LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

July 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA July 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA Critical: firefox on SL5.x i386/x86_64
From:	Connie Sieh <[log in to unmask]>
Reply To:	Connie Sieh <[log in to unmask]>
Date:	Thu, 23 Jul 2009 14:13:44 -0500
Content-Type:	TEXT/PLAIN
Parts/Attachments:	TEXT/PLAIN (58 lines)

On Thu, 23 Jul 2009, Connie Sieh wrote:

> Synopsis:          Critical: firefox security update
>
> CVE Names:
>
> CVE-2009-2462 Mozilla Browser engine crashes
> CVE-2009-2463 Mozilla Base64 decoding crash
> CVE-2009-2464 Mozilla crash with multiple RDFs in XUL tree
> CVE-2009-2465 Mozilla double frame construction crashes
> CVE-2009-2466 Mozilla JavaScript engine crashes
> CVE-2009-2467 Mozilla remote code execution during Flash player unloading
> CVE-2009-2469 Mozilla remote code execution using watch and__defineSetter__ 
> on SVG element
> CVE-2009-2471 Mozilla setTimeout loses XPCNativeWrappers
> CVE-2009-2472 Mozilla multiple cross origin wrapper bypasses
>
> Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
> Runtime environment for Mozilla Firefox.
>
> Several flaws were found in the processing of malformed web content. A web
> page containing malicious content could cause Firefox to crash or,
> potentially, execute arbitrary code as the user running Firefox.
> (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, 
> CVE-2009-2467, CVE-2009-2469, CVE-2009-2471)
>
> Several flaws were found in the way Firefox handles malformed JavaScript
> code. A website containing malicious content could launch a cross-site
> scripting (XSS) attack or execute arbitrary JavaScript with the permissions 
> of another website. (CVE-2009-2472)
>
> SL5.x
>
> SRPM
> 	  firefox-3.0.12-1.el5_3.src.rpm
>
> i386
>
> 	firefox-3.0.12-1.el5_3.i386.rpm
         xulrunner-1.9.0.12-1.el5_3.i386.rpm
         xulrunner-devel-1.9.0.12-1.el5_3.i386.rpm
         xulrunner-devel-unstable-1.9.0.12-1.el5_3.i386.rpm
>
> x86_64
>
> 	 firefox-3.0.12-1.el5_3.i386.rpm
> 	 firefox-3.0.12-1.el5_3.x86_64.rpm
 	 xulrunner-1.9.0.12-1.el5_3.i386.rpm
 	 xulrunner-1.9.0.12-1.el5_3.x86_64.rpm
          xulrunner-devel-1.9.0.12-1.el5_3.i386.rpm
          xulrunner-devel-1.9.0.12-1.el5_3.x86_64.rpm
          xulrunner-devel-unstable-1.9.0.12-1.el5_3.x86_64.rpm
>

> --Connie Sieh
> --Troy Dawson
>

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV