Sicherheit: Mehrere Probleme in Mozilla Firefox und Mozilla Thunderbird

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1343646555-2945-195

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:110-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mozilla
Date : July 30, 2012
Affected: 2011.
_______________________________________________________________________

Problem Description:

Security issues were identified and fixed in mozilla firefox and
thunderbird:

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort
at least some of these could be exploited to run arbitrary code
(CVE-2012-1949, CVE-2012-1948).

Security researcher Mario Gomes andresearch firm Code Audit Labs
reported a mechanism to short-circuit page loads through drag and drop
to the addressbar by canceling the page load. This causes the address
of the previously site entered to be displayed in the addressbar
instead of the currently loaded page. This could lead to potential
phishing attacks on users (CVE-2012-1950).

Google security researcher Abhishek Arya used the Address Sanitizer
tool to uncover four issues: two use-after-free problems, one out of
bounds read bug, and a bad cast. The first use-after-free problem is
caused when an array of nsSMILTimeValueSpec objects is destroyed but
attempts are made to call into objects in this array later. The second
use-after-free problem is in nsDocument::AdoptNode when it adopts into
an empty document and then adopts into another document, emptying the
first one. The heap buffer overflow is in ElementAnimations when data
is read off of end of an array and then pointers are dereferenced. The
bad cast happens when nsTableFrame::InsertFrames is called with
frames in aFrameList that are a mix of row group frames and column
group frames. AppendFrames is not able to handle this mix. All four of
these issues are potentially exploitable (CVE-2012-1951, CVE-2012-1954,
CVE-2012-1953, CVE-2012-1952).

Security researcher Mariusz Mlynski reported an issue with spoofing
of the location property. In this issue, calls to history.forward
and history.back are used to navigate to a site while displaying the
previous site in the addressbar but changing the baseURI to the newer
site. This can be used for phishing by allowing the user input form
or other data on the newer, attacking, site while appearing to be on
the older, displayed site (CVE-2012-1955).

Mozilla security researcher moz_bug_r_a4 reported a cross-site
scripting (XSS) attack through the context menu using a data: URL. In
this issue, context menu functionality (View Image, Show only this
frame, and View background image) are disallowed in a javascript:
URL but allowed in a data: URL, allowing for XSS. This can lead to
arbitrary code execution (CVE-2012-1966).

Security researcher Mario Heiderich reported that javascript could
be executed in the HTML feed-view using <embed> tag within the
RSS
<description>. This problem is due to <embed> tags
not being filtered
out during parsing and can lead to a potential cross-site scripting
(XSS) attack. The flaw existed in a parser utility class and could
affect other parts of the browser or add-ons which rely on that class
to sanitize untrusted input (CVE-2012-1957).

Security researcher Arthur Gerkis used the Address Sanitizer
tool to find a use-after-free in nsGlobalWindow::PageHidden
when mFocusedContent is released and oldFocusedContent is used
afterwards. This use-after-free could possibly allow for remote code
execution (CVE-2012-1958).

Mozilla developer Bobby Holley found that same-compartment
security wrappers (SCSW) can be bypassed by passing them to another
compartment. Cross-compartment wrappers often do not go through SCSW,
but have a filtering policy built into them. When an object is wrapped
cross-compartment, the SCSW is stripped off and, when the object is
read read back, it is not known that SCSW was previously present,
resulting in a bypassing of SCSW. This could result in untrusted
content having access to the XBL that implements browser functionality
(CVE-2012-1959).

Google developer Tony Payne reported an out of bounds (OOB) read in
QCMS, Mozillas color management library. With a carefully crafted
color profile portions of a user's memory could be incorporated into
a transformed image and possibly deciphered (CVE-2012-1960).

Bugzilla developer Fredric Buclin reported that the X-Frame-Options
header is ignored when the value is duplicated, for example
X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication occurs
for unknown reasons on some websites and when it occurs results in
Mozilla browsers not being protected against possible clickjacking
attacks on those pages (CVE-2012-1961).

