Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDKSA-2007:050-1 ] - Updated Firefox packages fix multiple vulnerabilities
From: security () mandriva com
Date: Fri, 02 Mar 2007 15:45:01 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                       MDKSA-2007:050-1
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mozilla-firefox
 Date    : March 2, 2007
 Affected: 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of security vulnerabilities have been discovered and corrected
 in the latest Mozilla Firefox program, version 1.5.0.10.
 
 This update provides the latest Firefox to correct these issues.

 Update:

 A regression was found in the latest Firefox packages provided where
 changes to library paths caused applications that depended on the NSS
 libraries (such as Thunderbird and Evolution) to fail to start or fail
 to load certain SSL-related security components.  These new packages
 correct that problem and we apologize for any inconvenience the
 previous update may have caused.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0996
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1092
 http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
 http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
 http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
 http://www.mozilla.org/security/announce/2007/mfsa2007-04.html
 http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
 http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
 http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
 http://www.mozilla.org/security/announce/2007/mfsa2007-08.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 411bc0bdd8dc32950a84c77ed3319508  2007.0/i586/libmozilla-firefox1.5.0.10-1.5.0.10-2mdv2007.0.i586.rpm
 9ceb031931003fb861882f4455c6648b  2007.0/i586/libmozilla-firefox1.5.0.10-devel-1.5.0.10-2mdv2007.0.i586.rpm
 db615eadf763927182c8657d11b1ae54  2007.0/i586/libnspr4-1.5.0.10-2mdv2007.0.i586.rpm
 bd7dca3e972f552b5dd347822e17f1e1  2007.0/i586/libnspr4-devel-1.5.0.10-2mdv2007.0.i586.rpm
 bb4709aa4bf277e32c25e07d93641802  2007.0/i586/libnspr4-static-devel-1.5.0.10-2mdv2007.0.i586.rpm
 babf7d44d0340cd51f45249d3002180e  2007.0/i586/libnss3-1.5.0.10-2mdv2007.0.i586.rpm
 19a967982b748b879b1904d5bcea174d  2007.0/i586/libnss3-devel-1.5.0.10-2mdv2007.0.i586.rpm
 6333bab7a5d530836fa5a64383bcdd30  2007.0/i586/mozilla-firefox-1.5.0.10-2mdv2007.0.i586.rpm 
 72672b4bbfcc4f13d5820a4c11bca547  2007.0/SRPMS/mozilla-firefox-1.5.0.10-2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 9fe9779d9d02f0aa73d28096cc237d00  2007.0/x86_64/lib64mozilla-firefox1.5.0.10-1.5.0.10-2mdv2007.0.x86_64.rpm
 3c0a879b450f5c2569eb81d397a82906  2007.0/x86_64/lib64mozilla-firefox1.5.0.10-devel-1.5.0.10-2mdv2007.0.x86_64.rpm
 338d81330e754d5ffd22dea67c2fbfd2  2007.0/x86_64/lib64nspr4-1.5.0.10-2mdv2007.0.x86_64.rpm
 0c840ec9a78c48d975db6bca80e53caa  2007.0/x86_64/lib64nspr4-devel-1.5.0.10-2mdv2007.0.x86_64.rpm
 3f1ba2da63bf990b3958f184bdf4d96f  2007.0/x86_64/lib64nspr4-static-devel-1.5.0.10-2mdv2007.0.x86_64.rpm
 cd9ef9efe9f859467a07bfc20899156d  2007.0/x86_64/lib64nss3-1.5.0.10-2mdv2007.0.x86_64.rpm
 d6243e7d7c76a5ff5a418f7304cdcff2  2007.0/x86_64/lib64nss3-devel-1.5.0.10-2mdv2007.0.x86_64.rpm
 0fec2d70c6a797521304598b802d03b1  2007.0/x86_64/mozilla-firefox-1.5.0.10-2mdv2007.0.x86_64.rpm 
 72672b4bbfcc4f13d5820a4c11bca547  2007.0/SRPMS/mozilla-firefox-1.5.0.10-2mdv2007.0.src.rpm

