Red Hat Bugzilla – Bug 124397
CAN-2003-0564 Mozilla flaws (CAN-2004-0191)
Last modified: 2007-11-30 17:10:43 EST
NISCC testing of implementations of the S/MIME protocol uncovered a
number of bugs in NSS versions prior to 3.9. The parsing of unexpected
ASN.1 constructs within S/MIME data could cause Mozilla to crash or
consume large amounts of memory. A remote attacker could potentially
trigger these bugs by sending a carefully-crafted S/MIME message to a
Andreas Sandblad discovered a cross-site scripting issue that affects
various versions of Mozilla. When linking to a new page it is still
possible to interact with the old page before the new page has been
context of the new page, making cross-site scripting possible if the
different pages belong to different domains.
CAN-2003-0564/2004-0191 Affects: FC1
to match http://rhn.redhat.com/errata/RHSA-2004-110.html
Hmmm... still not fixed in FC1?
FC1 was transferred to the Fedora Legacy project. This issue is fixed
in FC2 and FC3.