Operating System:

Published:

26 April 2005

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                     ESB-2005.0343 -- RHSA-2005:386-01
                    Important: Mozilla security update
                               27 April 2005

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Mozilla
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux AS/ES/WS 4
                   Red Hat Enterprise Linux Desktop 4
Impact:            Increased Privileges
                   Execute Arbitrary Code/Commands
                   Read-only Data Access
Access:            Remote/Unauthenticated
CVE Names:         CAN-2005-1160 CAN-2005-1159 CAN-2005-1157
                   CAN-2005-1156 CAN-2005-1155 CAN-2005-1154
                   CAN-2005-1153 CAN-2005-0989

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-386.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: Mozilla security update
Advisory ID:       RHSA-2005:386-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-386.html
Issue date:        2005-04-26
Updated on:        2005-04-26
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0989 CAN-2005-1153 CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1159 CAN-2005-1160
- - ---------------------------------------------------------------------

1. Summary:

Updated mozilla packages that fix various security bugs are now available.

This update has been rated as having Important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

Vladimir V. Perepelitsa discovered a bug in the way Mozilla handles
anonymous functions during regular expression string replacement. It is
possible for a malicious web page to capture a random block of browser
memory. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0989 to this issue.

Doron Rosenberg discovered a bug in the way Mozilla displays pop-up
windows. If a user choses to open a pop-up window whose URL is malicious
javascript, the script will be executed with elevated privileges.
(CAN-2005-1153)

A bug was found in the way Mozilla handles the javascript global scope for
a window. It is possible for a malicious web page to define a global
variable known to be used by a different site, allowing malicious code to
be executed in the context of the site. (CAN-2005-1154)

Michael Krax discovered a bug in the way Mozilla handles favicon links. A
malicious web page can programatically define a favicon link tag as
javascript, executing arbitrary javascript with elevated privileges.
(CAN-2005-1155)

Michael Krax discovered a bug in the way Mozilla installed search plugins.
If a user chooses to install a search plugin from a malicious site, the new
plugin could silently overwrite an existing plugin. This could allow the
malicious plugin to execute arbitrary code and stealm sensitive
information. (CAN-2005-1156 CAN-2005-1157)

A bug was found in the way Mozilla validated several XPInstall related
javascript objects. A malicious web page could pass other objects to the
XPInstall objects, resulting in the javascript interpreter jumping to
arbitrary locations in memory. (CAN-2005-1159)

A bug was found in the way the Mozilla privileged UI code handled DOM nodes
from the content window. A malicious web page could install malicious
javascript code or steal data requiring a user to do commonplace actions
such as clicking a link or opening the context menu. (CAN-2005-1160)

Users of Mozilla are advised to upgrade to this updated package which
contains Mozilla version 1.7.7 to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

155116 - CAN-2005-0989 Multiple Mozilla issues.

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/devhelp-0.9.2-2.4.4.src.rpm
81b56e1e82807f905fe929d98ec5e083  devhelp-0.9.2-2.4.4.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mozilla-1.7.7-1.4.2.src.rpm
9c8a8c1aef4f41051e61120451ffb62c  mozilla-1.7.7-1.4.2.src.rpm

i386:
b3cdcac00c1c16fde66442b6f38d1893  devhelp-0.9.2-2.4.4.i386.rpm
46285d589642bfa7e91cd8b76b7b923f  devhelp-devel-0.9.2-2.4.4.i386.rpm
eb2a5bf63a7e386bd0e9ff163ffb3181  mozilla-1.7.7-1.4.2.i386.rpm
d575f95906e488a9d1be3b9324ee5907  mozilla-chat-1.7.7-1.4.2.i386.rpm
f94ca4535debb2f3a749b2222f8635ce  mozilla-devel-1.7.7-1.4.2.i386.rpm
b75eac2a363789c3d63626bb7cf70c26  mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm
4b58ff85e2ebbb4245c10f66f99b1cec  mozilla-js-debugger-1.7.7-1.4.2.i386.rpm
fba6ed4071fb78faec5728123a717e85  mozilla-mail-1.7.7-1.4.2.i386.rpm
01d4c4ea5544ffe7893f0caaac5f26f6  mozilla-nspr-1.7.7-1.4.2.i386.rpm
eb631b1411126c1ec54687ae05b5b025  mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm
fa2c382bdfbb5957fd11742599763448  mozilla-nss-1.7.7-1.4.2.i386.rpm
9ce7d067a5d9bcb269f372073ebe3883  mozilla-nss-devel-1.7.7-1.4.2.i386.rpm

