Mozilla Suite/Firefox HTTP Authentication Dialogs Tab Focus Vulnerability

Mozilla Suite/Firefox HTTP Authentication Dialogs Tab Focus Vulnerability

Solution:
The vendor has released upgrades for Firefox dealing with this issue. Mozilla has reported that a pending release of Mozilla Suite 1.7.6 will be released dealing with this issue in the near future. This BID will be updated upon release.

Gentoo has released an advisory (GLSA 200503-10) and updated eBuilds to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser:

For Firefox users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0.1"

For Firefox binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0.1"

Fedora advisory FEDORA-2005-249 is available to address this issue in Mozilla browser for Fedora Core 3. Please see the referenced advisory for more information.

Gentoo has released advisory GLSA 200503-30 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

Mozilla Suite users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.6"

Mozilla Suite binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.6"

SGI has released an advisory 20050501-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information.

It was reported that the K-Meleon engine can be upgraded with Mozilla Suite 1.7.7 nightly version. This has not been confirmed.

RedHat Fedora Legacy has released advisory FLSA:152883 addressing this and other issues for RedHat Linux 7.3, 9 and for Fedora Core 1 and Core 2. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Netscape Browser 8.0 has been released to address various security issues. Please see the vendor advisory in Web references for more information.

HP advisory HPSBUX01133 (SSRT5940 rev.1 - HP-UX Mozilla remote, unauthorized user may execute privileged code) is available to address various issues affecting Mozilla. Please see the referenced advisory for more information.

Mozilla Firefox 0.10

Mozilla Firefox 1.0.1
http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.10.1

Mozilla Firefox 1.0.1
http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.8

Mozilla Firefox 1.0.1
http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9

Mozilla Firefox 1.0.1
http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9 rc

Mozilla Firefox 1.0.1
http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.1

Mozilla Firefox 1.0.1
http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.2

Mozilla Firefox 1.0.1
http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.3

Mozilla Firefox 1.0.1
http://www.mozilla.org/products/firefox/

Mozilla Firefox 1.0

Mozilla Firefox 1.0.1
http://www.mozilla.org/products/firefox/

Mozilla Browser 1.7.3

Fedora mozilla-1.7.6-1.3.2.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-1.7.6-1.3.2.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-chat-1.7.6-1.3.2.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-chat-1.7.6-1.3.2.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-debuginfo-1.7.6-1.3.2.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-debuginfo-1.7.6-1.3.2.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-devel-1.7.6-1.3.2.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-devel-1.7.6-1.3.2.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-dom-inspector-1.7.6-1.3.2.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-dom-inspector-1.7.6-1.3.2.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-js-debugger-1.7.6-1.3.2.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-js-debugger-1.7.6-1.3.2.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-mail-1.7.6-1.3.2.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-mail-1.7.6-1.3.2.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-nspr-1.7.6-1.3.2.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-nspr-1.7.6-1.3.2.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-nspr-devel-1.7.6-1.3.2.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-nspr-devel-1.7.6-1.3.2.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-nss-1.7.6-1.3.2.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-nss-1.7.6-1.3.2.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-nss-devel-1.7.6-1.3.2.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora mozilla-nss-devel-1.7.6-1.3.2.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/