+++ This bug was initially created as a clone of Bug #200357 +++ Description of problem: Firefox 1.5.0.4 and earlier has serious security flaws, patched in 1.5.0.5 http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.5 From the link above, I think the following also affect 1.0.8 in FC4: CVE-2006-3805 : remote code execution via javascript. CVE-2006-3806 : ditto. CVE-2006-3807 : looks like a very serious privledge escalation bug for javascript CVE-2006-3808 : malicious proxy can execute code with privs it shouldn't have; note that a malicious proxy can do all sorts of bad things anyway. CVE-2006-3809 : privilege escalation of scripts; I don't understand the script security model enough personally to fully evaluate the impact of this without looking into it. sounds potentially serious. CVE-2006-3811 : "several" crashes with memory corruption; potential arbitrary code execution CVE-2006-3812 : scripts in chrome run with full privledge. no known automatic exploit, but may make tricking users easier. -- Additional comment from mattdm on 2006-07-28 00:07 EST -- Oh, apparently also CVE-2006-3804, but that's apparently just a denial of service. Christopher Aillon -- there was some trouble releasing a timely update to Firefox 1.5.0.4. Do you anticipate needing some extra help for this as well? Could you at least take a few seconds to let us know the status? Thanks!
Is this likely to be resolved by Monday? I don't see anything in updates/testing.
Well, here we go with another critical and urgent Firefox update involving remotely executable code where the only public response from the Red Hat engineers is stony silence. This is frustrating. Since FC4 is now supported by Legacy, moving there.
What to do with this bug now when Fedora Legacy shutdown? Could you close it please?