 Corporate 3.0:
 24fbf58752279b3a5ec8d186d7c6142b  corporate/3.0/i586/libnspr4-1.5.0.10-1.1.C30mdk.i586.rpm
 cc59dd85bcdc065ed4ee7f3d299e971a  corporate/3.0/i586/libnspr4-devel-1.5.0.10-1.1.C30mdk.i586.rpm
 284b6bf1210fb854361a9af3062528e1  corporate/3.0/i586/libnspr4-static-devel-1.5.0.10-1.1.C30mdk.i586.rpm
 cf17ffa7ff1734b850c7f7a5b7f780ee  corporate/3.0/i586/libnss3-1.5.0.10-1.1.C30mdk.i586.rpm
 82e74bce4abb564958d0225bc94687d6  corporate/3.0/i586/libnss3-devel-1.5.0.10-1.1.C30mdk.i586.rpm
 5af5da7a1f51c609568f03b2026c0687  corporate/3.0/i586/mozilla-firefox-1.5.0.10-1.1.C30mdk.i586.rpm
 df2d940bf4af073e1dc983c1143a8079  corporate/3.0/i586/mozilla-firefox-devel-1.5.0.10-1.1.C30mdk.i586.rpm 
 efd17411a1dc5bed3d7e79f0a28b4073  corporate/3.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 be6fa4a501b973f9016716ae6ffb1b25  corporate/3.0/x86_64/lib64nspr4-1.5.0.10-1.1.C30mdk.x86_64.rpm
 a06bb78d6531ffac3e750236a0cb13de  corporate/3.0/x86_64/lib64nspr4-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm
 2f2dd393236be80e8f8ca226145115e7  corporate/3.0/x86_64/lib64nspr4-static-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm
 3a42bca7fd7ab26e65bf0a4ca7485db1  corporate/3.0/x86_64/lib64nss3-1.5.0.10-1.1.C30mdk.x86_64.rpm
 68cef069c9e2d4f1336c58e8e5f126ca  corporate/3.0/x86_64/lib64nss3-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm
 0bd6c6adc8fd1be8d3b02fb5505c9330  corporate/3.0/x86_64/mozilla-firefox-1.5.0.10-1.1.C30mdk.x86_64.rpm
 27262a966199c19006327fa21dab1f69  corporate/3.0/x86_64/mozilla-firefox-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm 
 efd17411a1dc5bed3d7e79f0a28b4073  corporate/3.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.C30mdk.src.rpm

 Corporate 4.0:
 0f782ea68bc9177e333dd77c26eeec7f  corporate/4.0/i586/libnspr4-1.5.0.10-1.1.20060mlcs4.i586.rpm
 408511a886dd0619f4ae9a1d93137eeb  corporate/4.0/i586/libnspr4-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm
 6b3ad9cf7c2f4b7a008c6fd9c584289b  corporate/4.0/i586/libnspr4-static-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm
 31927dd82ca439052fe166e6b2864e07  corporate/4.0/i586/libnss3-1.5.0.10-1.1.20060mlcs4.i586.rpm
 021eef345d030d8112f227b0b2c3a0f6  corporate/4.0/i586/libnss3-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm
 2485f65a1860840e7abe7cd5a447c538  corporate/4.0/i586/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.i586.rpm
 ef609ec54c3e70b47067668f68c74e65  corporate/4.0/i586/mozilla-firefox-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm 
 64e5ea6cd7dc856aa4f7eda630e40d14  corporate/4.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 fab1a497ea9801a29637f049e520422b  corporate/4.0/x86_64/lib64nspr4-1.5.0.10-1.1.20060mlcs4.x86_64.rpm
 647d403327794eb30e81e6b91b407dd1  corporate/4.0/x86_64/lib64nspr4-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm
 247c6c555fe4917bbdf3ae884ac309ba  corporate/4.0/x86_64/lib64nspr4-static-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm
 710e426e4200912e2b4718d1c0613c58  corporate/4.0/x86_64/lib64nss3-1.5.0.10-1.1.20060mlcs4.x86_64.rpm
 2efe3ddeb772f3d706f429bccd34675c  corporate/4.0/x86_64/lib64nss3-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm
 13e414365c4f1d3768a375cf29a40aa4  corporate/4.0/x86_64/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.x86_64.rpm
 261d63f5547804f20ee022290429c866  corporate/4.0/x86_64/mozilla-firefox-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 
 64e5ea6cd7dc856aa4f7eda630e40d14  corporate/4.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF6H18mqjQ0CJFipgRAna2AJ9Qa8Vf923jNIzai9QzQOOS4NRETgCgyICD
+eNPSjeb5EQGZ6E5dYWPNSM=
=AgMP
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDKSA-2007:050-1 ] - Updated Firefox packages fix multiple vulnerabilities security (Mar 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]