Bug 215282 - CVE-2006-5463: Multiple firefox issues (CVE-2006-5747, CVE-2006-5748, CVE-2006-5464, CVE-2006-5462)
CVE-2006-5463: Multiple firefox issues (CVE-2006-5747, CVE-2006-5748, CVE-200...
Status: CLOSED CANTFIX
Product: Fedora Legacy
Classification: Retired
Component: firefox (Show other bugs)
fc4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
impact=critical, LEGACY, 3, 4, NEEDSWORK
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-13 04:00 EST by Werner Hoelzl
Modified: 2007-04-18 13:53 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-10 15:44:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Werner Hoelzl 2006-11-13 04:00:06 EST
Please upgrade Firefox.
http://www.kb.cert.org/vuls/id/714496
Comment 1 David Eisenstein 2006-11-17 05:09:36 EST
Vulnerability Note VU#714496 is also known as CVE-2006-5463.

Red Hat issued RHSA-2006-0733 (<http://tinyurl.com/y9ejp4>) for this issue
and several other issues:

"Several flaws were found in the way Firefox processes certain malformed
Javascript code. A malicious web page could cause the execution of
Javascript code in such a way that could cause Firefox to crash or execute
arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747,
CVE-2006-5748)

"Several flaws were found in the way Firefox renders web pages. A malicious
web page could cause the browser to crash or possibly execute arbitrary
code as the user running Firefox. (CVE-2006-5464) 

"A flaw was found in the way Firefox verifies RSA signatures. For RSA keys
with exponent 3 it is possible for an attacker to forge a signature that
would be incorrectly verified by the NSS library. Firefox as shipped trusts
several root Certificate Authorities that use exponent 3. An attacker could
have created a carefully crafted SSL certificate which be incorrectly
trusted when their site was visited by a victim. This flaw was previously
thought to be fixed in Firefox 1.5.0.7, however Ulrich Kuehn discovered the
fix was incomplete (CVE-2006-5462)

"Users of Firefox are advised to upgrade to these erratum packages, which
contain Firefox version 1.5.0.8 that corrects these issues."

This issue also affects Fedora Core 3.
Comment 2 Matthew Miller 2007-04-10 15:44:12 EDT
Fedora Core 4 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.

Note You need to log in before you can comment on or make changes to this bug.