Security Advisory mozilla security update

Advisory: RHSA-2005:323-10
Type: Security Advisory
Severity: Critical
Issued on: 2005-03-23
Last updated on: 2005-03-23
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2004-0906
CVE-2004-1380
CVE-2004-1613
CVE-2005-0141
CVE-2005-0144
CVE-2005-0147
CVE-2005-0149
CVE-2005-0232
CVE-2005-0399

Details

Updated mozilla packages that fix various bugs are now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

A buffer overflow bug was found in the way Mozilla processes GIF images. It
is possible for an attacker to create a specially crafted GIF image, which
when viewed by a victim will execute arbitrary code as the victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0399 to this issue.

A bug was found in the way Mozilla displays dialog windows. It is possible
that a malicious web page which is being displayed in a background tab
could present the user with a dialog window appearing to come from the
active page. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1380 to this issue.

A bug was found in the way Mozilla allowed plug-ins to load privileged
content into a frame. It is possible that a malicious webpage could trick a
user into clicking in certain places to modify configuration settings or
execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0232 to this issue.

A bug was found in the way Mozilla Mail handles cookies when loading
content over HTTP regardless of the user's preference. It is possible that
a particular user could be tracked through the use of malicious mail
messages which load content over HTTP. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0149 to
this issue.

A bug was found in the way Mozilla responds to proxy auth requests. It is
possible for a malicious webserver to steal credentials from a victims
browser by issuing a 407 proxy authentication request. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0147 to this issue.

A bug was found in the way Mozilla handles certain start tags followed by a
NULL character. A malicious web page could cause Mozilla to crash when
viewed by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1613 to this issue.

A bug was found in the way Mozilla sets file permissions when installing
XPI packages. It is possible for an XPI package to install some files
world readable or writable, allowing a malicious local user to steal
information or execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0906 to
this issue.

A bug was found in the way Mozilla loads links in a new tab which are
middle clicked. A malicious web page could read local files or modify
privileged chrom settings. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0141 to this issue.

A bug was found in the way Mozilla displays the secure site icon. A
malicious web page can use a view-source URL targetted at a secure page,
while loading an insecure page, yet the secure site icon shows the previous
secure state. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0144 to this issue.

Users of Mozilla are advised to upgrade to this updated package which
contains Mozilla version 1.4.4 and additional backported patches to correct
these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
mozilla-1.4.4-1.3.5.src.rpm     56deb276290446e580ffd03b99f00a36
 
IA-32:
mozilla-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     d3b673160835e792151148f10fda5ed6
mozilla-chat-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     324e811245840ab2ec24307a4d0e7256
mozilla-devel-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     750a4982a9eb9094a65ada2c00caa4a1
mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     98b5256945b2da77115f9a1332222b2e
mozilla-js-debugger-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     02de930daf3662e48bbe40fef64ede15
mozilla-mail-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     bc76919e0e6cbbb9d6e3af1d8890ffa9
mozilla-nspr-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     2ed41ea030dad2f34bf005ab71d1f7a7
mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     0a92c035db2cabb1d9bcdf6d14e766ac
mozilla-nss-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     140ff2ec99a45e891adfa52c799a1a79
mozilla-nss-devel-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     17510499ca4880110cfdb82924a791a7
 
x86_64:
mozilla-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     d3b673160835e792151148f10fda5ed6
mozilla-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     d7497f99749a268d76820f09af460174
mozilla-chat-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     3315e273014d7dc28d8363e4e140eca6
mozilla-devel-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     7841d99372a61f3432a98745f707dff9
mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     c7b97fae2a4427bca52878168c0bac31
mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     f2377c82623e615338b916d1e18d2138
mozilla-mail-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     663be710f1808de2112010ae65018f61
mozilla-nspr-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     2ed41ea030dad2f34bf005ab71d1f7a7
mozilla-nspr-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     747dc266316d11a04692801353e41ac5
mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     94a2afad4561d6d18271bfe4d9b1f1db
mozilla-nss-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     140ff2ec99a45e891adfa52c799a1a79
mozilla-nss-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     72005829614f14512916a5e4e1044cff
mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     6c7c2e51226bde6c1484290e21ed1e14
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
galeon-1.2.13-6.2.1.src.rpm     bfa6d2b47049ca23b8b8b320749b7ea2
mozilla-1.4.4-1.2.3.src.rpm     492ba66de02ce249a94226f7da5cb1a8
 