Security researcher Bill Keese reported a memory corruption. This
is caused by JSDependentString::undepend changing a dependent
string into a fixed string when there are additional dependent
strings relying on the same base. When the undepend occurs during
conversion, the base data is freed, leaving other dependent strings
with dangling pointers. This can lead to a potentially exploitable
crash (CVE-2012-1962).

Security researcher Karthikeyan Bhargavan of Prosecco at INRIA reported
Content Security Policy (CSP) 1.0 implementation errors. CSP violation
reports generated by Firefox and sent to the report-uri location
include sensitive data within the blocked-uri parameter. These include
fragment components and query strings even if the blocked-uri parameter
has a different origin than the protected resource. This can be used
to retrieve a user's OAuth 2.0 access tokens and OpenID credentials
by malicious sites (CVE-2012-1963).

Security Researcher Matt McCutchen reported that a clickjacking attack
using the certificate warning page. A man-in-the-middle (MITM) attacker
can use an iframe to display its own certificate error warning page
(about:certerror) with the Add Exception button of a real warning page
from a malicious site. This can mislead users to adding a certificate
exception for a different site than the perceived one. This can lead
to compromised communications with the user perceived site through
the MITM attack once the certificate exception has been added
(CVE-2012-1964).

Security researchers Mario Gomes and Soroush Dalili reported that
since Mozilla allows the pseudo-protocol feed: to prefix any valid
URL, it is possible to construct feed:javascript: URLs that will
execute scripts in some contexts. On some sites it may be possible
to use this to evade output filtering that would otherwise strip
javascript: URLs and thus contribute to cross-site scripting (XSS)
problems on these sites (CVE-2012-1965).

Mozilla security researcher moz_bug_r_a4 reported a arbitrary code
execution attack using a javascript: URL. The Gecko engine features
a JavaScript sandbox utility that allows the browser or add-ons to
safely execute script in the context of a web page. In certain cases,
javascript: URLs are executed in such a sandbox with insufficient
context that can allow those scripts to escape from the sandbox and
run with elevated privilege. This can lead to arbitrary code execution
(CVE-2012-1967).

The mozilla firefox and thunderbird packages has been upgraded to the
latest respective versions which is unaffected by these security flaws.

Additionally the rootcerts packages has been upgraded to the latest
version which brings updated root CA data.

Update:

