Bug 454697 (CVE-2008-2933)
Summary: | CVE-2008-2933 Firefox command line URL launches multi-tabs | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | djuran, security-response-team |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 1.9.0.1-1.fc9 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-07-18 08:17:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 454484 | ||
Bug Blocks: |
Description
Josh Bressers
2008-07-09 19:26:13 UTC
This issue does not affect SeaMonkey, it is only a Firefox issue. Public now via MFSA 2008-35 http://www.mozilla.org/security/announce/2008/mfsa2008-35.html Fixed in: Firefox 3.0.1 Firefox 2.0.0.16 xulrunner-1.9.0.1-1.fc9, epiphany-extensions-2.22.1-3.fc9, firefox-3.0.1-1.fc9, epiphany-2.22.2-3.fc9, yelp-2.22.1-4.fc9, devhelp-0.19.1-3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. chmsee-1.0.0-3.31.fc8, gnome-web-photo-0.3-12.fc8, openvrml-0.17.6-6.fc8, gnome-python2-extras-2.19.1-16.fc8, gtkmozembedmm-1.4.2.cvs20060817-22.fc8, epiphany-2.20.3-6.fc8, firefox-2.0.0.16-1.fc8, galeon-2.0.4-4.fc8.3, Miro-1.2.3-3.fc8, yelp-2.20.0-11.fc8, cairo-dock-1.6.1.1-1.fc8.1, epiphany-extensions-2.20.1-9.fc8, kazehakase-0.5.4-2.fc8.3, blam-1.8.3-17.fc8, devhelp-0.16.1-9.fc8, liferea-1.4.15-3.fc8, ruby-gnome2-0.17.0-0.3.rc1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0598.html http://rhn.redhat.com/errata/RHSA-2008-0597.html Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-6491 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-6518 As of Jul 22, this does not install on F9 as it requires a superseded version of xulrunner: Resolving Dependencies --> Running transaction check ---> Package firefox.x86_64 0:3.0.1-1.fc9 set to be updated --> Processing Dependency: gecko-libs = 1.9 for package: gnome-python2-gtkmozembed Matched xulrunner-1.9-0.60.beta5.fc9.x86_64 to require for gecko-libs ---> Package devhelp.x86_64 0:0.19.1-3.fc9 set to be updated ---> Package xulrunner.x86_64 0:1.9.0.1-1.fc9 set to be updated ---> Package yelp.x86_64 0:2.22.1-4.fc9 set to be updated ---> Package xulrunner-devel.x86_64 0:1.9.0.1-1.fc9 set to be updated --> Finished Dependency Resolution gnome-python2-gtkmozembed-2.19.1-16.fc9.x86_64 from installed has depsolving problems --> Missing Dependency: gecko-libs = 1.9 is needed by package gnome-python2-gtkmozembed-2.19.1-16.fc9.x86_64 (installed) Skip-broken round 1 --> Running transaction check ---> Package xulrunner.x86_64 0:1.9.0.1-1.fc9 set to be updated --> Processing Dependency: xulrunner = 1.9.0.1-1.fc9 for package: xulrunner-devel --> Processing Dependency: gecko-libs = 1.9.0.1 for package: devhelp --> Processing Dependency: gecko-libs = 1.9.0.1 for package: yelp --> Processing Dependency: gecko-libs = 1.9.0.1 for package: firefox --> Finished Dependency Resolution firefox-3.0.1-1.fc9.x86_64 from updates has depsolving problems --> Missing Dependency: gecko-libs = 1.9.0.1 is needed by package firefox-3.0.1-1.fc9.x86_64 (updates) yelp-2.22.1-4.fc9.x86_64 from updates has depsolving problems --> Missing Dependency: gecko-libs = 1.9.0.1 is needed by package yelp-2.22.1-4.fc9.x86_64 (updates) xulrunner-devel-1.9.0.1-1.fc9.x86_64 from updates has depsolving problems --> Missing Dependency: xulrunner = 1.9.0.1-1.fc9 is needed by package xulrunner-devel-1.9.0.1-1.fc9.x86_64 (updates) devhelp-0.19.1-3.fc9.x86_64 from updates has depsolving problems --> Missing Dependency: gecko-libs = 1.9.0.1 is needed by package devhelp-0.19.1-3.fc9.x86_64 (updates) Skip-broken round 2 Skip-broken took 2 rounds Packages skipped because of dependency problems: devhelp-0.19.1-3.fc9.x86_64 from updates firefox-3.0.1-1.fc9.x86_64 from updates xulrunner-1.9.0.1-1.fc9.x86_64 from updates xulrunner-devel-1.9.0.1-1.fc9.x86_64 from updates yelp-2.22.1-4.fc9.x86_64 from updates Depsolve time: 5.343 [root@potoroo ~]# John, please file a bug report against gnome-python2-gtkmozembed, which needs to be rebuilt against new xulrunner package providing gecko-libs 1.9.0.1. (In reply to comment #14) > John, please file a bug report against gnome-python2-gtkmozembed, which needs > to be rebuilt against new xulrunner package providing gecko-libs 1.9.0.1. Rebuilds were already submitted as updated to Bodhi: https://admin.fedoraproject.org/updates/F9/pending/Miro-1.2.4-2.fc9,gnome-python2-extras-2.19.1-17.fc9 Or use these instructions to get new packages while they are not pushed to stable: http://axelilly.wordpress.com/2008/07/21/help-test-recent-xulrunner-updates/ |