Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2009:294 ] firefox
From: security () mandriva com
Date: Fri, 06 Nov 2009 01:52:00 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:294
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : firefox
 Date    : November 5, 2009
 Affected: 2010.0
 _______________________________________________________________________

 Problem Description:

 Security issues were identified and fixed in firefox 3.5.x:
 
 Security researcher Alin Rad Pop of Secunia Research reported a
 heap-based buffer overflow in Mozilla's string to floating point
 number conversion routines. Using this vulnerability an attacker
 could craft some malicious JavaScript code containing a very long
 string to be converted to a floating point number which would result
 in improper memory allocation and the execution of an arbitrary memory
 location. This vulnerability could thus be leveraged by the attacker
 to run arbitrary code on a victim's computer (CVE-2009-1563).
 
 Security researcher Jeremy Brown reported that the file naming scheme
 used for downloading a file which already exists in the downloads
 folder is predictable. If an attacker had local access to a victim's
 computer and knew the name of a file the victim intended to open
 through the Download Manager, he could use this vulnerability to
 place a malicious file in the world-writable directory used to save
 temporary downloaded files and cause the browser to choose the
 incorrect file when opening it. Since this attack requires local
 access to the victim's machine, the severity of this vulnerability
 was determined to be low (CVE-2009-3274).
 
 Security researcher Paul Stone reported that a user's form history,
 both from web content as well as the smart location bar, was vulnerable
 to theft. A malicious web page could synthesize events such as mouse
 focus and key presses on behalf of the victim and trick the browser
 into auto-filling the form fields with history entries and then
 reading the entries (CVE-2009-3370).
 
 Security researcher Orlando Berrera of Sec Theory reported that
 recursive creation of JavaScript web-workers can be used to create a
 set of objects whose memory could be freed prior to their use. These
 conditions often result in a crash which could potentially be
 used by an attacker to run arbitrary code on a victim's computer
 (CVE-2009-3371).
 
 Security researcher Marco C. reported a flaw in the parsing of regular
 expressions used in Proxy Auto-configuration (PAC) files. In certain
 cases this flaw could be used by an attacker to crash a victim's
 browser and run arbitrary code on their computer. Since this
 vulnerability requires the victim to have PAC configured in their
 environment with specific regular expresssions which can trigger
 the crash, the severity of the issue was determined to be moderate
 (CVE-2009-3372).
 
 Security research firm iDefense reported that researcher regenrecht
 discovered a heap-based buffer overflow in Mozilla's GIF image
 parser. This vulnerability could potentially be used by an attacker
 to crash a victim's browser and run arbitrary code on their computer
 (CVE-2009-3373).
 
 Mozilla security researcher moz_bug_r_a4 reported that the XPCOM
 utility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects
 before returning them to chrome callers. This could result in chrome
 privileged code calling methods on an object which had previously been
 created or modified by web content, potentially executing malicious
 JavaScript code with chrome privileges (CVE-2009-3374).
 
 Security researcher Gregory Fleischer reported that text within a
 selection on a web page can be read by JavaScript in a different domain
 using the document.getSelection function, violating the same-origin
 policy. Since this vulnerability requires user interaction to exploit,
 its severity was determined to be moderate (CVE-2009-3375).
 
 Mozilla security researchers Jesse Ruderman and Sid Stamm reported
 that when downloading a file containing a right-to-left override
 character (RTL) in the filename, the name displayed in the dialog
 title bar conflicts with the name of the file shown in the dialog
 body. An attacker could use this vulnerability to obfuscate the name
 and file extension of a file to be downloaded and opened, potentially
 causing a user to run an executable file when they expected to open
 a non-executable file (CVE-2009-3376).
 
 Mozilla upgraded several third party libraries used in media rendering
 to address multiple memory safety and stability bugs identified by
 members of the Mozilla community. Some of the bugs discovered could
 potentially be used by an attacker to crash a victim's browser and
 execute arbitrary code on their computer. liboggz, libvorbis, and
 liboggplay were all upgraded to address these issues (CVE-2009-3377,
 CVE-2009-3379, CVE-2009-3378).
 
 Mozilla developers and community members identified and fixed
 several stability bugs in the browser engine used in Firefox and
 other Mozilla-based products. Some of these crashes showed evidence
 of memory corruption under certain circumstances and we presume that
 with enough effort at least some of these could be exploited to run
 arbitrary code (CVE-2009-3380).