Localization packages for firefox was missing with the MDVSA-2012:110
advisory and is being provided with this advisory.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967
http://www.mozilla.org/security/announce/2012/mfsa2012-42.html
http://www.mozilla.org/security/announce/2012/mfsa2012-43.html
http://www.mozilla.org/security/announce/2012/mfsa2012-44.html
http://www.mozilla.org/security/announce/2012/mfsa2012-45.html
http://www.mozilla.org/security/announce/2012/mfsa2012-46.html
http://www.mozilla.org/security/announce/2012/mfsa2012-47.html
http://www.mozilla.org/security/announce/2012/mfsa2012-48.html
http://www.mozilla.org/security/announce/2012/mfsa2012-49.html
http://www.mozilla.org/security/announce/2012/mfsa2012-50.html
http://www.mozilla.org/security/announce/2012/mfsa2012-51.html
http://www.mozilla.org/security/announce/2012/mfsa2012-52.html
http://www.mozilla.org/security/announce/2012/mfsa2012-53.html
http://www.mozilla.org/security/announce/2012/mfsa2012-54.html
http://www.mozilla.org/security/announce/2012/mfsa2012-55.html
http://www.mozilla.org/security/announce/2012/mfsa2012-55.html
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
43bc01ccc98b75363d4b4077b941fa95
2011/i586/firefox-af-14.0.1-0.1-mdv2011.0.noarch.rpm
5cf9843d9fae1a9a41177d7b82fa84ff
2011/i586/firefox-ar-14.0.1-0.1-mdv2011.0.noarch.rpm
c8e2042e6d876ae8c9bb06c0667cb02c
2011/i586/firefox-ast-14.0.1-0.1-mdv2011.0.noarch.rpm
09cd4087379bd7b7f1802094483f75b8
2011/i586/firefox-be-14.0.1-0.1-mdv2011.0.noarch.rpm
d5bdaad3a816acec3e1a2dd1ad0aa37a
2011/i586/firefox-bg-14.0.1-0.1-mdv2011.0.noarch.rpm
92bcaa32a97d02fbef760d684984b2e6
2011/i586/firefox-bn_BD-14.0.1-0.1-mdv2011.0.noarch.rpm
f85f08aae1036bbcb3988dd6284ec7ff
2011/i586/firefox-bn_IN-14.0.1-0.1-mdv2011.0.noarch.rpm
4e3820c412ec1d024c243fda18980598
2011/i586/firefox-br-14.0.1-0.1-mdv2011.0.noarch.rpm
7e717ec91d749e64a032ca150cb239c4
2011/i586/firefox-bs-14.0.1-0.1-mdv2011.0.noarch.rpm
1baf657cd13b5f395ebc662c85069d0d
2011/i586/firefox-ca-14.0.1-0.1-mdv2011.0.noarch.rpm
77459e9f9403766f58cb5559bc72d138
2011/i586/firefox-cs-14.0.1-0.1-mdv2011.0.noarch.rpm
7d7586d2550ab01b62f882e9f9189b7e
2011/i586/firefox-cy-14.0.1-0.1-mdv2011.0.noarch.rpm
a594f80302c0e8b9ef497a01ba7c6e88
2011/i586/firefox-da-14.0.1-0.1-mdv2011.0.noarch.rpm
4e04b8a1fa7c713051e1053074c1d893
2011/i586/firefox-de-14.0.1-0.1-mdv2011.0.noarch.rpm
9f015ef33a79fafaccd5f34f0dba5a47
2011/i586/firefox-el-14.0.1-0.1-mdv2011.0.noarch.rpm
192795ac582de44102cdb55628062abd
2011/i586/firefox-en_GB-14.0.1-0.1-mdv2011.0.noarch.rpm
6f9c8eb0e73312a292622d6949f94bd4
2011/i586/firefox-en_ZA-14.0.1-0.1-mdv2011.0.noarch.rpm
7bc76c6cd5bbb407023051243ad4645f
