The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Firefox 1.0: several vulnerabilities

Synthesis of the vulnerability 

Several vulnerabilities were announced in Firefox, the worst one leading to code execution.
Impacted systems: Debian, Fedora, Tru64 UNIX, HP-UX, Mandriva Linux, Firefox, Mozilla Suite, openSUSE, Solaris, Trusted Solaris, RHEL, RedHat Linux, Slackware.
Severity of this alert: 4/4.
Number of vulnerabilities in this bulletin: 21.
Creation date: 14/04/2006.
Références of this alert: 102550, 20060404-01-U, 228526, 6424579, BID-17516, c00672120, c00679472, CERTA-2002-AVI-144, CERTA-2006-AVI-156, CVE-2006-0292, CVE-2006-0293, CVE-2006-0296, CVE-2006-0748, CVE-2006-0749, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731, CVE-2006-1732, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1736, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1740, CVE-2006-1741, CVE-2006-1742, DSA-1044-1, DSA-1046-1, FEDORA-2006-410, FEDORA-2006-486, FEDORA-2006-487, FEDORA-2006-488, FEDORA-2006-489, FEDORA-2006-490, FEDORA-2006-491, FEDORA-2006-492, FEDORA-2006-493, FEDORA-2006-494, FEDORA-2006-495, FLSA:189137-1, FLSA:189137-2, FLSA-2006:189137-1, FLSA-2006:189137-2, HPSBTU02118, HPSBUX02122, MDKSA-2006:075, MDKSA-2006:076, MFSA2006-01, MFSA2006-03, MFSA2006-05, MFSA2006-09, MFSA2006-10, MFSA2006-11, MFSA2006-12, MFSA2006-13, MFSA2006-14, MFSA2006-15, MFSA2006-16, MFSA2006-17, MFSA2006-18, MFSA2006-19, MFSA2006-22, MFSA2006-23, MFSA2006-24, MFSA2006-25, MFSA2006-27, RHSA-2006:032, RHSA-2006:0328-01, RHSA-2006:0329-01, SSA:2006-114-01, SSRT061145, SSRT061158, SUSE-SA:2006:021, VIGILANCE-VUL-5771, ZDI-06-009, ZDI-06-010, ZDI-06-011.

Description of the vulnerability 

Several vulnerabilities were announced in Firefox 1.0.

An attacker can invite user to run a malicious Javascript code to conduct a denial of service or to run code (MFSA 2006-01, CVE-2006-0292, CVE-2006-0293, VIGILANCE-VUL-5578).

An attacker can generate an overflow in history.dat (MFSA 2006-03, CVE-2005-4134, VIGILANCE-VUL-5417).

An attacker can inject Javascript code to be run on starting (MFSA 2006-05, CVE-2006-0296, VIGILANCE-VUL-5581).

An attacker can inject Javascript code using events handler (MFSA 2006-09, CVE-2006-1741).

An attacker can corrupt memory during garbage collection (MFSA 2006-10, CVE-2006-1742).

Several memory corruptions lead to code execution (MFSA 2006-11, CVE-2006-1739, CVE-2006-1538, CVE-2006-1737).

An attacker can spoof secure site indicator (MFSA 2006-12, CVE-2006-1740).

An attacker can store an executable program on user's computer by inviting him to download an image (MFSA 2006-13, CVE-2006-1736).

An attacker can elevate his privileges using XBL.method.eval (MFSA 2006-14, CVE-2006-1735).

An attacker can run privileged Javascript with Object.watch() (MFSA 2006-15, CVE-2006-1734).

An attacker can install a malicious program via valueOf.call() (MFSA 2006-16, CVE-2006-1733).

An attacker can conduct a Cross Site Scripting attack via window.controllers (MFSA 2006-17, CVE-2006-1732).

An attacker can corrupt memory by changing tag order (MFSA 2006-18, CVE-2006-0749).

An attacker can conduct a Cross Site Scripting attack via valueOf.call() (MFSA 2006-19, CVE-2006-1731).

An integer overflow occurs in CSS letter-spacing property (MFSA 2006-22, CVE-2006-1730).

An attacker can obtain a file located on user's computer using a text form (MFSA 2006-23, CVE-2006-1729).

An attacker can increase his privileges using crypto.generateCRMFRequest (MFSA 2006-24, CVE-2006-1728).

