Status: CLOSED CANTFIX
Product: Fedora Legacy
Classification: Retired
Component: firefox (Show other bugs)
fc4
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://www.securityfocus.com/bid/1822...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-15 17:36 EDT by Todd Denniston
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-10 15:39:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Todd Denniston 2006-09-15 17:36:20 EDT
Description of problem:
The following CVEs are still outstanding against the version of firefox (and
thunderbird and mozilla) installed in Fedora Core 4
CVE-2006-2775
CVE-2006-2776
CVE-2006-2777
CVE-2006-2778
CVE-2006-2779
CVE-2006-2780
CVE-2006-2782
CVE-2006-2783
CVE-2006-2784
CVE-2006-2785
CVE-2006-2786
CVE-2006-2787

Version-Release number of selected component (if applicable):
mozilla-nss-1.7.13-1.1.fc4
mozilla-nspr-1.7.13-1.1.fc4
thunderbird-1.0.8-1.1.fc4
firefox-1.0.8-1.1.fc4
mozilla-nspr-devel-1.7.13-1.1.fc4
mozilla-nss-devel-1.7.13-1.1.fc4
mozilla-devel-1.7.13-1.1.fc4
mozilla-1.7.13-1.1.fc4


How reproducible:
consistant.

Steps to Reproduce:
1. rpm -qa  |grep -e firefox -e thunderbird -e mozilla
2. notice we are still not running  versions later than:
Mozilla Thunderbird 1.5.4
Mozilla SeaMonkey 1.0.2
Mozilla Firefox 1.5.4
or even patched versions from after Jun 02 2006 
  
Actual results:
rpm -qa --last |grep -e firefox -e thunderbird -e mozilla
yields Vulnerable versions.
rpm -qa --last |grep -e firefox -e thunderbird -e mozilla
yields dates from before  Jun 02 2006 

Expected results:
Not vulnerable versions.

related bugs include at least
bug 174523
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174523
and
bug 195241
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195241

http://www.mozilla.com/firefox/releases/1.5.0.4.html

Note that I would go with the suggestion of updating FC4 to firefox/thunderbird
to 1.5.something as was suggested in bug 174523
Comment 1 Matthew Miller 2007-04-10 15:39:25 EDT
Fedora Core 4 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.

Note You need to log in before you can comment on or make changes to this bug.