1.1.2.1.i386.rpm
283e705b2bf5b614bb2c06406bb3912d mozilla-nss-1.7.7-1.1.2.1.i386.rpm
8f1be6c41914a462802a7d08f9964dce mozilla-nss-devel-1.7.7-1.1.2.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.7.7-1.1.3.4.src.rpm
525e2ee941a69669a06b2522e3806f19 mozilla-1.7.7-1.1.3.4.src.rpm

i386:
7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm
670951ea2ecd2c7b5d1f25f731128e88 mozilla-chat-1.7.7-1.1.3.4.i386.rpm
43b9801777c7b6bc7864a21cb8ab4152 mozilla-devel-1.7.7-1.1.3.4.i386.rpm
e0adc24c19a8ed053e83160639075b81 mozilla-dom-inspector-1.7.7-1.1.3.4.i386.rpm
a6841f7b1d18f2c896dd9487996f62cb mozilla-js-debugger-1.7.7-1.1.3.4.i386.rpm
0c84662fa8f1e47a643c57df3da44030 mozilla-mail-1.7.7-1.1.3.4.i386.rpm
883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
33471adde84e88497d856dfa3dffc92d mozilla-nspr-devel-1.7.7-1.1.3.4.i386.rpm
2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm
87ea0f26e60f94d7af5cfb163136582e mozilla-nss-devel-1.7.7-1.1.3.4.i386.rpm

ia64:
9684baa99edfe6fc6f916ec9b5f28b50 mozilla-1.7.7-1.1.3.4.ia64.rpm
c33f36bcbc038317150e760f67e41d3c mozilla-chat-1.7.7-1.1.3.4.ia64.rpm
cd5961bd88a27043d983af13e1c5cef2 mozilla-devel-1.7.7-1.1.3.4.ia64.rpm
d92e4f6402ff510254c35989d10c2089 mozilla-dom-inspector-1.7.7-1.1.3.4.ia64.rpm
c858591aadf8c93e39fdf90fdef231a0 mozilla-js-debugger-1.7.7-1.1.3.4.ia64.rpm
33788ff7918c7f8f5d9fcfd460021145 mozilla-mail-1.7.7-1.1.3.4.ia64.rpm
52d0b70455ae9b8048f8c4b3c46d9118 mozilla-nspr-1.7.7-1.1.3.4.ia64.rpm
883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
4ebb3bac874ee388f192613e89d534ea mozilla-nspr-devel-1.7.7-1.1.3.4.ia64.rpm
d6605e746509e017cd1567eadc74c122 mozilla-nss-1.7.7-1.1.3.4.ia64.rpm
2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm
815c377c2b59e835043f6bf07e7f19fa mozilla-nss-devel-1.7.7-1.1.3.4.ia64.rpm

ppc:
82ce3674b9d9db22222a8b72dd34061d mozilla-1.7.7-1.1.3.4.ppc.rpm
056b8f52aac99b70d84ded1620c95418 mozilla-chat-1.7.7-1.1.3.4.ppc.rpm
082833ec7036f4cb47d6b8ed7814fb54 mozilla-devel-1.7.7-1.1.3.4.ppc.rpm
9b5a4c1c00a8ef9fb9aa63cc175384d6 mozilla-dom-inspector-1.7.7-1.1.3.4.ppc.rpm
f36d4cec9b4ac80f9e2fd785be5b6b23 mozilla-js-debugger-1.7.7-1.1.3.4.ppc.rpm
61106e7cb958bcd8a55e10589c8f1e29 mozilla-mail-1.7.7-1.1.3.4.ppc.rpm
f41cb54d95bbcc44bfdf8a2dbf79b5d5 mozilla-nspr-1.7.7-1.1.3.4.ppc.rpm
cb6ff101259cdf151f0f822f8ca7d44d mozilla-nspr-devel-1.7.7-1.1.3.4.ppc.rpm
7981a23fee3e9ef832e597e0dce30998 mozilla-nss-1.7.7-1.1.3.4.ppc.rpm
c6661a837e3d72bec2b71c29cd71b8b9 mozilla-nss-devel-1.7.7-1.1.3.4.ppc.rpm

