__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Mozilla Security Bugs [Red Hat Security Advisory RHSA-2005:386-08] April 26, 2005 22:00 GMT Number P-193 [REVISED 29 Apr 2005] [REVISED 09 May 2005] [REVISED 22 Jul 2005] [REVISED 10 Aug 2005] [REVISED 24 Aug 2005] ______________________________________________________________________________ PROBLEM: Mozilla, a popular open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor, has released an update that fixes several security vulnerabilities. SOFTWARE: Mozilla 0.x, 1.0, 1.1, 1.2 and 1.3 Mozilla 1.4, 1.5, 1.6 and 1.7.x PLATFORM: Red Hat Desktop (v. 3 and v. 4) Red Hat Enterprise Linux AS (v. 2.1, 3, and 4) Red Hat Enterprise Linux ES (v. 2.1, 3 and 4) Red Hat Enterprise Linux WS (v. 2.1, 3 and 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor SGI ProPack 3 Service Pack 5 for SGI Altix family of systems HP-UX B.11.00, B.11.11, B.11.22, B.11.23 running Mozilla versions prior to 1.7.8.00 DAMAGE: The effects of exploiting the eight security flaws that were fixed with this update include: cross-site scripting attacks, bypassing security restrictions, and possible system compromise. SOLUTION: Apply available security updates. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. Exploiting the vulnerabilities may result ASSESSMENT: in cross-site scripting attacks, bypassing security restrictions, and possible system compromise. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/p-193.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2005-386.html ADDITIONAL LINKS: CIAC C-Note 05-009 http://www.ciac.org/cgi-bin/cnotes Secunia Advisory SA14992 http://secunia.com/advisories/14992 US-CERT Vulnerability Notes VU#973309 http://www.kb.cert.org/vuls/id/973309 Red Hat RHSA-2005:384-11 https://rhn.redhat.com/errata/RHSA-2005-384.html SGI Security Advisory Number 20050501-01-U ftp://patches.sgi.com/support/free/security/advisories/20050501-01-U.asc Red Hat RHSA-2005:601-07 https://rhn.redhat.com/errata/RHSA-2005-601.html Visit Hewlett-Packard's Subscription Service for: HPSBUX01133 SSRT5940 rev. 1 Debian Security Advisory DSA-781 http://www.debian.org/security/2005/dsa-781 CVE/CAN: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2005-0989 CAN-2005-1153 CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1159 CAN-2005-1160 ______________________________________________________________________________ REVISION HISTORY: 04/29/2005 - added link to Red Hat Security Advisory RHSA-2005:384-11 that that provides updated packages for Red Hat version 2.1 and version 3. 05/09/2005 - revised to add a link to SGI Security Advisory 20050501-01-U. 07/22/2005 - revised to add a link to Red Hat Desktop RHSA-2005:601-07 for Red Hat Desktop (v. 4) and Red Hat Enterprise Linux AS, ES, WS (v. 4). 08/10/2005 - revised to add a link to Hewlett-Packard HPSBUX01133 SSRT5940 rev. 1 for HP-UX B.11.00, B.11.11, B.11.22, B.11.23 running Mozilla versions prior to 1.7.8.00. 