Bug 152580 - CAN-2005-0578 Mozilla issues (CAN-2005-0232 CAN-2005-0527 CAN-2005-0231 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588 CAN-2005-0590 CAN-2005-0591 CAN-2005-0593)
Summary: CAN-2005-0578 Mozilla issues (CAN-2005-0232 CAN-2005-0527 CAN-2005-0231 CAN-2...
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: mozilla (Show other bugs)
(Show other bugs)
Version: 3.0
Hardware: All Linux
Target Milestone: ---
Assignee: Christopher Aillon
QA Contact: Ben Levenson
Whiteboard: impact=important,public=20050224
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2005-03-30 14:51 UTC by Mark J. Cox
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-04-28 19:11:28 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:384 high SHIPPED_LIVE Important: Mozilla security update 2005-04-28 04:00:00 UTC

Description Mark J. Cox 2005-03-30 14:51:49 UTC
Various security issues recently got fixed in Firefox and Mozilla that we did
not backport to our RHEL security updates as the backported fixes would be too
risky.  These will get fixed with an update to 1.7.6.

        MFSA 2005-28 CAN-2005-0578 Unsafe /tmp/plugtmp directory exploitable
            to erase user's files
        MFSA 2005-27 CAN-2005-0232, CAN-2005-0527 Plugins can be used to load
        privileged content
        MFSA 2005-26 CAN-2005-0231 Cross-site scripting by dropping
            javascript: link on tab
        MFSA 2005-24 CAN-2005-0584 HTTP auth prompt tab spoofing
            * caillon says too hard to backport.
        MFSA 2005-23 CAN-2005-0585 Download dialog source spoofing
        MFSA 2005-22 CAN-2005-0586 Download dialog spoofing using
            Content-Disposition header
        MFSA 2005-20 CAN-2005-0588 XSLT can include stylesheets from arbitrary
        MFSA 2005-17 CAN-2005-0590 Install source spoofing with user:pass@host
        MFSA 2005-16 CAN-2005-0591 Spoofing download and security dialogs with
            overlapping windows
        MFSA 2005-14 CAN-2005-0593 SSL "secure site" indicator spoofing

Comment 1 Josh Bressers 2005-04-28 19:11:28 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.