s390:
af2e3f29e3ea2b4bb148eecde6bcbbad mozilla-1.7.7-1.1.3.4.s390.rpm
8020d607c3d895e4df7f95727081b86c mozilla-chat-1.7.7-1.1.3.4.s390.rpm
f0eb5fdee9ae6b5cc4f7b963442b2f03 mozilla-devel-1.7.7-1.1.3.4.s390.rpm
12c83501adae55a1566f7c30e621ca66 mozilla-dom-inspector-1.7.7-1.1.3.4.s390.rpm
ff17631810875a25fc7c6830e9fe0a91 mozilla-js-debugger-1.7.7-1.1.3.4.s390.rpm
66f9bb37047ffeb94d10e3f2097b9f2e mozilla-mail-1.7.7-1.1.3.4.s390.rpm
7712acaf8bbf1dd5358f8cc320cf65a0 mozilla-nspr-1.7.7-1.1.3.4.s390.rpm
486f77b46386a97165388dc783fb39d0 mozilla-nspr-devel-1.7.7-1.1.3.4.s390.rpm
5e2c404600d52830bd877f43ebee10b1 mozilla-nss-1.7.7-1.1.3.4.s390.rpm
c986626308a59c958bae9c57cdc41976 mozilla-nss-devel-1.7.7-1.1.3.4.s390.rpm

s390x:
cc71398c2c966c772557e475d7c1c87f mozilla-1.7.7-1.1.3.4.s390x.rpm
1c2d3e25a90bcfc349323755ded97980 mozilla-chat-1.7.7-1.1.3.4.s390x.rpm
a628dee5c31f9751649a35c4e27d433a mozilla-devel-1.7.7-1.1.3.4.s390x.rpm
960fcdabcba69c0c5f522ebf595602ef mozilla-dom-inspector-1.7.7-1.1.3.4.s390x.rpm
85d780a2fcbddbd801a66199ad1b9963 mozilla-js-debugger-1.7.7-1.1.3.4.s390x.rpm
d7ca7fdafffd021e48b5bb0b96f796fb mozilla-mail-1.7.7-1.1.3.4.s390x.rpm
a64c95f8bd0a75495fe80e3aae854a8e mozilla-nspr-1.7.7-1.1.3.4.s390x.rpm
7712acaf8bbf1dd5358f8cc320cf65a0 mozilla-nspr-1.7.7-1.1.3.4.s390.rpm
a1722ffbd1b54fa6afafce7715810e00 mozilla-nspr-devel-1.7.7-1.1.3.4.s390x.rpm
15f771ca3258ae5960ed88971fc5b068 mozilla-nss-1.7.7-1.1.3.4.s390x.rpm
5e2c404600d52830bd877f43ebee10b1 mozilla-nss-1.7.7-1.1.3.4.s390.rpm
2614becf48fa3034c34b817a9dfbb05e mozilla-nss-devel-1.7.7-1.1.3.4.s390x.rpm

x86_64:
ed19956043c95bec234e018203544860 mozilla-1.7.7-1.1.3.4.x86_64.rpm
7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm
5677542c97ad598ebfc6df1889820e74 mozilla-chat-1.7.7-1.1.3.4.x86_64.rpm
8aa3920fbb6d18630efb9d03aa645e89 mozilla-devel-1.7.7-1.1.3.4.x86_64.rpm
168c85ac07b7b4c5f264c08d5dd38181 mozilla-dom-inspector-1.7.7-1.1.3.4.x86_64.rpm
9d8f08e81e14ddacb3b5da8c713cf853 mozilla-js-debugger-1.7.7-1.1.3.4.x86_64.rpm
91dfca37aa00624af1fed85f366a8536 mozilla-mail-1.7.7-1.1.3.4.x86_64.rpm
87250e5cf971736d8351f246a51398ca mozilla-nspr-1.7.7-1.1.3.4.x86_64.rpm
883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
cf03afb1121b772e306548f225c05c10 mozilla-nspr-devel-1.7.7-1.1.3.4.x86_64.rpm
75eb06b5cb399d672708d614d610e748 mozilla-nss-1.7.7-1.1.3.4.x86_64.rpm
2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm
c84d40146508befb92293ca2e922a5cc mozilla-nss-devel-1.7.7-1.1.3.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mozilla-1.7.7-1.1.3.4.src.rpm
525e2ee941a69669a06b2522e3806f19 mozilla-1.7.7-1.1.3.4.src.rpm

i386:
7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm
670951ea2ecd2c7b5d1f25f731128e88 mozilla-chat-1.7.7-1.1.3.4.i386.rpm
43b9801777c7b6bc7864a21cb8ab4152 mozilla-devel-1.7.7-1.1.3.4.i386.rpm
e0adc24c19a8ed053e83160639075b81 mozilla-dom-inspector-1.7.7-1.1.3.4.i386.rpm
a6841f7b1d18f2c896dd9487996f62cb mozilla-js-debugger-1.7.7-1.1.3.4.i386.rpm
0c84662fa8f1e47a643c57df3da44030 mozilla-mail-1.7.7-1.1.3.4.i386.rpm
883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
33471adde84e88497d856dfa3dffc92d mozilla-nspr-devel-1.7.7-1.1.3.4.i386.rpm
2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm
87ea0f26e60f94d7af5cfb163136582e mozilla-nss-devel-1.7.7-1.1.3.4.i386.rpm