08/24/2005 - revised to add a link to Debian Security Advisory DSA-781-1 mozilla- thunderbird -- several vulnerabilities [***** Start Red Hat Security Advisory RHSA-2005:386-08 *****] Important: Mozilla security update Advisory: RHSA-2005:386-08 Type: Security Advisory Issued on: 2005-04-26 Last updated on: 2005-04-26 Affected Products: Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) CVEs (cve.mitre.org): CAN-2005-0989 CAN-2005-1153 CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1159 CAN-2005-1160 Details Updated mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Vladimir V. Perepelitsa discovered a bug in the way Mozilla handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0989 to this issue. Doron Rosenberg discovered a bug in the way Mozilla displays pop-up windows. If a user choses to open a pop-up window whose URL is malicious javascript, the script will be executed with elevated privileges. (CAN-2005-1153) A bug was found in the way Mozilla handles the javascript global scope for a window. It is possible for a malicious web page to define a global variable known to be used by a different site, allowing malicious code to be executed in the context of the site. (CAN-2005-1154) Michael Krax discovered a bug in the way Mozilla handles favicon links. A malicious web page can programatically define a favicon link tag as javascript, executing arbitrary javascript with elevated privileges. (CAN-2005-1155) Michael Krax discovered a bug in the way Mozilla installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and stealm sensitive information. (CAN-2005-1156 CAN-2005-1157) A bug was found in the way Mozilla validated several XPInstall related javascript objects. A malicious web page could pass other objects to the XPInstall objects, resulting in the javascript interpreter jumping to arbitrary locations in memory. (CAN-2005-1159) A bug was found in the way the Mozilla privileged UI code handled DOM nodes from the content window. A malicious web page could install malicious javascript code or steal data requiring a user to do commonplace actions such as clicking a link or opening the context menu. (CAN-2005-1160) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.7 to correct these issues. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ Updated packages Red Hat Desktop (v. 4) SRPMS: devhelp-0.9.2-2.4.4.src.rpm 81b56e1e82807f905fe929d98ec5e083 mozilla-1.7.7-1.4.2.src.rpm 9c8a8c1aef4f41051e61120451ffb62c IA-32: devhelp-0.9.2-2.4.4.i386.rpm b3cdcac00c1c16fde66442b6f38d1893 devhelp-devel-0.9.2-2.4.4.i386.rpm 46285d589642bfa7e91cd8b76b7b923f mozilla-1.7.7-1.4.2.i386.rpm eb2a5bf63a7e386bd0e9ff163ffb3181 mozilla-chat-1.7.7-1.4.2.i386.rpm d575f95906e488a9d1be3b9324ee5907 mozilla-devel-1.7.7-1.4.2.i386.rpm f94ca4535debb2f3a749b2222f8635ce mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm b75eac2a363789c3d63626bb7cf70c26 mozilla-js-debugger-1.7.7-1.4.2.i386.rpm 4b58ff85e2ebbb4245c10f66f99b1cec mozilla-mail-1.7.7-1.4.2.i386.rpm fba6ed4071fb78faec5728123a717e85 mozilla-nspr-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm eb631b1411126c1ec54687ae05b5b025 mozilla-nss-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-devel-1.7.7-1.4.2.i386.rpm 