Security Advisory mozilla security update

Advisory: RHSA-2004:421-17
Type: Security Advisory
Severity: Critical
Issued on: 2004-08-04
Last updated on: 2004-08-04
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2004-0597
CVE-2004-0599
CVE-2004-0718
CVE-2004-0722
CVE-2004-0757
CVE-2004-0758
CVE-2004-0759
CVE-2004-0760
CVE-2004-0761
CVE-2004-0762
CVE-2004-0763
CVE-2004-0764
CVE-2004-0765

Details

Updated mozilla packages based on version 1.4.3 that fix a number of
security issues for Red Hat Enterprise Linux are now available.

Mozilla is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

A number of flaws have been found in Mozilla 1.4 that have been fixed in
the Mozilla 1.4.3 release:

Zen Parse reported improper input validation to the SOAPParameter object
constructor leading to an integer overflow and controllable heap
corruption. Malicious JavaScript could be written to utilize this flaw and
could allow arbitrary code execution. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0722 to
this issue.

During a source code audit, Chris Evans discovered a buffer overflow and
integer overflows which affect the libpng code inside Mozilla. An attacker
could create a carefully crafted PNG file in such a way that it would cause
Mozilla to crash or execute arbitrary code when the image was viewed.
(CAN-2004-0597, CAN-2004-0599)

Zen Parse reported a flaw in the POP3 capability. A malicious POP3 server
could send a carefully crafted response that would cause a heap overflow
and potentially allow execution of arbitrary code as the user running
Mozilla. (CAN-2004-0757)

Marcel Boesch found a flaw that allows a CA certificate to be imported with
a DN the same as that of the built-in CA root certificates, which can cause
a denial of service to SSL pages, as the malicious certificate is treated
as invalid. (CAN-2004-0758)

Met - Martin Hassman reported a flaw in Mozilla that could allow malicious
Javascript code to upload local files from a users machine without
requiring confirmation. (CAN-2004-0759)

Mindlock Security reported a flaw in ftp URI handling. By using a NULL
character (%00) in a ftp URI, Mozilla can be confused into opening a
resource as a different MIME type. (CAN-2004-0760)

Mozilla does not properly prevent a frame in one domain from injecting
content into a frame that belongs to another domain, which facilitates
website spoofing and other attacks, also known as the frame injection
vulnerability. (CAN-2004-0718)

Tolga Tarhan reported a flaw that can allow a malicious webpage to use a
redirect sequence to spoof the security lock icon that makes a webpage
appear to be encrypted. (CAN-2004-0761)

Jesse Ruderman reported a security issue that affects a number of browsers
including Mozilla that could allow malicious websites to install arbitrary
extensions by using interactive events to manipulate the XPInstall Security
dialog box. (CAN-2004-0762)

Emmanouel Kellinis discovered a caching flaw in Mozilla which allows
malicious websites to spoof certificates of trusted websites via
redirects and Javascript that uses the "onunload" method. (CAN-2004-0763)

Mozilla allowed malicious websites to hijack the user interface via the
"chrome" flag and XML User Interface Language (XUL) files. (CAN-2004-0764)

The cert_TestHostName function in Mozilla only checks the hostname portion
of a certificate when the hostname portion of the URI is not a fully
qualified domain name (FQDN). This flaw could be used for spoofing if an
attacker had control of machines on a default DNS search path. (CAN-2004-0765)

All users are advised to update to these erratum packages which contain a
snapshot of Mozilla 1.4.3 including backported fixes and are not vulnerable
to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
mozilla-1.4.3-3.0.2.src.rpm
File outdated by:  RHSA-2006:0329		     a8fef126836c7ea73c80ac7e2792e142
 
IA-32:
mozilla-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     76e94d5ea03f131a723c97207297ee1b
mozilla-chat-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     75c2959a065a6b6ae8c90b56165e43a6
mozilla-devel-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     6c90c0a77bdbee2cb0d84be83fead1b1
mozilla-dom-inspector-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     58b9cfad95dfc69d1e0d80a23f383ad4
mozilla-js-debugger-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     431ed1323ae5217a0b31dc1f1bcca1bd
mozilla-mail-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     3a95aa702f1cc2205c10b957c3fd452e
mozilla-nspr-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     2877a54a8c7a2de5fe58b39ee626d214
mozilla-nspr-devel-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     46ccae94f0269a2b92d2b4a5d5dcd480
mozilla-nss-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     545d3867e6077c15f64aa5ee192c8d43
mozilla-nss-devel-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     f3fccea16c2bed1be5038399d0c42bad
 
