SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Mozilla Browser Vendors:   Mozilla.org
(Red Hat Issues Fix for RHEL) Mozilla Various Overflows and Scripting Errors May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011474
SecurityTracker URL:  http://securitytracker.com/id/1011474
CVE Reference:   CVE-2004-0902, CVE-2004-0903, CVE-2004-0904, CVE-2004-0905, CVE-2004-0906, CVE-2004-0907, CVE-2004-0908, CVE-2004-0909   (Links to External Site)
Date:  Sep 30 2004
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.7.3
Description:   Several vulnerabilities were reported in Mozilla, Thunderbird, and Firefox. In some of the vulnerabilities, a remote user may be able to execute arbitrary code on the target user's system.

The vendor and various researchers reported ten separate vulnerabilities in Mozilla, Thuderbird, and Firefox.

Georgi Guninski reported a heap overflow vulnerability in 'nsMsgCompUtils.cpp' that may allow a remote user to cause arbitrary code to be executed on the target user's computer [Known security vulnerability #93]. The "send page" function does not properly handle long HTTP URLs. Arbitrary code may be executed if a target user attempts to send an e-mail (such as forwarding a message) that contains a specially crafted link. The original bug report is available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=258005

Wladimir Palant reported that a remote user can create specially crafted javascript code that, when executed by the target user, will be able to access the clipboard on the target user's system [Known security vulnerability #92]. The code can read from and write to the clipboard. The flaw resides in 'nsXBLPrototypeHandler.cpp'.

A demonstration exploit of reading from the clipboard is available at:

http://bugzilla.mozilla.org/attachment.cgi?id=157492&action=view

A demonstration of writing to the clipboard is available at:

http://bugzilla.mozilla.org/attachment.cgi?id=157493&action=view

The original bug report is available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=257523

Jesse Ruderman reported that a remote user can create a signed script that can construct a specially crafted privilege request designed to confuse the target user into granting elevated privileges to the code [Known security vulnerability #91]. The script can invoke enablePrivilege() and supply a parameter containing spaces and English language words to alter the meaning of sentences in the dialog box.

A demonstration exploit is available at:

http://bugzilla.mozilla.org/attachment.cgi?id=154932&action=view

A demonstration exploit screenshot is available at:

http://bugzilla.mozilla.org/attachment.cgi?id=154933&action=view

The original bug report is available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=253942

Georgi Guninski reported that there is a buffer overflow in the processing of VCards [Known security vulnerability #90]. A specially crafted VCard can trigger a stack overflow and execute arbitary code when the VCard is displayed. The flaw resides in 'addrbook/src/nsVCardObj.cpp'.

A demonstration exploit VCard is available at:

http://bugzilla.mozilla.org/attachment.cgi?id=157317&action=view

The original bug report is available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=257314

Gael Delalleau reported an integer overflow in the processing of BMP images [Known security vulnerability #89]. A remote user can create a specially crafted bitmap image that, when loaded by the target user, will trigger the overflow and potentially execute arbitrary code with the privileges of the target user. The original advisory is available at:

http://www.zencomsec.com/advisories/mozilla-1.7.2-BMP.txt

Jesse Ruderman also reported a cross-domain scripting vulnerability [Known security vulnerability #88]. A remote user may be able to create javascript links that, when dragged onto another frame or another page, will execute in the security context of the target location. If the target user drags two links in sequence into a separate window, the code may be able to launch an arbitrary program with the privileges of the target user.

The original bug report is available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=250862

Mats Palmgren and Gael Delalleau reported that a remote user can create a link containing non-ASCII characters in the hostname that, when loaded by the target user, will trigger a heap buffer overflow [Known security vulnerability #87]. It may be possible to execute arbitrary code with the privileges of the target user.

The original advisory is available at:

http://www.zencomsec.com/advisories/mozilla-1.7.2-UTF8link.txt

Gael Delalleau reported that a remote POP3 mail server can send a specially crafted POP3 response to a connected client to trigger a buffer overflow and execute arbitrary code [Known security vulnerability #86].

The advisory is available at:

http://www.zencomsec.com/advisories/mozilla-1.7.2-POP3.txt

The bug reports are available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=245066
http://bugzilla.mozilla.org/show_bug.cgi?id=226669

Daniel Koukola and Andrew Schultz reported that, on Linux systems, the software may install with world-writeable and world-readable permissions [Known security vulnerability #85]. A local user can modify the files.