IA-32:
galeon-1.2.13-6.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     640ead171aa0fc4cdf6367e63df5652c
mozilla-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     6f3df40d9ceea897b0b4d6bbcf08f32f
mozilla-chat-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     1b885fa495058785d4d726c52119ef6e
mozilla-devel-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     af7ed1e862811a591b6d70df4c21ee95
mozilla-dom-inspector-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     ae51fad443b9f7f86019f9da87534499
mozilla-js-debugger-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     b5f9b2fd48e520c0548024f062d3be4a
mozilla-mail-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     26f5a720479169d6ee2618a1df2876cf
mozilla-nspr-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     53988d7daa3f6b92dbbf8a4638fde336
mozilla-nspr-devel-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     fd1a43ab2e3dfa370989a2806ee7fa10
mozilla-nss-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     38851672d0ec94d06447bf082cf58d96
mozilla-nss-devel-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     6e826549e1c1526af249034bd6c3de26
 
IA-64:
galeon-1.2.13-6.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     32ad65318604c36cf95b25f2124ec223
mozilla-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     6cb59d01995e11204ab23a54568c9f9f
mozilla-chat-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     1f25d7f9d3c80cade1f8efd8b0ee98b7
mozilla-devel-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     01cc33ec4c371a843a411ac869f94ca0
mozilla-dom-inspector-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     5d779ebb2e5dab692710ca931fed6f79
mozilla-js-debugger-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     2fc3624b90c331946afdf14352711f27
mozilla-mail-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     e20163a2bc4cb9237735bebb5949bd09
mozilla-nspr-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     280721615940ff5cf20592b0aff50cd3
mozilla-nspr-devel-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     dedc936c50f2d93712a1a85ed391fb49
mozilla-nss-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     bb0524cc191752bbd6c1e4380d978640
mozilla-nss-devel-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     62c1a1ebb38cc6374697247699c121df
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
mozilla-1.4.4-1.3.5.src.rpm     56deb276290446e580ffd03b99f00a36
 
IA-32:
mozilla-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     d3b673160835e792151148f10fda5ed6
mozilla-chat-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     324e811245840ab2ec24307a4d0e7256
mozilla-devel-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     750a4982a9eb9094a65ada2c00caa4a1
mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     98b5256945b2da77115f9a1332222b2e
mozilla-js-debugger-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     02de930daf3662e48bbe40fef64ede15
mozilla-mail-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     bc76919e0e6cbbb9d6e3af1d8890ffa9
mozilla-nspr-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     2ed41ea030dad2f34bf005ab71d1f7a7
mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     0a92c035db2cabb1d9bcdf6d14e766ac
mozilla-nss-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     140ff2ec99a45e891adfa52c799a1a79
mozilla-nss-devel-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     17510499ca4880110cfdb82924a791a7
 
IA-64:
mozilla-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     0d7d91dad11ae959d141d18ea19b079c
mozilla-chat-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     fbd29b9381da91a7425c4c1534d7726f
mozilla-devel-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     44edbce53caa6cd7e182232209c5d40b
mozilla-dom-inspector-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     482435ed8f2a040e2ec0326909fae3c3
mozilla-js-debugger-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     532d2fd41430b9455bc3188be7c637c2
mozilla-mail-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     80db174298676c72b910f8c81c2405c3
mozilla-nspr-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     2ed41ea030dad2f34bf005ab71d1f7a7
mozilla-nspr-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     f40ffd6e3a1aeee6879ddf049060b151
mozilla-nspr-devel-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     03ca5f59bac9685b1eed7870c9f3a5a1
mozilla-nss-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     140ff2ec99a45e891adfa52c799a1a79
mozilla-nss-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     604b09728acd2bd90c2331cefd1b6ed0
mozilla-nss-devel-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     d328d20773f0af370f89a0113844557d
 
