Subject: | |
From: | |
Reply To: | |
Date: | Thu, 23 Jul 2009 14:09:58 -0500 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
Synopsis: Critical: firefox security update
CVE Names:
CVE-2009-2462 Mozilla Browser engine crashes
CVE-2009-2463 Mozilla Base64 decoding crash
CVE-2009-2464 Mozilla crash with multiple RDFs in XUL tree
CVE-2009-2465 Mozilla double frame construction crashes
CVE-2009-2466 Mozilla JavaScript engine crashes
CVE-2009-2467 Mozilla remote code execution during Flash player unloading
CVE-2009-2469 Mozilla remote code execution using watch and__defineSetter__ on
SVG element
CVE-2009-2471 Mozilla setTimeout loses XPCNativeWrappers
CVE-2009-2472 Mozilla multiple cross origin wrapper bypasses
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466,
CVE-2009-2467, CVE-2009-2469, CVE-2009-2471)
Several flaws were found in the way Firefox handles malformed JavaScript
code. A website containing malicious content could launch a cross-site
scripting (XSS) attack or execute arbitrary JavaScript with the permissions of
another website. (CVE-2009-2472)
SL5.x
SRPM
firefox-3.0.12-1.el5_3.src.rpm
i386
firefox-3.0.12-1.el5_3.i386.rpm
x86_64
firefox-3.0.12-1.el5_3.i386.rpm
firefox-3.0.12-1.el5_3.x86_64.rpm
--Connie Sieh
--Troy Dawson
|
|
|