Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 157591 - please update rawhide with firefox 1.0.4
Summary: please update rawhide with firefox 1.0.4
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: 4
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Christopher Aillon
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-05-12 22:46 UTC by Jason
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-05-13 22:04:03 UTC

Attachments (Terms of Use)

Description Jason 2005-05-12 22:46:48 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
Please release FC4 with firefox 1.0.4 which protects against:
MFSA 2005-44  Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. install rawhide

Additional info:

Comment 1 Zuirdj 2005-05-13 01:35:36 UTC
Not only security update: I can't browse to
because Firefox isn't upgraded... :-)

Comment 2 Christopher Aillon 2005-05-13 22:04:03 UTC
Please don't file bugs like this.  Rawhide is "at your own risk" which doesn't
guarantee packages are always updated.  Released versions always have priority
over rawhide in the system.  Anyway, this has already been built yesterday, but
rawhide hasn't picked it up yet.  It's lagging a little bit because of the
freeze for FC4.  I think it made it into the queue for tomorrow.

Note You need to log in before you can comment on or make changes to this bug.