beartooth wrote: > The most recent version of this document can be found at: > > > <http://www.us-cert.gov/cas/techalerts/TA06-038A.html> [snip] That link describes two issues: CVE-2006-0296 CVE-2006-0295 CVE-2006-0296 is fixed in firefox-1.0.7-1.2.fc4. [whooper@token i386]$ rpm -qp --changelog firefox-1.0.7-1.2.fc4.i386.rpm | head -4 warning: firefox-1.0.7-1.2.fc4.i386.rpm: V3 DSA signature: NOKEY, key ID 4f2a6fd2 * Sun Jan 29 2006 Christopher Aillon <caillon@xxxxxxxxxx> 0:1.0.7-1.2.fc4 - Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296 According to Mozilla, version 1.0.x isn't vulnerable to CVE-2006-0295. http://www.mozilla.org/security/announce/mfsa2006-04.html -- William Hooper
