rPath alert rPSA-2006-0206-1 (firefox)


From:
    	       rPath Update Announcements <announce-noreply@rpath.com>
To:
    	       security-announce@lists.rpath.com, update-announce@lists.rpath.com
Subject:
    	       rPSA-2006-0206-1 firefox thunderbird
Date:
    	       Thu, 09 Nov 2006 16:53:39 -0500
Cc:
    	       full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net
rPath Security Advisory: 2006-0206-1
Published: 2006-11-09
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
    Remote User Deterministic Unauthorized Access
Updated Versions:
    firefox=/conary.rpath.com@rpl:devel//1/1.5.0.8-0.1-1
    thunderbird=/conary.rpath.com@rpl:devel//1/1.5.0.8-0.1-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    https://issues.rpath.com/browse/RPL-765

Description:
    Previous versions of the firefox and thunderbird packages are
    vulnerable to multiple attacks.  One vulnerability is in page
    rendering, and the remaining three vulnerabilities are in JavaScript.
    (JavaScript vulnerabilities do not affect thunderbird in the default,
    recommended configuration of not enabling JavaScript.)

From:		rPath Update Announcements <announce-noreply@rpath.com>
To:		security-announce@lists.rpath.com, update-announce@lists.rpath.com
Subject:		rPSA-2006-0206-1 firefox thunderbird
Date:		Thu, 09 Nov 2006 16:53:39 -0500
Cc:		full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net