Bug 206728

Summary: CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787
Product: [Retired] Fedora Legacy Reporter: Todd Denniston <todd.denniston>
Component: firefoxAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED CANTFIX QA Contact:
Severity: urgent Docs Contact:
Priority: medium    
Version: fc4   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.securityfocus.com/bid/18228 http://rhn.redhat.com/errata/RHSA-2006-0578.html http://www.mozilla.com/firefox/releases/1.5.0.4.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-10 19:39:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Todd Denniston 2006-09-15 21:36:20 UTC
Description of problem:
The following CVEs are still outstanding against the version of firefox (and
thunderbird and mozilla) installed in Fedora Core 4
CVE-2006-2775
CVE-2006-2776
CVE-2006-2777
CVE-2006-2778
CVE-2006-2779
CVE-2006-2780
CVE-2006-2782
CVE-2006-2783
CVE-2006-2784
CVE-2006-2785
CVE-2006-2786
CVE-2006-2787

Version-Release number of selected component (if applicable):
mozilla-nss-1.7.13-1.1.fc4
mozilla-nspr-1.7.13-1.1.fc4
thunderbird-1.0.8-1.1.fc4
firefox-1.0.8-1.1.fc4
mozilla-nspr-devel-1.7.13-1.1.fc4
mozilla-nss-devel-1.7.13-1.1.fc4
mozilla-devel-1.7.13-1.1.fc4
mozilla-1.7.13-1.1.fc4


How reproducible:
consistant.

Steps to Reproduce:
1. rpm -qa  |grep -e firefox -e thunderbird -e mozilla
2. notice we are still not running  versions later than:
Mozilla Thunderbird 1.5.4
Mozilla SeaMonkey 1.0.2
Mozilla Firefox 1.5.4
or even patched versions from after Jun 02 2006 
  
Actual results:
rpm -qa --last |grep -e firefox -e thunderbird -e mozilla
yields Vulnerable versions.
rpm -qa --last |grep -e firefox -e thunderbird -e mozilla
yields dates from before  Jun 02 2006 

Expected results:
Not vulnerable versions.

related bugs include at least
bug 174523
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174523
and
bug 195241
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195241

http://www.mozilla.com/firefox/releases/1.5.0.4.html

Note that I would go with the suggestion of updating FC4 to firefox/thunderbird
to 1.5.something as was suggested in bug 174523

Comment 1 Matthew Miller 2007-04-10 19:39:25 UTC
Fedora Core 4 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.