 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Mon, 30 Mar 2009 16:35:52 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Critical: firefox security update
Issue date: 2009-03-27
CVE Names: CVE-2009-1044 CVE-2009-1169
A memory corruption flaw was discovered in the way Firefox handles XML
files containing an XSLT transform. A remote attacker could use this
flaw to crash Firefox or, potentially, execute arbitrary code as the
user running Firefox. (CVE-2009-1169)
A flaw was discovered in the way Firefox handles certain XUL garbage
collection events. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1044)
For Scientific Linux 4, they contain backported patches to the firefox
package. For Scientific Linux 5, they contain backported patches to the
xulrunner packages. XULRunner provides the XUL Runtime environment for
Mozilla Firefox. After installing the update, Firefox must be restarted
for the changes to take effect.
SL 4.x
SRPMS:
firefox-3.0.7-3.el4.src.rpm
i386:
firefox-3.0.7-3.el4.i386.rpm
x86_64:
firefox-3.0.7-3.el4.i386.rpm
firefox-3.0.7-3.el4.x86_64.rpm
SL 5.x
SRPMS:
xulrunner-1.9.0.7-3.el5.src.rpm
i386:
xulrunner-1.9.0.7-3.el5.i386.rpm
xulrunner-devel-1.9.0.7-3.el5.i386.rpm
xulrunner-devel-unstable-1.9.0.7-3.el5.i386.rpm
x86_64:
xulrunner-1.9.0.7-3.el5.i386.rpm
xulrunner-1.9.0.7-3.el5.x86_64.rpm
xulrunner-devel-1.9.0.7-3.el5.i386.rpm
xulrunner-devel-1.9.0.7-3.el5.x86_64.rpm
xulrunner-devel-unstable-1.9.0.7-3.el5.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
