Novell is now a part of Micro Focus

Security update for MozillaFirefox

Knowledgebase

(Last modified: 19MAY2005)


solutions Security update for MozillaFirefox SuSE Linux Maintenance Web (3c5963bf1d6c9c68845299a778b819e5)

Applies to

Package: MozillaFirefox
MozillaFirefox-translations
Product(s): Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Patch: patch-10055
Release: 20050519
Obsoletes: none

Indications

Install this if you are using Firefox.

Contraindications

None.

Problem description

This upgraded Mozilla Firefox to version 1.0.4 fixes the following security problems:
MFSA 2005-42: A problem in the install confirmation dialog together with a bad fix for MFSA 2005-41 allowed a local attacker to execute arbitrary code with the help of a cross site scripting problem on the Mozilla website.
MFSA 2005-43: By causing a frame to navigate back to a previous javascript: URL an attacker can inject a script into the forward site. This site can be controlled by the attacker allowing them to steal cookies or sensitive data from that page or to perform actions on behalf of that user.
MFSA 2005-44: A variant of MFSA 2005-41 overrides properties on a non-DOM node and then substitutes that object for one chrome script will access. Most examples involved the attacker synthesizing an event targeted at a non-DOM node, and overriding standard DOM node properties such as type with references to eval() calls or Script() objects.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh MozillaFirefox.rpm MozillaFirefox-translations.rpm

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Micro Focus