 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Wed, 28 Oct 2009 13:25:51 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Critical: firefox security update
Issue date: 2009-10-27
CVE Names: CVE-2009-1563 CVE-2009-3274 CVE-2009-3370
CVE-2009-3372 CVE-2009-3373 CVE-2009-3374
CVE-2009-3375 CVE-2009-3376 CVE-2009-3380
CVE-2009-3382
A flaw was found in the way Firefox handles form history. A malicious
web page could steal saved form data by synthesizing input events,
causing the browser to auto-fill form fields (which could then be read
by an attacker). (CVE-2009-3370)
A flaw was found in the way Firefox creates temporary file names for
downloaded files. If a local attacker knows the name of a file Firefox
is going to download, they can replace the contents of that file with
arbitrary contents. (CVE-2009-3274)
A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file
processor. If Firefox loads a malicious PAC file, it could crash Firefox
or, potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2009-3372)
A heap-based buffer overflow flaw was found in the Firefox GIF image
processor. A malicious GIF image could crash Firefox or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2009-3373)
A heap-based buffer overflow flaw was found in the Firefox string to
floating point conversion routines. A web page containing malicious
JavaScript could crash Firefox or, potentially, execute arbitrary code
with the privileges of the user running Firefox. (CVE-2009-1563)
A flaw was found in the way Firefox handles text selection. A malicious
website may be able to read highlighted text in a different domain (e.g.
another website the user is viewing), bypassing the same-origin policy.
(CVE-2009-3375)
A flaw was found in the way Firefox displays a right-to-left override
character when downloading a file. In these cases, the name displayed in
the title bar differs from the name displayed in the dialog body. An
attacker could use this flaw to trick a user into downloading a file
that has a file name or extension that differs from what the user
expected. (CVE-2009-3376)
Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382)
After installing the update, Firefox must be restarted for the changes
to take effect.
SL 4.x
SRPMS:
firefox-3.0.15-3.el4.src.rpm
nspr-4.7.6-1.el4_8.src.rpm
i386:
firefox-3.0.15-3.el4.i386.rpm
nspr-4.7.6-1.el4_8.i386.rpm
nspr-devel-4.7.6-1.el4_8.i386.rpm
x86_64:
firefox-3.0.15-3.el4.i386.rpm
firefox-3.0.15-3.el4.x86_64.rpm
nspr-4.7.6-1.el4_8.i386.rpm
nspr-4.7.6-1.el4_8.x86_64.rpm
nspr-devel-4.7.6-1.el4_8.x86_64.rpm
SL 5.x
SRPMS:
firefox-3.0.15-3.el5_4.src.rpm
nspr-4.7.6-1.el5_4.src.rpm
xulrunner-1.9.0.15-3.el5_4.src.rpm
i386:
firefox-3.0.15-3.el5_4.i386.rpm
nspr-4.7.6-1.el5_4.i386.rpm
nspr-devel-4.7.6-1.el5_4.i386.rpm
xulrunner-1.9.0.15-3.el5_4.i386.rpm
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm
xulrunner-devel-unstable-1.9.0.15-3.el5_4.i386.rpm
x86_64:
firefox-3.0.15-3.el5_4.i386.rpm
firefox-3.0.15-3.el5_4.x86_64.rpm
nspr-4.7.6-1.el5_4.i386.rpm
nspr-4.7.6-1.el5_4.x86_64.rpm
nspr-devel-4.7.6-1.el5_4.i386.rpm
nspr-devel-4.7.6-1.el5_4.x86_64.rpm
xulrunner-1.9.0.15-3.el5_4.i386.rpm
xulrunner-1.9.0.15-3.el5_4.x86_64.rpm
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm
xulrunner-devel-1.9.0.15-3.el5_4.x86_64.rpm
xulrunner-devel-unstable-1.9.0.15-3.el5_4.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