PPC:
mozilla-1.4.4-1.3.5.ppc.rpm
File outdated by:  RHSA-2006:0329		     696f7f714ea9bf4e9c85aa76fb05fc43
mozilla-chat-1.4.4-1.3.5.ppc.rpm
File outdated by:  RHSA-2006:0329		     e633b0cc0581ba5cb69307dd7c1d3501
mozilla-devel-1.4.4-1.3.5.ppc.rpm
File outdated by:  RHSA-2006:0329		     94a938d734de1cca883de9d442b9cf48
mozilla-dom-inspector-1.4.4-1.3.5.ppc.rpm
File outdated by:  RHSA-2006:0329		     c7b55219bf541e824163e816eeba3d72
mozilla-js-debugger-1.4.4-1.3.5.ppc.rpm
File outdated by:  RHSA-2006:0329		     08b74fe5d8232682ce1f35a0cf75e88e
mozilla-mail-1.4.4-1.3.5.ppc.rpm
File outdated by:  RHSA-2006:0329		     0343e582869923b903ed7ae8d56e017a
mozilla-nspr-1.4.4-1.3.5.ppc.rpm
File outdated by:  RHSA-2006:0329		     ab2df03107e250927edfc3cba6691545
mozilla-nspr-devel-1.4.4-1.3.5.ppc.rpm
File outdated by:  RHSA-2006:0329		     b2da2cdfeb834c96805884424791100e
mozilla-nss-1.4.4-1.3.5.ppc.rpm
File outdated by:  RHSA-2006:0329		     ec1ecbe8ca70613e62bfdbbedf079baf
mozilla-nss-devel-1.4.4-1.3.5.ppc.rpm
File outdated by:  RHSA-2006:0329		     ba0a5df973bc99840589cddfb616e8ad
 
s390:
mozilla-1.4.4-1.3.5.s390.rpm
File outdated by:  RHSA-2006:0329		     69c69d46957f35f9569ffbed352e14f6
mozilla-chat-1.4.4-1.3.5.s390.rpm
File outdated by:  RHSA-2006:0329		     63180be7a03aad0ca5522eadb7ff1400
mozilla-devel-1.4.4-1.3.5.s390.rpm
File outdated by:  RHSA-2006:0329		     b9610f2d1ff6aa38c02cfaad1470f83e
mozilla-dom-inspector-1.4.4-1.3.5.s390.rpm
File outdated by:  RHSA-2006:0329		     13113afec61e781a5b610e2a04456297
mozilla-js-debugger-1.4.4-1.3.5.s390.rpm
File outdated by:  RHSA-2006:0329		     5a30f4a136abc86024480c40dfadeb6a
mozilla-mail-1.4.4-1.3.5.s390.rpm
File outdated by:  RHSA-2006:0329		     c1f3021e4a7c3dcd2acda6a7e5887c54
mozilla-nspr-1.4.4-1.3.5.s390.rpm
File outdated by:  RHSA-2006:0329		     d324540741c273908a4a00936dbd59b1
mozilla-nspr-devel-1.4.4-1.3.5.s390.rpm
File outdated by:  RHSA-2006:0329		     e2d51cbdc8f6fdbf514c1a5be547c8df
mozilla-nss-1.4.4-1.3.5.s390.rpm
File outdated by:  RHSA-2006:0329		     9db13f5be1e758119e136db280f71527
mozilla-nss-devel-1.4.4-1.3.5.s390.rpm
File outdated by:  RHSA-2006:0329		     d947f511e8a48536fd2b06ee53a4cabb
 
s390x:
mozilla-1.4.4-1.3.5.s390x.rpm
File outdated by:  RHSA-2006:0329		     ff3936f6df6c69f5125ed9f2b2030cc5
mozilla-chat-1.4.4-1.3.5.s390x.rpm
File outdated by:  RHSA-2006:0329		     a462bb974a53dd44a3e894b6b343ac7e
mozilla-devel-1.4.4-1.3.5.s390x.rpm
File outdated by:  RHSA-2006:0329		     ff84589153c55746448ea1bf219f27ce
mozilla-dom-inspector-1.4.4-1.3.5.s390x.rpm
File outdated by:  RHSA-2006:0329		     99bf1ba3f5a7ecdb5723f0d8e869414b
mozilla-js-debugger-1.4.4-1.3.5.s390x.rpm
File outdated by:  RHSA-2006:0329		     407ddbbeb04586281f8ffcdbba602d0b
mozilla-mail-1.4.4-1.3.5.s390x.rpm
File outdated by:  RHSA-2006:0329		     4472d0efc6042c1ef09219f3952eb942
mozilla-nspr-1.4.4-1.3.5.s390.rpm
File outdated by:  RHSA-2006:0329		     d324540741c273908a4a00936dbd59b1
mozilla-nspr-1.4.4-1.3.5.s390x.rpm
File outdated by:  RHSA-2006:0329		     c9b3244b5f18e625cbcd5e8e78c4a655
mozilla-nspr-devel-1.4.4-1.3.5.s390x.rpm
File outdated by:  RHSA-2006:0329		     090e7e4d9e68ee705d8f91e31bfd82b3
mozilla-nss-1.4.4-1.3.5.s390.rpm
File outdated by:  RHSA-2006:0329		     9db13f5be1e758119e136db280f71527
mozilla-nss-1.4.4-1.3.5.s390x.rpm
File outdated by:  RHSA-2006:0329		     8d903c5aa0038c9c241eac3e37e99335
mozilla-nss-devel-1.4.4-1.3.5.s390x.rpm
File outdated by:  RHSA-2006:0329		     dcc2b2d9dc3499d7235eed6473c6a7fb
 
x86_64:
mozilla-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     d3b673160835e792151148f10fda5ed6
mozilla-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     d7497f99749a268d76820f09af460174
mozilla-chat-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     3315e273014d7dc28d8363e4e140eca6
mozilla-devel-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     7841d99372a61f3432a98745f707dff9
mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     c7b97fae2a4427bca52878168c0bac31
mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     f2377c82623e615338b916d1e18d2138
mozilla-mail-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     663be710f1808de2112010ae65018f61
mozilla-nspr-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     2ed41ea030dad2f34bf005ab71d1f7a7
mozilla-nspr-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     747dc266316d11a04692801353e41ac5
mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     94a2afad4561d6d18271bfe4d9b1f1db
mozilla-nss-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     140ff2ec99a45e891adfa52c799a1a79
mozilla-nss-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     72005829614f14512916a5e4e1044cff
mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     6c7c2e51226bde6c1484290e21ed1e14
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
galeon-1.2.13-6.2.1.src.rpm     bfa6d2b47049ca23b8b8b320749b7ea2
mozilla-1.4.4-1.2.3.src.rpm     492ba66de02ce249a94226f7da5cb1a8
 
IA-32:
galeon-1.2.13-6.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     640ead171aa0fc4cdf6367e63df5652c
mozilla-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     6f3df40d9ceea897b0b4d6bbcf08f32f
mozilla-chat-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     1b885fa495058785d4d726c52119ef6e
mozilla-devel-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     af7ed1e862811a591b6d70df4c21ee95
mozilla-dom-inspector-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     ae51fad443b9f7f86019f9da87534499
mozilla-js-debugger-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     b5f9b2fd48e520c0548024f062d3be4a
mozilla-mail-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     26f5a720479169d6ee2618a1df2876cf
mozilla-nspr-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     53988d7daa3f6b92dbbf8a4638fde336
mozilla-nspr-devel-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     fd1a43ab2e3dfa370989a2806ee7fa10
mozilla-nss-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     38851672d0ec94d06447bf082cf58d96
mozilla-nss-devel-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     6e826549e1c1526af249034bd6c3de26
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
mozilla-1.4.4-1.3.5.src.rpm     56deb276290446e580ffd03b99f00a36
 
IA-32:
mozilla-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     d3b673160835e792151148f10fda5ed6
mozilla-chat-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     324e811245840ab2ec24307a4d0e7256
mozilla-devel-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     750a4982a9eb9094a65ada2c00caa4a1
mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     98b5256945b2da77115f9a1332222b2e
mozilla-js-debugger-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     02de930daf3662e48bbe40fef64ede15
mozilla-mail-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     bc76919e0e6cbbb9d6e3af1d8890ffa9
mozilla-nspr-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     2ed41ea030dad2f34bf005ab71d1f7a7
mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     0a92c035db2cabb1d9bcdf6d14e766ac
mozilla-nss-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     140ff2ec99a45e891adfa52c799a1a79
mozilla-nss-devel-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     17510499ca4880110cfdb82924a791a7
 