ia64:
879ace0b626043b40c64ee432b65a1ce  mozilla-1.7.7-1.4.2.ia64.rpm
b107181b1344950ca7f8eeec3f7413f0  mozilla-chat-1.7.7-1.4.2.ia64.rpm
6d5ee8986f6708e0970c1f2999b115dd  mozilla-devel-1.7.7-1.4.2.ia64.rpm
f36c2fd2e09c764826985e19800f2faa  mozilla-dom-inspector-1.7.7-1.4.2.ia64.rpm
c572e94851b5d7967c87a95f36f28121  mozilla-js-debugger-1.7.7-1.4.2.ia64.rpm
c716f1cd119f40feeb65824b23457a41  mozilla-mail-1.7.7-1.4.2.ia64.rpm
7955f4bfcb0fe6d06f4dd98ff5e174d9  mozilla-nspr-1.7.7-1.4.2.ia64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6  mozilla-nspr-1.7.7-1.4.2.i386.rpm
8522dad1e43a45e01f58842144054acf  mozilla-nspr-devel-1.7.7-1.4.2.ia64.rpm
3556a68874546cbb0d301b2e35e9e408  mozilla-nss-1.7.7-1.4.2.ia64.rpm
fa2c382bdfbb5957fd11742599763448  mozilla-nss-1.7.7-1.4.2.i386.rpm
315657d672cfe76deff0c273f90fad7b  mozilla-nss-devel-1.7.7-1.4.2.ia64.rpm

ppc:
83febc0de6be95993a8f2a20a4da766d  devhelp-0.9.2-2.4.4.ppc.rpm
4fae1686f825c45f850844ba3eedc436  devhelp-devel-0.9.2-2.4.4.ppc.rpm
185ad4618a37c6f0a28fedc1a3fd4fca  mozilla-1.7.7-1.4.2.ppc.rpm
cbd01988ddf10d1b64489c0f9438bc9e  mozilla-chat-1.7.7-1.4.2.ppc.rpm
0df3012f2b054c8e28a58869e200f42b  mozilla-devel-1.7.7-1.4.2.ppc.rpm
b36deec224434efaec23cdede98cf033  mozilla-dom-inspector-1.7.7-1.4.2.ppc.rpm
bfd3115b95377cbe9265de5ba4e9b2f0  mozilla-js-debugger-1.7.7-1.4.2.ppc.rpm
f38f0f839c37ca4e1504c2ffcbc89e7c  mozilla-mail-1.7.7-1.4.2.ppc.rpm
6ca3295a379b74ffd0cecbefa2305ac7  mozilla-nspr-1.7.7-1.4.2.ppc.rpm
6655969d489d6e945e37509bf990d36a  mozilla-nspr-devel-1.7.7-1.4.2.ppc.rpm
98408d351610f164e25caeb67d6ea397  mozilla-nss-1.7.7-1.4.2.ppc.rpm
3eed1ab3067cb0c442ac693659f1d453  mozilla-nss-devel-1.7.7-1.4.2.ppc.rpm

s390:
176568f100bb9fd5cccea8e531da7554  mozilla-1.7.7-1.4.2.s390.rpm
af346c0b75489ccd4ae14fafabcae21c  mozilla-chat-1.7.7-1.4.2.s390.rpm
a2b756a77abfee23e33d13bc283b44c8  mozilla-devel-1.7.7-1.4.2.s390.rpm
da4dcb638c31eac7088d7d2c2050927d  mozilla-dom-inspector-1.7.7-1.4.2.s390.rpm
133de3cb57ee5c5c1fa55efee2925a34  mozilla-js-debugger-1.7.7-1.4.2.s390.rpm
1a020cfc73ae380071df2a9489532185  mozilla-mail-1.7.7-1.4.2.s390.rpm
6204280717c19ff5b3c7f5ca10c9530d  mozilla-nspr-1.7.7-1.4.2.s390.rpm
8bf028b245724a87538c367b7e585476  mozilla-nspr-devel-1.7.7-1.4.2.s390.rpm
8d7d5b3041e258dde55f47052353b805  mozilla-nss-1.7.7-1.4.2.s390.rpm
64391fb75ee314525943abf91984aa8d  mozilla-nss-devel-1.7.7-1.4.2.s390.rpm