 
 Additionally, some packages which require so, have been rebuilt and
 are being provided as updates.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3378
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380
 http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.4
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 5de02057b925d2a7540fb7e1ef7bb58e  2010.0/i586/beagle-0.3.9-19.1mdv2010.0.i586.rpm
 865eb64b3d9edb5058b2cd6091a76b26  2010.0/i586/beagle-crawl-system-0.3.9-19.1mdv2010.0.i586.rpm
 80d4b43e92ab00663080cb3d03c01d08  2010.0/i586/beagle-doc-0.3.9-19.1mdv2010.0.i586.rpm
 fcd585d9f9f626053a08426aac2461ef  2010.0/i586/beagle-evolution-0.3.9-19.1mdv2010.0.i586.rpm
 a2449685a7248fbce0c362579a394078  2010.0/i586/beagle-gui-0.3.9-19.1mdv2010.0.i586.rpm
 2ca9f8a2bfeb574803bf9f599cef94da  2010.0/i586/beagle-gui-qt-0.3.9-19.1mdv2010.0.i586.rpm
 9fc8164351344251674264408e320cdc  2010.0/i586/beagle-libs-0.3.9-19.1mdv2010.0.i586.rpm
 c97703819ed2d81d61ce462b8387a8e3  2010.0/i586/epiphany-2.28.1-1.1mdv2010.0.i586.rpm
 65352aeee9a6611e1aaa2507aee6310f  2010.0/i586/epiphany-devel-2.28.1-1.1mdv2010.0.i586.rpm
 56e6935dd870279da4835c62e82e9824  2010.0/i586/epiphany-extensions-2.28.1-1.1mdv2010.0.i586.rpm
 636599b8e9ff5d069579f44db228bf53  2010.0/i586/firefox-3.5.4-0.1mdv2010.0.i586.rpm
 669ef8146179d7c082d305084cfd2821  2010.0/i586/firefox-af-3.5.4-0.1mdv2010.0.i586.rpm
 7e02a83877cd5783e64fe9647c5127cc  2010.0/i586/firefox-ar-3.5.4-0.1mdv2010.0.i586.rpm
 73ec239fbaf304b8bc82827457249939  2010.0/i586/firefox-be-3.5.4-0.1mdv2010.0.i586.rpm
 ead410c9f6e3f6377ce6de3bbda32bf1  2010.0/i586/firefox-bg-3.5.4-0.1mdv2010.0.i586.rpm
 32a3eaaf1beba37607c64f41f18bcbc3  2010.0/i586/firefox-bn-3.5.4-0.1mdv2010.0.i586.rpm
 2d5ee5d61e5cb6cd33a136a94499d222  2010.0/i586/firefox-ca-3.5.4-0.1mdv2010.0.i586.rpm
 e19a9e3564ccae55a454a1e69aa05568  2010.0/i586/firefox-cs-3.5.4-0.1mdv2010.0.i586.rpm
 ec525fa06852579aa7c487d707c82ae3  2010.0/i586/firefox-cy-3.5.4-0.1mdv2010.0.i586.rpm
 9d3c264145fc6779e460c3bc1e835eaf  2010.0/i586/firefox-da-3.5.4-0.1mdv2010.0.i586.rpm
 64e92b919e6b95a8767f918851e54caf  2010.0/i586/firefox-de-3.5.4-0.1mdv2010.0.i586.rpm
 20cecdc52af9590a5b45280527a6a703  2010.0/i586/firefox-devel-3.5.4-0.1mdv2010.0.i586.rpm
 e4ebb0fc55f84da2b523cfeed277f6fe  2010.0/i586/firefox-el-3.5.4-0.1mdv2010.0.i586.rpm
 bbee65d2c8c290254626c5a01136092b  2010.0/i586/firefox-en_GB-3.5.4-0.1mdv2010.0.i586.rpm
 0ed0007b43a472adaa9d15268ef0e22d  2010.0/i586/firefox-eo-3.5.4-0.1mdv2010.0.i586.rpm
 c2b311a8781b2decd7dbd1cbb8a0018f  2010.0/i586/firefox-es_AR-3.5.4-0.1mdv2010.0.i586.rpm
 5247e58309d1833229d509e044705fc5  2010.0/i586/firefox-es_ES-3.5.4-0.1mdv2010.0.i586.rpm
 a5dec68281f893658e5ac6695c8c4e59  2010.0/i586/firefox-et-3.5.4-0.1mdv2010.0.i586.rpm
 eb45f50d7c57ea62e63aba9c8df8cbb3  2010.0/i586/firefox-eu-3.5.4-0.1mdv2010.0.i586.rpm
 8b52f85f885db5d8bc80f62dee83bf1b  2010.0/i586/firefox-ext-beagle-0.3.9-19.1mdv2010.0.i586.rpm
 790b1ccafd787ce7ac8fb5ef022769d4  2010.0/i586/firefox-ext-blogrovr-1.1.804-6.1mdv2010.0.i586.rpm
 d6c45867a70152941b4e98709971a1ae  2010.0/i586/firefox-ext-foxmarks-2.7.2-2.1mdv2010.0.i586.rpm
 ffaf1990715b2667ad06d7d0da92c9a6  2010.0/i586/firefox-ext-mozvoikko-1.0-6.1mdv2010.0.i586.rpm
 51cfa5ee0b74ba1e1364dbb890f17059  2010.0/i586/firefox-ext-plasmanotify-0.3.0-6.1mdv2010.0.i586.rpm
 14184994a466647561caebf282868951  2010.0/i586/firefox-ext-r-kiosk-0.7.2-9.1mdv2010.0.i586.rpm
