MDKSA-2006:037
- Package name
- mozilla-firefox
- Date
- 2006-02-07
- Advisory ID
- MDKSA-2006:037
- Affected versions
- 2006.0 i586 , 2006.0 x86_64
Problem description
Mozilla and Mozilla Firefox allow remote attackers to cause a denial of
service (CPU consumption and delayed application startup) via a web
site with a large title, which is recorded in history.dat but not
processed efficiently during startup. (CVE-2005-4134)
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before
1.5.1 does not properly dereference objects, which allows remote
attackers to cause a denial of service (crash) or execute arbitrary
code via unknown attack vectors related to garbage collection.
(CVE-2006-0292)
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1,
and SeaMonkey before 1.0 does not validate the attribute name, which
allows remote attackers to execute arbitrary Javascript by injecting
RDF data into the user's localstore.rdf file. (CVE-2006-0296)
Updated packages are patched to address these issues.
Updated packages
2006.0 i586
da643268d4704d938689f5fe2cca120f 2006.0/RPMS/libnspr4-1.0.6-16.4.20060mdk.i586.rpm b6911002ac57b7d9aa2b250362eb800a 2006.0/RPMS/libnspr4-devel-1.0.6-16.4.20060mdk.i586.rpm f0b33d31942402c9375e28b67b5af7a1 2006.0/RPMS/libnss3-1.0.6-16.4.20060mdk.i586.rpm 44be800d89df092daf5fb2cccbbd38cc 2006.0/RPMS/libnss3-devel-1.0.6-16.4.20060mdk.i586.rpm 23f78dfcad4ffac1232ac34021312140 2006.0/RPMS/mozilla-firefox-1.0.6-16.4.20060mdk.i586.rpm f15d9c997aea3efc48cfb04534e0710a 2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.4.20060mdk.i586.rpm f1309fb4699a35abfb9d0ed618eae738 2006.0/SRPMS/mozilla-firefox-1.0.6-16.4.20060mdk.src.rpm
2006.0 x86_64
6f7649defa3b0f2ecb7fad32a22e780b x86_64/2006.0/RPMS/lib64nspr4-1.0.6-16.4.20060mdk.x86_64.rpm bf965382a901febf026662823158aec0 x86_64/2006.0/RPMS/lib64nspr4-devel-1.0.6-16.4.20060mdk.x86_64.rpm 34e4b253f78196e93749150263447c94 x86_64/2006.0/RPMS/lib64nss3-1.0.6-16.4.20060mdk.x86_64.rpm 1d7cf344f788454a1b151fc886b88200 x86_64/2006.0/RPMS/lib64nss3-devel-1.0.6-16.4.20060mdk.x86_64.rpm ef97a23ece3c504332437f395dad3f77 x86_64/2006.0/RPMS/mozilla-firefox-1.0.6-16.4.20060mdk.x86_64.rpm a9f2be464482f4cf70120f12d5ff9e58 x86_64/2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.4.20060mdk.x86_64.rpm f1309fb4699a35abfb9d0ed618eae738 x86_64/2006.0/SRPMS/mozilla-firefox-1.0.6-16.4.20060mdk.src.rpm