Red Hat Bugzilla – Bug 215282
CVE-2006-5463: Multiple firefox issues (CVE-2006-5747, CVE-2006-5748, CVE-2006-5464, CVE-2006-5462)
Last modified: 2007-04-18 13:53:10 EDT
Please upgrade Firefox.
Vulnerability Note VU#714496 is also known as CVE-2006-5463.
Red Hat issued RHSA-2006-0733 (<http://tinyurl.com/y9ejp4>) for this issue
and several other issues:
"Several flaws were found in the way Firefox processes certain malformed
arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747,
"Several flaws were found in the way Firefox renders web pages. A malicious
web page could cause the browser to crash or possibly execute arbitrary
code as the user running Firefox. (CVE-2006-5464)
"A flaw was found in the way Firefox verifies RSA signatures. For RSA keys
with exponent 3 it is possible for an attacker to forge a signature that
would be incorrectly verified by the NSS library. Firefox as shipped trusts
several root Certificate Authorities that use exponent 3. An attacker could
have created a carefully crafted SSL certificate which be incorrectly
trusted when their site was visited by a victim. This flaw was previously
thought to be fixed in Firefox 184.108.40.206, however Ulrich Kuehn discovered the
fix was incomplete (CVE-2006-5462)
"Users of Firefox are advised to upgrade to these erratum packages, which
contain Firefox version 220.127.116.11 that corrects these issues."
This issue also affects Fedora Core 3.
Fedora Core 4 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.