 05df49753c7be071e7fd30301f8e1e21  2010.0/i586/firefox-ext-scribefire-3.4.5-1.1mdv2010.0.i586.rpm
 8f7fa7986d9c2b782d239dbd5781477c  2010.0/i586/firefox-fi-3.5.4-0.1mdv2010.0.i586.rpm
 a2bcd0e119d154ba8e3e67894b2137d2  2010.0/i586/firefox-fr-3.5.4-0.1mdv2010.0.i586.rpm
 62bf45805a274ad09232a1c0d44e2a94  2010.0/i586/firefox-fy-3.5.4-0.1mdv2010.0.i586.rpm
 b01ad90d97640e1c99d8c6005f115d84  2010.0/i586/firefox-ga_IE-3.5.4-0.1mdv2010.0.i586.rpm
 34d7af747ccabd875dfcce48ad864fe9  2010.0/i586/firefox-gl-3.5.4-0.1mdv2010.0.i586.rpm
 008fc8b17095af333b493dae107cd71a  2010.0/i586/firefox-gu_IN-3.5.4-0.1mdv2010.0.i586.rpm
 087f2eda2fb46c58258a18a660868226  2010.0/i586/firefox-he-3.5.4-0.1mdv2010.0.i586.rpm
 ab0edfc6ffc3349bdc5a1a8c6aaa8b34  2010.0/i586/firefox-hi-3.5.4-0.1mdv2010.0.i586.rpm
 6fe05824fa866c0ee352d37c7bc346eb  2010.0/i586/firefox-hu-3.5.4-0.1mdv2010.0.i586.rpm
 bc1cd175b78a59bcdd6e55dffac9086f  2010.0/i586/firefox-id-3.5.4-0.1mdv2010.0.i586.rpm
 d45bffce0787f8d3afa52083ff63d4f9  2010.0/i586/firefox-is-3.5.4-0.1mdv2010.0.i586.rpm
 f6f9d47069c2a276c6ad234809fa6c13  2010.0/i586/firefox-it-3.5.4-0.1mdv2010.0.i586.rpm
 5fc95fca7b987a5996c4c74af61d0499  2010.0/i586/firefox-ja-3.5.4-0.1mdv2010.0.i586.rpm
 74911a09777dea47be4a69fd46700f15  2010.0/i586/firefox-ka-3.5.4-0.1mdv2010.0.i586.rpm
 0f7c75529ad3def515e546c3aa7e27e5  2010.0/i586/firefox-kn-3.5.4-0.1mdv2010.0.i586.rpm
 ae29bd59f6f93ef072ba3a2b08d63a89  2010.0/i586/firefox-ko-3.5.4-0.1mdv2010.0.i586.rpm
 468f7c938b7d771456e9b477653948ee  2010.0/i586/firefox-ku-3.5.4-0.1mdv2010.0.i586.rpm
 489d116d042bd5802f0068de9383c5d1  2010.0/i586/firefox-lt-3.5.4-0.1mdv2010.0.i586.rpm
 9be68106945017527a62c983031361e0  2010.0/i586/firefox-lv-3.5.4-0.1mdv2010.0.i586.rpm
 0f3175726b5d1994a37c7b035270e5d0  2010.0/i586/firefox-mk-3.5.4-0.1mdv2010.0.i586.rpm
 8b231f4d919586cf55990e026be6aecd  2010.0/i586/firefox-mn-3.5.4-0.1mdv2010.0.i586.rpm
 f981e93ff57a1e8472698ada26dd363f  2010.0/i586/firefox-mr-3.5.4-0.1mdv2010.0.i586.rpm
 8eadff91b007302e6ec3cdc2ec1241ba  2010.0/i586/firefox-nb_NO-3.5.4-0.1mdv2010.0.i586.rpm
 2841ff68c6d850220e4d8aaa062753a0  2010.0/i586/firefox-nl-3.5.4-0.1mdv2010.0.i586.rpm
 753237032819c85ab3b405bcf4082b5f  2010.0/i586/firefox-nn_NO-3.5.4-0.1mdv2010.0.i586.rpm
 193191bb1d7b43288584660f478d8b7b  2010.0/i586/firefox-oc-3.5.4-0.1mdv2010.0.i586.rpm
 408e98a77b5ad0a47dbf44f55dbd4077  2010.0/i586/firefox-pa_IN-3.5.4-0.1mdv2010.0.i586.rpm
 a782d15600b0466ab88c467ea7458721  2010.0/i586/firefox-pl-3.5.4-0.1mdv2010.0.i586.rpm
 52515a5f52bb6c46dca0b2003529a3e3  2010.0/i586/firefox-pt_BR-3.5.4-0.1mdv2010.0.i586.rpm
 81b6ce7fb332d0c32d4dcb1a60e43bea  2010.0/i586/firefox-pt_PT-3.5.4-0.1mdv2010.0.i586.rpm
 be670b306d4595c6095b04c86d2b4440  2010.0/i586/firefox-ro-3.5.4-0.1mdv2010.0.i586.rpm
 cfab5f72fc2f8985114fbe574b7e9ed3  2010.0/i586/firefox-ru-3.5.4-0.1mdv2010.0.i586.rpm
 3815771bf31f0df06d3c72a16c832273  2010.0/i586/firefox-si-3.5.4-0.1mdv2010.0.i586.rpm
 cdc811c47d76aa33712f24c93d40a0d7  2010.0/i586/firefox-sk-3.5.4-0.1mdv2010.0.i586.rpm
 862187e580b0a1b488b3dd924439f17b  2010.0/i586/firefox-sl-3.5.4-0.1mdv2010.0.i586.rpm
 f2cef85a6f4d9811e09b507026343190  2010.0/i586/firefox-sq-3.5.4-0.1mdv2010.0.i586.rpm
 99a3afc95764543f0ed81bfb89fc3231  2010.0/i586/firefox-sr-3.5.4-0.1mdv2010.0.i586.rpm
 a36788ab581f0a0e4b5ad679bb5b7106  2010.0/i586/firefox-sv_SE-3.5.4-0.1mdv2010.0.i586.rpm