The original bug reports are available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=231083
http://bugzilla.mozilla.org/show_bug.cgi?id=235781

Harald Milz reported that, on Linux systems, the software may install with incorrect file owner and permission settings if the user ignores their umask setting or has an overly permissive umask setting when expanding the installation archive [Known security vulnerability #84]. A local user may be able to modify the files. The bug report is available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=254303

Impact:   A remote user can execute arbitrary code on the target user's system with the privileges of the target user.

A remote user can run scripting code in the context of an arbitrary domain.

Solution:   Red Hat has released a fix. The fixed packages are listed at:

http://rhn.redhat.com/errata/RHSA-2004-486.html

Vendor URL:  www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  2.1, 3

Message History:   This archive entry is a follow-up to the message listed below.
Sep 16 2004 Mozilla Various Overflows and Scripting Errors May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [RHSA-2004:486-01] Updated mozilla packages fix security issues


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated mozilla packages fix security issues
Advisory ID:       RHSA-2004:486-01
Issue date:        2004-09-30
Updated on:        2004-09-30
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0902 CAN-2004-0903 CAN-2004-0904 CAN-2004-0905 CAN-2004-0908
- ---------------------------------------------------------------------

1. Summary:

Updated mozilla packages that fix a number of security issues are now
available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

Jesse Ruderman discovered a cross-domain scripting bug in Mozilla.  If
a user is tricked into dragging a javascript link into another frame or
page, it becomes possible for an attacker to steal or modify sensitive
information from that site.  Additionally, if a user is tricked into
dragging two links in sequence to another window (not frame), it is
possible for the attacker to execute arbitrary commands.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0905 to this issue.

Gael Delalleau discovered an integer overflow which affects the BMP
handling code inside Mozilla. An attacker could create a carefully crafted
BMP file in such a way that it would cause Mozilla to crash or execute
arbitrary code when the image is viewed.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0904 to
this issue.

Georgi Guninski discovered a stack-based buffer overflow in the vCard
display routines.  An attacker could create a carefully crafted vCard file
in such a way that it would cause Mozilla to crash or execute arbitrary
code when viewed.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0903 to this issue.

Wladimir Palant discovered a flaw in the way javascript interacts with
the clipboard.  It is possible that an attacker could use malicious
javascript code to steal sensitive data which has been copied into the
clipboard.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0908 to this issue.

Georgi Guninski discovered a heap based buffer overflow in the "Send
Page" feature.  It is possible that an attacker could construct a link in
such a way that a user attempting to forward it could result in a crash or
arbitrary code execution.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0902 to this issue.

Users of Mozilla should update to these updated packages, which contain
backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

133023 - CAN-2004-0902 "send page" heap based buffer overflow
133024 - CAN-2004-0902 "send page" heap based buffer overflow
133022 - CAN-2004-0908 javascript clipboard information leakage
133021 - CAN-2004-0908 javascript clipboard information leakage
133017 - CAN-2004-0903 VCard buffer overflow
133016 - CAN-2004-0903 VCard buffer overflow
133015 - CAN-2004-0904 BMP integer overflows
133014 - CAN-2004-0904 BMP integer overflows
133013 - CAN-2004-0905 javascript link dragging information leak
133012 - CAN-2004-0905 javascript link dragging information leak

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/galeon-1.2.13-5.2.1.src.rpm
38d208921a49cdba604bb43913abe051  galeon-1.2.13-5.2.1.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.4.3-2.1.4.src.rpm
1df0013c48248d17778fc1551ff15dad  mozilla-1.4.3-2.1.4.src.rpm

i386:
0113f2b2e33551ddae0b48ede67b31e6  galeon-1.2.13-5.2.1.i386.rpm
fea3285b8dd5da3a3bb611a7d5738d0b  mozilla-1.4.3-2.1.4.i386.rpm
a89a3550a7773de347018c8a463027cb  mozilla-chat-1.4.3-2.1.4.i386.rpm
b57acd6332cb88d652a3cc41b5f9c527  mozilla-devel-1.4.3-2.1.4.i386.rpm
8bea20265ab364b52d6fd361bf23d190  mozilla-dom-inspector-1.4.3-2.1.4.i386.rpm
4bfcd1dd7b588edf2052efc9e8f6326a  mozilla-js-debugger-1.4.3-2.1.4.i386.rpm
9c512ae1ecc4c8efe7a9684465b8b871  mozilla-mail-1.4.3-2.1.4.i386.rpm
1e7977951fc2c8c69e03b50377f2398d  mozilla-nspr-1.4.3-2.1.4.i386.rpm
c268cd8846a17b8cc7aee6a3d50f9c9c  mozilla-nspr-devel-1.4.3-2.1.4.i386.rpm
69cc833f9d5a469b258a474e1ebc9ddf  mozilla-nss-1.4.3-2.1.4.i386.rpm
891300626fafc05a8cd371f8b256dd15  mozilla-nss-devel-1.4.3-2.1.4.i386.rpm

