Novell is now a part of Micro Focus

Security update for Mozilla Firefox

Knowledgebase

(Last modified: 21DEC2006)

solutions Security update for Mozilla Firefox SuSE Linux Maintenance Web (5f62b1276a8877510b3124f13b3c3b27)

Applies to

Package: MozillaFirefox
MozillaFirefox-translations
Product(s): SUSE SLED 10 for x86
SUSE SLED 10 for AMD64 and Intel EM64T
SUSE SLES 10 for x86
SUSE SLES 10 for IPF
SUSE SLES 10 for IBM POWER
SUSE SLES 10 for IBM zSeries 64bit
SUSE SLES 10 for AMD64 and Intel EM64T
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Patch: patch-11367
Release: 20061221
Obsoletes: none

Indications

Everyone using Firefox should install this update.

Contraindications

None.

Description

This update brings MozillaFirefox to the security update release 1.5.0.9, including the following security fixes:
  • CVE-2006-6497/MFSA2006-68: Crashes with evidence of memory corruption were fixed in the layout engine.
  • CVE-2006-6498/MFSA2006-68: Crashes with evidence of memory corruption were fixed in the javascript engine.
  • CVE-2006-6499/MFSA2006-68: Crashes regarding floating point usage were fixed.
  • CVE-2006-6500/MFSA2006-69: This issue only affects Windows systems, Linux is not affected.
  • CVE-2006-6501/MFSA2006-70: A privilege escalation using a watch point was fixed.
  • CVE-2006-6502/MFSA2006-71: A LiveConnect crash finalizing JS objects was fixed.
  • CVE-2006-6503/MFSA2006-72: A XSS problem caused by setting img.src to javascript: URI was fixed.
  • CVE-2006-6504/MFSA2006-73: A Mozilla SVG Processing Remote Code Execution was fixed.
  • CVE-2006-6505/MFSA2006-74: Some Mail header processing heap overflows were fixed.
  • CVE-2006-6506/MFSA2006-75: The RSS Feed-preview referrer leak was fixed.
  • CVE-2006-6507/MFSA2006-76: A XSS problem using outer window's Function object was fixed.
Full details can be found on http://www.mozilla.org/projects/security/known-vulnerabilities.html

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as RPM packages that can easily be installed onto a running system by using this command:
rpm -Fvh MozillaFirefox.rpm MozillaFirefox-translations.rpm

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.

Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Copyright Micro Focus or one of its affiliates