Security update for MozillaFirefox
Knowledgebase
(Last modified: 19MAY2005)
solutions Security update for MozillaFirefox SuSE Linux Maintenance Web (3c5963bf1d6c9c68845299a778b819e5)
MozillaFirefox-translations
Product(s): Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Patch: patch-10055
Release: 20050519
Obsoletes: none
MFSA 2005-42: A problem in the install confirmation dialog together with a bad fix for MFSA 2005-41 allowed a local attacker to execute arbitrary code with the help of a cross site scripting problem on the Mozilla website.
MFSA 2005-43: By causing a frame to navigate back to a previous javascript: URL an attacker can inject a script into the forward site. This site can be controlled by the attacker allowing them to steal cookies or sensitive data from that page or to perform actions on behalf of that user.
MFSA 2005-44: A variant of MFSA 2005-41 overrides properties on a non-DOM node and then substitutes that object for one chrome script will access. Most examples involved the attacker synthesizing an event targeted at a non-DOM node, and overriding standard DOM node properties such as type with references to eval() calls or Script() objects.
rpm -Fvh MozillaFirefox.rpm MozillaFirefox-translations.rpm
Download Source Packages
Download the source code of the patches for maintained products.
Disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.