2011/i586/firefox-eo-14.0.1-0.1-mdv2011.0.noarch.rpm
894e1b85db41a38c58acce97169e6637
2011/i586/firefox-es_AR-14.0.1-0.1-mdv2011.0.noarch.rpm
503639942c9c76b7448ba3750d05b04b
2011/i586/firefox-es_CL-14.0.1-0.1-mdv2011.0.noarch.rpm
630c50be622f38c3ad0f9960eac058e8
2011/i586/firefox-es_ES-14.0.1-0.1-mdv2011.0.noarch.rpm
8ff53c0a20cdac5b6b6b94bc4e4324f6
2011/i586/firefox-es_MX-14.0.1-0.1-mdv2011.0.noarch.rpm
5c62325eb7cef9d28fe59813dd511268
2011/i586/firefox-et-14.0.1-0.1-mdv2011.0.noarch.rpm
cb69b8277417a197f8e28f2cbeea38a9
2011/i586/firefox-eu-14.0.1-0.1-mdv2011.0.noarch.rpm
c944b502988dc54ecc366b927982fd5f
2011/i586/firefox-fa-14.0.1-0.1-mdv2011.0.noarch.rpm
f8ce2b2d103f9d2804a798877f1b08da
2011/i586/firefox-fi-14.0.1-0.1-mdv2011.0.noarch.rpm
07b94b1c0672a93cea29cdd152fc0ed9
2011/i586/firefox-fr-14.0.1-0.1-mdv2011.0.noarch.rpm
09a7b66abc54664696c7cc8026fc4a34
2011/i586/firefox-fy-14.0.1-0.1-mdv2011.0.noarch.rpm
da0b97c3384c7c77a6a0e10ea58c4607
2011/i586/firefox-ga_IE-14.0.1-0.1-mdv2011.0.noarch.rpm
9ab97af29d6600c225e4bdb66edf2f7f
2011/i586/firefox-gd-14.0.1-0.1-mdv2011.0.noarch.rpm
856b18f2b73adfdecc78db40d413094f
2011/i586/firefox-gl-14.0.1-0.1-mdv2011.0.noarch.rpm
a4704eafd1495f59da8ad0b93ae5c3c9
2011/i586/firefox-gu_IN-14.0.1-0.1-mdv2011.0.noarch.rpm
979792f24a7a8285134e0b2fb4d1db64
2011/i586/firefox-he-14.0.1-0.1-mdv2011.0.noarch.rpm
1016e55c395f913d45fe8f16d4d95b0a
2011/i586/firefox-hi-14.0.1-0.1-mdv2011.0.noarch.rpm
f71278e4dc9fbd485c06e3db12d58fa6
2011/i586/firefox-hr-14.0.1-0.1-mdv2011.0.noarch.rpm
cdf886a3a41b7cd06331167e9edd8d03
2011/i586/firefox-hu-14.0.1-0.1-mdv2011.0.noarch.rpm
8406531f69f43148553ed0939d011ca5
2011/i586/firefox-hy-14.0.1-0.1-mdv2011.0.noarch.rpm
8c3db8bc829576fa90ca527ebb3e4445
2011/i586/firefox-id-14.0.1-0.1-mdv2011.0.noarch.rpm
de0449aa2e281d0eeb86a5685a2a9c45
2011/i586/firefox-is-14.0.1-0.1-mdv2011.0.noarch.rpm
101bf9b896099ae748513118c534b750
2011/i586/firefox-it-14.0.1-0.1-mdv2011.0.noarch.rpm
8372a468aa4b5ff646ae0ac85f2f4455
2011/i586/firefox-ja-14.0.1-0.1-mdv2011.0.noarch.rpm
f70fd9c5cd6ff7a127573dd1c555a049
2011/i586/firefox-kk-14.0.1-0.1-mdv2011.0.noarch.rpm
ffe94a0418739a39db28106aa9ffcc7b
2011/i586/firefox-kn-14.0.1-0.1-mdv2011.0.noarch.rpm
2dea5e4a34d2a7c370e322a774fedfec
2011/i586/firefox-ko-14.0.1-0.1-mdv2011.0.noarch.rpm
a30c85b798ec5b74d0d42a5000359df0
2011/i586/firefox-ku-14.0.1-0.1-mdv2011.0.noarch.rpm
eaca75ab4cf18be892c56a5aaa10e04c
2011/i586/firefox-lg-14.0.1-0.1-mdv2011.0.noarch.rpm
70c1db3b65529680d46a707332dfab40
2011/i586/firefox-lt-14.0.1-0.1-mdv2011.0.noarch.rpm
a328f4c11f47ae0fb124b338c0405df0
2011/i586/firefox-lv-14.0.1-0.1-mdv2011.0.noarch.rpm
5fcf1ae7fc2aede068899522d07f2bf5
2011/i586/firefox-mai-14.0.1-0.1-mdv2011.0.noarch.rpm