x86_64:
ed19956043c95bec234e018203544860 mozilla-1.7.7-1.1.3.4.x86_64.rpm
7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm
5677542c97ad598ebfc6df1889820e74 mozilla-chat-1.7.7-1.1.3.4.x86_64.rpm
8aa3920fbb6d18630efb9d03aa645e89 mozilla-devel-1.7.7-1.1.3.4.x86_64.rpm
168c85ac07b7b4c5f264c08d5dd38181 mozilla-dom-inspector-1.7.7-1.1.3.4.x86_64.rpm
9d8f08e81e14ddacb3b5da8c713cf853 mozilla-js-debugger-1.7.7-1.1.3.4.x86_64.rpm
91dfca37aa00624af1fed85f366a8536 mozilla-mail-1.7.7-1.1.3.4.x86_64.rpm
87250e5cf971736d8351f246a51398ca mozilla-nspr-1.7.7-1.1.3.4.x86_64.rpm
883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
cf03afb1121b772e306548f225c05c10 mozilla-nspr-devel-1.7.7-1.1.3.4.x86_64.rpm
75eb06b5cb399d672708d614d610e748 mozilla-nss-1.7.7-1.1.3.4.x86_64.rpm
2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm
c84d40146508befb92293ca2e922a5cc mozilla-nss-devel-1.7.7-1.1.3.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mozilla-1.7.7-1.1.3.4.src.rpm
525e2ee941a69669a06b2522e3806f19 mozilla-1.7.7-1.1.3.4.src.rpm

i386:
7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm
670951ea2ecd2c7b5d1f25f731128e88 mozilla-chat-1.7.7-1.1.3.4.i386.rpm
43b9801777c7b6bc7864a21cb8ab4152 mozilla-devel-1.7.7-1.1.3.4.i386.rpm
e0adc24c19a8ed053e83160639075b81 mozilla-dom-inspector-1.7.7-1.1.3.4.i386.rpm
a6841f7b1d18f2c896dd9487996f62cb mozilla-js-debugger-1.7.7-1.1.3.4.i386.rpm
0c84662fa8f1e47a643c57df3da44030 mozilla-mail-1.7.7-1.1.3.4.i386.rpm
883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
33471adde84e88497d856dfa3dffc92d mozilla-nspr-devel-1.7.7-1.1.3.4.i386.rpm
2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm
87ea0f26e60f94d7af5cfb163136582e mozilla-nss-devel-1.7.7-1.1.3.4.i386.rpm

ia64:
9684baa99edfe6fc6f916ec9b5f28b50 mozilla-1.7.7-1.1.3.4.ia64.rpm
c33f36bcbc038317150e760f67e41d3c mozilla-chat-1.7.7-1.1.3.4.ia64.rpm
cd5961bd88a27043d983af13e1c5cef2 mozilla-devel-1.7.7-1.1.3.4.ia64.rpm
d92e4f6402ff510254c35989d10c2089 mozilla-dom-inspector-1.7.7-1.1.3.4.ia64.rpm
c858591aadf8c93e39fdf90fdef231a0 mozilla-js-debugger-1.7.7-1.1.3.4.ia64.rpm
33788ff7918c7f8f5d9fcfd460021145 mozilla-mail-1.7.7-1.1.3.4.ia64.rpm
52d0b70455ae9b8048f8c4b3c46d9118 mozilla-nspr-1.7.7-1.1.3.4.ia64.rpm
883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
4ebb3bac874ee388f192613e89d534ea mozilla-nspr-devel-1.7.7-1.1.3.4.ia64.rpm
d6605e746509e017cd1567eadc74c122 mozilla-nss-1.7.7-1.1.3.4.ia64.rpm
2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm
815c377c2b59e835043f6bf07e7f19fa mozilla-nss-devel-1.7.7-1.1.3.4.ia64.rpm