x86_64:
mozilla-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     809d992f5b8de1d8d2929d853b01069a
mozilla-chat-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     0c4b1fd1560188277950e7df67e0c1a5
mozilla-devel-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     353be79ae25e35d1768f98c21fba07b0
mozilla-dom-inspector-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     6f29bdc0c13bdf52db9103d979eb0a19
mozilla-js-debugger-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     ea25530cfeb09b9ddb2fdcd4f270b9b4
mozilla-mail-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     86ed3c2207a0745275720a87520cf249
mozilla-nspr-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     caf8df9aa11bf0eed5d3ca3ee4d4c3fe
mozilla-nspr-devel-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     a061fd746ad180573d640051e2cf0f92
mozilla-nss-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     4139bc49b0a141edac659b62a27c7322
mozilla-nss-devel-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     9df3f9b35276f8c0bb54f3a45a994668
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
galeon-1.2.13-3.2.1.src.rpm
File outdated by:  RHSA-2006:0329		     7e094aa0324b56f4fba3ede27ae1b19b
mozilla-1.4.3-2.1.2.src.rpm
File outdated by:  RHSA-2006:0329		     66fcc1e820208b3024de369469250df5
 
IA-32:
galeon-1.2.13-3.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     d170284b6a6d01f85ee974bb6c984390
mozilla-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     57a81a30a9d79e77adec334f96e7cea9
mozilla-chat-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     fa6d63828129887e1cc3c42df47e4190
mozilla-devel-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     b13cb1114fa16a75fd81c6cb504db17e
mozilla-dom-inspector-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     9d4714cbd6c2077efa557430b8b89b63
mozilla-js-debugger-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     01686edf59fa5945b8f9ae69fa4ac5c0
mozilla-mail-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     623213465b181f6fb14698e73f9a6a89
mozilla-nspr-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     68cb569585436ce430c4aee335c01d4e
mozilla-nspr-devel-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     3c4e08b8106d4718c30fcf06e7633abc
mozilla-nss-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     494563d83a7b6a77642c73986d50092c
mozilla-nss-devel-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     fb6f0a11c5312f7822055f45c35435f2
 
IA-64:
galeon-1.2.13-3.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     e13f36d06fa5714337e074fca3a7a211
mozilla-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     7841dd11df85a69d6e03a3c4730e987c
mozilla-chat-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     b022a33b0ad1715f363b8e2be245e704
mozilla-devel-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     73599c671b8d07d86a82ae4006aeb184
mozilla-dom-inspector-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     bb57be095e37a959e8a9216820dd2fd9
mozilla-js-debugger-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     0879b99da78ee8393577ca3b17c3c95c
mozilla-mail-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     c018093969ef4ae1e26f203a67e74d87
mozilla-nspr-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     e1fe8f1eeff222e7d1cd35d305a20e4d
mozilla-nspr-devel-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     93e2cac5380515450b5201ef082fe427
mozilla-nss-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     afe930bc2c9d6174754b79d9119bc77d
mozilla-nss-devel-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     1413ffceb82030a07863e79917c8d3ea
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
mozilla-1.4.3-3.0.2.src.rpm
File outdated by:  RHSA-2006:0329		     a8fef126836c7ea73c80ac7e2792e142
 
IA-32:
mozilla-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     76e94d5ea03f131a723c97207297ee1b
mozilla-chat-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     75c2959a065a6b6ae8c90b56165e43a6
mozilla-devel-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     6c90c0a77bdbee2cb0d84be83fead1b1
mozilla-dom-inspector-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     58b9cfad95dfc69d1e0d80a23f383ad4
mozilla-js-debugger-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     431ed1323ae5217a0b31dc1f1bcca1bd
mozilla-mail-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     3a95aa702f1cc2205c10b957c3fd452e
mozilla-nspr-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     2877a54a8c7a2de5fe58b39ee626d214
mozilla-nspr-devel-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     46ccae94f0269a2b92d2b4a5d5dcd480
mozilla-nss-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     545d3867e6077c15f64aa5ee192c8d43
mozilla-nss-devel-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     f3fccea16c2bed1be5038399d0c42bad
 
