-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                     ESB-2005.0038 -- RHSA-2005:038-01
              Updated mozilla packages fix a buffer overflow
                              14 January 2005

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Mozilla
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux AS/ES/WS 3
                   Red Hat Desktop version 3
                   Red Hat Enterprise Linux AS/ES/WS 2.1
                   Red Hat Linux Advanced Workstation 2.1
                   Linux variants
                   UNIX variants
                   Windows
Impact:            Execute Arbitrary Code/Commands
Access:            Remote/Unauthenticated
CVE Names:         CAN-2004-1316

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-038.html

Comment: Please note that the Windows and Mac OS X versions of Mozilla may also
         be affected by these vulnerabilities.  Packages for all platforms are
         available at http://www.mozilla.org/products/mozilla1.x/.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated mozilla packages fix a buffer overflow
Advisory ID:       RHSA-2005:038-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-038.html
Issue date:        2005-01-13
Updated on:        2005-01-13
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-1316
- - ---------------------------------------------------------------------

1. Summary:

Updated mozilla packages that fix a buffer overflow issue are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

iSEC Security Research has discovered a buffer overflow bug in the way
Mozilla handles NNTP URLs.  If a user visits a malicious web page or is
convinced to click on a malicious link, it may be possible for an attacker
to execute arbitrary code on the victim's machine.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-1316 to this issue.

Users of Mozilla should upgrade to these updated packages, which contain
backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

143994 - CAN-2004-1316 buffer overflow in mozilla

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.4.3-2.1.5.src.rpm
fefa59012cd31f131236a9375a0503f0  mozilla-1.4.3-2.1.5.src.rpm

i386:
46eb27212aa9c60a94c28cc4a5d25e42  mozilla-1.4.3-2.1.5.i386.rpm
e8977f1973bff2de581837f21e03dd49  mozilla-chat-1.4.3-2.1.5.i386.rpm
028ec7c7d3a8602dd170d121ef1247d9  mozilla-devel-1.4.3-2.1.5.i386.rpm
ebb437146df9f11df6374d9a8aac93de  mozilla-dom-inspector-1.4.3-2.1.5.i386.rpm
aa57587e31eb6010ed2ebefdf9db31db  mozilla-js-debugger-1.4.3-2.1.5.i386.rpm
81569282cb766a9b7feb069ec6e6c2a9  mozilla-mail-1.4.3-2.1.5.i386.rpm
8da39274901c76ef6ea2abfbb762a14b  mozilla-nspr-1.4.3-2.1.5.i386.rpm
258ba701c07cfcef587ad6ea76555279  mozilla-nspr-devel-1.4.3-2.1.5.i386.rpm
efaf0a6599ac580b26966feaf26d9dd2  mozilla-nss-1.4.3-2.1.5.i386.rpm
3383a0fc903e906f39d5fa122d78053b  mozilla-nss-devel-1.4.3-2.1.5.i386.rpm

ia64:
7bd9778e4ca85b48da0d11847e41d33b  mozilla-1.4.3-2.1.5.ia64.rpm
23f2abb5e47d69fa2a7e306c481304f1  mozilla-chat-1.4.3-2.1.5.ia64.rpm
567a749da35f376b7293537d12f1a6a4  mozilla-devel-1.4.3-2.1.5.ia64.rpm
f9b899f673c60915d395a592740fb471  mozilla-dom-inspector-1.4.3-2.1.5.ia64.rpm
f7fb841eaab55ea5cf252f91fcb44593  mozilla-js-debugger-1.4.3-2.1.5.ia64.rpm
382b1225cdb048a812cea97c63deba1b  mozilla-mail-1.4.3-2.1.5.ia64.rpm
c5122858d5d9fc328f0e624ea7c18de4  mozilla-nspr-1.4.3-2.1.5.ia64.rpm
73cc6599ee5e855b2420cb4616a13420  mozilla-nspr-devel-1.4.3-2.1.5.ia64.rpm
08588296179874ab3e2d64554b4e9898  mozilla-nss-1.4.3-2.1.5.ia64.rpm
8a216307ccd5a1170c0f2aff6677257c  mozilla-nss-devel-1.4.3-2.1.5.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.4.3-2.1.5.src.rpm
fefa59012cd31f131236a9375a0503f0  mozilla-1.4.3-2.1.5.src.rpm