 049a9e750fefc62ad61db53bf05ec6bd  2010.0/i586/firefox-te-3.5.4-0.1mdv2010.0.i586.rpm
 8d8ca3d39c424a56ef5b93d1e20dbde5  2010.0/i586/firefox-th-3.5.4-0.1mdv2010.0.i586.rpm
 7ee41c0c33da530f31fedd42f9534939  2010.0/i586/firefox-theme-kde4ff-0.14-18.1mdv2010.0.i586.rpm
 de5596d85162d52e2440e7e4f52b1b1c  2010.0/i586/firefox-tr-3.5.4-0.1mdv2010.0.i586.rpm
 902b0470dae73a54b7dc4406c76d91c9  2010.0/i586/firefox-uk-3.5.4-0.1mdv2010.0.i586.rpm
 33138d6a153bb4bcd0638255da2006a8  2010.0/i586/firefox-zh_CN-3.5.4-0.1mdv2010.0.i586.rpm
 acc67139d138e98d110c4aaa4ddbe8bb  2010.0/i586/firefox-zh_TW-3.5.4-0.1mdv2010.0.i586.rpm
 caee546f9710d7acdd6b816f951c5efd  2010.0/i586/gnome-python-extras-2.25.3-10.1mdv2010.0.i586.rpm
 53cc683aad8630f2052e4ebd965e5da2  2010.0/i586/gnome-python-gda-2.25.3-10.1mdv2010.0.i586.rpm
 55239ec23c37457cf9ef7744e9e311bc  2010.0/i586/gnome-python-gda-devel-2.25.3-10.1mdv2010.0.i586.rpm
 2c595010a046da1fa461c3e0cc6ad468  2010.0/i586/gnome-python-gdl-2.25.3-10.1mdv2010.0.i586.rpm
 7f4f7a400e54da7ea06baf5b8c12d399  2010.0/i586/gnome-python-gtkhtml2-2.25.3-10.1mdv2010.0.i586.rpm
 cba87f860c7a2bd9af64738e78f31b97  2010.0/i586/gnome-python-gtkmozembed-2.25.3-10.1mdv2010.0.i586.rpm
 3e12f0b123e58c0410c1bc9da1678ef6  2010.0/i586/gnome-python-gtkspell-2.25.3-10.1mdv2010.0.i586.rpm
 ed8ecee81e90e1b23924aca98960e67b  2010.0/i586/google-gadgets-common-0.11.1-2.1mdv2010.0.i586.rpm
 226f082af8f0dbc2b222e25b372fcfe4  2010.0/i586/google-gadgets-gtk-0.11.1-2.1mdv2010.0.i586.rpm
 e0e463fb97df0206a2ff3357e4f409d6  2010.0/i586/google-gadgets-qt-0.11.1-2.1mdv2010.0.i586.rpm
 0607442b0252c2f7ad89a88f407a1e18  2010.0/i586/libggadget1.0_0-0.11.1-2.1mdv2010.0.i586.rpm
 4c19a97a9d30ac6d6ed92c1914eb86a8  2010.0/i586/libggadget-dbus1.0_0-0.11.1-2.1mdv2010.0.i586.rpm
 308e97be73ba593653f207287f528702  2010.0/i586/libggadget-gtk1.0_0-0.11.1-2.1mdv2010.0.i586.rpm
 b1023ad523da8ba3d632367372052f5c  2010.0/i586/libggadget-js1.0_0-0.11.1-2.1mdv2010.0.i586.rpm
 fa694a3e378bd97ecae4fa8221e3ae45  2010.0/i586/libggadget-npapi1.0_0-0.11.1-2.1mdv2010.0.i586.rpm
 ec0a4dbf8e68baa45433ba293cff9fa7  2010.0/i586/libggadget-qt1.0_0-0.11.1-2.1mdv2010.0.i586.rpm
 4501a4d57a5eb5359c45271562845723  2010.0/i586/libggadget-webkitjs0-0.11.1-2.1mdv2010.0.i586.rpm
 5ecfe2a3534b50d08260dde62450cf18  2010.0/i586/libggadget-xdg1.0_0-0.11.1-2.1mdv2010.0.i586.rpm
 b0f8a03057d0409111366685dbb56a9c  2010.0/i586/libgoogle-gadgets-devel-0.11.1-2.1mdv2010.0.i586.rpm
 1ab5bc0b7b00823a5cdf815fac145245  2010.0/i586/libopensc2-0.11.9-1.1mdv2010.0.i586.rpm
 49dceab2ebd208914644be69f2915168  2010.0/i586/libopensc-devel-0.11.9-1.1mdv2010.0.i586.rpm
 43032aac7d930c8be3ad8547838b5da1  2010.0/i586/libxulrunner1.9.1.4-1.9.1.4-0.1mdv2010.0.i586.rpm
 e3fda1726c577c44abd17ed3e43aa37f  2010.0/i586/libxulrunner-devel-1.9.1.4-0.1mdv2010.0.i586.rpm
 5cb4ce59c5696e07d46a268b496ce1cc  2010.0/i586/mozilla-plugin-opensc-0.11.9-1.1mdv2010.0.i586.rpm
 404c94bb7ac9764b89986309b9e8b8b8  2010.0/i586/mozilla-thunderbird-beagle-0.3.9-19.1mdv2010.0.i586.rpm
 4695f41439abb22fff405ceea609718d  2010.0/i586/opensc-0.11.9-1.1mdv2010.0.i586.rpm
 769aea3fa1ecfe8fadc145f96595337f  2010.0/i586/python-xpcom-1.9.1.4-0.1mdv2010.0.i586.rpm
 d281a0a5bb6ee6989c3e6e5db9f5673c  2010.0/i586/xulrunner-1.9.1.4-0.1mdv2010.0.i586.rpm
 a4314cad9a7dbe6e98e3188c1af82c75  2010.0/i586/yelp-2.28.0-1.1mdv2010.0.i586.rpm 
 11002834e306ad2599e115787b57ece9  2010.0/SRPMS/beagle-0.3.9-19.1mdv2010.0.src.rpm
