Paketname
mozilla
Datum
2006-02-07
Advisory ID
MDKSA-2006:036
Betroffene Versionen
CS3.0 i586 , CS3.0 x86_64

Problembeschreibung

Mozilla and Mozilla Firefox allow remote attackers to cause a denial of
service (CPU consumption and delayed application startup) via a web
site with a large title, which is recorded in history.dat but not
processed efficiently during startup. (CVE-2005-4134)

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before
1.5.1 does not properly dereference objects, which allows remote
attackers to cause a denial of service (crash) or execute arbitrary
code via unknown attack vectors related to garbage collection.
(CVE-2006-0292)

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1,
and SeaMonkey before 1.0 does not validate the attribute name, which
allows remote attackers to execute arbitrary Javascript by injecting
RDF data into the user's localstore.rdf file. (CVE-2006-0296)

Updated packages are patched to address these issues.

Aktualisierte Pakete

CS3.0 i586

 8d1376d6440bc1602ab2b1c74262a30c  corporate/3.0/RPMS/libnspr4-1.7.8-0.7.C30mdk.i586.rpm
 ceae80feec83d84891234f8bcf546247  corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.7.C30mdk.i586.rpm
 4be42f4a2297322ac93e6c4e635a225b  corporate/3.0/RPMS/libnss3-1.7.8-0.7.C30mdk.i586.rpm
 f7490d1448b0ef6fe8eaa7561066095f  corporate/3.0/RPMS/libnss3-devel-1.7.8-0.7.C30mdk.i586.rpm
 d3c71d0217099e4586818dc40f819308  corporate/3.0/RPMS/mozilla-1.7.8-0.7.C30mdk.i586.rpm
 5d73ae4396714d8b5bf9892090c22724  corporate/3.0/RPMS/mozilla-devel-1.7.8-0.7.C30mdk.i586.rpm
 005998ef07bd769563084275c27928ec  corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.7.C30mdk.i586.rpm
 0774d333844c7d27b560146e632a33b2  corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.7.C30mdk.i586.rpm
 72bda6c0dfc17eb36b5f64aced6da5a3  corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.7.C30mdk.i586.rpm
 b425cbdf6b2f2261799869327527d1c7  corporate/3.0/RPMS/mozilla-irc-1.7.8-0.7.C30mdk.i586.rpm
 a2ba40970fd46883f707979925553074  corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.7.C30mdk.i586.rpm
 3f786a780a2355f4605886287fc489c3  corporate/3.0/RPMS/mozilla-mail-1.7.8-0.7.C30mdk.i586.rpm
 4dc8edd930a75430e84520b3b2f00859  corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.7.C30mdk.i586.rpm
 4f1024a56ad3c8f3aef13ff2ea881ceb  corporate/3.0/SRPMS/mozilla-1.7.8-0.7.C30mdk.src.rpm

CS3.0 x86_64

 990fd040a970e2fe393665bc87f9d964  x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.7.C30mdk.x86_64.rpm
 e70615c6a988f23636f7bf3d642d2028  x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.7.C30mdk.x86_64.rpm
 69e14625db53e49b4d1fcd9d346218db  x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.7.C30mdk.x86_64.rpm
 17f22cc0913232f4d0cd3efbffd17af1  x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.7.C30mdk.x86_64.rpm
 23d7b49cde6c2e96742f45625845d825  x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.7.C30mdk.x86_64.rpm
 a14cde7bc834e298f9b1ff97d0faa04c  x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.7.C30mdk.x86_64.rpm
 7b6a92d89e3771330e69b24eef80d02b  x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.7.C30mdk.x86_64.rpm
 88510e96eee3232f5dd931de50ef9878  x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.7.C30mdk.x86_64.rpm
 71e44f63b296849361d5733b0e6824d1  x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.7.C30mdk.x86_64.rpm
 1740b993c3c30a35dcd37d7c88bd6187  x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.7.C30mdk.x86_64.rpm
 13b44d4ab0a1b80fb50ad8c881d94253  x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.7.C30mdk.x86_64.rpm
 b9683c1834c25ab3d78606b912714780  x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.7.C30mdk.x86_64.rpm
 7ccb971d176e3e3a1a924bfc23f34b1e  x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.7.C30mdk.x86_64.rpm
 4f1024a56ad3c8f3aef13ff2ea881ceb  x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.7.C30mdk.src.rpm

Referenzen