ia64:
7bd9778e4ca85b48da0d11847e41d33b  mozilla-1.4.3-2.1.5.ia64.rpm
23f2abb5e47d69fa2a7e306c481304f1  mozilla-chat-1.4.3-2.1.5.ia64.rpm
567a749da35f376b7293537d12f1a6a4  mozilla-devel-1.4.3-2.1.5.ia64.rpm
f9b899f673c60915d395a592740fb471  mozilla-dom-inspector-1.4.3-2.1.5.ia64.rpm
f7fb841eaab55ea5cf252f91fcb44593  mozilla-js-debugger-1.4.3-2.1.5.ia64.rpm
382b1225cdb048a812cea97c63deba1b  mozilla-mail-1.4.3-2.1.5.ia64.rpm
c5122858d5d9fc328f0e624ea7c18de4  mozilla-nspr-1.4.3-2.1.5.ia64.rpm
73cc6599ee5e855b2420cb4616a13420  mozilla-nspr-devel-1.4.3-2.1.5.ia64.rpm
08588296179874ab3e2d64554b4e9898  mozilla-nss-1.4.3-2.1.5.ia64.rpm
8a216307ccd5a1170c0f2aff6677257c  mozilla-nss-devel-1.4.3-2.1.5.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.4.3-2.1.5.src.rpm
fefa59012cd31f131236a9375a0503f0  mozilla-1.4.3-2.1.5.src.rpm

i386:
46eb27212aa9c60a94c28cc4a5d25e42  mozilla-1.4.3-2.1.5.i386.rpm
e8977f1973bff2de581837f21e03dd49  mozilla-chat-1.4.3-2.1.5.i386.rpm
028ec7c7d3a8602dd170d121ef1247d9  mozilla-devel-1.4.3-2.1.5.i386.rpm
ebb437146df9f11df6374d9a8aac93de  mozilla-dom-inspector-1.4.3-2.1.5.i386.rpm
aa57587e31eb6010ed2ebefdf9db31db  mozilla-js-debugger-1.4.3-2.1.5.i386.rpm
81569282cb766a9b7feb069ec6e6c2a9  mozilla-mail-1.4.3-2.1.5.i386.rpm
8da39274901c76ef6ea2abfbb762a14b  mozilla-nspr-1.4.3-2.1.5.i386.rpm
258ba701c07cfcef587ad6ea76555279  mozilla-nspr-devel-1.4.3-2.1.5.i386.rpm
efaf0a6599ac580b26966feaf26d9dd2  mozilla-nss-1.4.3-2.1.5.i386.rpm
3383a0fc903e906f39d5fa122d78053b  mozilla-nss-devel-1.4.3-2.1.5.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.4.3-2.1.5.src.rpm
fefa59012cd31f131236a9375a0503f0  mozilla-1.4.3-2.1.5.src.rpm

i386:
46eb27212aa9c60a94c28cc4a5d25e42  mozilla-1.4.3-2.1.5.i386.rpm
e8977f1973bff2de581837f21e03dd49  mozilla-chat-1.4.3-2.1.5.i386.rpm
028ec7c7d3a8602dd170d121ef1247d9  mozilla-devel-1.4.3-2.1.5.i386.rpm
ebb437146df9f11df6374d9a8aac93de  mozilla-dom-inspector-1.4.3-2.1.5.i386.rpm
aa57587e31eb6010ed2ebefdf9db31db  mozilla-js-debugger-1.4.3-2.1.5.i386.rpm
81569282cb766a9b7feb069ec6e6c2a9  mozilla-mail-1.4.3-2.1.5.i386.rpm
8da39274901c76ef6ea2abfbb762a14b  mozilla-nspr-1.4.3-2.1.5.i386.rpm
258ba701c07cfcef587ad6ea76555279  mozilla-nspr-devel-1.4.3-2.1.5.i386.rpm
efaf0a6599ac580b26966feaf26d9dd2  mozilla-nss-1.4.3-2.1.5.i386.rpm
3383a0fc903e906f39d5fa122d78053b  mozilla-nss-devel-1.4.3-2.1.5.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.4.3-3.0.7.src.rpm
ad9534b7525fb57427d5cdc11de82cf2  mozilla-1.4.3-3.0.7.src.rpm