 f35067064a0c78edff8b036ca67774f3  2010.0/SRPMS/epiphany-2.28.1-1.1mdv2010.0.src.rpm
 bc04de1e6d7b2fd083a1206c4482fb7b  2010.0/SRPMS/epiphany-extensions-2.28.1-1.1mdv2010.0.src.rpm
 f0b0c517ec14c9d5e47647f9bf08fc78  2010.0/SRPMS/firefox-3.5.4-0.1mdv2010.0.src.rpm
 166554e926dcaab7ff2631817ee2b097  2010.0/SRPMS/firefox-ext-blogrovr-1.1.804-6.1mdv2010.0.src.rpm
 6432321af955bb76f1314dcf7598d4bd  2010.0/SRPMS/firefox-ext-foxmarks-2.7.2-2.1mdv2010.0.src.rpm
 0bfe93a46ccd200f974236740da44032  2010.0/SRPMS/firefox-ext-mozvoikko-1.0-6.1mdv2010.0.src.rpm
 912dabafc0eedd8374b77bf19863f8b4  2010.0/SRPMS/firefox-ext-plasmanotify-0.3.0-6.1mdv2010.0.src.rpm
 ef882f13ad9f95334e87b4e4d1d062c2  2010.0/SRPMS/firefox-ext-r-kiosk-0.7.2-9.1mdv2010.0.src.rpm
 8ecfa71225dd0500c8c4fdaaafe4fe22  2010.0/SRPMS/firefox-ext-scribefire-3.4.5-1.1mdv2010.0.src.rpm
 0df78b1b0f21b07d00706d72296490b3  2010.0/SRPMS/firefox-l10n-3.5.4-0.1mdv2010.0.src.rpm
 7a94ab5e7c21d73c1f8e074825fe93cd  2010.0/SRPMS/firefox-theme-kde4ff-0.14-18.1mdv2010.0.src.rpm
 a2906a74b07316a233c08eeaa09a827f  2010.0/SRPMS/gnome-python-extras-2.25.3-10.1mdv2010.0.src.rpm
 5ca44eee599e669d3936c2d8074dbdf1  2010.0/SRPMS/google-gadgets-0.11.1-2.1mdv2010.0.src.rpm
 3443a0354ae3c165243413cf2bd1a7dc  2010.0/SRPMS/opensc-0.11.9-1.1mdv2010.0.src.rpm
 e52f1e0b12809b71673467beef0e156f  2010.0/SRPMS/xulrunner-1.9.1.4-0.1mdv2010.0.src.rpm
 df7c1f2b4d6ee86a54319b934c717d39  2010.0/SRPMS/yelp-2.28.0-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 c4dd2bea9eef7bf7147588a55983cc3c  2010.0/x86_64/beagle-0.3.9-19.1mdv2010.0.x86_64.rpm
 611d637f1939cee8b3f25ff045410bed  2010.0/x86_64/beagle-crawl-system-0.3.9-19.1mdv2010.0.x86_64.rpm
 a3937170bf9b478cf52c5007d3456669  2010.0/x86_64/beagle-doc-0.3.9-19.1mdv2010.0.x86_64.rpm
 97440e5e123b4034e1c4bd66c903951c  2010.0/x86_64/beagle-evolution-0.3.9-19.1mdv2010.0.x86_64.rpm
 c3cb89e9c55dd3d09ecea0a1c8dead17  2010.0/x86_64/beagle-gui-0.3.9-19.1mdv2010.0.x86_64.rpm
 77ce56c06f51ffbbb180bd150e6526a8  2010.0/x86_64/beagle-gui-qt-0.3.9-19.1mdv2010.0.x86_64.rpm
 a8a8c984d22cf423677eaa06bf721a3c  2010.0/x86_64/beagle-libs-0.3.9-19.1mdv2010.0.x86_64.rpm
 de42c43851ee3fad1e9dd523676b4413  2010.0/x86_64/epiphany-2.28.1-1.1mdv2010.0.x86_64.rpm
 c992d4f71691f9b827d8411b089268b1  2010.0/x86_64/epiphany-devel-2.28.1-1.1mdv2010.0.x86_64.rpm
 239b64d2fa822a62d37b41e075ed29b5  2010.0/x86_64/epiphany-extensions-2.28.1-1.1mdv2010.0.x86_64.rpm
 8b532a94bb920ae17b87b30cd990025e  2010.0/x86_64/firefox-3.5.4-0.1mdv2010.0.x86_64.rpm
 058b94a3752d94a93ff7edfe5c6287e1  2010.0/x86_64/firefox-af-3.5.4-0.1mdv2010.0.x86_64.rpm
 19d57df8172a8d58349aa4e833bb4807  2010.0/x86_64/firefox-ar-3.5.4-0.1mdv2010.0.x86_64.rpm
 478d8d6ea0aba868ca1b4d388623d2ca  2010.0/x86_64/firefox-be-3.5.4-0.1mdv2010.0.x86_64.rpm
 d948d2f95b9952e9ce6226f32c2d45ca  2010.0/x86_64/firefox-bg-3.5.4-0.1mdv2010.0.x86_64.rpm
 508acd7ca804e502d2f21c81cff71987  2010.0/x86_64/firefox-bn-3.5.4-0.1mdv2010.0.x86_64.rpm
 200100baa6a85324cb59a0b5c4034cf0  2010.0/x86_64/firefox-ca-3.5.4-0.1mdv2010.0.x86_64.rpm
 f351af7e6a2987804878564e2bdb517f  2010.0/x86_64/firefox-cs-3.5.4-0.1mdv2010.0.x86_64.rpm
 b886d5ad21bd4f259abce9c72ca74530  2010.0/x86_64/firefox-cy-3.5.4-0.1mdv2010.0.x86_64.rpm
 937529a9d48a8421eb37fcd2dacfbf63  2010.0/x86_64/firefox-da-3.5.4-0.1mdv2010.0.x86_64.rpm
 5041b8cd1267706e1c74019df7245ffa  2010.0/x86_64/firefox-de-3.5.4-0.1mdv2010.0.x86_64.rpm