s390x:
ca922a863e155f505f71468df8bae910  mozilla-1.7.7-1.4.2.s390x.rpm
f1c78c914b025d809a832d54e7988eb5  mozilla-chat-1.7.7-1.4.2.s390x.rpm
736841a23e0f81798b8a9c76c19319a9  mozilla-devel-1.7.7-1.4.2.s390x.rpm
d05d9931e6c014cc816d888d438ec33b  mozilla-dom-inspector-1.7.7-1.4.2.s390x.rpm
1b38c56b25dce8bbd88811f207ea70ce  mozilla-js-debugger-1.7.7-1.4.2.s390x.rpm
b06b66e2e36f0eb34d978876def9a092  mozilla-mail-1.7.7-1.4.2.s390x.rpm
7a5be88ee8f5a823e031e9a1971f48a5  mozilla-nspr-1.7.7-1.4.2.s390x.rpm
6204280717c19ff5b3c7f5ca10c9530d  mozilla-nspr-1.7.7-1.4.2.s390.rpm
bd32d6207ab69057e492967040f975b2  mozilla-nspr-devel-1.7.7-1.4.2.s390x.rpm
cf19c4913c6037df61cdfef5f5e7adef  mozilla-nss-1.7.7-1.4.2.s390x.rpm
8d7d5b3041e258dde55f47052353b805  mozilla-nss-1.7.7-1.4.2.s390.rpm
6c88346250dc1e8c6efa19c827178bb3  mozilla-nss-devel-1.7.7-1.4.2.s390x.rpm

x86_64:
0985aecb86be8f38a3979a9d1f95ea7b  devhelp-0.9.2-2.4.4.x86_64.rpm
047608c3bb930a49defeffa10ab8cd6c  devhelp-devel-0.9.2-2.4.4.x86_64.rpm
d35124a1ddb4f5867575c96315eb79ae  mozilla-1.7.7-1.4.2.x86_64.rpm
cc280fd917c37710042ca30b3e11f659  mozilla-chat-1.7.7-1.4.2.x86_64.rpm
269f775b5a849258ebd6da2080d78653  mozilla-devel-1.7.7-1.4.2.x86_64.rpm
2963d5acee207998565f0fba9cb1e40e  mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm
7000765a4e5094b2a73fd09ee2b23bfa  mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm
67b7d2a673d4637dca1031458d7639b6  mozilla-mail-1.7.7-1.4.2.x86_64.rpm
62d43d6c31fa42358d5156f26506bd49  mozilla-nspr-1.7.7-1.4.2.x86_64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6  mozilla-nspr-1.7.7-1.4.2.i386.rpm
e3bbf8b1583cf625480a1e17ce554d6e  mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm
ccc82b7866d14ec9bf300b14d5a3b10c  mozilla-nss-1.7.7-1.4.2.x86_64.rpm
fa2c382bdfbb5957fd11742599763448  mozilla-nss-1.7.7-1.4.2.i386.rpm
3e7bfafef761f762e296a3b2815f0e01  mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/devhelp-0.9.2-2.4.4.src.rpm
81b56e1e82807f905fe929d98ec5e083  devhelp-0.9.2-2.4.4.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mozilla-1.7.7-1.4.2.src.rpm
9c8a8c1aef4f41051e61120451ffb62c  mozilla-1.7.7-1.4.2.src.rpm