An attacker can obtain chrome privileges using Print Preview (MFSA 2006-25, CVE-2006-1727).

An attacker can corrupt memory by changing tag order (MFSA 2006-27, CVE-2006-0748).
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security note impacts software or systems such as Debian, Fedora, Tru64 UNIX, HP-UX, Mandriva Linux, Firefox, Mozilla Suite, openSUSE, Solaris, Trusted Solaris, RHEL, RedHat Linux, Slackware.

Our Vigil@nce team determined that the severity of this threat announce is critical.

The trust level is of type confirmed by the editor, with an origin of internet server.

This bulletin is about 21 vulnerabilities.

An attacker with a expert ability can exploit this computer weakness announce.

Solutions for this threat 

Firefox: version 1.0.8.
Version 1.0.8 is corrected:
  http://www.mozilla.org/

Mozilla: version 1.7.13.
Version 1.7.13 is corrected:
  http://www.mozilla.org/releases/mozilla1.7.13/

Debian: new mozilla-firefox packages.
New packages are available:
  AMD64 architecture:
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_amd64.deb
      Size/MD5 checksum: 9400894 d9033861dc839d0a763928271efb566d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_amd64.deb
      Size/MD5 checksum: 162910 5dc9795fae9b8f6d2cc3cb790c6250e5
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_amd64.deb
      Size/MD5 checksum: 58514 c7964d89cec3da753c6a553e6695416a
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_i386.deb
      Size/MD5 checksum: 8896526 b7a91a72476842c9b6798fceb791c20c
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_i386.deb
      Size/MD5 checksum: 158156 27b8ea4761567e6e71cb0f888995dc1c
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_i386.deb
      Size/MD5 checksum: 55380 88fe805a1c81b705d8146c3c11ba0540
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_ia64.deb
      Size/MD5 checksum: 11628466 f42dffd9e863f7a373f14b0b7276239e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_ia64.deb
      Size/MD5 checksum: 168490 ad2f05cc5e1b32113eb27b02623ab8d2
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_ia64.deb
      Size/MD5 checksum: 63188 cd0e85bb099ffebfa50cfa5db021a09b

Debian: new mozilla packages.
New packages are available:
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 170350 1890d8f6cf1f6d7d3f24862b8b236d5e
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 136640 cb2ab0bf38cc5afff64327cbf4f79fbe
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 187128 af578fd816c0534baa15529168dd1170
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 661394 3a94641ec0f1b8bebbed0b428f40e3e8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 1030 42b5cb15c988c9d2328e6be2266dda42
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 10332780 89748f75d483a5b4905e842cf85081a6
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 403506 3b03c89eec36142148548f7cd64e5d12
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 158344 d36c1032ddd6ba8051ad27786662525a
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 3592688 f30a67ca521067cde834d346b4646c1b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 116678 dda364a06fa45c104c5222988b826a6b
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 204156 2a7e71b2393ddee06457536053b6f426
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 1816066 cdc0f8d06a00c14337ad20178284685c
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_i386.deb
      Size/MD5 checksum: 192632 26c12b2f1e572cc70ab80fae0a20d75f
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 168070 088af473a08b7478a172e483ffe0a3cb
    http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 174160 255499b7e29813343a088957bc4e450e
    http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 184942 6ebb70d67e23a8ff659ec788048c558d
    http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 966574 fa7081da19e2c59b89c5b47d70314a38
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 1032 dac2c365bc58d57275205fbecd04d2f2
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 12943234 f0e1ea934e597443636be3dc1f8323bc
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 403274 d519dfad807b19794742e6723f6872c8
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 158334 c729929af3c1879ab058541227487677
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 3377040 de356df345ed8ab5ce2a970827990b0d
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 125582 9975c43ca6954d98309ab11ac03aadd4
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 204158 fa835bffaf5008bccdcd62ff2114a481
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 2302210 db2d6cd804c0372eafba307436cd9296
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_ia64.deb
      Size/MD5 checksum: 242664 b8a9d7bba6700b6cb700187bbed51102

Fedora Core 3: new firefox packages.
New packages are available:
Fedora Core 3:
SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/firefox-1.0.8-1.1.fc3.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/firefox-1.0.8-1.1.fc3.1.legacy.i386.rpm
x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/firefox-1.0.8-1.1.fc3.1.legacy.x86_64.rpm