ia64:
fcb96e9637ce3b6dfe17a0171d15a50c  galeon-1.2.13-5.2.1.ia64.rpm
6c4a5d7e011e56e4aa1018ae7e705b57  mozilla-1.4.3-2.1.4.ia64.rpm
0eee8252025e7d702b91df5660ee34ef  mozilla-chat-1.4.3-2.1.4.ia64.rpm
529225b13b9aae00118083bbef99834d  mozilla-devel-1.4.3-2.1.4.ia64.rpm
0dcd345bd8163775000a77126668a4d8  mozilla-dom-inspector-1.4.3-2.1.4.ia64.rpm
17761fdf3bc78ededd68ca4c6e26ae2e  mozilla-js-debugger-1.4.3-2.1.4.ia64.rpm
8f804d0ac0d0d2755b557226f488dca2  mozilla-mail-1.4.3-2.1.4.ia64.rpm
da89647961a2ebde1270b6789bca51b8  mozilla-nspr-1.4.3-2.1.4.ia64.rpm
870ae30ec76b4cb4eaa6bb2002c50b83  mozilla-nspr-devel-1.4.3-2.1.4.ia64.rpm
8a3ee63abfb58c99c0dd45c37bb0fffb  mozilla-nss-1.4.3-2.1.4.ia64.rpm
e5b52d933f797a5fb5b815bc75427b2e  mozilla-nss-devel-1.4.3-2.1.4.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/galeon-1.2.13-5.2.1.src.rpm
38d208921a49cdba604bb43913abe051  galeon-1.2.13-5.2.1.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.4.3-2.1.4.src.rpm
1df0013c48248d17778fc1551ff15dad  mozilla-1.4.3-2.1.4.src.rpm

ia64:
fcb96e9637ce3b6dfe17a0171d15a50c  galeon-1.2.13-5.2.1.ia64.rpm
6c4a5d7e011e56e4aa1018ae7e705b57  mozilla-1.4.3-2.1.4.ia64.rpm
0eee8252025e7d702b91df5660ee34ef  mozilla-chat-1.4.3-2.1.4.ia64.rpm
529225b13b9aae00118083bbef99834d  mozilla-devel-1.4.3-2.1.4.ia64.rpm
0dcd345bd8163775000a77126668a4d8  mozilla-dom-inspector-1.4.3-2.1.4.ia64.rpm
17761fdf3bc78ededd68ca4c6e26ae2e  mozilla-js-debugger-1.4.3-2.1.4.ia64.rpm
8f804d0ac0d0d2755b557226f488dca2  mozilla-mail-1.4.3-2.1.4.ia64.rpm
da89647961a2ebde1270b6789bca51b8  mozilla-nspr-1.4.3-2.1.4.ia64.rpm
870ae30ec76b4cb4eaa6bb2002c50b83  mozilla-nspr-devel-1.4.3-2.1.4.ia64.rpm
8a3ee63abfb58c99c0dd45c37bb0fffb  mozilla-nss-1.4.3-2.1.4.ia64.rpm
e5b52d933f797a5fb5b815bc75427b2e  mozilla-nss-devel-1.4.3-2.1.4.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/galeon-1.2.13-5.2.1.src.rpm
38d208921a49cdba604bb43913abe051  galeon-1.2.13-5.2.1.src.rpm
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.4.3-2.1.4.src.rpm
1df0013c48248d17778fc1551ff15dad  mozilla-1.4.3-2.1.4.src.rpm