b0596139c6a91bc1edcf9649bcdc7846
2011/i586/firefox-mk-14.0.1-0.1-mdv2011.0.noarch.rpm
9f010b17083218b84b383eacbc63aecb
2011/i586/firefox-ml-14.0.1-0.1-mdv2011.0.noarch.rpm
d70187cdc8e2ef02337c6249fe544375
2011/i586/firefox-mr-14.0.1-0.1-mdv2011.0.noarch.rpm
0a57e69dfcabead6b506bed994ad05ef
2011/i586/firefox-nb_NO-14.0.1-0.1-mdv2011.0.noarch.rpm
04144ffe3227a619976dc82c7f688bf0
2011/i586/firefox-nl-14.0.1-0.1-mdv2011.0.noarch.rpm
b16e5fc2a317db3f1975a2619806acc6
2011/i586/firefox-nn_NO-14.0.1-0.1-mdv2011.0.noarch.rpm
a694a6967405181a4a9f3c25ffad8044
2011/i586/firefox-nso-14.0.1-0.1-mdv2011.0.noarch.rpm
c168d6a441153e4105b645707be2830c
2011/i586/firefox-or-14.0.1-0.1-mdv2011.0.noarch.rpm
675c74b5f63b2f201ca0590d49317b30
2011/i586/firefox-pa_IN-14.0.1-0.1-mdv2011.0.noarch.rpm
2750a583420d0936ba5bdbfc0dca4a63
2011/i586/firefox-pl-14.0.1-0.1-mdv2011.0.noarch.rpm
4fb3435d1bf3deed172d55f44d046047
2011/i586/firefox-pt_BR-14.0.1-0.1-mdv2011.0.noarch.rpm
6bde33144f6753a87785228eec87518b
2011/i586/firefox-pt_PT-14.0.1-0.1-mdv2011.0.noarch.rpm
94f93cce16dd9f3d0905801861a4f736
2011/i586/firefox-ro-14.0.1-0.1-mdv2011.0.noarch.rpm
87cee184faf238fb7a26a5ac1b5247b3
2011/i586/firefox-ru-14.0.1-0.1-mdv2011.0.noarch.rpm
885f993edd7a40018b4b59f9e0111e0c
2011/i586/firefox-si-14.0.1-0.1-mdv2011.0.noarch.rpm
b1298a8456b1ed2aaa4dec50b3eaf4b7
2011/i586/firefox-sk-14.0.1-0.1-mdv2011.0.noarch.rpm
6749f45f11e3fb8861b468acc63675aa
2011/i586/firefox-sl-14.0.1-0.1-mdv2011.0.noarch.rpm
4f83842b913895d6e68ff7413bbc48c2
2011/i586/firefox-sq-14.0.1-0.1-mdv2011.0.noarch.rpm
55806da67fb4c3379129d1eb7cb7fc55
2011/i586/firefox-sr-14.0.1-0.1-mdv2011.0.noarch.rpm
708b8c6cb0fbce415edf0a4b3a98cb18
2011/i586/firefox-sv_SE-14.0.1-0.1-mdv2011.0.noarch.rpm
5ecc9585249bb7f65783cbe143489e38
2011/i586/firefox-ta-14.0.1-0.1-mdv2011.0.noarch.rpm
3a20bf6d9c0f4dd138105812f5d108f9
2011/i586/firefox-ta_LK-14.0.1-0.1-mdv2011.0.noarch.rpm
b4d876ff38f7ade56ad4c0873065a690
2011/i586/firefox-te-14.0.1-0.1-mdv2011.0.noarch.rpm
f5efc023d2909b94e2f7c99d5238ff75
2011/i586/firefox-th-14.0.1-0.1-mdv2011.0.noarch.rpm
7d5876c112c9efc6944460bc936ca11d
2011/i586/firefox-tr-14.0.1-0.1-mdv2011.0.noarch.rpm
21e9f383b72fbe6ecd5bf6a404ddf223
2011/i586/firefox-uk-14.0.1-0.1-mdv2011.0.noarch.rpm
dc5a805bb27e1a54f166e5fdb9b7cd77
2011/i586/firefox-vi-14.0.1-0.1-mdv2011.0.noarch.rpm
c6809103f7b4b01348a48dda9d091c5b
2011/i586/firefox-zh_CN-14.0.1-0.1-mdv2011.0.noarch.rpm
81a2b6bd3e0faef551580412e5ed3f2e
2011/i586/firefox-zh_TW-14.0.1-0.1-mdv2011.0.noarch.rpm
1be0b4a24474dc690779dedd9ff3080d
2011/i586/firefox-zu-14.0.1-0.1-mdv2011.0.noarch.rpm
24084d5193151ca4653ae9cd9075ba49 2011/SRPMS/firefox-l10n-14.0.1-0.1.src.rpm