i386:
a11b0fd761dc02738c3c67e25f320da1  mozilla-1.4.3-3.0.7.i386.rpm
cf0a8398a63f7bd40a5049edebd7db87  mozilla-chat-1.4.3-3.0.7.i386.rpm
929f572c9364314d535c9a38f4d8a498  mozilla-devel-1.4.3-3.0.7.i386.rpm
eb72c9e1394030d4bb90a9991f52e81e  mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm
1fb99678c2d06bbe4895d8c62b6d1abb  mozilla-js-debugger-1.4.3-3.0.7.i386.rpm
076ff55c5dbaf753cec88c0109888d96  mozilla-mail-1.4.3-3.0.7.i386.rpm
e4f4c80c3bff4618d42b54d50e89c1d6  mozilla-nspr-1.4.3-3.0.7.i386.rpm
90ddf2ef4341cb3bbee95fa669b9dc5d  mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm
8559fa287563eee48563137eb00e5b2b  mozilla-nss-1.4.3-3.0.7.i386.rpm
01c7216160e7f373fd73b1c331a12148  mozilla-nss-devel-1.4.3-3.0.7.i386.rpm

ia64:
bc7bae6c79eea865e59a6217fd101a50  mozilla-1.4.3-3.0.7.ia64.rpm
5c66051e4d10a3e8879c5429b73a36af  mozilla-chat-1.4.3-3.0.7.ia64.rpm
5d9f22a3498edec84c1e2e534ba0620a  mozilla-devel-1.4.3-3.0.7.ia64.rpm
b495c264cb52d0f15c2e51ce29f743f5  mozilla-dom-inspector-1.4.3-3.0.7.ia64.rpm
9ca814199cadd2cd5797555b898a3006  mozilla-js-debugger-1.4.3-3.0.7.ia64.rpm
7014f4ab5dd4f53e8cd29e8c4e3fa4e2  mozilla-mail-1.4.3-3.0.7.ia64.rpm
22b1619f1c799aaca7661493924969f6  mozilla-nspr-1.4.3-3.0.7.ia64.rpm
e4f4c80c3bff4618d42b54d50e89c1d6  mozilla-nspr-1.4.3-3.0.7.i386.rpm
f0a1eea9aeb6606e6e5d7eec65f612ed  mozilla-nspr-devel-1.4.3-3.0.7.ia64.rpm
ee951417a6b9f33d19e0be4ca4e4429e  mozilla-nss-1.4.3-3.0.7.ia64.rpm
8559fa287563eee48563137eb00e5b2b  mozilla-nss-1.4.3-3.0.7.i386.rpm
82874daf499f0183a7f26ca73e005578  mozilla-nss-devel-1.4.3-3.0.7.ia64.rpm

ppc:
71dbd8350ebf7ad2a059b297172efbe7  mozilla-1.4.3-3.0.7.ppc.rpm
db858090a8707492f94fbe5dcd7413d6  mozilla-chat-1.4.3-3.0.7.ppc.rpm
313dbd71e7845b6c7b0175d95341c831  mozilla-devel-1.4.3-3.0.7.ppc.rpm
af177959280c44a84021583be2bcfd59  mozilla-dom-inspector-1.4.3-3.0.7.ppc.rpm
e649ccede061fbc6b2a3b67e8de0697e  mozilla-js-debugger-1.4.3-3.0.7.ppc.rpm
0b819832f88d940f2c30330cfce471b9  mozilla-mail-1.4.3-3.0.7.ppc.rpm
8b45f1ea66ad2fcebf0d3823050ec7cc  mozilla-nspr-1.4.3-3.0.7.ppc.rpm
6b9a5a195d4e80cf1308404e9c738990  mozilla-nspr-devel-1.4.3-3.0.7.ppc.rpm
61c1ea43cd206b34ba82d388f54e8747  mozilla-nss-1.4.3-3.0.7.ppc.rpm
356d0935643ca7057c90334e5ec950b9  mozilla-nss-devel-1.4.3-3.0.7.ppc.rpm