IA-64:
mozilla-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     0d7d91dad11ae959d141d18ea19b079c
mozilla-chat-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     fbd29b9381da91a7425c4c1534d7726f
mozilla-devel-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     44edbce53caa6cd7e182232209c5d40b
mozilla-dom-inspector-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     482435ed8f2a040e2ec0326909fae3c3
mozilla-js-debugger-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     532d2fd41430b9455bc3188be7c637c2
mozilla-mail-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     80db174298676c72b910f8c81c2405c3
mozilla-nspr-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     2ed41ea030dad2f34bf005ab71d1f7a7
mozilla-nspr-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     f40ffd6e3a1aeee6879ddf049060b151
mozilla-nspr-devel-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     03ca5f59bac9685b1eed7870c9f3a5a1
mozilla-nss-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     140ff2ec99a45e891adfa52c799a1a79
mozilla-nss-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     604b09728acd2bd90c2331cefd1b6ed0
mozilla-nss-devel-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     d328d20773f0af370f89a0113844557d
 
x86_64:
mozilla-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     d3b673160835e792151148f10fda5ed6
mozilla-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     d7497f99749a268d76820f09af460174
mozilla-chat-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     3315e273014d7dc28d8363e4e140eca6
mozilla-devel-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     7841d99372a61f3432a98745f707dff9
mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     c7b97fae2a4427bca52878168c0bac31
mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     f2377c82623e615338b916d1e18d2138
mozilla-mail-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     663be710f1808de2112010ae65018f61
mozilla-nspr-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     2ed41ea030dad2f34bf005ab71d1f7a7
mozilla-nspr-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     747dc266316d11a04692801353e41ac5
mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     94a2afad4561d6d18271bfe4d9b1f1db
mozilla-nss-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     140ff2ec99a45e891adfa52c799a1a79
mozilla-nss-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     72005829614f14512916a5e4e1044cff
mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     6c7c2e51226bde6c1484290e21ed1e14
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
galeon-1.2.13-6.2.1.src.rpm     bfa6d2b47049ca23b8b8b320749b7ea2
mozilla-1.4.4-1.2.3.src.rpm     492ba66de02ce249a94226f7da5cb1a8
 
IA-32:
galeon-1.2.13-6.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     640ead171aa0fc4cdf6367e63df5652c
mozilla-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     6f3df40d9ceea897b0b4d6bbcf08f32f
mozilla-chat-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     1b885fa495058785d4d726c52119ef6e
mozilla-devel-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     af7ed1e862811a591b6d70df4c21ee95
mozilla-dom-inspector-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     ae51fad443b9f7f86019f9da87534499
mozilla-js-debugger-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     b5f9b2fd48e520c0548024f062d3be4a
mozilla-mail-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     26f5a720479169d6ee2618a1df2876cf
mozilla-nspr-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     53988d7daa3f6b92dbbf8a4638fde336
mozilla-nspr-devel-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     fd1a43ab2e3dfa370989a2806ee7fa10
mozilla-nss-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     38851672d0ec94d06447bf082cf58d96
mozilla-nss-devel-1.4.4-1.2.3.i386.rpm
File outdated by:  RHSA-2006:0329		     6e826549e1c1526af249034bd6c3de26
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
mozilla-1.4.4-1.3.5.src.rpm     56deb276290446e580ffd03b99f00a36
 
IA-32:
mozilla-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     d3b673160835e792151148f10fda5ed6
mozilla-chat-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     324e811245840ab2ec24307a4d0e7256
mozilla-devel-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     750a4982a9eb9094a65ada2c00caa4a1
mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     98b5256945b2da77115f9a1332222b2e
mozilla-js-debugger-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     02de930daf3662e48bbe40fef64ede15
mozilla-mail-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     bc76919e0e6cbbb9d6e3af1d8890ffa9
mozilla-nspr-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     2ed41ea030dad2f34bf005ab71d1f7a7
mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     0a92c035db2cabb1d9bcdf6d14e766ac
mozilla-nss-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     140ff2ec99a45e891adfa52c799a1a79
mozilla-nss-devel-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     17510499ca4880110cfdb82924a791a7
 