Mandriva Linux 2011/X86_64:
583b4f8a075d037659abf27c2a159657
2011/x86_64/firefox-af-14.0.1-0.1-mdv2011.0.noarch.rpm
82cd3e5871e6213f9ea1c9b7079bafe0
2011/x86_64/firefox-ar-14.0.1-0.1-mdv2011.0.noarch.rpm
b507014516db7f3337fe94d1a4ec9ac7
2011/x86_64/firefox-ast-14.0.1-0.1-mdv2011.0.noarch.rpm
cd5ed30105a099d27f9d90acb9bc6407
2011/x86_64/firefox-be-14.0.1-0.1-mdv2011.0.noarch.rpm
fb8b606ec1b036993db362c756eaca0a
2011/x86_64/firefox-bg-14.0.1-0.1-mdv2011.0.noarch.rpm
edac0138d1db7216fe454fb3f753e9db
2011/x86_64/firefox-bn_BD-14.0.1-0.1-mdv2011.0.noarch.rpm
9af860ab0127e23595fd2f18b3fc0176
2011/x86_64/firefox-bn_IN-14.0.1-0.1-mdv2011.0.noarch.rpm
101bdf75c8c2aba63c3e5f067424d080
2011/x86_64/firefox-br-14.0.1-0.1-mdv2011.0.noarch.rpm
7bd4bcbe8215b94d3b5343408c17e4ed
2011/x86_64/firefox-bs-14.0.1-0.1-mdv2011.0.noarch.rpm
767269ccd10a5a29cff117b2fdc85d9e
2011/x86_64/firefox-ca-14.0.1-0.1-mdv2011.0.noarch.rpm
3062dc29310e151931de3d38b50a8147
2011/x86_64/firefox-cs-14.0.1-0.1-mdv2011.0.noarch.rpm
f2a5c1c799c16f8d22921d7874bab2b1
2011/x86_64/firefox-cy-14.0.1-0.1-mdv2011.0.noarch.rpm
3f80742881dac3ea726ec729904d06af
2011/x86_64/firefox-da-14.0.1-0.1-mdv2011.0.noarch.rpm
58d0e28dc04f104789d255beb53907b9
2011/x86_64/firefox-de-14.0.1-0.1-mdv2011.0.noarch.rpm
465dd46ca7a945a9610a47ada145841d
2011/x86_64/firefox-el-14.0.1-0.1-mdv2011.0.noarch.rpm
76e641c297092488d80d9cc3aa5d760a
2011/x86_64/firefox-en_GB-14.0.1-0.1-mdv2011.0.noarch.rpm
9c32d0e7a870c61cbed79d2d7202b641
2011/x86_64/firefox-en_ZA-14.0.1-0.1-mdv2011.0.noarch.rpm
8b98eb9a48ff7ebfaa08e776037edbd1
2011/x86_64/firefox-eo-14.0.1-0.1-mdv2011.0.noarch.rpm
1529caa60d614a9c67ed6d63408163f3
2011/x86_64/firefox-es_AR-14.0.1-0.1-mdv2011.0.noarch.rpm
deb3f3dd2ebcf75d9a5d6191680f604b
2011/x86_64/firefox-es_CL-14.0.1-0.1-mdv2011.0.noarch.rpm
590457b838ab681886869b9b1d9be270
2011/x86_64/firefox-es_ES-14.0.1-0.1-mdv2011.0.noarch.rpm
8eacf08eefba46c5d3b43effcb211ec9
2011/x86_64/firefox-es_MX-14.0.1-0.1-mdv2011.0.noarch.rpm
a14a00665bf7711cfded3a25ed57f966
2011/x86_64/firefox-et-14.0.1-0.1-mdv2011.0.noarch.rpm
750428654dad1b2e8ab61714fdf3d3e7
2011/x86_64/firefox-eu-14.0.1-0.1-mdv2011.0.noarch.rpm
cdafed47648d2d9ba744cdcca1c78a1e
2011/x86_64/firefox-fa-14.0.1-0.1-mdv2011.0.noarch.rpm
ac25f45e17c108cf6d476fadbd19f382
2011/x86_64/firefox-fi-14.0.1-0.1-mdv2011.0.noarch.rpm
972eb883ac84bd9260af33760aaff05a
2011/x86_64/firefox-fr-14.0.1-0.1-mdv2011.0.noarch.rpm
d378fc6f17f4223c915f98d83ced2302