i386:
0113f2b2e33551ddae0b48ede67b31e6  galeon-1.2.13-5.2.1.i386.rpm
fea3285b8dd5da3a3bb611a7d5738d0b  mozilla-1.4.3-2.1.4.i386.rpm
a89a3550a7773de347018c8a463027cb  mozilla-chat-1.4.3-2.1.4.i386.rpm
b57acd6332cb88d652a3cc41b5f9c527  mozilla-devel-1.4.3-2.1.4.i386.rpm
8bea20265ab364b52d6fd361bf23d190  mozilla-dom-inspector-1.4.3-2.1.4.i386.rpm
4bfcd1dd7b588edf2052efc9e8f6326a  mozilla-js-debugger-1.4.3-2.1.4.i386.rpm
9c512ae1ecc4c8efe7a9684465b8b871  mozilla-mail-1.4.3-2.1.4.i386.rpm
1e7977951fc2c8c69e03b50377f2398d  mozilla-nspr-1.4.3-2.1.4.i386.rpm
c268cd8846a17b8cc7aee6a3d50f9c9c  mozilla-nspr-devel-1.4.3-2.1.4.i386.rpm
69cc833f9d5a469b258a474e1ebc9ddf  mozilla-nss-1.4.3-2.1.4.i386.rpm
891300626fafc05a8cd371f8b256dd15  mozilla-nss-devel-1.4.3-2.1.4.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/galeon-1.2.13-5.2.1.src.rpm
38d208921a49cdba604bb43913abe051  galeon-1.2.13-5.2.1.src.rpm
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.4.3-2.1.4.src.rpm
1df0013c48248d17778fc1551ff15dad  mozilla-1.4.3-2.1.4.src.rpm

i386:
0113f2b2e33551ddae0b48ede67b31e6  galeon-1.2.13-5.2.1.i386.rpm
fea3285b8dd5da3a3bb611a7d5738d0b  mozilla-1.4.3-2.1.4.i386.rpm
a89a3550a7773de347018c8a463027cb  mozilla-chat-1.4.3-2.1.4.i386.rpm
b57acd6332cb88d652a3cc41b5f9c527  mozilla-devel-1.4.3-2.1.4.i386.rpm
8bea20265ab364b52d6fd361bf23d190  mozilla-dom-inspector-1.4.3-2.1.4.i386.rpm
4bfcd1dd7b588edf2052efc9e8f6326a  mozilla-js-debugger-1.4.3-2.1.4.i386.rpm
9c512ae1ecc4c8efe7a9684465b8b871  mozilla-mail-1.4.3-2.1.4.i386.rpm
1e7977951fc2c8c69e03b50377f2398d  mozilla-nspr-1.4.3-2.1.4.i386.rpm
c268cd8846a17b8cc7aee6a3d50f9c9c  mozilla-nspr-devel-1.4.3-2.1.4.i386.rpm
69cc833f9d5a469b258a474e1ebc9ddf  mozilla-nss-1.4.3-2.1.4.i386.rpm
891300626fafc05a8cd371f8b256dd15  mozilla-nss-devel-1.4.3-2.1.4.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.4.3-3.0.4.src.rpm
c8db78ffe83ebd4a0e935a4c5287a509  mozilla-1.4.3-3.0.4.src.rpm

i386:
ed34cad577e7a2ec43b73155662c3823  mozilla-1.4.3-3.0.4.i386.rpm
30035e1900b293f3c01f5441e5b3486d  mozilla-chat-1.4.3-3.0.4.i386.rpm
e2f44df2fa7ac76f50c419ad7415c898  mozilla-devel-1.4.3-3.0.4.i386.rpm
fe6c46344d57ac89a453edab1e2a249a  mozilla-dom-inspector-1.4.3-3.0.4.i386.rpm
0ae9c284917a0813202d13977ebc23d8  mozilla-js-debugger-1.4.3-3.0.4.i386.rpm
9682e260d658b97c748b34bb5a52c1ee  mozilla-mail-1.4.3-3.0.4.i386.rpm
dfa30f1286bab6f24603e1947314567f  mozilla-nspr-1.4.3-3.0.4.i386.rpm
488703befef51e466079b462c02094c7  mozilla-nspr-devel-1.4.3-3.0.4.i386.rpm
b3165005cd23d7cb33024f67de209cc1  mozilla-nss-1.4.3-3.0.4.i386.rpm
0daea4b62934c4825267bdfa57121d9d  mozilla-nss-devel-1.4.3-3.0.4.i386.rpm

ia64:
764f44795fae70df98eb784cfc24cb61  mozilla-1.4.3-3.0.4.ia64.rpm
498f1bc992269627837acfd9fb5c1c16  mozilla-chat-1.4.3-3.0.4.ia64.rpm
3c0e32e6dfd33b5b42d6ceecfc0e5d5a  mozilla-devel-1.4.3-3.0.4.ia64.rpm
4a67ebbcb89f5e8add363f47a657d6df  mozilla-dom-inspector-1.4.3-3.0.4.ia64.rpm
445ed37eb27214ef386114fe97d15ef9  mozilla-js-debugger-1.4.3-3.0.4.ia64.rpm
618d5c39e66f2ff6a2ca461647b91fa2  mozilla-mail-1.4.3-3.0.4.ia64.rpm
5927274883eaa60f10ec714085d22a48  mozilla-nspr-1.4.3-3.0.4.ia64.rpm
83f18ec8692a9f309737efbb502ae5b9  mozilla-nspr-devel-1.4.3-3.0.4.ia64.rpm
dcd233f7708eb136a18ab6070d028592  mozilla-nss-1.4.3-3.0.4.ia64.rpm
9e7b9754a77d136636c6d35f932fcc86  mozilla-nss-devel-1.4.3-3.0.4.ia64.rpm

ppc:
7cced64ddef3f5f449bc93bf1d2fe2de  mozilla-1.4.3-3.0.4.ppc.rpm
4c1754389a897376b33f4eedfc307fbd  mozilla-chat-1.4.3-3.0.4.ppc.rpm
781272325efec348c82bf9f13f2b1c01  mozilla-devel-1.4.3-3.0.4.ppc.rpm
21bca14e1c7debc4517762c42ea0af18  mozilla-dom-inspector-1.4.3-3.0.4.ppc.rpm
267b1669158b9ae70d8a216bedd8ab3d  mozilla-js-debugger-1.4.3-3.0.4.ppc.rpm
fe897ea969605ea7b7b8c65cfbca5837  mozilla-mail-1.4.3-3.0.4.ppc.rpm
850877d573ac4c3c246be7bac1d0ae9e  mozilla-nspr-1.4.3-3.0.4.ppc.rpm
736e608b4ff8802fa2ff156149399b79  mozilla-nspr-devel-1.4.3-3.0.4.ppc.rpm
1e0c30c752fff593fb0b7ccc56d72a3b  mozilla-nss-1.4.3-3.0.4.ppc.rpm
e23c2cd94df856a5a852c090a5f935b9  mozilla-nss-devel-1.4.3-3.0.4.ppc.rpm

s390:
f509c61bed2d17bb777e26c362dc7d3c  mozilla-1.4.3-3.0.4.s390.rpm
2adcad1473851141f73d847b9ea8658b  mozilla-chat-1.4.3-3.0.4.s390.rpm
aa87922bcf00504f4433b05f08c9880a  mozilla-devel-1.4.3-3.0.4.s390.rpm
bd57c23e7c4348f05ab7e3d8d1a209c3  mozilla-dom-inspector-1.4.3-3.0.4.s390.rpm
f1827ae1bfb53d7e334b0f50351d2733  mozilla-js-debugger-1.4.3-3.0.4.s390.rpm
f4013dbd4fb1fdb5d66f2d059aeeaf65  mozilla-mail-1.4.3-3.0.4.s390.rpm
e8f1f5dff953ad3e4bebeb3720034870  mozilla-nspr-1.4.3-3.0.4.s390.rpm
7b7073e954a3806af5190c6022a33846  mozilla-nspr-devel-1.4.3-3.0.4.s390.rpm
34bf96dc6d7c74e118eca502d639619f  mozilla-nss-1.4.3-3.0.4.s390.rpm
995dd5f501ce1849843b4b0b8b7e362e  mozilla-nss-devel-1.4.3-3.0.4.s390.rpm

s390x:
42e7bbd941624c0d5f78a2daaef77a36  mozilla-1.4.3-3.0.4.s390x.rpm
452d26a8fe47ce1ae6519a3fe0f69fd6  mozilla-chat-1.4.3-3.0.4.s390x.rpm
9107c76c5feba6761df5eb0c05e361e6  mozilla-devel-1.4.3-3.0.4.s390x.rpm
2d2bcee4e192763a6fa6e1b9c0020e46  mozilla-dom-inspector-1.4.3-3.0.4.s390x.rpm
4b314a8025478ceea7643f1afbcbc3d4  mozilla-js-debugger-1.4.3-3.0.4.s390x.rpm
2ec20f1e7645e5e3a5bf9774dfcbcb9a  mozilla-mail-1.4.3-3.0.4.s390x.rpm
08a8ad7f957bf7758f0eb25de18cdae3  mozilla-nspr-1.4.3-3.0.4.s390x.rpm
7e8b974544b0f496a76cb69464b87c22  mozilla-nspr-devel-1.4.3-3.0.4.s390x.rpm
2df9052e3d468aae9fec4a87c5ec1fab  mozilla-nss-1.4.3-3.0.4.s390x.rpm
46568a244360960aa670751c2feab9d7  mozilla-nss-devel-1.4.3-3.0.4.s390x.rpm