IA-64:
mozilla-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     0d7d91dad11ae959d141d18ea19b079c
mozilla-chat-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     fbd29b9381da91a7425c4c1534d7726f
mozilla-devel-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     44edbce53caa6cd7e182232209c5d40b
mozilla-dom-inspector-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     482435ed8f2a040e2ec0326909fae3c3
mozilla-js-debugger-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     532d2fd41430b9455bc3188be7c637c2
mozilla-mail-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     80db174298676c72b910f8c81c2405c3
mozilla-nspr-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     2ed41ea030dad2f34bf005ab71d1f7a7
mozilla-nspr-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     f40ffd6e3a1aeee6879ddf049060b151
mozilla-nspr-devel-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     03ca5f59bac9685b1eed7870c9f3a5a1
mozilla-nss-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     140ff2ec99a45e891adfa52c799a1a79
mozilla-nss-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     604b09728acd2bd90c2331cefd1b6ed0
mozilla-nss-devel-1.4.4-1.3.5.ia64.rpm
File outdated by:  RHSA-2006:0329		     d328d20773f0af370f89a0113844557d
 
x86_64:
mozilla-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     d3b673160835e792151148f10fda5ed6
mozilla-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     d7497f99749a268d76820f09af460174
mozilla-chat-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     3315e273014d7dc28d8363e4e140eca6
mozilla-devel-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     7841d99372a61f3432a98745f707dff9
mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     c7b97fae2a4427bca52878168c0bac31
mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     f2377c82623e615338b916d1e18d2138
mozilla-mail-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     663be710f1808de2112010ae65018f61
mozilla-nspr-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     2ed41ea030dad2f34bf005ab71d1f7a7
mozilla-nspr-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     747dc266316d11a04692801353e41ac5
mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     94a2afad4561d6d18271bfe4d9b1f1db
mozilla-nss-1.4.4-1.3.5.i386.rpm
File outdated by:  RHSA-2006:0329		     140ff2ec99a45e891adfa52c799a1a79
mozilla-nss-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     72005829614f14512916a5e4e1044cff
mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm
File outdated by:  RHSA-2006:0329		     6c7c2e51226bde6c1484290e21ed1e14
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
galeon-1.2.13-6.2.1.src.rpm     bfa6d2b47049ca23b8b8b320749b7ea2
mozilla-1.4.4-1.2.3.src.rpm     492ba66de02ce249a94226f7da5cb1a8
 
IA-64:
galeon-1.2.13-6.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     32ad65318604c36cf95b25f2124ec223
mozilla-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     6cb59d01995e11204ab23a54568c9f9f
mozilla-chat-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     1f25d7f9d3c80cade1f8efd8b0ee98b7
mozilla-devel-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     01cc33ec4c371a843a411ac869f94ca0
mozilla-dom-inspector-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     5d779ebb2e5dab692710ca931fed6f79
mozilla-js-debugger-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     2fc3624b90c331946afdf14352711f27
mozilla-mail-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     e20163a2bc4cb9237735bebb5949bd09
mozilla-nspr-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     280721615940ff5cf20592b0aff50cd3
mozilla-nspr-devel-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     dedc936c50f2d93712a1a85ed391fb49
mozilla-nss-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     bb0524cc191752bbd6c1e4380d978640
mozilla-nss-devel-1.4.4-1.2.3.ia64.rpm
File outdated by:  RHSA-2006:0329		     62c1a1ebb38cc6374697247699c121df
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

145597 - CAN-2005-0141 Link opened in new tab can load a local file
145609 - CAN-2005-0144 Secure site lock can be spoofed with view-source:
145610 - CAN-2004-1380 Input stealing from other tabs (CAN-2004-1381)
145614 - CAN-2005-0147 Browser responds to proxy auth request from non-proxy server (ssl/https)
145615 - CAN-2005-0149 Mail responds to cookie requests
151209 - CAN-2005-0399 mozilla GIF buffer overflow
151492 - CAN-2004-1613 Mozilla start tag NULL character DoS
151494 - CAN-2004-0906 Mozilla XPI installer insecure file creation
151496 - CAN-2005-0232 fireflashing vulnerability (CAN-2005-0527)


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0399

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/