i386:
b3cdcac00c1c16fde66442b6f38d1893  devhelp-0.9.2-2.4.4.i386.rpm
46285d589642bfa7e91cd8b76b7b923f  devhelp-devel-0.9.2-2.4.4.i386.rpm
eb2a5bf63a7e386bd0e9ff163ffb3181  mozilla-1.7.7-1.4.2.i386.rpm
d575f95906e488a9d1be3b9324ee5907  mozilla-chat-1.7.7-1.4.2.i386.rpm
f94ca4535debb2f3a749b2222f8635ce  mozilla-devel-1.7.7-1.4.2.i386.rpm
b75eac2a363789c3d63626bb7cf70c26  mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm
4b58ff85e2ebbb4245c10f66f99b1cec  mozilla-js-debugger-1.7.7-1.4.2.i386.rpm
fba6ed4071fb78faec5728123a717e85  mozilla-mail-1.7.7-1.4.2.i386.rpm
01d4c4ea5544ffe7893f0caaac5f26f6  mozilla-nspr-1.7.7-1.4.2.i386.rpm
eb631b1411126c1ec54687ae05b5b025  mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm
fa2c382bdfbb5957fd11742599763448  mozilla-nss-1.7.7-1.4.2.i386.rpm
9ce7d067a5d9bcb269f372073ebe3883  mozilla-nss-devel-1.7.7-1.4.2.i386.rpm

x86_64:
0985aecb86be8f38a3979a9d1f95ea7b  devhelp-0.9.2-2.4.4.x86_64.rpm
047608c3bb930a49defeffa10ab8cd6c  devhelp-devel-0.9.2-2.4.4.x86_64.rpm
d35124a1ddb4f5867575c96315eb79ae  mozilla-1.7.7-1.4.2.x86_64.rpm
cc280fd917c37710042ca30b3e11f659  mozilla-chat-1.7.7-1.4.2.x86_64.rpm
269f775b5a849258ebd6da2080d78653  mozilla-devel-1.7.7-1.4.2.x86_64.rpm
2963d5acee207998565f0fba9cb1e40e  mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm
7000765a4e5094b2a73fd09ee2b23bfa  mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm
67b7d2a673d4637dca1031458d7639b6  mozilla-mail-1.7.7-1.4.2.x86_64.rpm
62d43d6c31fa42358d5156f26506bd49  mozilla-nspr-1.7.7-1.4.2.x86_64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6  mozilla-nspr-1.7.7-1.4.2.i386.rpm
e3bbf8b1583cf625480a1e17ce554d6e  mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm
ccc82b7866d14ec9bf300b14d5a3b10c  mozilla-nss-1.7.7-1.4.2.x86_64.rpm
fa2c382bdfbb5957fd11742599763448  mozilla-nss-1.7.7-1.4.2.i386.rpm
3e7bfafef761f762e296a3b2815f0e01  mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/devhelp-0.9.2-2.4.4.src.rpm
81b56e1e82807f905fe929d98ec5e083  devhelp-0.9.2-2.4.4.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mozilla-1.7.7-1.4.2.src.rpm
9c8a8c1aef4f41051e61120451ffb62c  mozilla-1.7.7-1.4.2.src.rpm

i386:
b3cdcac00c1c16fde66442b6f38d1893  devhelp-0.9.2-2.4.4.i386.rpm
46285d589642bfa7e91cd8b76b7b923f  devhelp-devel-0.9.2-2.4.4.i386.rpm
eb2a5bf63a7e386bd0e9ff163ffb3181  mozilla-1.7.7-1.4.2.i386.rpm
d575f95906e488a9d1be3b9324ee5907  mozilla-chat-1.7.7-1.4.2.i386.rpm
f94ca4535debb2f3a749b2222f8635ce  mozilla-devel-1.7.7-1.4.2.i386.rpm
b75eac2a363789c3d63626bb7cf70c26  mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm
4b58ff85e2ebbb4245c10f66f99b1cec  mozilla-js-debugger-1.7.7-1.4.2.i386.rpm
fba6ed4071fb78faec5728123a717e85  mozilla-mail-1.7.7-1.4.2.i386.rpm
01d4c4ea5544ffe7893f0caaac5f26f6  mozilla-nspr-1.7.7-1.4.2.i386.rpm
eb631b1411126c1ec54687ae05b5b025  mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm
fa2c382bdfbb5957fd11742599763448  mozilla-nss-1.7.7-1.4.2.i386.rpm
9ce7d067a5d9bcb269f372073ebe3883  mozilla-nss-devel-1.7.7-1.4.2.i386.rpm