x86_64:
02f35e9307a780aaf4394db84c924fe7  mozilla-1.4.3-3.0.4.x86_64.rpm
ed34cad577e7a2ec43b73155662c3823  mozilla-1.4.3-3.0.4.i386.rpm
eba11930db2fd0105bd960970db013db  mozilla-chat-1.4.3-3.0.4.x86_64.rpm
76e5e88cc598f0a7e4507beeb519290c  mozilla-devel-1.4.3-3.0.4.x86_64.rpm
e7e8dcc47f550d61e3cef3d350726c4b  mozilla-dom-inspector-1.4.3-3.0.4.x86_64.rpm
df5183bafcdb220fa4ed9ce7bad36f5a  mozilla-js-debugger-1.4.3-3.0.4.x86_64.rpm
4e15297548c9b21f595fe6bbd3e51e48  mozilla-mail-1.4.3-3.0.4.x86_64.rpm
38e9db5a3bc1092e83bb2f8820235100  mozilla-nspr-1.4.3-3.0.4.x86_64.rpm
dfa30f1286bab6f24603e1947314567f  mozilla-nspr-1.4.3-3.0.4.i386.rpm
96f6b2eca2afe2fa512f494d138fa327  mozilla-nspr-devel-1.4.3-3.0.4.x86_64.rpm
13aae14a38c165a32b123b2e84af5ee7  mozilla-nss-1.4.3-3.0.4.x86_64.rpm
b3165005cd23d7cb33024f67de209cc1  mozilla-nss-1.4.3-3.0.4.i386.rpm
c679a873dad6b08eb47f69c871bb04b9  mozilla-nss-devel-1.4.3-3.0.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mozilla-1.4.3-3.0.4.src.rpm
c8db78ffe83ebd4a0e935a4c5287a509  mozilla-1.4.3-3.0.4.src.rpm

i386:
ed34cad577e7a2ec43b73155662c3823  mozilla-1.4.3-3.0.4.i386.rpm
30035e1900b293f3c01f5441e5b3486d  mozilla-chat-1.4.3-3.0.4.i386.rpm
e2f44df2fa7ac76f50c419ad7415c898  mozilla-devel-1.4.3-3.0.4.i386.rpm
fe6c46344d57ac89a453edab1e2a249a  mozilla-dom-inspector-1.4.3-3.0.4.i386.rpm
0ae9c284917a0813202d13977ebc23d8  mozilla-js-debugger-1.4.3-3.0.4.i386.rpm
9682e260d658b97c748b34bb5a52c1ee  mozilla-mail-1.4.3-3.0.4.i386.rpm
dfa30f1286bab6f24603e1947314567f  mozilla-nspr-1.4.3-3.0.4.i386.rpm
488703befef51e466079b462c02094c7  mozilla-nspr-devel-1.4.3-3.0.4.i386.rpm
b3165005cd23d7cb33024f67de209cc1  mozilla-nss-1.4.3-3.0.4.i386.rpm
0daea4b62934c4825267bdfa57121d9d  mozilla-nss-devel-1.4.3-3.0.4.i386.rpm

x86_64:
02f35e9307a780aaf4394db84c924fe7  mozilla-1.4.3-3.0.4.x86_64.rpm
ed34cad577e7a2ec43b73155662c3823  mozilla-1.4.3-3.0.4.i386.rpm
eba11930db2fd0105bd960970db013db  mozilla-chat-1.4.3-3.0.4.x86_64.rpm
76e5e88cc598f0a7e4507beeb519290c  mozilla-devel-1.4.3-3.0.4.x86_64.rpm
e7e8dcc47f550d61e3cef3d350726c4b  mozilla-dom-inspector-1.4.3-3.0.4.x86_64.rpm
df5183bafcdb220fa4ed9ce7bad36f5a  mozilla-js-debugger-1.4.3-3.0.4.x86_64.rpm
4e15297548c9b21f595fe6bbd3e51e48  mozilla-mail-1.4.3-3.0.4.x86_64.rpm
38e9db5a3bc1092e83bb2f8820235100  mozilla-nspr-1.4.3-3.0.4.x86_64.rpm
dfa30f1286bab6f24603e1947314567f  mozilla-nspr-1.4.3-3.0.4.i386.rpm
96f6b2eca2afe2fa512f494d138fa327  mozilla-nspr-devel-1.4.3-3.0.4.x86_64.rpm
13aae14a38c165a32b123b2e84af5ee7  mozilla-nss-1.4.3-3.0.4.x86_64.rpm
b3165005cd23d7cb33024f67de209cc1  mozilla-nss-1.4.3-3.0.4.i386.rpm
c679a873dad6b08eb47f69c871bb04b9  mozilla-nss-devel-1.4.3-3.0.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mozilla-1.4.3-3.0.4.src.rpm
c8db78ffe83ebd4a0e935a4c5287a509  mozilla-1.4.3-3.0.4.src.rpm