Fedora Core 4: new firefox packages.
New packages are available:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
edc9582da8796f9658ed0478a474a5461c3d2a8f SRPMS/firefox-1.0.8-1.1.fc4.src.rpm
22f31a6966879e2b2a62a30f369c8e99ddcd0e7d ppc/firefox-1.0.8-1.1.fc4.ppc.rpm
8c8b61fcf154efdaf1cb630ecafb3ab1b95dfc03 ppc/debug/firefox-debuginfo-1.0.8-1.1.fc4.ppc.rpm
52ee41a4eefbfa8b0a139476b2d1b8a78d5ddc2b x86_64/firefox-1.0.8-1.1.fc4.x86_64.rpm
46b5a14188582e1760ca3bb4c3bb27be041fdeb1 x86_64/debug/firefox-debuginfo-1.0.8-1.1.fc4.x86_64.rpm
7ea4c55ba11869f85ca89a4b406a712e51c75c34 i386/firefox-1.0.8-1.1.fc4.i386.rpm
9b34e30b7c4ec287b823197e5b039d711fdcd5de i386/debug/firefox-debuginfo-1.0.8-1.1.fc4.i386.rpm

Fedora Core: new mozilla, thunderbird, epiphany, devhelp, yelp packages.
New packages are available, and decrisbed in message below.

HP-UX: version 1.7.13 of Mozilla.
Version 1.7.13 is available:
  http://www.hp.com/go/mozilla

Mandriva Corporate 3.0: new mozilla packages.
New packages are available:
 Corporate 3.0:
 81dce00119439ab171593eb2976fe547 corporate/3.0/RPMS/libnspr4-1.7.8-0.8.C30mdk.i586.rpm
 c0e04b64accc75483ca0795af33562be corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.8.C30mdk.i586.rpm
 288e4e8379aa0d7cc56327ba60035e0a corporate/3.0/RPMS/libnss3-1.7.8-0.8.C30mdk.i586.rpm
 c1bac96a978df5d75cfd7887a09144d5 corporate/3.0/RPMS/libnss3-devel-1.7.8-0.8.C30mdk.i586.rpm
 0d06c6a4520068a368cf48e3f407c74e corporate/3.0/RPMS/mozilla-1.7.8-0.8.C30mdk.i586.rpm
 73f9e85c4556834db6ef9333b98beef0 corporate/3.0/RPMS/mozilla-devel-1.7.8-0.8.C30mdk.i586.rpm
 6939f71693b40125b5c3dd0534441d4a corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.8.C30mdk.i586.rpm
 cb3df735d1ce023dd9cfeed26889c91b corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.8.C30mdk.i586.rpm
 7aee6465cb0a42c6561b3c3deac96c8d corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.8.C30mdk.i586.rpm
 01ec6255f2071d246ef76a11b2844c8e corporate/3.0/RPMS/mozilla-irc-1.7.8-0.8.C30mdk.i586.rpm
 8d4075f4c1c9cd4f613a68ff15f09d85 corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.8.C30mdk.i586.rpm
 cc4bcc8c9c19557513ef30d96150b9fe corporate/3.0/RPMS/mozilla-mail-1.7.8-0.8.C30mdk.i586.rpm
 05ab0503358b30c10dba88bb916473be corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.8.C30mdk.i586.rpm
 ddccba24ecfaa9f82167a7bb5c9c71ad corporate/3.0/SRPMS/mozilla-1.7.8-0.8.C30mdk.src.rpm
 Corporate 3.0/X86_64:
 9a8e62df1100fa84600706050870a63e x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.8.C30mdk.x86_64.rpm
 17c9c8233a462fc91061554c0a0ef451 x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.8.C30mdk.x86_64.rpm
 efa25dec22975bab70c748d07e0a3c75 x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.8.C30mdk.x86_64.rpm
 38de0287eaf7ed9f2e319cbcc042dcdf x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.8.C30mdk.x86_64.rpm
 18393cfe8c07b958e52a6f0f2b506e53 x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.8.C30mdk.x86_64.rpm
 e6aea2fc34c466383781cb6487964cc0 x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.8.C30mdk.x86_64.rpm
 be9a4c7519f064b07b48ea9556866f74 x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.8.C30mdk.x86_64.rpm
 085cc65fea8f657875c5024c0d964a5d x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.8.C30mdk.x86_64.rpm
 1b6244b6bf96093518937ccf8dcd33c6 x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.8.C30mdk.x86_64.rpm
 e66333a5573e85f32effe85a01a64a27 x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.8.C30mdk.x86_64.rpm
 4bfb009ca3dcdc90ff1eb2f244cafdc4 x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.8.C30mdk.x86_64.rpm
 caddf105e2756d3bebf74ad2f4e8a0d6 x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.8.C30mdk.x86_64.rpm
 f1551cc11e1e75be6d25cf2f53070ac0 x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.8.C30mdk.x86_64.rpm
 ddccba24ecfaa9f82167a7bb5c9c71ad x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.8.C30mdk.src.rpm