IA-64:
mozilla-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     7493acb019f4cc706b6cf952444a975a
mozilla-chat-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     542bb7e67ff4eba5ed228e5db5a78f25
mozilla-devel-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     d5cbf0f7c03d71ed0c51a27430fe7f60
mozilla-dom-inspector-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     049bbde10a886f65d539579a311a24af
mozilla-js-debugger-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     1c96bbc0bbbf649e3a851b0295694847
mozilla-mail-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     cea7a67877727f4436ac554408db7832
mozilla-nspr-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     28047d1dd3264f882f9c4f8a7b628910
mozilla-nspr-devel-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     a903c680602a74dd0feaeb12b6cc32ec
mozilla-nss-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     d3ff697bca53a52fe164614d77432046
mozilla-nss-devel-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     7cd4e05706eb4b4b57f5eca3f1bc470f
 
PPC:
mozilla-1.4.3-3.0.2.ppc.rpm
File outdated by:  RHSA-2006:0329		     e2d78f6aac22bfbcb825867dbac82ebb
mozilla-chat-1.4.3-3.0.2.ppc.rpm
File outdated by:  RHSA-2006:0329		     b61167a98f8673f8f3f03ae28a50bc92
mozilla-devel-1.4.3-3.0.2.ppc.rpm
File outdated by:  RHSA-2006:0329		     d0fb8b199c689e7c8b214f3e0ec962c3
mozilla-dom-inspector-1.4.3-3.0.2.ppc.rpm
File outdated by:  RHSA-2006:0329		     53a571868dad0c9d3672013fb406570a
mozilla-js-debugger-1.4.3-3.0.2.ppc.rpm
File outdated by:  RHSA-2006:0329		     734e3f74f8592e2fd94e2dd257e01095
mozilla-mail-1.4.3-3.0.2.ppc.rpm
File outdated by:  RHSA-2006:0329		     82ac07ab7ef497194c65f7251cb62e33
mozilla-nspr-1.4.3-3.0.2.ppc.rpm
File outdated by:  RHSA-2006:0329		     398540c49c50030cbad5b4b9e96c783b
mozilla-nspr-devel-1.4.3-3.0.2.ppc.rpm
File outdated by:  RHSA-2006:0329		     d022b91ac348e6077625be5dc83b35dc
mozilla-nss-1.4.3-3.0.2.ppc.rpm
File outdated by:  RHSA-2006:0329		     271be6a6ba49964733a28e0dc9f07378
mozilla-nss-devel-1.4.3-3.0.2.ppc.rpm
File outdated by:  RHSA-2006:0329		     ce1b77ddb74d136ec38330cc11b7f54d
 
s390:
mozilla-1.4.3-3.0.2.s390.rpm
File outdated by:  RHSA-2006:0329		     19ad37a2396c2776175d0e59662a7652
mozilla-chat-1.4.3-3.0.2.s390.rpm
File outdated by:  RHSA-2006:0329		     4baac171cf9ba457f1c3faf8f03b88cf
mozilla-devel-1.4.3-3.0.2.s390.rpm
File outdated by:  RHSA-2006:0329		     2ec9bd8e61073a3f6056e9cecc419ba3
mozilla-dom-inspector-1.4.3-3.0.2.s390.rpm
File outdated by:  RHSA-2006:0329		     32a1d2e1c29ea3b094f35164710cfc0e
mozilla-js-debugger-1.4.3-3.0.2.s390.rpm
File outdated by:  RHSA-2006:0329		     8e977a243825a35ee77e22ed651bd499
mozilla-mail-1.4.3-3.0.2.s390.rpm
File outdated by:  RHSA-2006:0329		     e4afa3661f104caa24079761af089dbb
mozilla-nspr-1.4.3-3.0.2.s390.rpm
File outdated by:  RHSA-2006:0329		     18f0e4b19190656df0eab0c98121a067
mozilla-nspr-devel-1.4.3-3.0.2.s390.rpm
File outdated by:  RHSA-2006:0329		     cf3ac9649c38000fca54d319d546e298
mozilla-nss-1.4.3-3.0.2.s390.rpm
File outdated by:  RHSA-2006:0329		     695903fa5cbe21f7aa7e54fca237bcc0
mozilla-nss-devel-1.4.3-3.0.2.s390.rpm
File outdated by:  RHSA-2006:0329		     3d50c59229138d886971374d92d2927c
 
