Synopsis:	Critical: firefox security update
Issue date:	2009-04-21
CVE Names:	CVE-2009-0652 CVE-2009-1302 CVE-2009-1303
                   CVE-2009-1304 CVE-2009-1305 CVE-2009-1306
                   CVE-2009-1307 CVE-2009-1308 CVE-2009-1309
                   CVE-2009-1310 CVE-2009-1311 CVE-2009-1312


Several flaws were found in the processing of malformed web content. A 
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)

Several flaws were found in the way malformed web content was processed. 
A web page containing malicious content could execute arbitrary 
JavaScript in the context of the site, possibly presenting misleading 
data to a user, or stealing sensitive information such as login 
credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, 
CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)

A flaw was found in the way Firefox saved certain web pages to a local
file. If a user saved the inner frame of a web page containing POST 
data, the POST data could be revealed to the inner frame, possibly 
surrendering sensitive information such as login credentials. 
(CVE-2009-1311)

After installing the update, Firefox must be restarted for the changes 
to take effect.

SL 4.x

      SRPMS:
firefox-3.0.9-1.el4.src.rpm
      i386:
firefox-3.0.9-1.el4.i386.rpm
      x86_64:
firefox-3.0.9-1.el4.i386.rpm
firefox-3.0.9-1.el4.x86_64.rpm

SL 5.x

      SRPMS:
firefox-3.0.9-1.el5.src.rpm
xulrunner-1.9.0.9-1.el5.src.rpm
      i386:
firefox-3.0.9-1.el5.i386.rpm
xulrunner-1.9.0.9-1.el5.i386.rpm
xulrunner-devel-1.9.0.9-1.el5.i386.rpm
xulrunner-devel-unstable-1.9.0.9-1.el5.i386.rpm
      x86_64:
firefox-3.0.9-1.el5.i386.rpm
firefox-3.0.9-1.el5.x86_64.rpm
xulrunner-1.9.0.9-1.el5.i386.rpm
xulrunner-1.9.0.9-1.el5.x86_64.rpm
xulrunner-devel-1.9.0.9-1.el5.i386.rpm
xulrunner-devel-1.9.0.9-1.el5.x86_64.rpm
xulrunner-devel-unstable-1.9.0.9-1.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson