Subject: | |
From: | |
Reply To: | |
Date: | Wed, 16 Dec 2009 13:25:37 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Critical: firefox security update
Issue date: 2009-12-16
CVE Names: CVE-2009-3979 CVE-2009-3981 CVE-2009-3983
CVE-2009-3984 CVE-2009-3985 CVE-2009-3986
Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)
A flaw was found in the Firefox NT Lan Manager (NTLM) authentication
protocol implementation. If an attacker could trick a local user that
has NTLM credentials into visiting a specially-crafted web page, they
could send arbitrary requests, authenticated with the user's NTLM
credentials, to other applications on the user's system. (CVE-2009-3983)
A flaw was found in the way Firefox displayed the SSL location bar
indicator. An attacker could create an unencrypted web page that appears
to be encrypted, possibly tricking the user into believing they are
visiting a secure page. (CVE-2009-3984)
A flaw was found in the way Firefox displayed blank pages after a user
navigates to an invalid address. If a user visits an attacker-controlled
web page that results in a blank page, the attacker could inject content
into that blank page, possibly tricking the user into believing they are
viewing a legitimate page. (CVE-2009-3985)
After installing the update, Firefox must be restarted for the changes
to take effect.
SL 4.x
SRPMS:
firefox-3.0.16-4.el4.src.rpm
i386:
firefox-3.0.16-4.el4.i386.rpm
x86_64:
firefox-3.0.16-4.el4.i386.rpm
firefox-3.0.16-4.el4.x86_64.rpm
SL 5.x
SRPMS:
firefox-3.0.16-1.el5_4.src.rpm
xulrunner-1.9.0.16-2.el5_4.src.rpm
i386:
firefox-3.0.16-1.el5_4.i386.rpm
xulrunner-1.9.0.16-2.el5_4.i386.rpm
xulrunner-devel-1.9.0.16-2.el5_4.i386.rpm
xulrunner-devel-unstable-1.9.0.16-2.el5_4.i386.rpm
x86_64:
firefox-3.0.16-1.el5_4.i386.rpm
firefox-3.0.16-1.el5_4.x86_64.rpm
xulrunner-1.9.0.16-2.el5_4.i386.rpm
xulrunner-1.9.0.16-2.el5_4.x86_64.rpm
xulrunner-devel-1.9.0.16-2.el5_4.i386.rpm
xulrunner-devel-1.9.0.16-2.el5_4.x86_64.rpm
xulrunner-devel-unstable-1.9.0.16-2.el5_4.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|