Hello

On Wed, May 04, 2005 at 04:51:46PM -0500, Connie Sieh wrote:
> On Wed, 4 May 2005, Connie Sieh wrote:
> 
> > The following ERRATA for SL 302/303/304 i386 are now available from:
> > ftp://ftp.scientificlinux.org/linux/scientific/302/i386/errata/SL/RPMS/
> > ftp://ftp.scientificlinux.org/linux/scientific/303/i386/errata/SL/RPMS/
> > ftp://ftp.scientificlinux.org/linux/scientific/304/i386/errata/SL/RPMS/
> >  
> > Synopsis:          Important: Mozilla security update
> > Advisory ID:       RHSA-2005:384-01
> > CVE Names:         CAN-2004-1156 CAN-2005-0142 CAN-2005-0143 CAN-2005-0146
> > CAN-2005-0231 CAN-2005-0232 CAN-2005-0233 CAN-2005-0401 CAN-2005-0527
> > CAN-2005-0578 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588
> > CAN-2005-0590 CAN-2005-0591 CAN-2005-0593 CAN-2005-0989 CAN-2005-1153
> > CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1159
> > CAN-2005-1160
> > 
> >   mozilla-1.7.7-1.1.3.4.SL.i386.rpm
> >   mozilla-chat-1.7.7-1.1.3.4.SL.i386.rpm
> >   mozilla-devel-1.7.7-1.1.3.4.SL.i386.rpm
> >   mozilla-dom-inspector-1.7.7-1.1.3.4.SL.i386.rpm
> >   mozilla-js-debugger-1.7.7-1.1.3.4.SL.i386.rpm
> >   mozilla-mail-1.7.7-1.1.3.4.SL.i386.rpm
> >   mozilla-nspr-1.7.7-1.1.3.4.SL.i386.rpm
> >   mozilla-nspr-devel-1.7.7-1.1.3.4.SL.i386.rpm
> >   mozilla-nss-1.7.7-1.1.3.4.SL.i386.rpm
> >   mozilla-nss-devel-1.7.7-1.1.3.4.SL.i386.rpm

I think there may be a package problem with these packages.  Mozilla got
updated with our nightly software update and

/usr/lib/mozilla-1.7.7/greprefs and
/usr/lib/mozilla-1.7.7/init.d

had root ownership with mode 700.  Which makes mozilla act quite oddly
for non-root users.  Our yum updater ran with umask 077, so the
permissions for those directories aren't explicit I would guess.