s390x:
mozilla-1.4.3-3.0.2.s390x.rpm
File outdated by:  RHSA-2006:0329		     d7b8a517df946cc4e1872468882eb28d
mozilla-chat-1.4.3-3.0.2.s390x.rpm
File outdated by:  RHSA-2006:0329		     79bf2338e9d3c6e3835137ba58db84b8
mozilla-devel-1.4.3-3.0.2.s390x.rpm
File outdated by:  RHSA-2006:0329		     c88a798cf6b3143d98e7ea35d7e4c463
mozilla-dom-inspector-1.4.3-3.0.2.s390x.rpm
File outdated by:  RHSA-2006:0329		     b76f9cc6c0c17568799c06630b6b66c9
mozilla-js-debugger-1.4.3-3.0.2.s390x.rpm
File outdated by:  RHSA-2006:0329		     ced9955739e509de217dab3e193b603d
mozilla-mail-1.4.3-3.0.2.s390x.rpm
File outdated by:  RHSA-2006:0329		     a360c8ef42f27b4b19cd4447833cd6a7
mozilla-nspr-1.4.3-3.0.2.s390x.rpm
File outdated by:  RHSA-2006:0329		     8bba98c72a31e16541f9a34b6cfd4f8c
mozilla-nspr-devel-1.4.3-3.0.2.s390x.rpm
File outdated by:  RHSA-2006:0329		     0870ce645aab9d015c68921ebee5fa1a
mozilla-nss-1.4.3-3.0.2.s390x.rpm
File outdated by:  RHSA-2006:0329		     82f324eb81988b15db97cc44bcc187f8
mozilla-nss-devel-1.4.3-3.0.2.s390x.rpm
File outdated by:  RHSA-2006:0329		     e95e7faa635d02ce0be4f3b019dc106a
 
x86_64:
mozilla-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     809d992f5b8de1d8d2929d853b01069a
mozilla-chat-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     0c4b1fd1560188277950e7df67e0c1a5
mozilla-devel-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     353be79ae25e35d1768f98c21fba07b0
mozilla-dom-inspector-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     6f29bdc0c13bdf52db9103d979eb0a19
mozilla-js-debugger-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     ea25530cfeb09b9ddb2fdcd4f270b9b4
mozilla-mail-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     86ed3c2207a0745275720a87520cf249
mozilla-nspr-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     caf8df9aa11bf0eed5d3ca3ee4d4c3fe
mozilla-nspr-devel-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     a061fd746ad180573d640051e2cf0f92
mozilla-nss-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     4139bc49b0a141edac659b62a27c7322
mozilla-nss-devel-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     9df3f9b35276f8c0bb54f3a45a994668
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
galeon-1.2.13-3.2.1.src.rpm
File outdated by:  RHSA-2006:0329		     7e094aa0324b56f4fba3ede27ae1b19b
mozilla-1.4.3-2.1.2.src.rpm
File outdated by:  RHSA-2006:0329		     66fcc1e820208b3024de369469250df5
 
IA-32:
galeon-1.2.13-3.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     d170284b6a6d01f85ee974bb6c984390
mozilla-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     57a81a30a9d79e77adec334f96e7cea9
mozilla-chat-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     fa6d63828129887e1cc3c42df47e4190
mozilla-devel-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     b13cb1114fa16a75fd81c6cb504db17e
mozilla-dom-inspector-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     9d4714cbd6c2077efa557430b8b89b63
mozilla-js-debugger-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     01686edf59fa5945b8f9ae69fa4ac5c0
mozilla-mail-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     623213465b181f6fb14698e73f9a6a89
mozilla-nspr-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     68cb569585436ce430c4aee335c01d4e
mozilla-nspr-devel-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     3c4e08b8106d4718c30fcf06e7633abc
mozilla-nss-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     494563d83a7b6a77642c73986d50092c
mozilla-nss-devel-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     fb6f0a11c5312f7822055f45c35435f2
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
mozilla-1.4.3-3.0.2.src.rpm
File outdated by:  RHSA-2006:0329		     a8fef126836c7ea73c80ac7e2792e142
 
IA-32:
mozilla-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     76e94d5ea03f131a723c97207297ee1b
mozilla-chat-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     75c2959a065a6b6ae8c90b56165e43a6
mozilla-devel-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     6c90c0a77bdbee2cb0d84be83fead1b1
mozilla-dom-inspector-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     58b9cfad95dfc69d1e0d80a23f383ad4
mozilla-js-debugger-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     431ed1323ae5217a0b31dc1f1bcca1bd
mozilla-mail-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     3a95aa702f1cc2205c10b957c3fd452e
mozilla-nspr-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     2877a54a8c7a2de5fe58b39ee626d214
mozilla-nspr-devel-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     46ccae94f0269a2b92d2b4a5d5dcd480
mozilla-nss-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     545d3867e6077c15f64aa5ee192c8d43
mozilla-nss-devel-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     f3fccea16c2bed1be5038399d0c42bad
 
