Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 124397 - CAN-2003-0564 Mozilla flaws (CAN-2004-0191)
CAN-2003-0564 Mozilla flaws (CAN-2004-0191)
Product: Fedora
Classification: Fedora
Component: mozilla (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Blizzard
Ben Levenson
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-05-26 07:07 EDT by Mark J. Cox
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-11-09 05:17:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox 2004-05-26 07:07:56 EDT
NISCC testing of implementations of the S/MIME protocol uncovered a
number of bugs in NSS versions prior to 3.9. The parsing of unexpected
ASN.1 constructs within S/MIME data could cause Mozilla to crash or
consume large amounts of memory. A remote attacker could potentially
trigger these bugs by sending a carefully-crafted S/MIME message to a

Andreas Sandblad discovered a cross-site scripting issue that affects
various versions of Mozilla. When linking to a new page it is still
possible to interact with the old page before the new page has been
successfully loaded. Any Javascript events will be invoked in the
context of the new page, making cross-site scripting possible if the
different pages belong to different domains.

        CAN-2003-0564/2004-0191 Affects: FC1
        to match http://rhn.redhat.com/errata/RHSA-2004-110.html
Comment 1 Barry K. Nathan 2004-08-26 07:16:33 EDT
Hmmm... still not fixed in FC1?
Comment 2 Mark J. Cox 2004-11-09 05:17:27 EST
FC1 was transferred to the Fedora Legacy project.  This issue is fixed
in FC2 and FC3.

Note You need to log in before you can comment on or make changes to this bug.