Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 157591 - please update rawhide with firefox 1.0.4
Summary: please update rawhide with firefox 1.0.4
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: 4
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Christopher Aillon
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-05-12 22:46 UTC by Jason
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-05-13 22:04:03 UTC
Type: ---


Attachments (Terms of Use)

Description Jason 2005-05-12 22:46:48 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
Please release FC4 with firefox 1.0.4 which protects against:
MFSA 2005-44  Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. install rawhide
2.
3.
  

Additional info:

Comment 1 Zuirdj 2005-05-13 01:35:36 UTC
Not only security update: I can't browse to https://addons.update.mozilla.org/
because Firefox isn't upgraded... :-)

Comment 2 Christopher Aillon 2005-05-13 22:04:03 UTC
Please don't file bugs like this.  Rawhide is "at your own risk" which doesn't
guarantee packages are always updated.  Released versions always have priority
over rawhide in the system.  Anyway, this has already been built yesterday, but
rawhide hasn't picked it up yet.  It's lagging a little bit because of the
freeze for FC4.  I think it made it into the queue for tomorrow.


Note You need to log in before you can comment on or make changes to this bug.