Cross-Reference Table to help keep issues straight:
- MFSA (Mozilla Foundation Security Advisory) #
- MozBug (Mozilla's Bugzilla Ticket) #
- BID (SecurityFocus Bug IDentifier) #
- CVE (Common Vulnerabilities and Exposures) #
- RHSA (Red Hat Security Advisory) #
- Version - Moz (Fixed in RHEL Mozilla version) ("17C" is hex for 1.7.12)
- Version - Fox (Fixed in RHEL Firefox version) ("107" is 1.0.7)
Version
Severity CVE # MFSA MozBug# BID RHSA-2005: # Moz Fox Title
======== ============= ============ ====== ===== ============= === === ========
Critical CAN-2005-2871 MFSA 2005-57 307259 14784 768, 769 17A 106 IDN Remote Buffer Overflow
Severe CAN-2005-2968 MFSA 2005-59 307185 N/A 785 n/a 107 Command-line handling on Linux allows shell execution
(affects RH Firefox only, not RH Mozilla)
Moderate CAN-2005-2704 MFSA 2005-58 299518 14921 789, 785 17C 107 DOM Objects Spoofing Vulnerability
Moderate CAN-2005-2703 MFSA 2005-58 297078 14923 789, 785 17C 107 XMLHttp Header Spoofing
302263
RegressionCAN-2005-3089 MFSA 2005-58 302100 14924 789, 785 17C 107 Proxy Auto-Config Script Handling Remote DoS
Critical CAN-2005-2701 MFSA 2005-58 300936 14916 789, 785 17C 107 Heap overrun in XBM image processing
Severe CAN-2005-2705 MFSA 2005-58 303213 14917 789, 785 17C 107 JavaScript integer overflow
Critical CAN-2005-2702 MFSA 2005-58 296134 14918 789, 785 17C 107 Zero-Width Non-Joiner Stack Corruption
Severe CAN-2005-2707 MFSA 2005-58 306804 14919 789, 785 17C 107 Chrome window spoofing
Severe CAN-2005-2706 MFSA 2005-58 304754 14920 789, 785 17C 107 Chrome Page Loading Restriction Bypass
306261 (aka Privilege escalation using about: scheme)
==================================================================================================================================
These vulnerabilities have resulted in these Red Hat errata packages:
* firefox - FEDORA-2005-926 (FC4) - firefox-1.0.7-1.1.fc4.src.rpm
FEDORA-2005-931 (FC3) - firefox-1.0.7-1.1.fc3.src.rpm
RHSA-2005-785 (RHEL4)- firefox-1.0.7-1.4.1.src.rpm
* mozilla - FEDORA-2005-927 (FC4) - mozilla-1.7.12-1.5.1.src.rpm
FEDORA-2005-932 (FC3) - mozilla-1.7.12-1.3.1.src.rpm
RHSA-2005-789 (RHEL2.1)- mozilla-1.7.12-1.1.2.2.src.rpm
RHSA-2005-789 (RHEL3) - mozilla-1.7.12-1.1.3.2.src.rpm
RHSA-2005-789 (RHEL4) - mozilla-1.7.12-1.4.1.src.rpm
* devhelp - FEDORA-2005-928 (FC4) - devhelp-0.10-1.4.2.src.rpm
FEDORA-2005-933 (FC3) - devhelp-0.9.2-2.3.6.src.rpm
RHSA-2005-789 (RHEL4) - devhelp-0.9.2-2.4.7.src.rpm
* epiphany- FEDORA-2005-929 (FC4) - epiphany-1.6.5-2.src.rpm
FEDORA-2005-934 (FC3) - epiphany-1.4.9-1.src.rpm
* yelp - FEDORA-2005-930 (FC4) - yelp-2.10.0-1.4.2.src.rpm
(FC3 and lower don't use Mozilla for yelp.)
* galeon - RHSA-2005-789 (RHEL2.1)- galeon-1.2.14-1.2.7.src.rpm