Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 152580 - CAN-2005-0578 Mozilla issues (CAN-2005-0232 CAN-2005-0527 CAN-2005-0231 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588 CAN-2005-0590 CAN-2005-0591 CAN-2005-0593)
CAN-2005-0578 Mozilla issues (CAN-2005-0232 CAN-2005-0527 CAN-2005-0231 CAN-2...
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: mozilla (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Christopher Aillon
Ben Levenson
: Security
Depends On:
  Show dependency treegraph
Reported: 2005-03-30 09:51 EST by Mark J. Cox
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-04-28 15:11:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:384 high SHIPPED_LIVE Important: Mozilla security update 2005-04-28 00:00:00 EDT

  None (edit)
Description Mark J. Cox 2005-03-30 09:51:49 EST
Various security issues recently got fixed in Firefox and Mozilla that we did
not backport to our RHEL security updates as the backported fixes would be too
risky.  These will get fixed with an update to 1.7.6.

        MFSA 2005-28 CAN-2005-0578 Unsafe /tmp/plugtmp directory exploitable
            to erase user's files
        MFSA 2005-27 CAN-2005-0232, CAN-2005-0527 Plugins can be used to load
        privileged content
        MFSA 2005-26 CAN-2005-0231 Cross-site scripting by dropping
            javascript: link on tab
        MFSA 2005-24 CAN-2005-0584 HTTP auth prompt tab spoofing
            * caillon says too hard to backport.
        MFSA 2005-23 CAN-2005-0585 Download dialog source spoofing
        MFSA 2005-22 CAN-2005-0586 Download dialog spoofing using
            Content-Disposition header
        MFSA 2005-20 CAN-2005-0588 XSLT can include stylesheets from arbitrary
        MFSA 2005-17 CAN-2005-0590 Install source spoofing with user:pass@host
        MFSA 2005-16 CAN-2005-0591 Spoofing download and security dialogs with
            overlapping windows
        MFSA 2005-14 CAN-2005-0593 SSL "secure site" indicator spoofing
Comment 1 Josh Bressers 2005-04-28 15:11:28 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.