Subject: | |
From: | |
Reply To: | |
Date: | Thu, 23 Jul 2009 14:13:44 -0500 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
On Thu, 23 Jul 2009, Connie Sieh wrote:
> Synopsis: Critical: firefox security update
>
> CVE Names:
>
> CVE-2009-2462 Mozilla Browser engine crashes
> CVE-2009-2463 Mozilla Base64 decoding crash
> CVE-2009-2464 Mozilla crash with multiple RDFs in XUL tree
> CVE-2009-2465 Mozilla double frame construction crashes
> CVE-2009-2466 Mozilla JavaScript engine crashes
> CVE-2009-2467 Mozilla remote code execution during Flash player unloading
> CVE-2009-2469 Mozilla remote code execution using watch and__defineSetter__
> on SVG element
> CVE-2009-2471 Mozilla setTimeout loses XPCNativeWrappers
> CVE-2009-2472 Mozilla multiple cross origin wrapper bypasses
>
> Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
> Runtime environment for Mozilla Firefox.
>
> Several flaws were found in the processing of malformed web content. A web
> page containing malicious content could cause Firefox to crash or,
> potentially, execute arbitrary code as the user running Firefox.
> (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466,
> CVE-2009-2467, CVE-2009-2469, CVE-2009-2471)
>
> Several flaws were found in the way Firefox handles malformed JavaScript
> code. A website containing malicious content could launch a cross-site
> scripting (XSS) attack or execute arbitrary JavaScript with the permissions
> of another website. (CVE-2009-2472)
>
> SL5.x
>
> SRPM
> firefox-3.0.12-1.el5_3.src.rpm
>
> i386
>
> firefox-3.0.12-1.el5_3.i386.rpm
xulrunner-1.9.0.12-1.el5_3.i386.rpm
xulrunner-devel-1.9.0.12-1.el5_3.i386.rpm
xulrunner-devel-unstable-1.9.0.12-1.el5_3.i386.rpm
>
> x86_64
>
> firefox-3.0.12-1.el5_3.i386.rpm
> firefox-3.0.12-1.el5_3.x86_64.rpm
xulrunner-1.9.0.12-1.el5_3.i386.rpm
xulrunner-1.9.0.12-1.el5_3.x86_64.rpm
xulrunner-devel-1.9.0.12-1.el5_3.i386.rpm
xulrunner-devel-1.9.0.12-1.el5_3.x86_64.rpm
xulrunner-devel-unstable-1.9.0.12-1.el5_3.x86_64.rpm
>
> --Connie Sieh
> --Troy Dawson
>
|
|
|