Status: CLOSED CANTFIX
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: firefox (Show other bugs)
(Show other bugs)
Version: fc4
Hardware: All Linux
medium
urgent
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: http://www.securityfocus.com/bid/1822...
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-09-15 21:36 UTC by Todd Denniston
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-10 19:39:25 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Todd Denniston 2006-09-15 21:36:20 UTC
Description of problem:
The following CVEs are still outstanding against the version of firefox (and
thunderbird and mozilla) installed in Fedora Core 4
CVE-2006-2775
CVE-2006-2776
CVE-2006-2777
CVE-2006-2778
CVE-2006-2779
CVE-2006-2780
CVE-2006-2782
CVE-2006-2783
CVE-2006-2784
CVE-2006-2785
CVE-2006-2786
CVE-2006-2787

Version-Release number of selected component (if applicable):
mozilla-nss-1.7.13-1.1.fc4
mozilla-nspr-1.7.13-1.1.fc4
thunderbird-1.0.8-1.1.fc4
firefox-1.0.8-1.1.fc4
mozilla-nspr-devel-1.7.13-1.1.fc4
mozilla-nss-devel-1.7.13-1.1.fc4
mozilla-devel-1.7.13-1.1.fc4
mozilla-1.7.13-1.1.fc4


How reproducible:
consistant.

Steps to Reproduce:
1. rpm -qa  |grep -e firefox -e thunderbird -e mozilla
2. notice we are still not running  versions later than:
Mozilla Thunderbird 1.5.4
Mozilla SeaMonkey 1.0.2
Mozilla Firefox 1.5.4
or even patched versions from after Jun 02 2006 
  
Actual results:
rpm -qa --last |grep -e firefox -e thunderbird -e mozilla
yields Vulnerable versions.
rpm -qa --last |grep -e firefox -e thunderbird -e mozilla
yields dates from before  Jun 02 2006 

Expected results:
Not vulnerable versions.

related bugs include at least
bug 174523
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174523
and
bug 195241
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195241

http://www.mozilla.com/firefox/releases/1.5.0.4.html

Note that I would go with the suggestion of updating FC4 to firefox/thunderbird
to 1.5.something as was suggested in bug 174523

Comment 1 Matthew Miller 2007-04-10 19:39:25 UTC
Fedora Core 4 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.


Note You need to log in before you can comment on or make changes to this bug.