x86_64:
ed19956043c95bec234e018203544860 mozilla-1.7.7-1.1.3.4.x86_64.rpm
7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm
5677542c97ad598ebfc6df1889820e74 mozilla-chat-1.7.7-1.1.3.4.x86_64.rpm
8aa3920fbb6d18630efb9d03aa645e89 mozilla-devel-1.7.7-1.1.3.4.x86_64.rpm
168c85ac07b7b4c5f264c08d5dd38181 mozilla-dom-inspector-1.7.7-1.1.3.4.x86_64.rpm
9d8f08e81e14ddacb3b5da8c713cf853 mozilla-js-debugger-1.7.7-1.1.3.4.x86_64.rpm
91dfca37aa00624af1fed85f366a8536 mozilla-mail-1.7.7-1.1.3.4.x86_64.rpm
87250e5cf971736d8351f246a51398ca mozilla-nspr-1.7.7-1.1.3.4.x86_64.rpm
883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
cf03afb1121b772e306548f225c05c10 mozilla-nspr-devel-1.7.7-1.1.3.4.x86_64.rpm
75eb06b5cb399d672708d614d610e748 mozilla-nss-1.7.7-1.1.3.4.x86_64.rpm
2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm
c84d40146508befb92293ca2e922a5cc mozilla-nss-devel-1.7.7-1.1.3.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mozilla-1.7.7-1.1.3.4.src.rpm
525e2ee941a69669a06b2522e3806f19 mozilla-1.7.7-1.1.3.4.src.rpm

i386:
7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm
670951ea2ecd2c7b5d1f25f731128e88 mozilla-chat-1.7.7-1.1.3.4.i386.rpm
43b9801777c7b6bc7864a21cb8ab4152 mozilla-devel-1.7.7-1.1.3.4.i386.rpm
e0adc24c19a8ed053e83160639075b81 mozilla-dom-inspector-1.7.7-1.1.3.4.i386.rpm
a6841f7b1d18f2c896dd9487996f62cb mozilla-js-debugger-1.7.7-1.1.3.4.i386.rpm
0c84662fa8f1e47a643c57df3da44030 mozilla-mail-1.7.7-1.1.3.4.i386.rpm
883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
33471adde84e88497d856dfa3dffc92d mozilla-nspr-devel-1.7.7-1.1.3.4.i386.rpm
2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm
87ea0f26e60f94d7af5cfb163136582e mozilla-nss-devel-1.7.7-1.1.3.4.i386.rpm

ia64:
9684baa99edfe6fc6f916ec9b5f28b50 mozilla-1.7.7-1.1.3.4.ia64.rpm
c33f36bcbc038317150e760f67e41d3c mozilla-chat-1.7.7-1.1.3.4.ia64.rpm
cd5961bd88a27043d983af13e1c5cef2 mozilla-devel-1.7.7-1.1.3.4.ia64.rpm
d92e4f6402ff510254c35989d10c2089 mozilla-dom-inspector-1.7.7-1.1.3.4.ia64.rpm
c858591aadf8c93e39fdf90fdef231a0 mozilla-js-debugger-1.7.7-1.1.3.4.ia64.rpm
33788ff7918c7f8f5d9fcfd460021145 mozilla-mail-1.7.7-1.1.3.4.ia64.rpm
52d0b70455ae9b8048f8c4b3c46d9118 mozilla-nspr-1.7.7-1.1.3.4.ia64.rpm
883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
4ebb3bac874ee388f192613e89d534ea mozilla-nspr-devel-1.7.7-1.1.3.4.ia64.rpm
d6605e746509e017cd1567eadc74c122 mozilla-nss-1.7.7-1.1.3.4.ia64.rpm
2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm
815c377c2b59e835043f6bf07e7f19fa mozilla-nss-devel-1.7.7-1.1.3.4.ia64.rpm

x86_64:
ed19956043c95bec234e018203544860 mozilla-1.7.7-1.1.3.4.x86_64.rpm
7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm
5677542c97ad598ebfc6df1889820e74 mozilla-chat-1.7.7-1.1.3.4.x86_64.rpm
8aa3920fbb6d18630efb9d03aa645e89 mozilla-devel-1.7.7-1.1.3.4.x86_64.rpm
168c85ac07b7b4c5f264c08d5dd38181 mozilla-dom-inspector-1.7.7-1.1.3.4.x86_64.rpm
9d8f08e81e14ddacb3b5da8c713cf853 mozilla-js-debugger-1.7.7-1.1.3.4.x86_64.rpm
91dfca37aa00624af1fed85f366a8536 mozilla-mail-1.7.7-1.1.3.4.x86_64.rpm
87250e5cf971736d8351f246a51398ca mozilla-nspr-1.7.7-1.1.3.4.x86_64.rpm
883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm
cf03afb1121b772e306548f225c05c10 mozilla-nspr-devel-1.7.7-1.1.3.4.x86_64.rpm
75eb06b5cb399d672708d614d610e748 mozilla-nss-1.7.7-1.1.3.4.x86_64.rpm
2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm
c84d40146508befb92293ca2e922a5cc mozilla-nss-devel-1.7.7-1.1.3.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_2005384_01_important_mozilla_security_update.html)