SUSE Security Announcement: Mozilla various security problems
Posted on: 08/11/2005 04:07 PM

A security update for SUSE Linux

______________________________________________________________________________

SUSE Security Announcement

Package: mozilla,MozillaFirefox,epiphany,galeon
Announcement ID: SUSE-SA:2005:045
Date: Thu, 11 Aug 2005 15:00:00 +0000
Affected Products: 8.2, 9.0, 9.1, 9.2, 9.3
SUSE Linux Desktop 1.0
SUSE Linux Enterprise Server 8, 9
Novell Linux Desktop 9
Vulnerability Type: information leak
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: MFSA 2005-56 CAN-2005-2270
MFSA 2005-55 CAN-2005-2269
MFSA 2005-54 CAN-2005-2268
MFSA 2005-53 CAN-2005-2267
MFSA 2005-52 CAN-2005-2266
MFSA 2005-51 CAN-2005-1937
MFSA 2005-50 CAN-2005-2265
MFSA 2005-49 CAN-2005-2264
MFSA 2005-48 CAN-2005-2263
MFSA 2005-47 CAN-2005-2262
MFSA 2005-46 CAN-2005-2261
MFSA 2005-45 CAN-2005-2260


Content of This Advisory:
1) Security Vulnerability Resolved:
Various security problems in the Mozilla suite and Mozilla Firefox
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

Various security vulnerabilities in the mozilla browser suite and
the Mozilla Firefox browser have been reported and fixed upstream.

The Mozilla suite browser has been updated to a security fix level
of Mozilla 1.7.11, the Mozilla Firefox browser has been updated to
a fix level of Firefox 1.0.6.


Security relevant bugs that are fixed include (but are not limited to):

MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-49 Stealing of sensitive information via _search and the Firefox sidebar
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-47 "Set as wallpaper" javascript: privilege escalation
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities


This update also upgrades the version of the Mozilla suite for the
following products:

* SUSE Linux Desktop 1.0:
The original Mozilla 1.4 branch browser is upgraded to the Mozilla
1.7 branch version.

We were not able to port the galeon web browser included in SUSE
Linux Desktop 1.0 to support Mozilla 1.7 in time, so we no longer
support it.

The galeon package on SUSE Linux Desktop 1.0 is removed by this update.

* SUSE Linux Enterprise Server 8:
The original Mozilla 1.4 branch browser is upgraded to the Mozilla
1.7 branch version.

* SUSE Linux Enterprise Server 9:
The Mozilla version 1.6 shipped with GA of the SUSE Linux Enterprise
Server 9 was replaced by the Mozilla 1.7 branch version in Service
Pack 2.

* SUSE Linux 8.2, 9.0, 9.1:
The Mozilla version 1.4 and 1.6 contained in the SUSE Linux versions
8.2 up to 9.1 was replaced by the Mozilla 1.7 branch version.

We were not able to port the galeon and the epiphany web browsers
included in SUSE Linux 9.0 up to 9.1 to support Mozilla 1.7 in time,
so we will no longer support it.

The galeon and epiphany packages on SUSE Linux 9.0 and 9.1 are removed
by this update.

2) Solution or Work-Around

Please install the upgraded packages and make sure you restart your
browsers after the update.

A workaround would be to deinstall the Mozilla browser suite and/or
the Firefox web browser.

3) Special Instructions and Notes

Please note that galeon will be de installed by this update on SUSE
Linux Desktop 1.0, SUSE Linux 8.2, 9.0 and 9.1.

Also note that epiphany will be de installed by this update on SUSE
Linux 9.0 and 9.1.

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.

Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web.


x86 Platform:

SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-1.0.6-4.1.i586.rpm
166c3b4abffa53c7a8f6727c25f864fc
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-translations-1.0.6-4.1.i586.rpm
030877cffa160bdb73fb83ecf203beeb
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-1.7.5-17.5.i586.rpm
23b21c1570e805548cbb4ff838ef3a3a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-calendar-1.7.5-17.5.i586.rpm
357af3e740a6afcbe93d30df2ba6f8c0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-devel-1.7.5-17.5.i586.rpm
056837d21e79bf9685db9a5a6107e314
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-dom-inspector-1.7.5-17.5.i586.rpm
d44ac8b3f9f3a872cce217213fc75d5f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-irc-1.7.5-17.5.i586.rpm
c5372426942a4e7edd93e76c262f902b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-mail-1.7.5-17.5.i586.rpm
f99441b4557a52f19e691769ff3586bf
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-spellchecker-1.7.5-17.5.i586.rpm
dab29a38878bdccb0a2adcfd54695022
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-venkman-1.7.5-17.5.i586.rpm
e77fa1183e8550d7d76463ca5175cdff
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-32bit-9.3-7.2.x86_64.rpm
6f31d1cb01eed1b1d824d4997cf9b74e

SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-1.0.6-4.1.i586.rpm
3a5028572220d317b5b36cbd204be28a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-translations-1.0.6-4.1.i586.rpm
6cf1065e8f4e106bd4b4b7db81279886
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-1.2.10-0.2.i586.rpm
4fb955c43973dcf210cb88bda26eb2bc
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-extensions-0.8.2-4.3.i586.rpm
110ff4ef92560f2c769240a98956501e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-extensions-devel-0.8.2-4.3.i586.rpm
5315f6fcb9f9948350a3aabd1bff97b7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/galeon-1.3.19-6.1.i586.rpm
7a6a9eea59e272d8a9c552e614215262
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-1.7.2-17.12.i586.rpm
9ffdaf54b21aa1195d424679060f382b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-calendar-1.7.2-17.12.i586.rpm
a8ed8fc7e43fa6551e6a6df9ea77a2d6
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-devel-1.7.2-17.12.i586.rpm
0d7dff63430002e604b0d3c08a262a2d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-dom-inspector-1.7.2-17.12.i586.rpm
42a00ad1de897f70e2a73e654213c0a6
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-irc-1.7.2-17.12.i586.rpm
ed16008085e96426bf00d7fe2f7f8141
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-mail-1.7.2-17.12.i586.rpm
3bf5bb5e315240b0d8a98382328460f8
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-spellchecker-1.7.2-17.12.i586.rpm
5bfee4a99f2f56c4e0087d26df7317e8
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-venkman-1.7.2-17.12.i586.rpm
8427dc7f4c86e252b74b7bef6abf0738

SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-1.0.6-4.2.i586.rpm
478fd9555b6cc78148938cc50d78ff36
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-translations-1.0.6-4.2.i586.rpm
b2aa6c73c1f63fc73658f10e7d6f3bb8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-1.7.8-5.10.i586.rpm
a0ec30a46e482ed5883b404a2769da9d
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-calendar-1.7.8-5.10.i586.rpm
f0ccbea190ddbbdc3af3926de1933965
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-cs-1.7.5-4.4.i586.rpm
793f620d87d5d2226d9c26cbad4f7489
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-deat-1.7.6-0.4.i586.rpm
0eff1dee760d0a9ff60fd796d76e4868
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-devel-1.7.8-5.10.i586.rpm
32d36ec02e9804a218992f7f0246a501
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-dom-inspector-1.7.8-5.10.i586.rpm
6b0f76b8249de7571d87f439da4f00e0
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-hu-1.78-0.5.i586.rpm
59470d7d277f6c99d1568f3fc5767cf7
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-irc-1.7.8-5.10.i586.rpm
f71d29d90481552db60eb538f4c0ab73
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-ja-1.7.7-0.5.i586.rpm
a7d6df35c11a6b2ac3d5f8a13e4f3ce8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-ko-1.75-0.5.i586.rpm
1bab3281cd69ae52e5272336f0accff8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-mail-1.7.8-5.10.i586.rpm
791161e361b85904facfc57ac67a885e
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-spellchecker-1.7.8-5.10.i586.rpm
91f7f6f22ea820290e0cf665d7e52d77
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-venkman-1.7.8-5.10.i586.rpm
04d2a3266da0292833fe9bb3eb6db4a0
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/MozillaFirefox-1.0.6-4.2.src.rpm
c5032babc3e8dda2b4fc793e0cedb6e3
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-1.7.8-5.10.src.rpm
7cd385922b4ef615f988d92ed0687c55
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-cs-1.7.5-4.4.src.rpm
09f2a48c0e6db1e9cdb16a31b4bf964e
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-deat-1.7.6-0.4.src.rpm
274b10f06271150d62f110747f84ec7d
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-hu-1.78-0.5.src.rpm
d7b82478b0cbe502d192992eb9f32694
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-ja-1.7.7-0.5.src.rpm
88dd71414d170b19227b9e2ca8e438d1
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-ko-1.75-0.5.src.rpm
3577e8db5bfc32928f410a50da21fff0

SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/MozillaFirebird-1.0.6-2.i586.rpm
d3f3667784ae8ffdb52d6fd684a60031
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-1.7.8-20.i586.rpm
1ac066a5cc32b7bf315e9865292026e0
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-calendar-1.7.8-20.i586.rpm
db3a421e7cc80dc37f9379fd34dc0a50
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-cs-1.7.5-7.i586.rpm
7ae7dada10e5d594d37770fccc1a2c91
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-deat-1.7.6-4.i586.rpm
47820d48cab860da0c0e5284f3dd2151
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-devel-1.7.8-20.i586.rpm
1d11b924771353eb0e8446f734991869
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-dom-inspector-1.7.8-20.i586.rpm
b5197d58cc39907749fada7860458088
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-hu-1.78-4.i586.rpm
2c8f3366d8d4b4f4d1db9e5f629c99f4
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-irc-1.7.8-20.i586.rpm
2af9df9ba55ff5a598bf9a2770531545
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-mail-1.7.8-20.i586.rpm
68b6bfdc62e530180e4e41025c6d690d
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-spellchecker-1.7.8-20.i586.rpm
05448c90532d7b138798342c933a086d
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-venkman-1.7.8-20.i586.rpm
5c44dd021e2b6ba4fd1c2d1252360d45
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/MozillaFirebird-1.0.6-2.src.rpm
e73b37663812b9707e2bfb4598f10bf8
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-1.7.8-20.src.rpm
af55dfd829630d7665bedf2c78ae6a4c
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-cs-1.7.5-7.src.rpm
459bbc0404efe46db849e018a1e0a044
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-deat-1.7.6-4.src.rpm
0dda29c6a940747cc0c5e4b57bc994b7
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-hu-1.78-4.src.rpm
7c4316c175697f25667833a108bf4d38

SUSE Linux 8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-1.7.8-19.i586.rpm
ecf646af23f7acae815f96e75b05eb61
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-devel-1.7.8-19.i586.rpm
181d77f2943f788e68f3f73505620406
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-dom-inspector-1.7.8-19.i586.rpm
1c1337d1632b5e9e96f73d62ed6bd108
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-irc-1.7.8-19.i586.rpm
7a28a07a12804eb60830e383fde3229b
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-mail-1.7.8-19.i586.rpm
7d6d403e5032b118e4f805d90522f32e
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-venkman-1.7.8-19.i586.rpm
3cbaf034630575f8d10de1fedb0d105f
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/noarch/mozilla-cs-1.4-158.noarch.rpm
d7cc46deafd264d296b096d10fc66ab7
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/noarch/mozilla-deat-1.4.1-11.noarch.rpm
aab00041a2f06eeacb4490cf0bbb3a20
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/noarch/mozilla-hu-1.4-159.noarch.rpm
b7ae80a54d0f25aae696351da8508c6d
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mozilla-1.7.8-19.src.rpm
fb01cf105b4f7a16955408863b99812d
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mozilla-cs-1.4-158.src.rpm
e126a11f03476c844390c0d5b148cf9b
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mozilla-deat-1.4.1-11.src.rpm
ccbf0ebc3f1b80db016c49591a96e081
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mozilla-hu-1.4-159.src.rpm
5805309872e732a6566742ade686f56d

x86-64 Platform:

SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-1.7.5-17.5.x86_64.rpm
818cd3658b021375bc60087bc7a61ce3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-calendar-1.7.5-17.5.x86_64.rpm
3150933846de56e01769a52263be4f73
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-devel-1.7.5-17.5.x86_64.rpm
14606ed7a0e86bc175592b01672eb004
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-dom-inspector-1.7.5-17.5.x86_64.rpm
78472d39ed5aca6da4787f4482afe995
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-irc-1.7.5-17.5.x86_64.rpm
6c9f63d41c2c5ee7d9f2909e3bbddbaa
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-mail-1.7.5-17.5.x86_64.rpm
c5cc774513da309d20e550c9ef690e1a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-spellchecker-1.7.5-17.5.x86_64.rpm
8a9b3c0f8526499bc2a52787fee8ee60
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-venkman-1.7.5-17.5.x86_64.rpm
0641e898ce6072d9e72757318785e0cb
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-1.7.5-17.5.src.rpm
cacbda15810bd6f5603ca9b9b3e1970e

SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-1.0.6-4.1.x86_64.rpm
c4a4504f35d758e0c90def270d3895c4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-translations-1.0.6-4.1.x86_64.rpm
f2e8a8a66901d96b5267fe15650bd0d7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-1.2.10-0.2.x86_64.rpm
63721c65c29312d85e0bd83d7e0e668d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-extensions-0.8.2-4.3.x86_64.rpm
497653dd80813edc7512eaa89181514a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-extensions-devel-0.8.2-4.3.x86_64.rpm
fb2aedcb40e7865f50dd751cc8551c72
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/galeon-1.3.19-6.1.x86_64.rpm
9f0cd31c9aace99836540295e0cae57f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-1.7.2-17.12.x86_64.rpm
3ca6505f0902de095686a066fcd49bcd
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-calendar-1.7.2-17.12.x86_64.rpm
49e14e285e25fec43f5d5f93ad66a98d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-devel-1.7.2-17.12.x86_64.rpm
1456a79695ccaa1b1887bc74f3eaad28
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-dom-inspector-1.7.2-17.12.x86_64.rpm
381e0a5bd0b1766cdcb21d20099e9005
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-irc-1.7.2-17.12.x86_64.rpm
6ac315c96a9e5f886ec5ae1bc2d58b4b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-mail-1.7.2-17.12.x86_64.rpm
23e0a2a2da3c8b0c2f54c5cfea54e853
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-spellchecker-1.7.2-17.12.x86_64.rpm
713540470613683cbc2ceda6cd30f32a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-venkman-1.7.2-17.12.x86_64.rpm
439c9618b88915dd0a9dd51614282926
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/MozillaFirefox-1.0.6-4.1.src.rpm
9465f6d549e794b6bfbe4c1e48dfde5a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/epiphany-1.2.10-0.2.src.rpm
56a820a30e1719fbe6f15b2333733fb4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/epiphany-extensions-0.8.2-4.3.src.rpm
6cad0702acba84800382db956ffa20fd
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/galeon-1.3.19-6.1.src.rpm
096926ecce28109356aaef5ea3e5f059
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/mozilla-1.7.2-17.12.src.rpm
4299ffe08939196c1e66df8d8bdd6936

SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-1.0.6-4.2.x86_64.rpm
a370814658c6c59b22c0b26f152fd009
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-translations-1.0.6-4.2.x86_64.rpm
b63680dbea5cdd2429a16e9ae8b3b62c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-1.7.8-5.10.x86_64.rpm
f47c7eb99e793a4c84506d67598cb79e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-calendar-1.7.8-5.10.x86_64.rpm
0f2a961352f58614cb09f228037e80b4
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-cs-1.7.5-4.4.x86_64.rpm
06a5a58c043624c2e1f3564a0aac48a5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-deat-1.7.6-0.4.x86_64.rpm
143567942ced1976c1956aeb13c4e551
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-devel-1.7.8-5.10.x86_64.rpm
b19f5a46930dac566ca79684da8072f3
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-dom-inspector-1.7.8-5.10.x86_64.rpm
ac5a2a6d97661771af4498729906c20a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-hu-1.78-0.5.x86_64.rpm
5ba3441864bd620f4df283359b3bf78a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-irc-1.7.8-5.10.x86_64.rpm
bd34182213c1df88c430051e76195e8f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-ja-1.7.7-0.5.x86_64.rpm
6eae7f6519978d5fc630b65ddc6ea925
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-ko-1.75-0.5.x86_64.rpm
cdf0841a48a0c70b01263edad0d1a41d
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-mail-1.7.8-5.10.x86_64.rpm
97d9a2831e01f14416565cda9e0b5893
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-spellchecker-1.7.8-5.10.x86_64.rpm
289f7ca0d17ae052d3d2b8bd3e83b613
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-venkman-1.7.8-5.10.x86_64.rpm
47d7a9ccd5c760260aa23681050d061e
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/MozillaFirefox-1.0.6-4.2.src.rpm
00786352c76255079057effb9a810283
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-1.7.8-5.10.src.rpm
cf36f5e3a85d488133b0ebad42ca61c3
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-cs-1.7.5-4.4.src.rpm
592bd5c5902fd8e30f78dde0d2536843
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-deat-1.7.6-0.4.src.rpm
81186f752ad57deb1fe0c201c0f3ea6d
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-hu-1.78-0.5.src.rpm
5ffc830758e55d0496d3d24c0581f16e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-ja-1.7.7-0.5.src.rpm
7ad0667f296852266e642828f9c6a46b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-ko-1.75-0.5.src.rpm
a41ea52316a6f5a541c90663721f6b23

SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/MozillaFirebird-1.0.6-2.x86_64.rpm
8c424bcb147929ca3b25ede8c6d4230b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-1.7.8-20.x86_64.rpm
71e2363debdc9ca95ac019a23880d7f0
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-calendar-1.7.8-20.x86_64.rpm
b9884210a7608e0470287194b5f81181
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-cs-1.7.5-7.x86_64.rpm
b32f908a5d0198bded47c068ecc5dfb7
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-deat-1.7.6-4.x86_64.rpm
365df64a69e4d830059902b412d9f06f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-devel-1.7.8-20.x86_64.rpm
951445bca390ea36cbddb097ae6fe800
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-dom-inspector-1.7.8-20.x86_64.rpm
1abf2651aefffa6d22c3dcde4f081d45
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-hu-1.78-4.x86_64.rpm
a9f2e216f49958302455aca802e3b12d
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-irc-1.7.8-20.x86_64.rpm
cc7d440ae25bbfd460892b9efee82664
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-mail-1.7.8-20.x86_64.rpm
2b279158c3a2131b30c54d6bf33c08cc
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-spellchecker-1.7.8-20.x86_64.rpm
994ba3dc0c7e8f2cd925fe92a969a3ad
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-venkman-1.7.8-20.x86_64.rpm
8aa655a52453608c0fd7484f22425899
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/MozillaFirebird-1.0.6-2.src.rpm
643de31a2b60aad00c33e788f6a676cb
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-1.7.8-20.src.rpm
420e4ebe9ca47c59e683ecec99fcbfcf
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-cs-1.7.5-7.src.rpm
7ca8e9bd16cf1fd5b8b176be436e6d9e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-deat-1.7.6-4.src.rpm
c5d85e3d18ac3eba4b2eda9e777ea1a1
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-hu-1.78-4.src.rpm
cfac61dc8b7ca512f31a31cca35ff9b1


______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

See SUSE Security Summary Report.
______________________________________________________________________________

6) Authenticity Verification and Additional Information

- Announcement authenticity verification:

SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.

To verify the signature of the announcement, save it as text into a file
and run the command

gpg --verify <file>

replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:

gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de>"

where <DATE> is replaced by the date the document was signed.

If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command

gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

- Package authenticity verification:

SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.

There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:

1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement

1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command

rpm -v --checksig <file.rpm>

to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.

This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.

2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command

md5sum <filename.rpm>

after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security@suse.de), the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.

- SUSE runs two security mailing lists to which any interested party may
subscribe:

suse-security@suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe@suse.com>.

suse-security-announce@suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe@suse.com>.

For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info@suse.com> or
<suse-security-faq@suse.com>.

====================================================================
SUSE's security contact is <security@suse.com> or <security@suse.de>.
The <security@suse.de> public key is listed below.
====================================================================
______________________________________________________________________________

The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQEVAwUBQvtuSHey5gA9JdPZAQLg3gf+KRYqHPdXDXMRtT/e5BhX4eaKJC7tLd7O
RH/z1CbnhKSXigy7WbrS/hfPpYwE764uXNNt78RX8iPMaDmJ7t90lJCvFWHzpJQm
z4MTqrNXpGOCSVGBJs7dbzLAeFj/gDeMhLIWMTZEwMXKNhTYuxO3btKznx9h3lgA
WN/nfiRlWaIxtlg1kf4KCvDPZVRlUPCUiT0O3+/Qgfh6FQPg4CCYYepzOns1Ym0/
aI6nhPOK/IczqtwBZPGr+Np9xzddNfdrzRhHmUojoZ5TCNTRHp5Y4I9CoNLctwnl
gYkWfPA7q1GoKzthbUzvPBWKh8X8aywYuH6/+upWWR8G5woP86xufw=
=ZJnB
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/suse_security_announcement_mozilla_various_security_problems.html)