 ddad78036a99f8aa644147c52d4ab30d  2010.0/x86_64/firefox-devel-3.5.4-0.1mdv2010.0.x86_64.rpm
 d077816f443afb553cded01108542a81  2010.0/x86_64/firefox-el-3.5.4-0.1mdv2010.0.x86_64.rpm
 e295f0e12e20e80dd6d4cd7845988961  2010.0/x86_64/firefox-en_GB-3.5.4-0.1mdv2010.0.x86_64.rpm
 851fb3fe10a91c799575c19b30432df7  2010.0/x86_64/firefox-eo-3.5.4-0.1mdv2010.0.x86_64.rpm
 06aa7ac8447680a7f67fd49731cb2912  2010.0/x86_64/firefox-es_AR-3.5.4-0.1mdv2010.0.x86_64.rpm
 1c7a9e0342f736f22a305a29b2b17ca8  2010.0/x86_64/firefox-es_ES-3.5.4-0.1mdv2010.0.x86_64.rpm
 b8aa7b12e4d28bf80dd88471e3882beb  2010.0/x86_64/firefox-et-3.5.4-0.1mdv2010.0.x86_64.rpm
 29dec4973342d83c122ff48e22dbec14  2010.0/x86_64/firefox-eu-3.5.4-0.1mdv2010.0.x86_64.rpm
 4c76579a01ff2ffa1162b0650b36912f  2010.0/x86_64/firefox-ext-beagle-0.3.9-19.1mdv2010.0.x86_64.rpm
 29334af2ff1b753040090a0b93a0bf91  2010.0/x86_64/firefox-ext-blogrovr-1.1.804-6.1mdv2010.0.x86_64.rpm
 e4edb4283f8c13288fdd85b36b6dcfc5  2010.0/x86_64/firefox-ext-foxmarks-2.7.2-2.1mdv2010.0.x86_64.rpm
 b2b7ba697f7bb1806c41485c39c04262  2010.0/x86_64/firefox-ext-mozvoikko-1.0-6.1mdv2010.0.x86_64.rpm
 7f8dbdf8ab09c3ac1a219043d7b2c241  2010.0/x86_64/firefox-ext-plasmanotify-0.3.0-6.1mdv2010.0.x86_64.rpm
 2a8cc514420eaf1375f306417ea264fa  2010.0/x86_64/firefox-ext-r-kiosk-0.7.2-9.1mdv2010.0.x86_64.rpm
 dca7f6aede51ca5fe6913144d3ded0aa  2010.0/x86_64/firefox-ext-scribefire-3.4.5-1.1mdv2010.0.x86_64.rpm
 eb7527d596188d4b71e1f715c8909ae7  2010.0/x86_64/firefox-fi-3.5.4-0.1mdv2010.0.x86_64.rpm
 89bbfa9bb890007506f2adc9746a1995  2010.0/x86_64/firefox-fr-3.5.4-0.1mdv2010.0.x86_64.rpm
 b407524ae9d37866b31876ba7f33be96  2010.0/x86_64/firefox-fy-3.5.4-0.1mdv2010.0.x86_64.rpm
 d23825fd661749644c1ed2cc8f4cfd10  2010.0/x86_64/firefox-ga_IE-3.5.4-0.1mdv2010.0.x86_64.rpm
 cf8e596f053643a363b3e126dc8c11b3  2010.0/x86_64/firefox-gl-3.5.4-0.1mdv2010.0.x86_64.rpm
 04ee9bcb1f384c64638dfd7a91d4d5a7  2010.0/x86_64/firefox-gu_IN-3.5.4-0.1mdv2010.0.x86_64.rpm
 733afb9c93c3fc927dcdffe77f006537  2010.0/x86_64/firefox-he-3.5.4-0.1mdv2010.0.x86_64.rpm
 a9b8e240c8336ca0369d37d6f32ea468  2010.0/x86_64/firefox-hi-3.5.4-0.1mdv2010.0.x86_64.rpm
 3b5141d5592e0050822e1d09fb270c4d  2010.0/x86_64/firefox-hu-3.5.4-0.1mdv2010.0.x86_64.rpm
 71b9eaaca5847681a847a3bac4ef524f  2010.0/x86_64/firefox-id-3.5.4-0.1mdv2010.0.x86_64.rpm
 fe571af67b87fe2c1727967f556782bf  2010.0/x86_64/firefox-is-3.5.4-0.1mdv2010.0.x86_64.rpm
 0facab9a567c9dc25ae992d7dabd8ff4  2010.0/x86_64/firefox-it-3.5.4-0.1mdv2010.0.x86_64.rpm
 90ca903597fcf4dcabace089815be542  2010.0/x86_64/firefox-ja-3.5.4-0.1mdv2010.0.x86_64.rpm
 0503d174b8f8b5f3ccbd95ceea62ec49  2010.0/x86_64/firefox-ka-3.5.4-0.1mdv2010.0.x86_64.rpm
 1b296a68cd92389aad1dc8ae48e3eccd  2010.0/x86_64/firefox-kn-3.5.4-0.1mdv2010.0.x86_64.rpm
 60acc7bfc71ac9bed9c1e50f05a34e75  2010.0/x86_64/firefox-ko-3.5.4-0.1mdv2010.0.x86_64.rpm
 374cbbdb5f7ae83c1823fe4a83aade16  2010.0/x86_64/firefox-ku-3.5.4-0.1mdv2010.0.x86_64.rpm
 b20fd95c5c31ba12fbf1ed348aeb8e8e  2010.0/x86_64/firefox-lt-3.5.4-0.1mdv2010.0.x86_64.rpm
 34b732a363c4dc7ecd991d0951ad3aa6  2010.0/x86_64/firefox-lv-3.5.4-0.1mdv2010.0.x86_64.rpm
 16f9ef1afe6c2399d331b238cf8eb03f  2010.0/x86_64/firefox-mk-3.5.4-0.1mdv2010.0.x86_64.rpm
 c7f743f422e2409d222fa117ac291929  2010.0/x86_64/firefox-mn-3.5.4-0.1mdv2010.0.x86_64.rpm
 aa783ae7775d062c7358de7171da7994  2010.0/x86_64/firefox-mr-3.5.4-0.1mdv2010.0.x86_64.rpm