9ce7d067a5d9bcb269f372073ebe3883 x86_64: devhelp-0.9.2-2.4.4.x86_64.rpm 0985aecb86be8f38a3979a9d1f95ea7b devhelp-devel-0.9.2-2.4.4.x86_64.rpm 047608c3bb930a49defeffa10ab8cd6c mozilla-1.7.7-1.4.2.x86_64.rpm d35124a1ddb4f5867575c96315eb79ae mozilla-chat-1.7.7-1.4.2.x86_64.rpm cc280fd917c37710042ca30b3e11f659 mozilla-devel-1.7.7-1.4.2.x86_64.rpm 269f775b5a849258ebd6da2080d78653 mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm 2963d5acee207998565f0fba9cb1e40e mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm 7000765a4e5094b2a73fd09ee2b23bfa mozilla-mail-1.7.7-1.4.2.x86_64.rpm 67b7d2a673d4637dca1031458d7639b6 mozilla-nspr-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.x86_64.rpm 62d43d6c31fa42358d5156f26506bd49 mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm e3bbf8b1583cf625480a1e17ce554d6e mozilla-nss-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.x86_64.rpm ccc82b7866d14ec9bf300b14d5a3b10c mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm 3e7bfafef761f762e296a3b2815f0e01 Red Hat Enterprise Linux AS (v. 4) SRPMS: devhelp-0.9.2-2.4.4.src.rpm 81b56e1e82807f905fe929d98ec5e083 mozilla-1.7.7-1.4.2.src.rpm 9c8a8c1aef4f41051e61120451ffb62c IA-32: devhelp-0.9.2-2.4.4.i386.rpm b3cdcac00c1c16fde66442b6f38d1893 devhelp-devel-0.9.2-2.4.4.i386.rpm 46285d589642bfa7e91cd8b76b7b923f mozilla-1.7.7-1.4.2.i386.rpm eb2a5bf63a7e386bd0e9ff163ffb3181 mozilla-chat-1.7.7-1.4.2.i386.rpm d575f95906e488a9d1be3b9324ee5907 mozilla-devel-1.7.7-1.4.2.i386.rpm f94ca4535debb2f3a749b2222f8635ce mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm b75eac2a363789c3d63626bb7cf70c26 mozilla-js-debugger-1.7.7-1.4.2.i386.rpm 4b58ff85e2ebbb4245c10f66f99b1cec mozilla-mail-1.7.7-1.4.2.i386.rpm fba6ed4071fb78faec5728123a717e85 mozilla-nspr-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm eb631b1411126c1ec54687ae05b5b025 mozilla-nss-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-devel-1.7.7-1.4.2.i386.rpm 9ce7d067a5d9bcb269f372073ebe3883 IA-64: mozilla-1.7.7-1.4.2.ia64.rpm 879ace0b626043b40c64ee432b65a1ce mozilla-chat-1.7.7-1.4.2.ia64.rpm b107181b1344950ca7f8eeec3f7413f0 mozilla-devel-1.7.7-1.4.2.ia64.rpm 6d5ee8986f6708e0970c1f2999b115dd mozilla-dom-inspector-1.7.7-1.4.2.ia64.rpm f36c2fd2e09c764826985e19800f2faa mozilla-js-debugger-1.7.7-1.4.2.ia64.rpm c572e94851b5d7967c87a95f36f28121 mozilla-mail-1.7.7-1.4.2.ia64.rpm c716f1cd119f40feeb65824b23457a41 mozilla-nspr-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.ia64.rpm 7955f4bfcb0fe6d06f4dd98ff5e174d9 mozilla-nspr-devel-1.7.7-1.4.2.ia64.rpm 8522dad1e43a45e01f58842144054acf mozilla-nss-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.ia64.rpm 3556a68874546cbb0d301b2e35e9e408 mozilla-nss-devel-1.7.7-1.4.2.ia64.rpm 315657d672cfe76deff0c273f90fad7b PPC: devhelp-0.9.2-2.4.4.ppc.rpm 83febc0de6be95993a8f2a20a4da766d devhelp-devel-0.9.2-2.4.4.ppc.rpm 4fae1686f825c45f850844ba3eedc436 mozilla-1.7.7-1.4.2.ppc.rpm 185ad4618a37c6f0a28fedc1a3fd4fca mozilla-chat-1.7.7-1.4.2.ppc.rpm cbd01988ddf10d1b64489c0f9438bc9e mozilla-devel-1.7.7-1.4.2.ppc.rpm 0df3012f2b054c8e28a58869e200f42b