s390:
3dd8ec69ea05d3a829be28e7eefc617a  mozilla-1.4.3-3.0.7.s390.rpm
757495d25d0109881396658d085790c7  mozilla-chat-1.4.3-3.0.7.s390.rpm
6863e768ecb6fbc9d5a19a98f0ec737d  mozilla-devel-1.4.3-3.0.7.s390.rpm
45ecbc18e361e431360058e64e47e05e  mozilla-dom-inspector-1.4.3-3.0.7.s390.rpm
a518a5ade274534c8144e3b5afbb8679  mozilla-js-debugger-1.4.3-3.0.7.s390.rpm
09da55cb5b3aa4b3a58f4025d2a8c10a  mozilla-mail-1.4.3-3.0.7.s390.rpm
4677210674aea7f27c275b2917cc156a  mozilla-nspr-1.4.3-3.0.7.s390.rpm
7bea294de9a88fc48919c8b0ba52e0be  mozilla-nspr-devel-1.4.3-3.0.7.s390.rpm
7679f89fce879782df025fbebb729938  mozilla-nss-1.4.3-3.0.7.s390.rpm
43544f6fe51fe36a48ae70c92feb8404  mozilla-nss-devel-1.4.3-3.0.7.s390.rpm

s390x:
e65aa04ad572b7e55598f6018d25476f  mozilla-1.4.3-3.0.7.s390x.rpm
657f03114553d097c34a33e51d7e9e00  mozilla-chat-1.4.3-3.0.7.s390x.rpm
8405cd59e689ffd6d762900c6edb736e  mozilla-devel-1.4.3-3.0.7.s390x.rpm
95fa5e7b5615afa7d3e79c76a1c81a1f  mozilla-dom-inspector-1.4.3-3.0.7.s390x.rpm
93551a339139bd0f49b128d014831b6e  mozilla-js-debugger-1.4.3-3.0.7.s390x.rpm
b0c008c26ea226d72aef9c1c93cbc3e3  mozilla-mail-1.4.3-3.0.7.s390x.rpm
f62d53eeab524454606e2f19be58c2ca  mozilla-nspr-1.4.3-3.0.7.s390x.rpm
4677210674aea7f27c275b2917cc156a  mozilla-nspr-1.4.3-3.0.7.s390.rpm
034ca24c1cd18ddfa46304a5e67a84e9  mozilla-nspr-devel-1.4.3-3.0.7.s390x.rpm
fcf5756feebe0f19e29d13b6a439e6dc  mozilla-nss-1.4.3-3.0.7.s390x.rpm
7679f89fce879782df025fbebb729938  mozilla-nss-1.4.3-3.0.7.s390.rpm
77218e542a45e24ded278db463d0438f  mozilla-nss-devel-1.4.3-3.0.7.s390x.rpm

x86_64:
a27d4c67306f290a5d0c910223ccc4d8  mozilla-1.4.3-3.0.7.x86_64.rpm
a11b0fd761dc02738c3c67e25f320da1  mozilla-1.4.3-3.0.7.i386.rpm
adfd293311e18c4f612b130dfefa2dfd  mozilla-chat-1.4.3-3.0.7.x86_64.rpm
94d458713bd6c5b6be2e3b579a2e58d7  mozilla-devel-1.4.3-3.0.7.x86_64.rpm
b78d4c71019afdcf52b41026196e9426  mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm
af6e60db5bbc5dcd995122327eb832c3  mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm
c76ed9e84fd7e6c5d1828690811383d5  mozilla-mail-1.4.3-3.0.7.x86_64.rpm
59ca22eca688a39a9a5c9741ae428e54  mozilla-nspr-1.4.3-3.0.7.x86_64.rpm
e4f4c80c3bff4618d42b54d50e89c1d6  mozilla-nspr-1.4.3-3.0.7.i386.rpm
5c90029ee49332f263839402e42b236b  mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm
8a47f807d74cf4681b899563e49dc439  mozilla-nss-1.4.3-3.0.7.x86_64.rpm
8559fa287563eee48563137eb00e5b2b  mozilla-nss-1.4.3-3.0.7.i386.rpm
ebf29e52da952d9fc8f49fbb89138d41  mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mozilla-1.4.3-3.0.7.src.rpm
ad9534b7525fb57427d5cdc11de82cf2  mozilla-1.4.3-3.0.7.src.rpm