2011/x86_64/firefox-fy-14.0.1-0.1-mdv2011.0.noarch.rpm
45282406f804b4fab9042344432a48cb
2011/x86_64/firefox-ga_IE-14.0.1-0.1-mdv2011.0.noarch.rpm
08aea6931aaa47a6c800b2b4e243a5f3
2011/x86_64/firefox-gd-14.0.1-0.1-mdv2011.0.noarch.rpm
abd5a648d4bb501b084d7e34ee83b89c
2011/x86_64/firefox-gl-14.0.1-0.1-mdv2011.0.noarch.rpm
107031305a5e8aca8bf2ef324256d730
2011/x86_64/firefox-gu_IN-14.0.1-0.1-mdv2011.0.noarch.rpm
d58fe4de769bfc6d031ce0f0b7264bb0
2011/x86_64/firefox-he-14.0.1-0.1-mdv2011.0.noarch.rpm
2f051401cc1bcc7b98de8b89e6af2c28
2011/x86_64/firefox-hi-14.0.1-0.1-mdv2011.0.noarch.rpm
6a6e6454e463106d5309f9043fda260f
2011/x86_64/firefox-hr-14.0.1-0.1-mdv2011.0.noarch.rpm
1761853278941f6d3a1248bb8c388729
2011/x86_64/firefox-hu-14.0.1-0.1-mdv2011.0.noarch.rpm
6411f1be310184d571eabf01ec8e3922
2011/x86_64/firefox-hy-14.0.1-0.1-mdv2011.0.noarch.rpm
57f8fb7828e71ad74652dd35cb47df07
2011/x86_64/firefox-id-14.0.1-0.1-mdv2011.0.noarch.rpm
3167b1dcfc28bc29cbeebc85b62bb51b
2011/x86_64/firefox-is-14.0.1-0.1-mdv2011.0.noarch.rpm
f0ca2c60d87269db012c2b5cd2b2cee2
2011/x86_64/firefox-it-14.0.1-0.1-mdv2011.0.noarch.rpm
cd0b86c806187d842757ade1303693cd
2011/x86_64/firefox-ja-14.0.1-0.1-mdv2011.0.noarch.rpm
fbd9a1e8d6f31d93252c5999ae3be705
2011/x86_64/firefox-kk-14.0.1-0.1-mdv2011.0.noarch.rpm
1be6287965defee8cccabb9748825615
2011/x86_64/firefox-kn-14.0.1-0.1-mdv2011.0.noarch.rpm
6b740d8e2e819e5ac67d9fb33fae6935
2011/x86_64/firefox-ko-14.0.1-0.1-mdv2011.0.noarch.rpm
aee4f1e192a19aef60e8bca7b6c4eadb
2011/x86_64/firefox-ku-14.0.1-0.1-mdv2011.0.noarch.rpm
089de0fdd810e2c051433dac80a59bf0
2011/x86_64/firefox-lg-14.0.1-0.1-mdv2011.0.noarch.rpm
57cb2dc0080448dc5dfcd776aebf060f
2011/x86_64/firefox-lt-14.0.1-0.1-mdv2011.0.noarch.rpm
c47b64c555918a01fa67ec0c4824a240
2011/x86_64/firefox-lv-14.0.1-0.1-mdv2011.0.noarch.rpm
6549a50879429511a3f680e62ac2415b
2011/x86_64/firefox-mai-14.0.1-0.1-mdv2011.0.noarch.rpm
c3424e83bde73981714627b33507aa94
2011/x86_64/firefox-mk-14.0.1-0.1-mdv2011.0.noarch.rpm
01ce1ebf6b7577854d4800c7a2ba8814
2011/x86_64/firefox-ml-14.0.1-0.1-mdv2011.0.noarch.rpm
c6134bed062508fc28e11a5dc8c7d7c6
2011/x86_64/firefox-mr-14.0.1-0.1-mdv2011.0.noarch.rpm
c23404bb4ba22bd31cea4f6f0e3663ef
2011/x86_64/firefox-nb_NO-14.0.1-0.1-mdv2011.0.noarch.rpm
7331c629802311de0cfe1f7c32e7e1f1
2011/x86_64/firefox-nl-14.0.1-0.1-mdv2011.0.noarch.rpm
afdd8a7a5fabc05738c9f759398c672d
2011/x86_64/firefox-nn_NO-14.0.1-0.1-mdv2011.0.noarch.rpm
fcfce875f899c0c3dd5614fadd240872
2011/x86_64/firefox-nso-14.0.1-0.1-mdv2011.0.noarch.rpm
e6df6d30da7f7e705889b933d0db8e51
2011/x86_64/firefox-or-14.0.1-0.1-mdv2011.0.noarch.rpm
ef0fe33071e61127d64b2324c448371f
2011/x86_64/firefox-pa_IN-14.0.1-0.1-mdv2011.0.noarch.rpm
0c434f4308209054b675e89205c2a76c
2011/x86_64/firefox-pl-14.0.1-0.1-mdv2011.0.noarch.rpm
b633c3061de8467be426d22b8c5ed794
2011/x86_64/firefox-pt_BR-14.0.1-0.1-mdv2011.0.noarch.rpm
aad5cb82fffa1fcbb8e5b244b72dd6e4
2011/x86_64/firefox-pt_PT-14.0.1-0.1-mdv2011.0.noarch.rpm
9bf5739c054f2fc7853853dfeb9c42f6
2011/x86_64/firefox-ro-14.0.1-0.1-mdv2011.0.noarch.rpm
26fd39aa5de53990561a2eea50f4a1bf
2011/x86_64/firefox-ru-14.0.1-0.1-mdv2011.0.noarch.rpm
8fcf23326ee56437d04c60161196925c
2011/x86_64/firefox-si-14.0.1-0.1-mdv2011.0.noarch.rpm
6dc3cc97f319c14dc3091434352ae062
2011/x86_64/firefox-sk-14.0.1-0.1-mdv2011.0.noarch.rpm
0c50b613eb4eedd4611a15ed1eb41659
2011/x86_64/firefox-sl-14.0.1-0.1-mdv2011.0.noarch.rpm
d371f7e2f3fa8fa10b0f28424b1ce1a9
2011/x86_64/firefox-sq-14.0.1-0.1-mdv2011.0.noarch.rpm
e4e25da1ff6216c8380322fa4894d710
2011/x86_64/firefox-sr-14.0.1-0.1-mdv2011.0.noarch.rpm
48290e1445b3cc1499edd9dfcc501ce3
2011/x86_64/firefox-sv_SE-14.0.1-0.1-mdv2011.0.noarch.rpm
5cd7952638955430695a7043ce372ffb
2011/x86_64/firefox-ta-14.0.1-0.1-mdv2011.0.noarch.rpm
6e2d7b698d0a91a7a12365be5e7fbeb4
2011/x86_64/firefox-ta_LK-14.0.1-0.1-mdv2011.0.noarch.rpm
39be666ac815865b0f060587d8d5717f
2011/x86_64/firefox-te-14.0.1-0.1-mdv2011.0.noarch.rpm
e9730d2897852dcc311a767a25d4b027
2011/x86_64/firefox-th-14.0.1-0.1-mdv2011.0.noarch.rpm
c3df099cc3bc2da41b8afdf516696592
2011/x86_64/firefox-tr-14.0.1-0.1-mdv2011.0.noarch.rpm
496066aaa8fe88c2bcf655f4c93536a5
2011/x86_64/firefox-uk-14.0.1-0.1-mdv2011.0.noarch.rpm
5ef2c4881cc33f54bc24083f5b9ee09c
2011/x86_64/firefox-vi-14.0.1-0.1-mdv2011.0.noarch.rpm
17ee6c1f6b001f5db6c1610de1606c54
2011/x86_64/firefox-zh_CN-14.0.1-0.1-mdv2011.0.noarch.rpm
6928a192c4b658c1974ffc0e5bf116e4
2011/x86_64/firefox-zh_TW-14.0.1-0.1-mdv2011.0.noarch.rpm
1857a8720a04b1c7da4d7f40c9ff1556
2011/x86_64/firefox-zu-14.0.1-0.1-mdv2011.0.noarch.rpm
24084d5193151ca4653ae9cd9075ba49 2011/SRPMS/firefox-l10n-14.0.1-0.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQFj80mqjQ0CJFipgRAl1PAJ96POZmK9rQ5tK4aBzYu1xkdKgq5QCeLzFe
qYIGRcEG3uPulQ/9t1j/SEE=
=+MjY
-----END PGP SIGNATURE-----

------------=_1343646555-2945-195
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1343646555-2945-195--