Mandriva: new mozilla-firefox packages.
New packages are available:
 
 Mandriva Linux 2006.0:
 3780668e99350fecb7e1da24330b7bed 2006.0/RPMS/libnspr4-1.0.6-16.5.20060mdk.i586.rpm
 e322c361441c540c473c17be628c56c5 2006.0/RPMS/libnspr4-devel-1.0.6-16.5.20060mdk.i586.rpm
 5e7771258e4019de67912afd88201043 2006.0/RPMS/libnss3-1.0.6-16.5.20060mdk.i586.rpm
 3b8d26864055478f01723e33a2dd060a 2006.0/RPMS/libnss3-devel-1.0.6-16.5.20060mdk.i586.rpm
 9a5e293de59e94a574f596215c06d7a1 2006.0/RPMS/mozilla-firefox-1.0.6-16.5.20060mdk.i586.rpm
 40de607b8c6fb7a9fcbe09cf194fa306 2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.5.20060mdk.i586.rpm
 70205ca1a829e0be5f571376c492dc93 2006.0/SRPMS/mozilla-firefox-1.0.6-16.5.20060mdk.src.rpm
 Mandriva Linux 2006.0/X86_64:
 bb30c3560134a888a041faa548e80a93 x86_64/2006.0/RPMS/lib64nspr4-1.0.6-16.5.20060mdk.x86_64.rpm
 30e61853b74326055712d1021f15cec8 x86_64/2006.0/RPMS/lib64nspr4-devel-1.0.6-16.5.20060mdk.x86_64.rpm
 271a6b04c6dbbc4e5eb814dd3c682801 x86_64/2006.0/RPMS/lib64nss3-1.0.6-16.5.20060mdk.x86_64.rpm
 25c9a54f6f77823d37da854e55bac42d x86_64/2006.0/RPMS/lib64nss3-devel-1.0.6-16.5.20060mdk.x86_64.rpm
 70f565e72131379186f742049453158c x86_64/2006.0/RPMS/mozilla-firefox-1.0.6-16.5.20060mdk.x86_64.rpm
 6ca25ff70f4fb687bcce8d295b4e7a71 x86_64/2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.5.20060mdk.x86_64.rpm
 70205ca1a829e0be5f571376c492dc93 x86_64/2006.0/SRPMS/mozilla-firefox-1.0.6-16.5.20060mdk.src.rpm

Red Hat Linux, Fedora Core: new mozilla packages.
New packages are available:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.7.13-0.73.1.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.6.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-debugger-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-devel-1.7.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/galeon-1.2.14-0.73.6.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.7.13-0.90.1.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/galeon-1.2.14-0.90.6.legacy.src.rpM
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-inspector-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debugger-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-devel-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-devel-1.7.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/galeon-1.2.14-0.90.6.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.7.13-1.1.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.6.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-inspector-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debugger-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-devel-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-devel-1.7.13-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/epiphany-1.0.8-1.fc1.6.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mozilla-1.7.13-1.2.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.7.legacy.src.rpm
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.10.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-chat-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-devel-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-dom-inspector-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-js-debugger-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-mail-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-devel-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-devel-1.7.13-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/epiphany-1.2.10-0.2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-0.9.1-0.2.10.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-devel-0.9.1-0.2.10.legacy.i386.rpm
Fedora Core 3:
SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/mozilla-1.7.13-1.3.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/epiphany-1.4.9-1.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/devhelp-0.9.2-2.3.7.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-chat-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-devel-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-dom-inspector-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-js-debugger-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-mail-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-devel-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-devel-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/epiphany-1.4.9-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/epiphany-devel-1.4.9-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/devhelp-0.9.2-2.3.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/devhelp-devel-0.9.2-2.3.7.legacy.i386.rpm
x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-chat-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-devel-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-js-debugger-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-mail-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.13-1.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-devel-1.7.13-1.3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/epiphany-1.4.9-1.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/epiphany-devel-1.4.9-1.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/devhelp-0.9.2-2.3.7.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/devhelp-devel-0.9.2-2.3.7.legacy.x86_64.rpm