i386:
ed34cad577e7a2ec43b73155662c3823  mozilla-1.4.3-3.0.4.i386.rpm
30035e1900b293f3c01f5441e5b3486d  mozilla-chat-1.4.3-3.0.4.i386.rpm
e2f44df2fa7ac76f50c419ad7415c898  mozilla-devel-1.4.3-3.0.4.i386.rpm
fe6c46344d57ac89a453edab1e2a249a  mozilla-dom-inspector-1.4.3-3.0.4.i386.rpm
0ae9c284917a0813202d13977ebc23d8  mozilla-js-debugger-1.4.3-3.0.4.i386.rpm
9682e260d658b97c748b34bb5a52c1ee  mozilla-mail-1.4.3-3.0.4.i386.rpm
dfa30f1286bab6f24603e1947314567f  mozilla-nspr-1.4.3-3.0.4.i386.rpm
488703befef51e466079b462c02094c7  mozilla-nspr-devel-1.4.3-3.0.4.i386.rpm
b3165005cd23d7cb33024f67de209cc1  mozilla-nss-1.4.3-3.0.4.i386.rpm
0daea4b62934c4825267bdfa57121d9d  mozilla-nss-devel-1.4.3-3.0.4.i386.rpm

ia64:
764f44795fae70df98eb784cfc24cb61  mozilla-1.4.3-3.0.4.ia64.rpm
498f1bc992269627837acfd9fb5c1c16  mozilla-chat-1.4.3-3.0.4.ia64.rpm
3c0e32e6dfd33b5b42d6ceecfc0e5d5a  mozilla-devel-1.4.3-3.0.4.ia64.rpm
4a67ebbcb89f5e8add363f47a657d6df  mozilla-dom-inspector-1.4.3-3.0.4.ia64.rpm
445ed37eb27214ef386114fe97d15ef9  mozilla-js-debugger-1.4.3-3.0.4.ia64.rpm
618d5c39e66f2ff6a2ca461647b91fa2  mozilla-mail-1.4.3-3.0.4.ia64.rpm
5927274883eaa60f10ec714085d22a48  mozilla-nspr-1.4.3-3.0.4.ia64.rpm
83f18ec8692a9f309737efbb502ae5b9  mozilla-nspr-devel-1.4.3-3.0.4.ia64.rpm
dcd233f7708eb136a18ab6070d028592  mozilla-nss-1.4.3-3.0.4.ia64.rpm
9e7b9754a77d136636c6d35f932fcc86  mozilla-nss-devel-1.4.3-3.0.4.ia64.rpm

x86_64:
02f35e9307a780aaf4394db84c924fe7  mozilla-1.4.3-3.0.4.x86_64.rpm
ed34cad577e7a2ec43b73155662c3823  mozilla-1.4.3-3.0.4.i386.rpm
eba11930db2fd0105bd960970db013db  mozilla-chat-1.4.3-3.0.4.x86_64.rpm
76e5e88cc598f0a7e4507beeb519290c  mozilla-devel-1.4.3-3.0.4.x86_64.rpm
e7e8dcc47f550d61e3cef3d350726c4b  mozilla-dom-inspector-1.4.3-3.0.4.x86_64.rpm
df5183bafcdb220fa4ed9ce7bad36f5a  mozilla-js-debugger-1.4.3-3.0.4.x86_64.rpm
4e15297548c9b21f595fe6bbd3e51e48  mozilla-mail-1.4.3-3.0.4.x86_64.rpm
38e9db5a3bc1092e83bb2f8820235100  mozilla-nspr-1.4.3-3.0.4.x86_64.rpm
dfa30f1286bab6f24603e1947314567f  mozilla-nspr-1.4.3-3.0.4.i386.rpm
96f6b2eca2afe2fa512f494d138fa327  mozilla-nspr-devel-1.4.3-3.0.4.x86_64.rpm
13aae14a38c165a32b123b2e84af5ee7  mozilla-nss-1.4.3-3.0.4.x86_64.rpm
b3165005cd23d7cb33024f67de209cc1  mozilla-nss-1.4.3-3.0.4.i386.rpm
c679a873dad6b08eb47f69c871bb04b9  mozilla-nss-devel-1.4.3-3.0.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mozilla-1.4.3-3.0.4.src.rpm
c8db78ffe83ebd4a0e935a4c5287a509  mozilla-1.4.3-3.0.4.src.rpm

