Fedora Update Notification
FEDORA-2005-248
2005-03-25
Product : Fedora Core 2
Name : mozilla
Version : 1.7.6
Release : 1.2.2
Summary : Web browser and mail reader
Description :
Mozilla is an open-source web browser, designed for standards
compliance, performance and portability.
Update Information:
A buffer overflow bug was found in the way Mozilla processes GIF
images. It is possible for an attacker to create a specially
crafted GIF image, which when viewed by a victim will execute
arbitrary code as the victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0399 to this issue.
A bug was found in the way Mozilla responds to proxy auth
requests. It is possible for a malicious webserver to steal
credentials from a victims browser by issuing a 407 proxy
authentication request. (CAN-2005-0147)
A bug was found in the way Mozilla displays dialog windows. It
is possible that a malicious web page which is being displayed in a
background tab could present the user with a dialog window
appearing to come from the active page. (CAN-2004-1380)
A bug was found in the way Mozilla Mail handles cookies when
loading content over HTTP regardless of the user’s preference. It
is possible that a particular user could be tracked through the use
of malicious mail messages which load content over HTTP.
(CAN-2005-0149)
A flaw was found in the way Mozilla displays international
domain names. It is possible for an attacker to display a valid
URL, tricking the user into thinking they are viewing a legitimate
webpage when they are not. (CAN-2005-0233)
A bug was found in the way Mozilla handles pop-up windows. It is
possible for a malicious website to control the content in an
unrelated site’s pop-up window. (CAN-2004-1156)
A bug was found in the way Mozilla saves temporary files.
Temporary files are saved with world readable permissions, which
could allow a local malicious user to view potentially sensitive
data. (CAN-2005-0142)
A bug was found in the way Mozilla handles synthetic middle
click events. It is possible for a malicious web page to steal the
contents of a victims clipboard. (CAN-2005-0146)
A bug was found in the way Mozilla processes XUL content. If a
malicious web page can trick a user into dragging an object, it is
possible to load malicious XUL content. (CAN-2005-0401)
A bug was found in the way Mozilla loads links in a new tab
which are middle clicked. A malicious web page could read local
files or modify privileged chrom settings. (CAN-2005-0141)
A bug was found in the way Mozilla displays the secure site
icon. A malicious web page can use a view-source URL targetted at a
secure page, while loading an insecure page, yet the secure site
icon shows the previous secure state. (CAN-2005-0144)
A bug was found in the way Mozilla displays the secure site
icon. A malicious web page can display the secure site icon by
loading a binary file from a secured site. (CAN-2005-0143)
A bug was found in the way Mozilla displays the download dialog
window. A malicious site can obfuscate the content displayed in the
source field, tricking a user into thinking they are downloading
content from a trusted source. (CAN-2005-0585)
Users of Mozilla are advised to upgrade to this updated package
which contains Mozilla version 1.7.6 to correct these issues.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
670cd6dfd4638a8b720c5524dfda0904
SRPMS/mozilla-1.7.6-1.2.2.src.rpm
250c3130e8e6155be3aad1ba87230558
x86_64/mozilla-1.7.6-1.2.2.x86_64.rpm
fbcc83d64cde004cec0a7bc1aca02e58
x86_64/mozilla-nspr-1.7.6-1.2.2.x86_64.rpm
e824cb1b879262dae5b84f5a7e5ee995
x86_64/mozilla-nspr-devel-1.7.6-1.2.2.x86_64.rpm
6a05ed7fb6d14e24f3be8c175ff4c8b3
x86_64/mozilla-nss-1.7.6-1.2.2.x86_64.rpm
d5d63a2c25fa094e097bea688283c323
x86_64/mozilla-nss-devel-1.7.6-1.2.2.x86_64.rpm
88b1642f9efa482b8dc4d2ad0ce379db
x86_64/mozilla-devel-1.7.6-1.2.2.x86_64.rpm
b801fab02c0c048598f638b4a28fae3e
x86_64/mozilla-mail-1.7.6-1.2.2.x86_64.rpm
9772a6749e5e2bac54844fade15e1b14
x86_64/mozilla-chat-1.7.6-1.2.2.x86_64.rpm
