Bug 152580 - CAN-2005-0578 Mozilla issues (CAN-2005-0232 CAN-2005-0527 CAN-2005-0231 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588 CAN-2005-0590 CAN-2005-0591 CAN-2005-0593)
CAN-2005-0578 Mozilla issues (CAN-2005-0232 CAN-2005-0527 CAN-2005-0231 CAN-2...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: mozilla (Show other bugs)
3.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Christopher Aillon
Ben Levenson
impact=important,public=20050224
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-30 09:51 EST by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-28 15:11:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2005-03-30 09:51:49 EST
Various security issues recently got fixed in Firefox and Mozilla that we did
not backport to our RHEL security updates as the backported fixes would be too
risky.  These will get fixed with an update to 1.7.6.

        MFSA 2005-28 CAN-2005-0578 Unsafe /tmp/plugtmp directory exploitable
            to erase user's files
        MFSA 2005-27 CAN-2005-0232, CAN-2005-0527 Plugins can be used to load
        privileged content
        MFSA 2005-26 CAN-2005-0231 Cross-site scripting by dropping
            javascript: link on tab
        MFSA 2005-24 CAN-2005-0584 HTTP auth prompt tab spoofing
            * caillon says too hard to backport.
        MFSA 2005-23 CAN-2005-0585 Download dialog source spoofing
        MFSA 2005-22 CAN-2005-0586 Download dialog spoofing using
            Content-Disposition header
        MFSA 2005-20 CAN-2005-0588 XSLT can include stylesheets from arbitrary
            hosts
        MFSA 2005-17 CAN-2005-0590 Install source spoofing with user:pass@host
        MFSA 2005-16 CAN-2005-0591 Spoofing download and security dialogs with
            overlapping windows
            conversion
        MFSA 2005-14 CAN-2005-0593 SSL "secure site" indicator spoofing
Comment 1 Josh Bressers 2005-04-28 15:11:28 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-384.html

Note You need to log in before you can comment on or make changes to this bug.