IA-64:
mozilla-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     7493acb019f4cc706b6cf952444a975a
mozilla-chat-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     542bb7e67ff4eba5ed228e5db5a78f25
mozilla-devel-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     d5cbf0f7c03d71ed0c51a27430fe7f60
mozilla-dom-inspector-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     049bbde10a886f65d539579a311a24af
mozilla-js-debugger-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     1c96bbc0bbbf649e3a851b0295694847
mozilla-mail-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     cea7a67877727f4436ac554408db7832
mozilla-nspr-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     28047d1dd3264f882f9c4f8a7b628910
mozilla-nspr-devel-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     a903c680602a74dd0feaeb12b6cc32ec
mozilla-nss-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     d3ff697bca53a52fe164614d77432046
mozilla-nss-devel-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     7cd4e05706eb4b4b57f5eca3f1bc470f
 
x86_64:
mozilla-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     809d992f5b8de1d8d2929d853b01069a
mozilla-chat-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     0c4b1fd1560188277950e7df67e0c1a5
mozilla-devel-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     353be79ae25e35d1768f98c21fba07b0
mozilla-dom-inspector-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     6f29bdc0c13bdf52db9103d979eb0a19
mozilla-js-debugger-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     ea25530cfeb09b9ddb2fdcd4f270b9b4
mozilla-mail-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     86ed3c2207a0745275720a87520cf249
mozilla-nspr-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     caf8df9aa11bf0eed5d3ca3ee4d4c3fe
mozilla-nspr-devel-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     a061fd746ad180573d640051e2cf0f92
mozilla-nss-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     4139bc49b0a141edac659b62a27c7322
mozilla-nss-devel-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     9df3f9b35276f8c0bb54f3a45a994668
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
galeon-1.2.13-3.2.1.src.rpm
File outdated by:  RHSA-2006:0329		     7e094aa0324b56f4fba3ede27ae1b19b
mozilla-1.4.3-2.1.2.src.rpm
File outdated by:  RHSA-2006:0329		     66fcc1e820208b3024de369469250df5
 
IA-32:
galeon-1.2.13-3.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     d170284b6a6d01f85ee974bb6c984390
mozilla-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     57a81a30a9d79e77adec334f96e7cea9
mozilla-chat-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     fa6d63828129887e1cc3c42df47e4190
mozilla-devel-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     b13cb1114fa16a75fd81c6cb504db17e
mozilla-dom-inspector-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     9d4714cbd6c2077efa557430b8b89b63
mozilla-js-debugger-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     01686edf59fa5945b8f9ae69fa4ac5c0
mozilla-mail-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     623213465b181f6fb14698e73f9a6a89
mozilla-nspr-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     68cb569585436ce430c4aee335c01d4e
mozilla-nspr-devel-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     3c4e08b8106d4718c30fcf06e7633abc
mozilla-nss-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     494563d83a7b6a77642c73986d50092c
mozilla-nss-devel-1.4.3-2.1.2.i386.rpm
File outdated by:  RHSA-2006:0329		     fb6f0a11c5312f7822055f45c35435f2
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
mozilla-1.4.3-3.0.2.src.rpm
File outdated by:  RHSA-2006:0329		     a8fef126836c7ea73c80ac7e2792e142
 
IA-32:
mozilla-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     76e94d5ea03f131a723c97207297ee1b
mozilla-chat-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     75c2959a065a6b6ae8c90b56165e43a6
mozilla-devel-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     6c90c0a77bdbee2cb0d84be83fead1b1
mozilla-dom-inspector-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     58b9cfad95dfc69d1e0d80a23f383ad4
mozilla-js-debugger-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     431ed1323ae5217a0b31dc1f1bcca1bd
mozilla-mail-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     3a95aa702f1cc2205c10b957c3fd452e
mozilla-nspr-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     2877a54a8c7a2de5fe58b39ee626d214
mozilla-nspr-devel-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     46ccae94f0269a2b92d2b4a5d5dcd480
mozilla-nss-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     545d3867e6077c15f64aa5ee192c8d43
mozilla-nss-devel-1.4.3-3.0.2.i386.rpm
File outdated by:  RHSA-2006:0329		     f3fccea16c2bed1be5038399d0c42bad
 