ia64:
879ace0b626043b40c64ee432b65a1ce  mozilla-1.7.7-1.4.2.ia64.rpm
b107181b1344950ca7f8eeec3f7413f0  mozilla-chat-1.7.7-1.4.2.ia64.rpm
6d5ee8986f6708e0970c1f2999b115dd  mozilla-devel-1.7.7-1.4.2.ia64.rpm
f36c2fd2e09c764826985e19800f2faa  mozilla-dom-inspector-1.7.7-1.4.2.ia64.rpm
c572e94851b5d7967c87a95f36f28121  mozilla-js-debugger-1.7.7-1.4.2.ia64.rpm
c716f1cd119f40feeb65824b23457a41  mozilla-mail-1.7.7-1.4.2.ia64.rpm
7955f4bfcb0fe6d06f4dd98ff5e174d9  mozilla-nspr-1.7.7-1.4.2.ia64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6  mozilla-nspr-1.7.7-1.4.2.i386.rpm
8522dad1e43a45e01f58842144054acf  mozilla-nspr-devel-1.7.7-1.4.2.ia64.rpm
3556a68874546cbb0d301b2e35e9e408  mozilla-nss-1.7.7-1.4.2.ia64.rpm
fa2c382bdfbb5957fd11742599763448  mozilla-nss-1.7.7-1.4.2.i386.rpm
315657d672cfe76deff0c273f90fad7b  mozilla-nss-devel-1.7.7-1.4.2.ia64.rpm

x86_64:
0985aecb86be8f38a3979a9d1f95ea7b  devhelp-0.9.2-2.4.4.x86_64.rpm
047608c3bb930a49defeffa10ab8cd6c  devhelp-devel-0.9.2-2.4.4.x86_64.rpm
d35124a1ddb4f5867575c96315eb79ae  mozilla-1.7.7-1.4.2.x86_64.rpm
cc280fd917c37710042ca30b3e11f659  mozilla-chat-1.7.7-1.4.2.x86_64.rpm
269f775b5a849258ebd6da2080d78653  mozilla-devel-1.7.7-1.4.2.x86_64.rpm
2963d5acee207998565f0fba9cb1e40e  mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm
7000765a4e5094b2a73fd09ee2b23bfa  mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm
67b7d2a673d4637dca1031458d7639b6  mozilla-mail-1.7.7-1.4.2.x86_64.rpm
62d43d6c31fa42358d5156f26506bd49  mozilla-nspr-1.7.7-1.4.2.x86_64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6  mozilla-nspr-1.7.7-1.4.2.i386.rpm
e3bbf8b1583cf625480a1e17ce554d6e  mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm
ccc82b7866d14ec9bf300b14d5a3b10c  mozilla-nss-1.7.7-1.4.2.x86_64.rpm
fa2c382bdfbb5957fd11742599763448  mozilla-nss-1.7.7-1.4.2.i386.rpm
3e7bfafef761f762e296a3b2815f0e01  mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/devhelp-0.9.2-2.4.4.src.rpm
81b56e1e82807f905fe929d98ec5e083  devhelp-0.9.2-2.4.4.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mozilla-1.7.7-1.4.2.src.rpm
9c8a8c1aef4f41051e61120451ffb62c  mozilla-1.7.7-1.4.2.src.rpm

i386:
b3cdcac00c1c16fde66442b6f38d1893  devhelp-0.9.2-2.4.4.i386.rpm
46285d589642bfa7e91cd8b76b7b923f  devhelp-devel-0.9.2-2.4.4.i386.rpm
eb2a5bf63a7e386bd0e9ff163ffb3181  mozilla-1.7.7-1.4.2.i386.rpm
d575f95906e488a9d1be3b9324ee5907  mozilla-chat-1.7.7-1.4.2.i386.rpm
f94ca4535debb2f3a749b2222f8635ce  mozilla-devel-1.7.7-1.4.2.i386.rpm
b75eac2a363789c3d63626bb7cf70c26  mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm
4b58ff85e2ebbb4245c10f66f99b1cec  mozilla-js-debugger-1.7.7-1.4.2.i386.rpm
fba6ed4071fb78faec5728123a717e85  mozilla-mail-1.7.7-1.4.2.i386.rpm
01d4c4ea5544ffe7893f0caaac5f26f6  mozilla-nspr-1.7.7-1.4.2.i386.rpm
eb631b1411126c1ec54687ae05b5b025  mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm
fa2c382bdfbb5957fd11742599763448  mozilla-nss-1.7.7-1.4.2.i386.rpm
9ce7d067a5d9bcb269f372073ebe3883  mozilla-nss-devel-1.7.7-1.4.2.i386.rpm