i386:
a11b0fd761dc02738c3c67e25f320da1  mozilla-1.4.3-3.0.7.i386.rpm
cf0a8398a63f7bd40a5049edebd7db87  mozilla-chat-1.4.3-3.0.7.i386.rpm
929f572c9364314d535c9a38f4d8a498  mozilla-devel-1.4.3-3.0.7.i386.rpm
eb72c9e1394030d4bb90a9991f52e81e  mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm
1fb99678c2d06bbe4895d8c62b6d1abb  mozilla-js-debugger-1.4.3-3.0.7.i386.rpm
076ff55c5dbaf753cec88c0109888d96  mozilla-mail-1.4.3-3.0.7.i386.rpm
e4f4c80c3bff4618d42b54d50e89c1d6  mozilla-nspr-1.4.3-3.0.7.i386.rpm
90ddf2ef4341cb3bbee95fa669b9dc5d  mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm
8559fa287563eee48563137eb00e5b2b  mozilla-nss-1.4.3-3.0.7.i386.rpm
01c7216160e7f373fd73b1c331a12148  mozilla-nss-devel-1.4.3-3.0.7.i386.rpm

x86_64:
a27d4c67306f290a5d0c910223ccc4d8  mozilla-1.4.3-3.0.7.x86_64.rpm
a11b0fd761dc02738c3c67e25f320da1  mozilla-1.4.3-3.0.7.i386.rpm
adfd293311e18c4f612b130dfefa2dfd  mozilla-chat-1.4.3-3.0.7.x86_64.rpm
94d458713bd6c5b6be2e3b579a2e58d7  mozilla-devel-1.4.3-3.0.7.x86_64.rpm
b78d4c71019afdcf52b41026196e9426  mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm
af6e60db5bbc5dcd995122327eb832c3  mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm
c76ed9e84fd7e6c5d1828690811383d5  mozilla-mail-1.4.3-3.0.7.x86_64.rpm
59ca22eca688a39a9a5c9741ae428e54  mozilla-nspr-1.4.3-3.0.7.x86_64.rpm
e4f4c80c3bff4618d42b54d50e89c1d6  mozilla-nspr-1.4.3-3.0.7.i386.rpm
5c90029ee49332f263839402e42b236b  mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm
8a47f807d74cf4681b899563e49dc439  mozilla-nss-1.4.3-3.0.7.x86_64.rpm
8559fa287563eee48563137eb00e5b2b  mozilla-nss-1.4.3-3.0.7.i386.rpm
ebf29e52da952d9fc8f49fbb89138d41  mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mozilla-1.4.3-3.0.7.src.rpm
ad9534b7525fb57427d5cdc11de82cf2  mozilla-1.4.3-3.0.7.src.rpm

i386:
a11b0fd761dc02738c3c67e25f320da1  mozilla-1.4.3-3.0.7.i386.rpm
cf0a8398a63f7bd40a5049edebd7db87  mozilla-chat-1.4.3-3.0.7.i386.rpm
929f572c9364314d535c9a38f4d8a498  mozilla-devel-1.4.3-3.0.7.i386.rpm
eb72c9e1394030d4bb90a9991f52e81e  mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm
1fb99678c2d06bbe4895d8c62b6d1abb  mozilla-js-debugger-1.4.3-3.0.7.i386.rpm
076ff55c5dbaf753cec88c0109888d96  mozilla-mail-1.4.3-3.0.7.i386.rpm
e4f4c80c3bff4618d42b54d50e89c1d6  mozilla-nspr-1.4.3-3.0.7.i386.rpm
90ddf2ef4341cb3bbee95fa669b9dc5d  mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm
8559fa287563eee48563137eb00e5b2b  mozilla-nss-1.4.3-3.0.7.i386.rpm
01c7216160e7f373fd73b1c331a12148  mozilla-nss-devel-1.4.3-3.0.7.i386.rpm