IA-64:
mozilla-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     7493acb019f4cc706b6cf952444a975a
mozilla-chat-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     542bb7e67ff4eba5ed228e5db5a78f25
mozilla-devel-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     d5cbf0f7c03d71ed0c51a27430fe7f60
mozilla-dom-inspector-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     049bbde10a886f65d539579a311a24af
mozilla-js-debugger-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     1c96bbc0bbbf649e3a851b0295694847
mozilla-mail-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     cea7a67877727f4436ac554408db7832
mozilla-nspr-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     28047d1dd3264f882f9c4f8a7b628910
mozilla-nspr-devel-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     a903c680602a74dd0feaeb12b6cc32ec
mozilla-nss-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     d3ff697bca53a52fe164614d77432046
mozilla-nss-devel-1.4.3-3.0.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     7cd4e05706eb4b4b57f5eca3f1bc470f
 
x86_64:
mozilla-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     809d992f5b8de1d8d2929d853b01069a
mozilla-chat-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     0c4b1fd1560188277950e7df67e0c1a5
mozilla-devel-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     353be79ae25e35d1768f98c21fba07b0
mozilla-dom-inspector-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     6f29bdc0c13bdf52db9103d979eb0a19
mozilla-js-debugger-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     ea25530cfeb09b9ddb2fdcd4f270b9b4
mozilla-mail-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     86ed3c2207a0745275720a87520cf249
mozilla-nspr-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     caf8df9aa11bf0eed5d3ca3ee4d4c3fe
mozilla-nspr-devel-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     a061fd746ad180573d640051e2cf0f92
mozilla-nss-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     4139bc49b0a141edac659b62a27c7322
mozilla-nss-devel-1.4.3-3.0.2.x86_64.rpm
File outdated by:  RHSA-2006:0329		     9df3f9b35276f8c0bb54f3a45a994668
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
galeon-1.2.13-3.2.1.src.rpm
File outdated by:  RHSA-2006:0329		     7e094aa0324b56f4fba3ede27ae1b19b
mozilla-1.4.3-2.1.2.src.rpm
File outdated by:  RHSA-2006:0329		     66fcc1e820208b3024de369469250df5
 
IA-64:
galeon-1.2.13-3.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     e13f36d06fa5714337e074fca3a7a211
mozilla-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     7841dd11df85a69d6e03a3c4730e987c
mozilla-chat-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     b022a33b0ad1715f363b8e2be245e704
mozilla-devel-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     73599c671b8d07d86a82ae4006aeb184
mozilla-dom-inspector-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     bb57be095e37a959e8a9216820dd2fd9
mozilla-js-debugger-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     0879b99da78ee8393577ca3b17c3c95c
mozilla-mail-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     c018093969ef4ae1e26f203a67e74d87
mozilla-nspr-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     e1fe8f1eeff222e7d1cd35d305a20e4d
mozilla-nspr-devel-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     93e2cac5380515450b5201ef082fe427
mozilla-nss-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     afe930bc2c9d6174754b79d9119bc77d
mozilla-nss-devel-1.4.3-2.1.2.ia64.rpm
File outdated by:  RHSA-2006:0329		     1413ffceb82030a07863e79917c8d3ea
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

127186 - CAN-2004-0758 Overriding built-in certificate leading to error -8182 (DoS), especially exploitable by email
127338 - CAN-2004-0718 frame injection (spoofing) vuln in Mozilla before 1.7


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0765
http://bugzilla.mozilla.org/show_bug.cgi?id=236618
http://bugzilla.mozilla.org/show_bug.cgi?id=251381
http://bugzilla.mozilla.org/show_bug.cgi?id=229374
http://bugzilla.mozilla.org/show_bug.cgi?id=249004
http://bugzilla.mozilla.org/show_bug.cgi?id=241924
http://bugzilla.mozilla.org/show_bug.cgi?id=250906
http://bugzilla.mozilla.org/show_bug.cgi?id=246448
http://bugzilla.mozilla.org/show_bug.cgi?id=240053
http://bugzilla.mozilla.org/show_bug.cgi?id=162020
http://bugzilla.mozilla.org/show_bug.cgi?id=253121
http://bugzilla.mozilla.org/show_bug.cgi?id=244965
http://bugzilla.mozilla.org/show_bug.cgi?id=234058

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/