RHEL 4: new firefox packages.
New packages are available:
Red Hat Enterprise Linux version 4: firefox-1.0.8-1.4.1

RHEL: new mozilla, galeon packages.
New packages are available:
Red Hat Enterprise Linux version 2.1:
  galeon-1.2.14-1.2.8
  mozilla-1.7.13-1.1.2.2
Red Hat Enterprise Linux version 3:
  mozilla-1.7.13-1.1.3.1
Red Hat Enterprise Linux version 4:
  devhelp-0.9.2-2.4.8
  mozilla-1.7.13-1.4.1

SGI ProPack 3: new freeradius, Mozilla, openmotif packages.
Patch 10302 is corrected.
New packages are also available:
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

Slackware: new mozilla packages.
New packages are available:
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-1.7.13-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-plugins-1.7.13-noarch-1.tgz
Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-1.7.13-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-plugins-1.7.13-noarch-1.tgz
Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-1.7.13-i486-1.tgz
Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-1.7.13-i486-1.tgz

Solaris: patch for Mozilla.
A patch is available:
SPARC
 - Mozilla 1.7 (Solaris 8, 9) : patch 120671-02
 - Mozilla 1.7 (Solaris 10) : patch 119115-19
x86
 - Mozilla 1.7 (Solaris 8, 9) : patch 120672-02
 - Mozilla 1.7 (Solaris 10) : patch 119116-19

