7.5 - USN-149-3

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

mozilla-firefox mozilla-firefox-locale-ca mozilla-firefox-locale-de mozilla-firefox-locale-es mozilla-firefox-locale-fr mozilla-firefox-locale-it mozilla-firefox-locale-ja mozilla-firefox-locale-nb mozilla-firefox-locale-pl mozilla-firefox-locale-tr mozilla-firefox-locale-uk

The problem can be corrected by upgrading the affected package to version 1.0.6-0ubuntu0.0.1 (mozilla-firefox) and 1.0.6-0ubuntu0.1 (mozilla-firefox-locale-... packages).

Please note that the new version does not work with the already existing translation packages (mozilla-firefox-locale-...). New packages have been provided which are compatible to the new Firefox version of this security update, so they need to be upgraded as well (a standard system upgrade will take care of this).

After a standard system upgrade you need to restart Firefox to effect the necessary changes.

We apologize for the huge delay of this update; we changed our update strategy for Mozilla products to make sure that such long delays will not happen again.

Details follow:

USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10 (Warty Warthog) is also vulnerable to these flaws, so it needs to be upgraded as well. Please see

http://www.ubuntulinux.org/support/documentation/usn/usn-149-1

for the original advisory.

This update also fixes several older vulnerabilities; Some of them could be exploited to execute arbitrary code with full user privileges if the user visited a malicious web site. (MFSA-2005-01 to MFSA-2005-44; please see the following web site for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html)