[rock-user] [Security Announcement] firefox (RLSA-20060418-0…

ROCK Mailing List Archives

Entire message
+ (text/plain)
Author: Daniel Jahre
To: rock-user
Subject: [rock-user] [Security Announcement] firefox (RLSA-20060418-01)
This is a ROCK Linux Security Announcement.

Package: firefox
Announcement ID: RLSA-20060418-01
Date: 2006-04-18
Affected Distributions: Crystal, LiveCD
Affected Releases: Crystal ROCK CLT
Cross References: none
Fixed at trunk revision: 7531

Content of this advisory:
1) Problem Description
2) Solution or Work-Around
3) Special instructions and notes
4) Updateing your source tree
5) Source package update
6) Binary package update


1) Problem Description
There are multiple issues with firefox versions prior

MFSA 2006-29 Spoofing with translucent windows
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-23 File stealing by changing input type
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-20 Crashes with evidence of memory corruption (rv:

2) Solution or Workaround
There is no known workaround. Please update the package.

3) Special instruction and notes

4) Updateing your source tree
If you are using a subversion checkout of trunk, run:
 svn up

If you are using submaster run,
 sm sync
to merge the update from trunk into your tree

5) Source package update
As a user of an affected distribution you can update this package by
rebuilding it on your machine
 rocket updsrc
to update your local sources and
 rocket emerge firefox
to install the updated package

6) Binary package update
there are no new binary packages available for this package yet.

rock-user mailing list