SUSE: new MozillaFirefox, mozilla packages.
New packages are available:
   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-1.0.8-0.2.i586.rpm
         fb4052fec7c505cf978cf93b743c47e7
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-translations-1.0.8-0.2.i586.rpm
         03e0b30e4fd923cab1293709f151de01
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-1.7.11-9.5.i586.rpm
         3665a2a745b4900144a870b9bb31f874
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-calendar-1.7.11-9.5.i586.rpm
         2e652d6bdcf018d1aac6129048b6e1b0
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-devel-1.7.11-9.5.i586.rpm
         d5609133dd3fd5d04fdf387b713359cf
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-dom-inspector-1.7.11-9.5.i586.rpm
         084cae3650042f37cf431ff78c180cf5
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-irc-1.7.11-9.5.i586.rpm
         410f4b58bb649ddc9a348b22bea45806
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-mail-1.7.11-9.5.i586.rpm
         aded919e26dd202c071bde6db2c21348
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-spellchecker-1.7.11-9.5.i586.rpm
         ba9bfb8fcb10c815501dcf97f926d0d2
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-venkman-1.7.11-9.5.i586.rpm
         0390a6e264029285de559601d349b08e
   SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-1.0.8-0.2.i586.rpm
         f05d8e788e1260c1cd03db8bdd0c97a9
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-translations-1.0.8-0.2.i586.rpm
         f56204a4ce738fcba25eab5f01fb0d1f
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-1.7.5-17.10.i586.rpm
         ca4ca4dbef3a034aec1c803d44afc59b
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-calendar-1.7.5-17.10.i586.rpm
         e2977217997dedb4355eed936c6ddf8e
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-devel-1.7.5-17.10.i586.rpm
         e42f758657c7c463b8828824bc7b1c01
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-dom-inspector-1.7.5-17.10.i586.rpm
         dea4ed050a93d4bd6e22cabda1ff3f07
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-irc-1.7.5-17.10.i586.rpm
         d6fae5fa01350cac1c8f89461c0b4c3b
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-mail-1.7.5-17.10.i586.rpm
         fe17c90d8d452597322c7a84152642fb
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-spellchecker-1.7.5-17.10.i586.rpm
         35bf127628cf57484199aa93da8af587
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-venkman-1.7.5-17.10.i586.rpm
         739736bdd0320bf63ac51816c300eed5
   SUSE LINUX 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-1.0.8-0.2.i586.rpm
         3bdb5eb69e19c6550d27e53e108163bd
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-translations-1.0.8-0.2.i586.rpm
         533b00705c7c71cd9c0a7ef6e0111551
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-1.2.10-0.6.i586.rpm
         4166cec3090b0b9bb62872a4c32068e1
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-doc-1.2.10-0.6.i586.rpm
         ac383edcd500e7ad90886d2d4fb88463
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-extensions-0.8.2-4.7.i586.rpm
         4da7e16ff221ed507c27eed2b4e860a0
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-extensions-devel-0.8.2-4.7.i586.rpm
         b1febedbed9828e39e5fb5f7ac8866ad
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/galeon-1.3.19-6.3.i586.rpm
         d2afd4022d30c4cd285ab62cca32cefc
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-1.7.2-17.17.i586.rpm
         fe8903a19d08107d2ed1554aaea24443
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-calendar-1.7.2-17.17.i586.rpm
         4382ceace35e0ffd70f8422f09172b80
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-devel-1.7.2-17.17.i586.rpm
         c9968cca9468bfed3122174372aa7abc
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-dom-inspector-1.7.2-17.17.i586.rpm
         90d4a422d29f4a32f006184293987a87
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-irc-1.7.2-17.17.i586.rpm
         4615c8bda70a37c3aebf9a8677fe2a55
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-mail-1.7.2-17.17.i586.rpm
         032fe54bf4d0c318037cf3e021087a13
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-spellchecker-1.7.2-17.17.i586.rpm
         14c66250ea87a591cb5c7b6203a4f4db
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-venkman-1.7.2-17.17.i586.rpm
         46f294d0c19049c46d4f2624d7869d84
   SUSE LINUX 9.1:
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-1.0.8-0.2.i586.rpm
         c2e2d1dfe3794e305d3360250e09b402
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-translations-1.0.8-0.2.i586.rpm
         918d453f97b00a03a428e72245db345f
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-1.7.8-5.20.i586.rpm
         a6612bfcd38921697ca7ca51d7a76773
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-calendar-1.7.8-5.20.i586.rpm
         c22b7d0f8849dcc4035c8ea5bc7f87c4
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-cs-1.7.5-4.6.i586.rpm
         aa9907a5db6b35b26fa33e64de996bdf
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-deat-1.7.6-0.6.i586.rpm
         a8360af34d190e1fd56f086e11a5dfc4
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-devel-1.7.8-5.20.i586.rpm
         a7105f26820e4dd8b79775b6de6e8311
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-dom-inspector-1.7.8-5.20.i586.rpm
         037fc7410258acabde9d16bb780a38ff
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-hu-1.78-0.7.i586.rpm
         e493b493eb10ec106a2aae5bfbcb7a59
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-irc-1.7.8-5.20.i586.rpm
         9a5a53dca8fb9fc1fc47e7c20a038b6f
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-ja-1.7.7-0.7.i586.rpm
         3f57af2b99449d03b2bf4bac79dde333
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-ko-1.75-0.7.i586.rpm
         c70be9ea00333bc39692cf76b4fc9bd1
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-mail-1.7.8-5.20.i586.rpm
         b52c57df906a390ad28761f52528871f
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-spellchecker-1.7.8-5.20.i586.rpm
         aecc152da7c5f08008162b29d3558708
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-venkman-1.7.8-5.20.i586.rpm
         f8a44e8c3819288f3bc93c6bbcfd1b7e

Tru64 UNIX: version Firefox, Mozilla.
Following versions are corrected (but contain the VIGILANCE-VUL-5889 vulnerabilities recently announced):
Mozilla 1.7.13
  Location: http://h30097.www3.hp.com/internet/download.htm#mozilla
  Name: mozilla1713.tar.gz
  MD5 Checksum: a3a2694eb767b1ef2623da1783183357
Firefox 1.5.0.3
  Location: http://h30097.www3.hp.com/internet/download.htm#firefox1503
  Name: firefox1503.tar.gz
  MD5 Checksum: caedd963353eb9096f7b3cfc2d9177a1
Firefox 1.0.8
  Location: http://h30097.www3.hp.com/internet/download.htm#firefox
  Name: firefox108.tar.gz
  MD5 Checksum: a319705dc0f42d6fe66a25f57f8f9105
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides network vulnerability patches. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.