ia64:
bc7bae6c79eea865e59a6217fd101a50  mozilla-1.4.3-3.0.7.ia64.rpm
5c66051e4d10a3e8879c5429b73a36af  mozilla-chat-1.4.3-3.0.7.ia64.rpm
5d9f22a3498edec84c1e2e534ba0620a  mozilla-devel-1.4.3-3.0.7.ia64.rpm
b495c264cb52d0f15c2e51ce29f743f5  mozilla-dom-inspector-1.4.3-3.0.7.ia64.rpm
9ca814199cadd2cd5797555b898a3006  mozilla-js-debugger-1.4.3-3.0.7.ia64.rpm
7014f4ab5dd4f53e8cd29e8c4e3fa4e2  mozilla-mail-1.4.3-3.0.7.ia64.rpm
22b1619f1c799aaca7661493924969f6  mozilla-nspr-1.4.3-3.0.7.ia64.rpm
e4f4c80c3bff4618d42b54d50e89c1d6  mozilla-nspr-1.4.3-3.0.7.i386.rpm
f0a1eea9aeb6606e6e5d7eec65f612ed  mozilla-nspr-devel-1.4.3-3.0.7.ia64.rpm
ee951417a6b9f33d19e0be4ca4e4429e  mozilla-nss-1.4.3-3.0.7.ia64.rpm
8559fa287563eee48563137eb00e5b2b  mozilla-nss-1.4.3-3.0.7.i386.rpm
82874daf499f0183a7f26ca73e005578  mozilla-nss-devel-1.4.3-3.0.7.ia64.rpm

x86_64:
a27d4c67306f290a5d0c910223ccc4d8  mozilla-1.4.3-3.0.7.x86_64.rpm
a11b0fd761dc02738c3c67e25f320da1  mozilla-1.4.3-3.0.7.i386.rpm
adfd293311e18c4f612b130dfefa2dfd  mozilla-chat-1.4.3-3.0.7.x86_64.rpm
94d458713bd6c5b6be2e3b579a2e58d7  mozilla-devel-1.4.3-3.0.7.x86_64.rpm
b78d4c71019afdcf52b41026196e9426  mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm
af6e60db5bbc5dcd995122327eb832c3  mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm
c76ed9e84fd7e6c5d1828690811383d5  mozilla-mail-1.4.3-3.0.7.x86_64.rpm
59ca22eca688a39a9a5c9741ae428e54  mozilla-nspr-1.4.3-3.0.7.x86_64.rpm
e4f4c80c3bff4618d42b54d50e89c1d6  mozilla-nspr-1.4.3-3.0.7.i386.rpm
5c90029ee49332f263839402e42b236b  mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm
8a47f807d74cf4681b899563e49dc439  mozilla-nss-1.4.3-3.0.7.x86_64.rpm
8559fa287563eee48563137eb00e5b2b  mozilla-nss-1.4.3-3.0.7.i386.rpm
ebf29e52da952d9fc8f49fbb89138d41  mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mozilla-1.4.3-3.0.7.src.rpm
ad9534b7525fb57427d5cdc11de82cf2  mozilla-1.4.3-3.0.7.src.rpm

i386:
a11b0fd761dc02738c3c67e25f320da1  mozilla-1.4.3-3.0.7.i386.rpm
cf0a8398a63f7bd40a5049edebd7db87  mozilla-chat-1.4.3-3.0.7.i386.rpm
929f572c9364314d535c9a38f4d8a498  mozilla-devel-1.4.3-3.0.7.i386.rpm
eb72c9e1394030d4bb90a9991f52e81e  mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm
1fb99678c2d06bbe4895d8c62b6d1abb  mozilla-js-debugger-1.4.3-3.0.7.i386.rpm
076ff55c5dbaf753cec88c0109888d96  mozilla-mail-1.4.3-3.0.7.i386.rpm
e4f4c80c3bff4618d42b54d50e89c1d6  mozilla-nspr-1.4.3-3.0.7.i386.rpm
90ddf2ef4341cb3bbee95fa669b9dc5d  mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm
8559fa287563eee48563137eb00e5b2b  mozilla-nss-1.4.3-3.0.7.i386.rpm
01c7216160e7f373fd73b1c331a12148  mozilla-nss-devel-1.4.3-3.0.7.i386.rpm

ia64:
bc7bae6c79eea865e59a6217fd101a50  mozilla-1.4.3-3.0.7.ia64.rpm
5c66051e4d10a3e8879c5429b73a36af  mozilla-chat-1.4.3-3.0.7.ia64.rpm
5d9f22a3498edec84c1e2e534ba0620a  mozilla-devel-1.4.3-3.0.7.ia64.rpm
b495c264cb52d0f15c2e51ce29f743f5  mozilla-dom-inspector-1.4.3-3.0.7.ia64.rpm
9ca814199cadd2cd5797555b898a3006  mozilla-js-debugger-1.4.3-3.0.7.ia64.rpm
7014f4ab5dd4f53e8cd29e8c4e3fa4e2  mozilla-mail-1.4.3-3.0.7.ia64.rpm
22b1619f1c799aaca7661493924969f6  mozilla-nspr-1.4.3-3.0.7.ia64.rpm
e4f4c80c3bff4618d42b54d50e89c1d6  mozilla-nspr-1.4.3-3.0.7.i386.rpm
f0a1eea9aeb6606e6e5d7eec65f612ed  mozilla-nspr-devel-1.4.3-3.0.7.ia64.rpm
ee951417a6b9f33d19e0be4ca4e4429e  mozilla-nss-1.4.3-3.0.7.ia64.rpm
8559fa287563eee48563137eb00e5b2b  mozilla-nss-1.4.3-3.0.7.i386.rpm
82874daf499f0183a7f26ca73e005578  mozilla-nss-devel-1.4.3-3.0.7.ia64.rpm

x86_64:
a27d4c67306f290a5d0c910223ccc4d8  mozilla-1.4.3-3.0.7.x86_64.rpm
a11b0fd761dc02738c3c67e25f320da1  mozilla-1.4.3-3.0.7.i386.rpm
adfd293311e18c4f612b130dfefa2dfd  mozilla-chat-1.4.3-3.0.7.x86_64.rpm
94d458713bd6c5b6be2e3b579a2e58d7  mozilla-devel-1.4.3-3.0.7.x86_64.rpm
b78d4c71019afdcf52b41026196e9426  mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm
af6e60db5bbc5dcd995122327eb832c3  mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm
c76ed9e84fd7e6c5d1828690811383d5  mozilla-mail-1.4.3-3.0.7.x86_64.rpm
59ca22eca688a39a9a5c9741ae428e54  mozilla-nspr-1.4.3-3.0.7.x86_64.rpm
e4f4c80c3bff4618d42b54d50e89c1d6  mozilla-nspr-1.4.3-3.0.7.i386.rpm
5c90029ee49332f263839402e42b236b  mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm
8a47f807d74cf4681b899563e49dc439  mozilla-nss-1.4.3-3.0.7.x86_64.rpm
8559fa287563eee48563137eb00e5b2b  mozilla-nss-1.4.3-3.0.7.i386.rpm
ebf29e52da952d9fc8f49fbb89138d41  mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.isec.pl/vulnerabilities/isec-0020-mozilla.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1316

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFB5nsKXlSAg2UNWIIRAv66AKCG3vnayJrvQ9bquCzG8ryugmpiXwCeKs7B
jTsGuQR6dxaVdxZoIWluti8=
=7Lm/
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQecoYyh9+71yA2DNAQLa1AP/eZZ2PXvGqmzn/2XByEolO1i+raxjX7I6
qaJp5kU+lEs5LpnN/GfKlMFvcx6H6QiT5i+P5RuMRU2pT9LMuxZQxMYC3FI8lB7v
yiuBAeG/6Ve9H7bvxGfblGeU4Z30rJHNBVkb40Uk9t1dedWvzuMft9zepaN1Bs9J
nCu1KRJm170=
=e2ut
-----END PGP SIGNATURE-----