[rock-user] [Security Announcement] firefox (RLSA-20060418-0…

ROCK Mailing List Archives

Attachments
Entire message
+ (text/plain)
Author: Daniel Jahre
Date:  
To: rock-user
Subject: [rock-user] [Security Announcement] firefox (RLSA-20060418-01)
This is a ROCK Linux Security Announcement.

Package: firefox
Announcement ID: RLSA-20060418-01
Date: 2006-04-18
Affected Distributions: Crystal, LiveCD
Affected Releases: Crystal ROCK CLT
Cross References: none
Fixed at trunk revision: 7531

Content of this advisory:
1) Problem Description
2) Solution or Work-Around
3) Special instructions and notes
4) Updateing your source tree
5) Source package update
6) Binary package update

--------------------------------------------------------------------------------

1) Problem Description
There are multiple issues with firefox versions prior 1.5.0.2

MFSA 2006-29 Spoofing with translucent windows
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-23 File stealing by changing input type
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)

2) Solution or Workaround
There is no known workaround. Please update the package.

3) Special instruction and notes
none

4) Updateing your source tree
If you are using a subversion checkout of trunk, run:
 svn up

If you are using submaster run,
 sm sync
to merge the update from trunk into your tree

5) Source package update
As a user of an affected distribution you can update this package by
rebuilding it on your machine
run
 rocket updsrc
to update your local sources and
 rocket emerge firefox
to install the updated package

6) Binary package update
there are no new binary packages available for this package yet.

_______________________________________________
rock-user mailing list

http://www.rocklinux.net/mailman/listinfo/rock-user