Novell is now a part of Micro Focus

Security update for Mozilla Firefox

Knowledgebase

(Last modified: 14NOV2006)


solutions Security update for Mozilla Firefox SuSE Linux Maintenance Web (eb29e246d47ad02c74de06d48db89df2)

Applies to

Package: MozillaFirefox
MozillaFirefox-translations
Product(s): SUSE SLED 10 for x86
SUSE SLES 10 for x86
SUSE SLES 10 for IPF
SUSE SLES 10 for IBM POWER
SUSE SLES 10 for IBM zSeries 64bit
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Patch: patch-11296
Release: 20061114
Obsoletes: 5ae40216b36d816bfac7099b240c52ec
8de3ea0ba7cd0da892d902baee1e6d60
5bf7d4b67ee6a73aa73ac37c89c4495a
91d3fb6dc75c0248de5d27fd5a3ffe70
ef4a219c3a29a3b7d4c57c43cccd0acc
e001126103bb8699fac50378d5540aad

Indications

Install this update.

Contraindications

None.

Problem description

This update brings MozillaFirefox to the security update release 1.5.0.8, including the following security fixes.
Full details can be found on:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
  • MFSA2006-65: Is split into 3 sub-entries, for ongoing stability improvements in the Mozilla browsers:
    • CVE-2006-5464: Layout engine flaws were fixed.
    • CVE-2006-5747: A xml.prototype.hasOwnProperty flaw was fixed.
    • CVE-2006-5748: Fixes were applied to the Javascript engine.
  • MFSA2006-66/CVE-2006-5462: MFSA 2006-60 reported that RSA digital signatures with a low exponent (typically 3) could be forged. Firefox and Thunderbird 1.5.0.7, which incorporated NSS version 3.10.2, were incompletely patched and remained vulnerable to a variant of this attack.
  • MFSA2006-67/CVE-2006-5463: shutdown demonstrated that it was possible to modify a Script object while it was executing, potentially leading to the execution of arbitrary JavaScript bytecode.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh MozillaFirefox.rpm MozillaFirefox-translations.rpm

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Copyright Micro Focus or one of its affiliates