i386:
ed34cad577e7a2ec43b73155662c3823  mozilla-1.4.3-3.0.4.i386.rpm
30035e1900b293f3c01f5441e5b3486d  mozilla-chat-1.4.3-3.0.4.i386.rpm
e2f44df2fa7ac76f50c419ad7415c898  mozilla-devel-1.4.3-3.0.4.i386.rpm
fe6c46344d57ac89a453edab1e2a249a  mozilla-dom-inspector-1.4.3-3.0.4.i386.rpm
0ae9c284917a0813202d13977ebc23d8  mozilla-js-debugger-1.4.3-3.0.4.i386.rpm
9682e260d658b97c748b34bb5a52c1ee  mozilla-mail-1.4.3-3.0.4.i386.rpm
dfa30f1286bab6f24603e1947314567f  mozilla-nspr-1.4.3-3.0.4.i386.rpm
488703befef51e466079b462c02094c7  mozilla-nspr-devel-1.4.3-3.0.4.i386.rpm
b3165005cd23d7cb33024f67de209cc1  mozilla-nss-1.4.3-3.0.4.i386.rpm
0daea4b62934c4825267bdfa57121d9d  mozilla-nss-devel-1.4.3-3.0.4.i386.rpm

ia64:
764f44795fae70df98eb784cfc24cb61  mozilla-1.4.3-3.0.4.ia64.rpm
498f1bc992269627837acfd9fb5c1c16  mozilla-chat-1.4.3-3.0.4.ia64.rpm
3c0e32e6dfd33b5b42d6ceecfc0e5d5a  mozilla-devel-1.4.3-3.0.4.ia64.rpm
4a67ebbcb89f5e8add363f47a657d6df  mozilla-dom-inspector-1.4.3-3.0.4.ia64.rpm
445ed37eb27214ef386114fe97d15ef9  mozilla-js-debugger-1.4.3-3.0.4.ia64.rpm
618d5c39e66f2ff6a2ca461647b91fa2  mozilla-mail-1.4.3-3.0.4.ia64.rpm
5927274883eaa60f10ec714085d22a48  mozilla-nspr-1.4.3-3.0.4.ia64.rpm
83f18ec8692a9f309737efbb502ae5b9  mozilla-nspr-devel-1.4.3-3.0.4.ia64.rpm
dcd233f7708eb136a18ab6070d028592  mozilla-nss-1.4.3-3.0.4.ia64.rpm
9e7b9754a77d136636c6d35f932fcc86  mozilla-nss-devel-1.4.3-3.0.4.ia64.rpm

x86_64:
02f35e9307a780aaf4394db84c924fe7  mozilla-1.4.3-3.0.4.x86_64.rpm
ed34cad577e7a2ec43b73155662c3823  mozilla-1.4.3-3.0.4.i386.rpm
eba11930db2fd0105bd960970db013db  mozilla-chat-1.4.3-3.0.4.x86_64.rpm
76e5e88cc598f0a7e4507beeb519290c  mozilla-devel-1.4.3-3.0.4.x86_64.rpm
e7e8dcc47f550d61e3cef3d350726c4b  mozilla-dom-inspector-1.4.3-3.0.4.x86_64.rpm
df5183bafcdb220fa4ed9ce7bad36f5a  mozilla-js-debugger-1.4.3-3.0.4.x86_64.rpm
4e15297548c9b21f595fe6bbd3e51e48  mozilla-mail-1.4.3-3.0.4.x86_64.rpm
38e9db5a3bc1092e83bb2f8820235100  mozilla-nspr-1.4.3-3.0.4.x86_64.rpm
dfa30f1286bab6f24603e1947314567f  mozilla-nspr-1.4.3-3.0.4.i386.rpm
96f6b2eca2afe2fa512f494d138fa327  mozilla-nspr-devel-1.4.3-3.0.4.x86_64.rpm
13aae14a38c165a32b123b2e84af5ee7  mozilla-nss-1.4.3-3.0.4.x86_64.rpm
b3165005cd23d7cb33024f67de209cc1  mozilla-nss-1.4.3-3.0.4.i386.rpm
c679a873dad6b08eb47f69c871bb04b9  mozilla-nss-devel-1.4.3-3.0.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
http://secunia.com/advisories/12526/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0908

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBXB4YXlSAg2UNWIIRAqmYAJkBGoxR78vGZp7RawhXNlTpTp3v9QCfTC7T
OVJnwLDKB0KZ5vJIFH1HB8s=
=ijeu
-----END PGP SIGNATURE-----


-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC