Synopsis:	Critical: firefox security update
Issue date:	2010-02-17
CVE Names:	CVE-2009-1571 CVE-2009-3988 CVE-2010-0159
                  CVE-2010-0160 CVE-2010-0162

CVE-2010-0159 Mozilla crashes with evidence of memory corruption (MFSA
2010-01)
CVE-2010-0160 Mozilla implementation of Web Workers can lead to crash
with evidence of memory corruption (MFSA 2010-02)
CVE-2009-1571 Mozilla incorrectly frees used memory (MFSA 2010-03)
CVE-2009-3988 Mozilla violation of same-origin policy due to properties
set on objects passed to showModalDialog (MFSA 2010-04)
CVE-2010-0162 Mozilla bypass of same-origin policy due to improper SVG
document processing (MFSA 2010-05)

A use-after-free flaw was found in Firefox. Under low memory conditions,
visiting a web page containing malicious content could result in Firefox
executing arbitrary code with the privileges of the user running
Firefox. (CVE-2009-1571)

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2010-0159, CVE-2010-0160)

Two flaws were found in the way certain content was processed. An
attacker could use these flaws to create a malicious web page that could
bypass the same-origin policy, or possibly run untrusted JavaScript.
(CVE-2009-3988, CVE-2010-0162)

After installing the update, Firefox must be restarted for the changes
to take effect.

SL 4.x

       SRPMS:
firefox-3.0.18-1.el4.src.rpm
       i386:
firefox-3.0.18-1.el4.i386.rpm
       x86_64:
firefox-3.0.18-1.el4.i386.rpm
firefox-3.0.18-1.el4.x86_64.rpm

SL 5.x

       SRPMS:
firefox-3.0.18-1.el5_4.src.rpm
xulrunner-1.9.0.18-1.el5_4.src.rpm
       i386:
firefox-3.0.18-1.el5_4.i386.rpm
       x86_64:
firefox-3.0.18-1.el5_4.i386.rpm
firefox-3.0.18-1.el5_4.x86_64.rpm

-Connie Sieh
-Troy Dawson