 71a0654691200f8d49d48a34687c7893  2010.0/x86_64/firefox-nb_NO-3.5.4-0.1mdv2010.0.x86_64.rpm
 8923eb8cff924e61e1d58a7f86ea82f4  2010.0/x86_64/firefox-nl-3.5.4-0.1mdv2010.0.x86_64.rpm
 ddabbf7813a196c86a9f12790f154530  2010.0/x86_64/firefox-nn_NO-3.5.4-0.1mdv2010.0.x86_64.rpm
 d51e459880c2cb8caebeed2f4b5f30a0  2010.0/x86_64/firefox-oc-3.5.4-0.1mdv2010.0.x86_64.rpm
 222288c908e4109cf20ebd1ba5051e2f  2010.0/x86_64/firefox-pa_IN-3.5.4-0.1mdv2010.0.x86_64.rpm
 343a3e700320b1e8b013875e1c963764  2010.0/x86_64/firefox-pl-3.5.4-0.1mdv2010.0.x86_64.rpm
 f4acf1e3094834b9e8b8730e5781e3d2  2010.0/x86_64/firefox-pt_BR-3.5.4-0.1mdv2010.0.x86_64.rpm
 7274cc1214199d7504210c8283df1343  2010.0/x86_64/firefox-pt_PT-3.5.4-0.1mdv2010.0.x86_64.rpm
 aa662296263be468521bf537557b21f0  2010.0/x86_64/firefox-ro-3.5.4-0.1mdv2010.0.x86_64.rpm
 716aca0c4ae31eb610117109497a444d  2010.0/x86_64/firefox-ru-3.5.4-0.1mdv2010.0.x86_64.rpm
 3ace8ea20d892d1dbed78dde6b6b94e9  2010.0/x86_64/firefox-si-3.5.4-0.1mdv2010.0.x86_64.rpm
 ade098bb6c3f1dd2f5b09b0af46d3551  2010.0/x86_64/firefox-sk-3.5.4-0.1mdv2010.0.x86_64.rpm
 23e1fbbc0f7ea19abe452732769d2ff5  2010.0/x86_64/firefox-sl-3.5.4-0.1mdv2010.0.x86_64.rpm
 026f1d875f1a6339c62851548cf1cfec  2010.0/x86_64/firefox-sq-3.5.4-0.1mdv2010.0.x86_64.rpm
 fdd0e6a5269d98828c5cf59115aa4e11  2010.0/x86_64/firefox-sr-3.5.4-0.1mdv2010.0.x86_64.rpm
 2da145818827001b2ea9fd31b68c3468  2010.0/x86_64/firefox-sv_SE-3.5.4-0.1mdv2010.0.x86_64.rpm
 a181ab420d1c61abb1ab7955588c15d3  2010.0/x86_64/firefox-te-3.5.4-0.1mdv2010.0.x86_64.rpm
 3710e05ba538afdbc3630173e384ea94  2010.0/x86_64/firefox-th-3.5.4-0.1mdv2010.0.x86_64.rpm
 6664e778689cfcd1eceee54649ee1f31  2010.0/x86_64/firefox-theme-kde4ff-0.14-18.1mdv2010.0.x86_64.rpm
 11c6c1317bebd5ac10a1853314d8ba27  2010.0/x86_64/firefox-tr-3.5.4-0.1mdv2010.0.x86_64.rpm
 8735da4c6601294c20d447f89f4b6ec0  2010.0/x86_64/firefox-uk-3.5.4-0.1mdv2010.0.x86_64.rpm
 7f9f35ffddcf6e4bf7fb47217f165868  2010.0/x86_64/firefox-zh_CN-3.5.4-0.1mdv2010.0.x86_64.rpm
 6713f99874dab2be6f10fec329f3a410  2010.0/x86_64/firefox-zh_TW-3.5.4-0.1mdv2010.0.x86_64.rpm
 166fb912d4a695c78395710733dbfbca  2010.0/x86_64/gnome-python-extras-2.25.3-10.1mdv2010.0.x86_64.rpm
 e0fd9a9e8e769d42c9cde670ae2005c0  2010.0/x86_64/gnome-python-gda-2.25.3-10.1mdv2010.0.x86_64.rpm
 b4a0ee777d65a3d741df0e50b82a5cdc  2010.0/x86_64/gnome-python-gda-devel-2.25.3-10.1mdv2010.0.x86_64.rpm
 71879d0fea2955a10ee71996b82a5efa  2010.0/x86_64/gnome-python-gdl-2.25.3-10.1mdv2010.0.x86_64.rpm
 5390f476ecbc6b8054a599e2c5a5e790  2010.0/x86_64/gnome-python-gtkhtml2-2.25.3-10.1mdv2010.0.x86_64.rpm
 02acb94939d4bdba1672ac27b090249b  2010.0/x86_64/gnome-python-gtkmozembed-2.25.3-10.1mdv2010.0.x86_64.rpm
 fb9bee1736af40eb3d3d36cc8f547df9  2010.0/x86_64/gnome-python-gtkspell-2.25.3-10.1mdv2010.0.x86_64.rpm
 01b1b3087fedc71a407e026db5227fed  2010.0/x86_64/google-gadgets-common-0.11.1-2.1mdv2010.0.x86_64.rpm
 9e322a7219dff02f0fed2f73275cfda2  2010.0/x86_64/google-gadgets-gtk-0.11.1-2.1mdv2010.0.x86_64.rpm
 0ca671c0bb45f7efeedf0961ef5b9f72  2010.0/x86_64/google-gadgets-qt-0.11.1-2.1mdv2010.0.x86_64.rpm
 db35b9e0859a21485aa2df192e6310e6  2010.0/x86_64/lib64ggadget1.0_0-0.11.1-2.1mdv2010.0.x86_64.rpm
 d21d90fa2cfa5b3e67bb5c49228576b9  2010.0/x86_64/lib64ggadget-dbus1.0_0-0.11.1-2.1mdv2010.0.x86_64.rpm
 7763769602d65367ce3de258bf0ec443  2010.0/x86_64/lib64ggadget-gtk1.0_0-0.11.1-2.1mdv2010.0.x86_64.rpm