ia64:
879ace0b626043b40c64ee432b65a1ce  mozilla-1.7.7-1.4.2.ia64.rpm
b107181b1344950ca7f8eeec3f7413f0  mozilla-chat-1.7.7-1.4.2.ia64.rpm
6d5ee8986f6708e0970c1f2999b115dd  mozilla-devel-1.7.7-1.4.2.ia64.rpm
f36c2fd2e09c764826985e19800f2faa  mozilla-dom-inspector-1.7.7-1.4.2.ia64.rpm
c572e94851b5d7967c87a95f36f28121  mozilla-js-debugger-1.7.7-1.4.2.ia64.rpm
c716f1cd119f40feeb65824b23457a41  mozilla-mail-1.7.7-1.4.2.ia64.rpm
7955f4bfcb0fe6d06f4dd98ff5e174d9  mozilla-nspr-1.7.7-1.4.2.ia64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6  mozilla-nspr-1.7.7-1.4.2.i386.rpm
8522dad1e43a45e01f58842144054acf  mozilla-nspr-devel-1.7.7-1.4.2.ia64.rpm
3556a68874546cbb0d301b2e35e9e408  mozilla-nss-1.7.7-1.4.2.ia64.rpm
fa2c382bdfbb5957fd11742599763448  mozilla-nss-1.7.7-1.4.2.i386.rpm
315657d672cfe76deff0c273f90fad7b  mozilla-nss-devel-1.7.7-1.4.2.ia64.rpm

x86_64:
0985aecb86be8f38a3979a9d1f95ea7b  devhelp-0.9.2-2.4.4.x86_64.rpm
047608c3bb930a49defeffa10ab8cd6c  devhelp-devel-0.9.2-2.4.4.x86_64.rpm
d35124a1ddb4f5867575c96315eb79ae  mozilla-1.7.7-1.4.2.x86_64.rpm
cc280fd917c37710042ca30b3e11f659  mozilla-chat-1.7.7-1.4.2.x86_64.rpm
269f775b5a849258ebd6da2080d78653  mozilla-devel-1.7.7-1.4.2.x86_64.rpm
2963d5acee207998565f0fba9cb1e40e  mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm
7000765a4e5094b2a73fd09ee2b23bfa  mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm
67b7d2a673d4637dca1031458d7639b6  mozilla-mail-1.7.7-1.4.2.x86_64.rpm
62d43d6c31fa42358d5156f26506bd49  mozilla-nspr-1.7.7-1.4.2.x86_64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6  mozilla-nspr-1.7.7-1.4.2.i386.rpm
e3bbf8b1583cf625480a1e17ce554d6e  mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm
ccc82b7866d14ec9bf300b14d5a3b10c  mozilla-nss-1.7.7-1.4.2.x86_64.rpm
fa2c382bdfbb5957fd11742599763448  mozilla-nss-1.7.7-1.4.2.i386.rpm
3e7bfafef761f762e296a3b2815f0e01  mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.7
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCbm0/XlSAg2UNWIIRAmtDAJ0fLb9Q+JnUCqWz+WlJUphCSyIsEQCdHP+T
kJDRXj1VvFYaZlqQBBzNjQI=
=GVid
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQm8wqCh9+71yA2DNAQKZfgP/chKbQgtDG4dwOzRFrNl1KAgMdzXaHY4B
Ze4T96x4I1i/Gt9gkvJyXfQqcjrSEH/XnhtLLvPo05WZCuZoez/0/0UU+kfi1z2W
M1BFFhVUjje6Z3cBDfTelkW6XfUXC9U2HLv8BAgEOrbTB7BI/bZDxx+Rbe56YorL
Xfq5EYXrZbM=
=2SAn
-----END PGP SIGNATURE-----