1920c0b8b1755128c0155b99e6fcf1d3
x86_64/mozilla-js-debugger-1.7.6-1.2.2.x86_64.rpm
6245b9a349949253d2d05d8641d00db3
x86_64/mozilla-dom-inspector-1.7.6-1.2.2.x86_64.rpm
1484983385ff129c03169a196c40c587
x86_64/debug/mozilla-debuginfo-1.7.6-1.2.2.x86_64.rpm
241e38a280bf30ab84eeb87a916ba5ac
x86_64/mozilla-1.7.6-1.2.2.i386.rpm
8059d43c76c69a9dcdfbc80bab47c61d
x86_64/mozilla-nspr-1.7.6-1.2.2.i386.rpm
78823643c0968e1127cb3a1105361ec3
x86_64/mozilla-nspr-devel-1.7.6-1.2.2.i386.rpm
25095410d01ea542dc1e429afb8c2b41
x86_64/mozilla-nss-1.7.6-1.2.2.i386.rpm
41aaf5aa43ef2ac72cbaa2e50fa8a768
x86_64/mozilla-nss-devel-1.7.6-1.2.2.i386.rpm
13eecc00d20fea369a3f2826235858b7
x86_64/mozilla-devel-1.7.6-1.2.2.i386.rpm
599cb8a1eeea64e30761f182e1e4b8c9
x86_64/mozilla-mail-1.7.6-1.2.2.i386.rpm
c88c78fe40130f350fa63eb5012a7519
x86_64/mozilla-chat-1.7.6-1.2.2.i386.rpm
054ca767763a06e4dc8c7791ad4e0b62
x86_64/mozilla-js-debugger-1.7.6-1.2.2.i386.rpm
08593a9c0909bbdfc2b3913420bc2b7e
x86_64/mozilla-dom-inspector-1.7.6-1.2.2.i386.rpm
241e38a280bf30ab84eeb87a916ba5ac
i386/mozilla-1.7.6-1.2.2.i386.rpm
8059d43c76c69a9dcdfbc80bab47c61d
i386/mozilla-nspr-1.7.6-1.2.2.i386.rpm
78823643c0968e1127cb3a1105361ec3
i386/mozilla-nspr-devel-1.7.6-1.2.2.i386.rpm
25095410d01ea542dc1e429afb8c2b41
i386/mozilla-nss-1.7.6-1.2.2.i386.rpm
41aaf5aa43ef2ac72cbaa2e50fa8a768
i386/mozilla-nss-devel-1.7.6-1.2.2.i386.rpm
13eecc00d20fea369a3f2826235858b7
i386/mozilla-devel-1.7.6-1.2.2.i386.rpm
599cb8a1eeea64e30761f182e1e4b8c9
i386/mozilla-mail-1.7.6-1.2.2.i386.rpm
c88c78fe40130f350fa63eb5012a7519
i386/mozilla-chat-1.7.6-1.2.2.i386.rpm
054ca767763a06e4dc8c7791ad4e0b62
i386/mozilla-js-debugger-1.7.6-1.2.2.i386.rpm
08593a9c0909bbdfc2b3913420bc2b7e
i386/mozilla-dom-inspector-1.7.6-1.2.2.i386.rpm
d8233042be25ec4f4cabcbe431d1a1b7
i386/debug/mozilla-debuginfo-1.7.6-1.2.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.
Fedora Update Notification
FEDORA-2005-251
2005-03-25
Product : Fedora Core 2
Name : devhelp
Version : 0.9.1
Release : 0.2.5
Summary : API document browser
Description :
A API document browser for GNOME 2.
Update Information:
There were several security flaws found in the mozilla package,
which devhelp depends on. Users of devhelp are advised to upgrade
to this updated package which has been rebuilt against a later
version of mozilla which is not vulnerable to these flaws.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
a35fe8bea6559080c3a6f461527a0461
SRPMS/devhelp-0.9.1-0.2.5.src.rpm
1bff7e616103f3875599df5a0291f63d
x86_64/devhelp-0.9.1-0.2.5.x86_64.rpm
f3509c3787eff72692d4468972e53443
x86_64/devhelp-devel-0.9.1-0.2.5.x86_64.rpm
441fa682bdab1eb47a7fc8002a68a166
x86_64/debug/devhelp-debuginfo-0.9.1-0.2.5.x86_64.rpm
2b9c05582b7223a571b6fbd023041f30
i386/devhelp-0.9.1-0.2.5.i386.rpm
94cd93edd472cca7f38df7dcbd45b80d
i386/devhelp-devel-0.9.1-0.2.5.i386.rpm
18fec0d58c92e91fab1b0ee4036fa2d1
i386/debug/devhelp-debuginfo-0.9.1-0.2.5.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.
Fedora Update Notification
FEDORA-2005-253
2005-03-25
Product : Fedora Core 2
Name : epiphany
Version : 1.2.10
Release : 0.2.1
Summary : GNOME web browser based on the Mozilla rendering
engine
Description :
epiphany is a simple GNOME web browser based on the Mozilla
rendering engine
Update Information:
There were several security flaws found in the mozilla package,
which epiphany depends on. Users of epiphany are advised to upgrade
to this updated package which has been rebuilt against a later
version of mozilla which is not vulnerable to these flaws.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
398444378e055d50d82da73619b3cafb
SRPMS/epiphany-1.2.10-0.2.1.src.rpm
52e4b6cd8f2ff59b219c3b2ad6aeb8d1
x86_64/epiphany-1.2.10-0.2.1.x86_64.rpm
26d196879bb545c94911264c0af96cd9
x86_64/debug/epiphany-debuginfo-1.2.10-0.2.1.x86_64.rpm
8fed4532e1d742bb7fc9cb02083fec11
i386/epiphany-1.2.10-0.2.1.i386.rpm
80fdc9ccfd0bbf7fb56ad039f28ce2ea
i386/debug/epiphany-debuginfo-1.2.10-0.2.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.