 0a897420820ab2e760a36ed593a91039  2010.0/x86_64/lib64ggadget-js1.0_0-0.11.1-2.1mdv2010.0.x86_64.rpm
 82fb87d482a21a8ab47706a1e24e9cde  2010.0/x86_64/lib64ggadget-npapi1.0_0-0.11.1-2.1mdv2010.0.x86_64.rpm
 5bfc44160006ec5837416d54fdf2c9cf  2010.0/x86_64/lib64ggadget-qt1.0_0-0.11.1-2.1mdv2010.0.x86_64.rpm
 e83c7f97c3048aeca5169110cc388271  2010.0/x86_64/lib64ggadget-webkitjs0-0.11.1-2.1mdv2010.0.x86_64.rpm
 a3427fbe231df6ef7622acbfe4b46059  2010.0/x86_64/lib64ggadget-xdg1.0_0-0.11.1-2.1mdv2010.0.x86_64.rpm
 d15f31cccac4e82d1626dc03d0b3ab1c  2010.0/x86_64/lib64google-gadgets-devel-0.11.1-2.1mdv2010.0.x86_64.rpm
 06e07653747492e8d1ef87e7a067b862  2010.0/x86_64/lib64opensc2-0.11.9-1.1mdv2010.0.x86_64.rpm
 f4c206bf5d1e2eade49831a79fe48264  2010.0/x86_64/lib64opensc-devel-0.11.9-1.1mdv2010.0.x86_64.rpm
 2a2fa2b4bf67b7005d1cf2422bc9309d  2010.0/x86_64/lib64xulrunner1.9.1.4-1.9.1.4-0.1mdv2010.0.x86_64.rpm
 dfa65c7153daab784fbde2c127d1e8df  2010.0/x86_64/lib64xulrunner-devel-1.9.1.4-0.1mdv2010.0.x86_64.rpm
 4c77c1bb1496ad76a5d24f0eb137c648  2010.0/x86_64/mozilla-plugin-opensc-0.11.9-1.1mdv2010.0.x86_64.rpm
 375f4f52a6140af70c43117bcb0406d5  2010.0/x86_64/mozilla-thunderbird-beagle-0.3.9-19.1mdv2010.0.x86_64.rpm
 fcd76aa20c9963cd269b0de026e937b2  2010.0/x86_64/opensc-0.11.9-1.1mdv2010.0.x86_64.rpm
 bb088a24b343e47ce8c6756e0a57c37c  2010.0/x86_64/python-xpcom-1.9.1.4-0.1mdv2010.0.x86_64.rpm
 9ba9eca2c96f0c1e6423dd6af5119f15  2010.0/x86_64/xulrunner-1.9.1.4-0.1mdv2010.0.x86_64.rpm
 a55b9b5568e7618430c07a878e146c50  2010.0/x86_64/yelp-2.28.0-1.1mdv2010.0.x86_64.rpm 
 11002834e306ad2599e115787b57ece9  2010.0/SRPMS/beagle-0.3.9-19.1mdv2010.0.src.rpm
 f35067064a0c78edff8b036ca67774f3  2010.0/SRPMS/epiphany-2.28.1-1.1mdv2010.0.src.rpm
 bc04de1e6d7b2fd083a1206c4482fb7b  2010.0/SRPMS/epiphany-extensions-2.28.1-1.1mdv2010.0.src.rpm
 f0b0c517ec14c9d5e47647f9bf08fc78  2010.0/SRPMS/firefox-3.5.4-0.1mdv2010.0.src.rpm
 166554e926dcaab7ff2631817ee2b097  2010.0/SRPMS/firefox-ext-blogrovr-1.1.804-6.1mdv2010.0.src.rpm
 6432321af955bb76f1314dcf7598d4bd  2010.0/SRPMS/firefox-ext-foxmarks-2.7.2-2.1mdv2010.0.src.rpm
 0bfe93a46ccd200f974236740da44032  2010.0/SRPMS/firefox-ext-mozvoikko-1.0-6.1mdv2010.0.src.rpm
 912dabafc0eedd8374b77bf19863f8b4  2010.0/SRPMS/firefox-ext-plasmanotify-0.3.0-6.1mdv2010.0.src.rpm
 ef882f13ad9f95334e87b4e4d1d062c2  2010.0/SRPMS/firefox-ext-r-kiosk-0.7.2-9.1mdv2010.0.src.rpm
 8ecfa71225dd0500c8c4fdaaafe4fe22  2010.0/SRPMS/firefox-ext-scribefire-3.4.5-1.1mdv2010.0.src.rpm
 0df78b1b0f21b07d00706d72296490b3  2010.0/SRPMS/firefox-l10n-3.5.4-0.1mdv2010.0.src.rpm
 7a94ab5e7c21d73c1f8e074825fe93cd  2010.0/SRPMS/firefox-theme-kde4ff-0.14-18.1mdv2010.0.src.rpm
 a2906a74b07316a233c08eeaa09a827f  2010.0/SRPMS/gnome-python-extras-2.25.3-10.1mdv2010.0.src.rpm
 5ca44eee599e669d3936c2d8074dbdf1  2010.0/SRPMS/google-gadgets-0.11.1-2.1mdv2010.0.src.rpm
 3443a0354ae3c165243413cf2bd1a7dc  2010.0/SRPMS/opensc-0.11.9-1.1mdv2010.0.src.rpm
 e52f1e0b12809b71673467beef0e156f  2010.0/SRPMS/xulrunner-1.9.1.4-0.1mdv2010.0.src.rpm
 df7c1f2b4d6ee86a54319b934c717d39  2010.0/SRPMS/yelp-2.28.0-1.1mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFK80jzmqjQ0CJFipgRAg3VAJ9fVUjPzaXLeDEqg8r7RSMPft/1BQCg5qgB
tbfeB4dua9AdXiQ1yMlumRA=
=OT9l
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2009:294 ] firefox security (Nov 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault