Advisories

Mandriva Advisories

Package name	mozilla-firefox
Date	October 6th, 2005
Advisory ID	MDKSA-2005:173
Affected versions	10.2, 2006.0
Synopsis	Updated mozilla-firefox packages fix vulnerabilities

Problem Description

New updates are available for Mozilla Firefox:

A regression in the LE2005 Firefox package caused problems with cursor
movement that has been fixed.

The run-mozilla.sh script, with debugging enabled, would allow local
users to create or overwrite arbitrary files via a symlink attack on
temporary files (CAN-2005-2353).

nsScriptSecurityManager::GetBaseURIScheme didn't handle
jar:view-source:... correctly because the jar: and view-source: cases
didn't use recursion as they were supposed to. This was corrected in
Firefox 1.0.4 and only affects the LE2005 package.

The updated packages have been patched to correct these issues.

Updated Packages

Mandriva Linux LE2005

 8802442f13b423d32f90beab90b57b39  10.2/RPMS/libnspr4-1.0.2-10.1.102mdk.i586.rpm
490de6be6ed37670b498f1b32ce9911d  10.2/RPMS/libnspr4-devel-1.0.2-10.1.102mdk.i586.rpm
15bd80dbb1661d1991d7cb5d882de84b  10.2/RPMS/libnss3-1.0.2-10.1.102mdk.i586.rpm
abb90d3203f570d84e0228214244c16a  10.2/RPMS/libnss3-devel-1.0.2-10.1.102mdk.i586.rpm
692a964ae2a2fc96bad0926ba57f6608  10.2/RPMS/mozilla-firefox-1.0.2-10.1.102mdk.i586.rpm
3d88f5181f16a5ac731c183af04973c0  10.2/RPMS/mozilla-firefox-devel-1.0.2-10.1.102mdk.i586.rpm
915ff77d3dabc2c821f7355d0fc379db  10.2/SRPMS/mozilla-firefox-1.0.2-10.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 a5b17c8a1142e20db9d69b934f54607d  x86_64/10.2/RPMS/lib64nspr4-1.0.2-10.1.102mdk.x86_64.rpm
f041b7de49dd120ddb63ba6b2d466feb  x86_64/10.2/RPMS/lib64nspr4-devel-1.0.2-10.1.102mdk.x86_64.rpm
8802442f13b423d32f90beab90b57b39  x86_64/10.2/RPMS/libnspr4-1.0.2-10.1.102mdk.i586.rpm
490de6be6ed37670b498f1b32ce9911d  x86_64/10.2/RPMS/libnspr4-devel-1.0.2-10.1.102mdk.i586.rpm
13b1057af97d829a4aae52cdb5f3bcab  x86_64/10.2/RPMS/lib64nss3-1.0.2-10.1.102mdk.x86_64.rpm
42cbcf8cf37d45472d7d1d742cc91e22  x86_64/10.2/RPMS/lib64nss3-devel-1.0.2-10.1.102mdk.x86_64.rpm
15bd80dbb1661d1991d7cb5d882de84b  x86_64/10.2/RPMS/libnss3-1.0.2-10.1.102mdk.i586.rpm
abb90d3203f570d84e0228214244c16a  x86_64/10.2/RPMS/libnss3-devel-1.0.2-10.1.102mdk.i586.rpm
83cb2e763eac7d6117daf62a4adb14ab  x86_64/10.2/RPMS/mozilla-firefox-1.0.2-10.1.102mdk.x86_64.rpm
76ba06daf1900bbaa357744daec1060a  x86_64/10.2/RPMS/mozilla-firefox-devel-1.0.2-10.1.102mdk.x86_64.rpm
915ff77d3dabc2c821f7355d0fc379db  x86_64/10.2/SRPMS/mozilla-firefox-1.0.2-10.1.102mdk.src.rpm

Mandriva Linux 2006

 4729fc4e3d1b10f2e16e94c23a5d55e9  2006.0/RPMS/libnspr4-1.0.6-16.1.20060mdk.i586.rpm
bf450dbb8f1f20abfcc57b9decb30eb4  2006.0/RPMS/libnspr4-devel-1.0.6-16.1.20060mdk.i586.rpm
760d6ab6f917091183818d6946c4482f  2006.0/RPMS/libnss3-1.0.6-16.1.20060mdk.i586.rpm
a9b14f14a73c89950b445c747f9c306c  2006.0/RPMS/libnss3-devel-1.0.6-16.1.20060mdk.i586.rpm
94adfb3dbdb796da0d2ab01b842e8351  2006.0/RPMS/mozilla-firefox-1.0.6-16.1.20060mdk.i586.rpm
01947ebf2c815bc36e955cc98ce23f27  2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.1.20060mdk.i586.rpm
93f3763d032cd82e7b214afeecccd4a9  2006.0/SRPMS/mozilla-firefox-1.0.6-16.1.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 68542f490600d394fd8246081a899894  x86_64/2006.0/RPMS/lib64nspr4-1.0.6-16.1.20060mdk.x86_64.rpm
3589f6d4e900c9c400c881861e50a927  x86_64/2006.0/RPMS/lib64nspr4-devel-1.0.6-16.1.20060mdk.x86_64.rpm
4729fc4e3d1b10f2e16e94c23a5d55e9  x86_64/2006.0/RPMS/libnspr4-1.0.6-16.1.20060mdk.i586.rpm
bf450dbb8f1f20abfcc57b9decb30eb4  x86_64/2006.0/RPMS/libnspr4-devel-1.0.6-16.1.20060mdk.i586.rpm
7a7d70dd78e89ef04b1c1f69b3711bfe  x86_64/2006.0/RPMS/lib64nss3-1.0.6-16.1.20060mdk.x86_64.rpm
8f7a198febbcd4c819b93eee2e4822ad  x86_64/2006.0/RPMS/lib64nss3-devel-1.0.6-16.1.20060mdk.x86_64.rpm
760d6ab6f917091183818d6946c4482f  x86_64/2006.0/RPMS/libnss3-1.0.6-16.1.20060mdk.i586.rpm
a9b14f14a73c89950b445c747f9c306c  x86_64/2006.0/RPMS/libnss3-devel-1.0.6-16.1.20060mdk.i586.rpm
8d72c505c3634bee91ed8a6d1add342d  x86_64/2006.0/RPMS/mozilla-firefox-1.0.6-16.1.20060mdk.x86_64.rpm
a1e80b35074ce98d49812d46f4f0de47  x86_64/2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.1.20060mdk.x86_64.rpm
93f3763d032cd82e7b214afeecccd4a9  x86_64/2006.0/SRPMS/mozilla-firefox-1.0.6-16.1.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2353

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer