drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebigen Codes in firefox
Name: |
Ausführen beliebigen Codes in firefox
|
|
ID: |
FEDORA-2005-246 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora Core 3 |
|
Datum: |
Do, 24. März 2005, 12:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0402 |
|
Applikationen: |
Mozilla Firefox |
|
Originalnachricht |
--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-246 2005-03-23 ---------------------------------------------------------------------
Product : Fedora Core 3 Name : firefox Version : 1.0.2 Release : 1.3.1 Summary : Mozilla Firefox Web browser. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.
--------------------------------------------------------------------- Update Information:
A buffer overflow bug was found in the way Firefox processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0399 to this issue.
A bug was found in the way Firefox processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0401 to this issue.
A bug was found in the way Firefox bookmarks content to the sidebar. If a user can be tricked into bookmarking a malicious web page into the sidebar panel, that page could execute arbitrary programs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0402 to this issue.
Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.2 and is not vulnerable to these issues.
Additionally, there was a bug found in the way Firefox rendered some fonts, notably the Tahoma font while italicized. This issue has been filed as Bug 150041 (bugzilla.redhat.com). This updated package contains a fix for this issue.
--------------------------------------------------------------------- * Wed Mar 23 2005 Christopher Aillon <caillon@redhat.com> 0:1.0.2-1.3.1
- Firefox 1.0.2 - Fix issues with italic rendering using certain fonts (e.g. Tahoma) - Add upstream fix to reduce round trips to xserver during remote control - Add upstream fix to call g_set_application_name
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
a461bc4e69e10779b3a46944f6b3fd23 SRPMS/firefox-1.0.2-1.3.1.src.rpm 1951b68e390da2f45177df9c016240a0 x86_64/firefox-1.0.2-1.3.1.x86_64.rpm a81f4837b641ae78f3f6559cbf05715c x86_64/debug/firefox-debuginfo-1.0.2-1.3.1.x86_64.rpm 9b19361c8a3dc98edaa07eb1043c11b3 i386/firefox-1.0.2-1.3.1.i386.rpm a97e425d13c5abb994520829b16b8063 i386/debug/firefox-debuginfo-1.0.2-1.3.1.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------
-- fedora-announce-list mailing list fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list
|
|
|
|