mozilla-dom-inspector-1.7.7-1.4.2.ppc.rpm b36deec224434efaec23cdede98cf033 mozilla-js-debugger-1.7.7-1.4.2.ppc.rpm bfd3115b95377cbe9265de5ba4e9b2f0 mozilla-mail-1.7.7-1.4.2.ppc.rpm f38f0f839c37ca4e1504c2ffcbc89e7c mozilla-nspr-1.7.7-1.4.2.ppc.rpm 6ca3295a379b74ffd0cecbefa2305ac7 mozilla-nspr-devel-1.7.7-1.4.2.ppc.rpm 6655969d489d6e945e37509bf990d36a mozilla-nss-1.7.7-1.4.2.ppc.rpm 98408d351610f164e25caeb67d6ea397 mozilla-nss-devel-1.7.7-1.4.2.ppc.rpm 3eed1ab3067cb0c442ac693659f1d453 s390: mozilla-1.7.7-1.4.2.s390.rpm 176568f100bb9fd5cccea8e531da7554 mozilla-chat-1.7.7-1.4.2.s390.rpm af346c0b75489ccd4ae14fafabcae21c mozilla-devel-1.7.7-1.4.2.s390.rpm a2b756a77abfee23e33d13bc283b44c8 mozilla-dom-inspector-1.7.7-1.4.2.s390.rpm da4dcb638c31eac7088d7d2c2050927d mozilla-js-debugger-1.7.7-1.4.2.s390.rpm 133de3cb57ee5c5c1fa55efee2925a34 mozilla-mail-1.7.7-1.4.2.s390.rpm 1a020cfc73ae380071df2a9489532185 mozilla-nspr-1.7.7-1.4.2.s390.rpm 6204280717c19ff5b3c7f5ca10c9530d mozilla-nspr-devel-1.7.7-1.4.2.s390.rpm 8bf028b245724a87538c367b7e585476 mozilla-nss-1.7.7-1.4.2.s390.rpm 8d7d5b3041e258dde55f47052353b805 mozilla-nss-devel-1.7.7-1.4.2.s390.rpm 64391fb75ee314525943abf91984aa8d s390x: mozilla-1.7.7-1.4.2.s390x.rpm ca922a863e155f505f71468df8bae910 mozilla-chat-1.7.7-1.4.2.s390x.rpm f1c78c914b025d809a832d54e7988eb5 mozilla-devel-1.7.7-1.4.2.s390x.rpm 736841a23e0f81798b8a9c76c19319a9 mozilla-dom-inspector-1.7.7-1.4.2.s390x.rpm d05d9931e6c014cc816d888d438ec33b mozilla-js-debugger-1.7.7-1.4.2.s390x.rpm 1b38c56b25dce8bbd88811f207ea70ce mozilla-mail-1.7.7-1.4.2.s390x.rpm b06b66e2e36f0eb34d978876def9a092 mozilla-nspr-1.7.7-1.4.2.s390.rpm 6204280717c19ff5b3c7f5ca10c9530d mozilla-nspr-1.7.7-1.4.2.s390x.rpm 7a5be88ee8f5a823e031e9a1971f48a5 mozilla-nspr-devel-1.7.7-1.4.2.s390x.rpm bd32d6207ab69057e492967040f975b2 mozilla-nss-1.7.7-1.4.2.s390.rpm 8d7d5b3041e258dde55f47052353b805 mozilla-nss-1.7.7-1.4.2.s390x.rpm cf19c4913c6037df61cdfef5f5e7adef mozilla-nss-devel-1.7.7-1.4.2.s390x.rpm 6c88346250dc1e8c6efa19c827178bb3 x86_64: devhelp-0.9.2-2.4.4.x86_64.rpm 0985aecb86be8f38a3979a9d1f95ea7b devhelp-devel-0.9.2-2.4.4.x86_64.rpm 047608c3bb930a49defeffa10ab8cd6c mozilla-1.7.7-1.4.2.x86_64.rpm d35124a1ddb4f5867575c96315eb79ae mozilla-chat-1.7.7-1.4.2.x86_64.rpm cc280fd917c37710042ca30b3e11f659 mozilla-devel-1.7.7-1.4.2.x86_64.rpm 269f775b5a849258ebd6da2080d78653 mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm 2963d5acee207998565f0fba9cb1e40e mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm 7000765a4e5094b2a73fd09ee2b23bfa mozilla-mail-1.7.7-1.4.2.x86_64.rpm 67b7d2a673d4637dca1031458d7639b6 mozilla-nspr-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.x86_64.rpm 62d43d6c31fa42358d5156f26506bd49 mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm e3bbf8b1583cf625480a1e17ce554d6e mozilla-nss-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.x86_64.rpm ccc82b7866d14ec9bf300b14d5a3b10c mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm 3e7bfafef761f762e296a3b2815f0e01 Red Hat Enterprise Linux ES (v. 4) SRPMS: devhelp-0.9.2-2.4.4.src.rpm 81b56e1e82807f905fe929d98ec5e083 mozilla-1.7.7-1.4.2.src.rpm 9c8a8c1aef4f41051e61120451ffb62c IA-32: devhelp-0.9.2-2.4.4.i386.rpm b3cdcac00c1c16fde66442b6f38d1893 devhelp-devel-0.9.2-2.4.4.i386.rpm 46285d589642bfa7e91cd8b76b7b923f mozilla-1.7.7-1.4.2.i386.rpm eb2a5bf63a7e386bd0e9ff163ffb3181 mozilla-chat-1.7.7-1.4.2.i386.rpm d575f95906e488a9d1be3b9324ee5907 mozilla-devel-1.7.7-1.4.2.i386.rpm f94ca4535debb2f3a749b2222f8635ce mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm b75eac2a363789c3d63626bb7cf70c26 mozilla-js-debugger-1.7.7-1.4.2.i386.rpm 4b58ff85e2ebbb4245c10f66f99b1cec mozilla-mail-1.7.7-1.4.2.i386.rpm fba6ed4071fb78faec5728123a717e85 mozilla-nspr-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm eb631b1411126c1ec54687ae05b5b025 mozilla-nss-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-devel-1.7.7-1.4.2.i386.rpm 9ce7d067a5d9bcb269f372073ebe3883 IA-64: mozilla-1.7.7-1.4.2.ia64.rpm 879ace0b626043b40c64ee432b65a1ce mozilla-chat-1.7.7-1.4.2.ia64.rpm b107181b1344950ca7f8eeec3f7413f0 mozilla-devel-1.7.7-1.4.2.ia64.rpm 6d5ee8986f6708e0970c1f2999b115dd mozilla-dom-inspector-1.7.7-1.4.2.ia64.rpm f36c2fd2e09c764826985e19800f2faa mozilla-js-debugger-1.7.7-1.4.2.ia64.rpm c572e94851b5d7967c87a95f36f28121 mozilla-mail-1.7.7-1.4.2.ia64.rpm c716f1cd119f40feeb65824b23457a41 mozilla-nspr-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.ia64.rpm 7955f4bfcb0fe6d06f4dd98ff5e174d9 mozilla-nspr-devel-1.7.7-1.4.2.ia64.rpm 8522dad1e43a45e01f58842144054acf mozilla-nss-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.ia64.rpm 3556a68874546cbb0d301b2e35e9e408 mozilla-nss-devel-1.7.7-1.4.2.ia64.rpm 315657d672cfe76deff0c273f90fad7b x86_64: devhelp-0.9.2-2.4.4.x86_64.rpm 0985aecb86be8f38a3979a9d1f95ea7b devhelp-devel-0.9.2-2.4.4.x86_64.rpm 047608c3bb930a49defeffa10ab8cd6c mozilla-1.7.7-1.4.2.x86_64.rpm d35124a1ddb4f5867575c96315eb79ae mozilla-chat-1.7.7-1.4.2.x86_64.rpm cc280fd917c37710042ca30b3e11f659 mozilla-devel-1.7.7-1.4.2.x86_64.rpm 269f775b5a849258ebd6da2080d78653 mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm 2963d5acee207998565f0fba9cb1e40e mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm 7000765a4e5094b2a73fd09ee2b23bfa mozilla-mail-1.7.7-1.4.2.x86_64.rpm 67b7d2a673d4637dca1031458d7639b6 mozilla-nspr-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.x86_64.rpm 62d43d6c31fa42358d5156f26506bd49 mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm e3bbf8b1583cf625480a1e17ce554d6e mozilla-nss-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.x86_64.rpm ccc82b7866d14ec9bf300b14d5a3b10c mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm 3e7bfafef761f762e296a3b2815f0e01 Red Hat Enterprise Linux WS (v. 4) SRPMS: devhelp-0.9.2-2.4.4.src.rpm 81b56e1e82807f905fe929d98ec5e083 mozilla-1.7.7-1.4.2.src.rpm 9c8a8c1aef4f41051e61120451ffb62c IA-32: devhelp-0.9.2-2.4.4.i386.rpm b3cdcac00c1c16fde66442b6f38d1893 devhelp-devel-0.9.2-2.4.4.i386.rpm 46285d589642bfa7e91cd8b76b7b923f mozilla-1.7.7-1.4.2.i386.rpm eb2a5bf63a7e386bd0e9ff163ffb3181 mozilla-chat-1.7.7-1.4.2.i386.rpm d575f95906e488a9d1be3b9324ee5907 mozilla-devel-1.7.7-1.4.2.i386.rpm f94ca4535debb2f3a749b2222f8635ce mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm b75eac2a363789c3d63626bb7cf70c26 mozilla-js-debugger-1.7.7-1.4.2.i386.rpm 4b58ff85e2ebbb4245c10f66f99b1cec mozilla-mail-1.7.7-1.4.2.i386.rpm fba6ed4071fb78faec5728123a717e85 mozilla-nspr-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm eb631b1411126c1ec54687ae05b5b025 mozilla-nss-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-devel-1.7.7-1.4.2.i386.rpm 9ce7d067a5d9bcb269f372073ebe3883 IA-64: mozilla-1.7.7-1.4.2.ia64.rpm 879ace0b626043b40c64ee432b65a1ce mozilla-chat-1.7.7-1.4.2.ia64.rpm b107181b1344950ca7f8eeec3f7413f0 mozilla-devel-1.7.7-1.4.2.ia64.rpm 6d5ee8986f6708e0970c1f2999b115dd mozilla-dom-inspector-1.7.7-1.4.2.ia64.rpm f36c2fd2e09c764826985e19800f2faa mozilla-js-debugger-1.7.7-1.4.2.ia64.rpm c572e94851b5d7967c87a95f36f28121 mozilla-mail-1.7.7-1.4.2.ia64.rpm c716f1cd119f40feeb65824b23457a41 mozilla-nspr-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.ia64.rpm 7955f4bfcb0fe6d06f4dd98ff5e174d9 mozilla-nspr-devel-1.7.7-1.4.2.ia64.rpm 8522dad1e43a45e01f58842144054acf mozilla-nss-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.ia64.rpm 3556a68874546cbb0d301b2e35e9e408 mozilla-nss-devel-1.7.7-1.4.2.ia64.rpm 315657d672cfe76deff0c273f90fad7b x86_64: devhelp-0.9.2-2.4.4.x86_64.rpm 0985aecb86be8f38a3979a9d1f95ea7b devhelp-devel-0.9.2-2.4.4.x86_64.rpm 047608c3bb930a49defeffa10ab8cd6c mozilla-1.7.7-1.4.2.x86_64.rpm d35124a1ddb4f5867575c96315eb79ae mozilla-chat-1.7.7-1.4.2.x86_64.rpm cc280fd917c37710042ca30b3e11f659 mozilla-devel-1.7.7-1.4.2.x86_64.rpm 269f775b5a849258ebd6da2080d78653 mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm 2963d5acee207998565f0fba9cb1e40e mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm 7000765a4e5094b2a73fd09ee2b23bfa mozilla-mail-1.7.7-1.4.2.x86_64.rpm 67b7d2a673d4637dca1031458d7639b6 mozilla-nspr-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.x86_64.rpm 62d43d6c31fa42358d5156f26506bd49 mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm e3bbf8b1583cf625480a1e17ce554d6e mozilla-nss-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.x86_64.rpm ccc82b7866d14ec9bf300b14d5a3b10c mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm 3e7bfafef761f762e296a3b2815f0e01 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 155116 - CAN-2005-0989 Multiple Mozilla issues. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160 http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.7 [***** End Red Hat Security Advisory RHSA-2005:386-08 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) P-183: The Sun ONE and JES Directory Server Contain a Buffer Overflow involving LDAP P-184: libexif P-185: Apple Mac OS X v10.3.9 Security Update P-186: Possible Network Port Theft in Solaris P-187: Sun Java System Web Proxy Server Vulnerability P-188: Security Vulnerabilities Addressed in Red Hat Kernel Update P-189: RealNetworks Releases Security Updates P-190: Firefox Security Bugs P-191: KDE Image File Format Reader Vulnerabilities P-192: OpenOffice.org Buffer Overflow Vulnerability