Cross-Reference Table to help keep issues straight: - MFSA (Mozilla Foundation Security Advisory) # - MozBug (Mozilla's Bugzilla Ticket) # - BID (SecurityFocus Bug IDentifier) # - CVE (Common Vulnerabilities and Exposures) # - RHSA (Red Hat Security Advisory) # - Version - Moz (Fixed in RHEL Mozilla version) ("17C" is hex for 1.7.12) - Version - Fox (Fixed in RHEL Firefox version) ("107" is 1.0.7) Version Severity CVE # MFSA MozBug# BID RHSA-2005: # Moz Fox Title ======== ============= ============ ====== ===== ============= === === ======== Critical CAN-2005-2871 MFSA 2005-57 307259 14784 768, 769 17A 106 IDN Remote Buffer Overflow Severe CAN-2005-2968 MFSA 2005-59 307185 N/A 785 n/a 107 Command-line handling on Linux allows shell execution (affects RH Firefox only, not RH Mozilla) Moderate CAN-2005-2704 MFSA 2005-58 299518 14921 789, 785 17C 107 DOM Objects Spoofing Vulnerability Moderate CAN-2005-2703 MFSA 2005-58 297078 14923 789, 785 17C 107 XMLHttp Header Spoofing 302263 RegressionCAN-2005-3089 MFSA 2005-58 302100 14924 789, 785 17C 107 Proxy Auto-Config Script Handling Remote DoS Critical CAN-2005-2701 MFSA 2005-58 300936 14916 789, 785 17C 107 Heap overrun in XBM image processing Severe CAN-2005-2705 MFSA 2005-58 303213 14917 789, 785 17C 107 JavaScript integer overflow Critical CAN-2005-2702 MFSA 2005-58 296134 14918 789, 785 17C 107 Zero-Width Non-Joiner Stack Corruption Severe CAN-2005-2707 MFSA 2005-58 306804 14919 789, 785 17C 107 Chrome window spoofing Severe CAN-2005-2706 MFSA 2005-58 304754 14920 789, 785 17C 107 Chrome Page Loading Restriction Bypass 306261 (aka Privilege escalation using about: scheme) ================================================================================================================================== These vulnerabilities have resulted in these Red Hat errata packages: * firefox - FEDORA-2005-926 (FC4) - firefox-1.0.7-1.1.fc4.src.rpm FEDORA-2005-931 (FC3) - firefox-1.0.7-1.1.fc3.src.rpm RHSA-2005-785 (RHEL4)- firefox-1.0.7-1.4.1.src.rpm * mozilla - FEDORA-2005-927 (FC4) - mozilla-1.7.12-1.5.1.src.rpm FEDORA-2005-932 (FC3) - mozilla-1.7.12-1.3.1.src.rpm RHSA-2005-789 (RHEL2.1)- mozilla-1.7.12-1.1.2.2.src.rpm RHSA-2005-789 (RHEL3) - mozilla-1.7.12-1.1.3.2.src.rpm RHSA-2005-789 (RHEL4) - mozilla-1.7.12-1.4.1.src.rpm * devhelp - FEDORA-2005-928 (FC4) - devhelp-0.10-1.4.2.src.rpm FEDORA-2005-933 (FC3) - devhelp-0.9.2-2.3.6.src.rpm RHSA-2005-789 (RHEL4) - devhelp-0.9.2-2.4.7.src.rpm * epiphany- FEDORA-2005-929 (FC4) - epiphany-1.6.5-2.src.rpm FEDORA-2005-934 (FC3) - epiphany-1.4.9-1.src.rpm * yelp - FEDORA-2005-930 (FC4) - yelp-2.10.0-1.4.2.src.rpm (FC3 and lower don't use Mozilla for yelp.) * galeon - RHSA-2005-789 (RHEL2.1)- galeon-1.2.14-1.2.7.src.rpm