Description of problem: The following CVEs are still outstanding against the version of firefox (and thunderbird and mozilla) installed in Fedora Core 4 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787 Version-Release number of selected component (if applicable): mozilla-nss-1.7.13-1.1.fc4 mozilla-nspr-1.7.13-1.1.fc4 thunderbird-1.0.8-1.1.fc4 firefox-1.0.8-1.1.fc4 mozilla-nspr-devel-1.7.13-1.1.fc4 mozilla-nss-devel-1.7.13-1.1.fc4 mozilla-devel-1.7.13-1.1.fc4 mozilla-1.7.13-1.1.fc4 How reproducible: consistant. Steps to Reproduce: 1. rpm -qa |grep -e firefox -e thunderbird -e mozilla 2. notice we are still not running versions later than: Mozilla Thunderbird 1.5.4 Mozilla SeaMonkey 1.0.2 Mozilla Firefox 1.5.4 or even patched versions from after Jun 02 2006 Actual results: rpm -qa --last |grep -e firefox -e thunderbird -e mozilla yields Vulnerable versions. rpm -qa --last |grep -e firefox -e thunderbird -e mozilla yields dates from before Jun 02 2006 Expected results: Not vulnerable versions. related bugs include at least bug 174523 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174523 and bug 195241 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195241 http://www.mozilla.com/firefox/releases/1.5.0.4.html Note that I would go with the suggestion of updating FC4 to firefox/thunderbird to 1.5.something as was suggested in bug 174523
Fedora Core 4 is now completely unmaintained. These bugs can't be fixed in that version. If the issue still persists in current Fedora Core, please reopen. Thank you, and sorry about this.