The new java 3.6.x does not use the old java plugin, only the new java
plugin. As a result, we had to update java-1.6.0-sun-compat to put both
the old and the new java plugin into the correct plugin areas.
This new java-1.6.0-sun-compat will work with both the old firefox
(3.0.x) and the new firefox (3.6.x)
Dependancies:
SRPMS:
java-1.6.0-sun-compat-1.6.0.20-3.sl4.jpp.src.rpm
i386:
java-1.6.0-sun-compat-1.6.0.20-3.sl4.jpp.i586.rpm
x86_64:
java-1.6.0-sun-compat-1.6.0.20-3.sl4.jpp.i586.rpm
Thanks
Troy
On 06/24/2010 06:48 AM, Troy J Dawson wrote:
> Synopsis: Critical: firefox security, bug fix, and enhancement update
> Issue date: 2010-06-22
> CVE Names: CVE-2008-5913 CVE-2010-0182 CVE-2010-1121
> CVE-2010-1125 CVE-2010-1196 CVE-2010-1197
> CVE-2010-1198 CVE-2010-1199 CVE-2010-1200
> CVE-2010-1202 CVE-2010-1203
>
> Several flaws were found in the processing of malformed web content. A
> web page containing malicious content could cause Firefox to crash or,
> potentially, execute arbitrary code with the privileges of the user
> running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,
> CVE-2010-1203)
>
> A flaw was found in the way browser plug-ins interact. It was possible
> for a plug-in to reference the freed memory from a different plug-in,
> resulting in the execution of arbitrary code with the privileges of the
> user running Firefox. (CVE-2010-1198)
>
> Several integer overflow flaws were found in the processing of malformed
> web content. A web page containing malicious content could cause Firefox
> to crash or, potentially, execute arbitrary code with the privileges of
> the user running Firefox. (CVE-2010-1196, CVE-2010-1199)
>
> A focus stealing flaw was found in the way Firefox handled focus
> changes. A malicious website could use this flaw to steal sensitive data
> from a user, such as usernames and passwords. (CVE-2010-1125)
>
> A flaw was found in the way Firefox handled the "Content-Disposition:
> attachment" HTTP header when the "Content-Type: multipart" HTTP header
> was also present. A website that allows arbitrary uploads and relies on
> the "Content-Disposition: attachment" HTTP header to prevent content
> from being displayed inline, could be used by an attacker to serve
> malicious content to users. (CVE-2010-1197)
>
> A flaw was found in the Firefox Math.random() function. This function
> could be used to identify a browsing session and track a user across
> different websites. (CVE-2008-5913)
>
> A flaw was found in the Firefox XML document loading security checks.
> Certain security checks were not being called when an XML document was
> loaded. This could possibly be leveraged later by an attacker to load
> certain resources that violate the security policies of the browser or
> its add-ons. Note that this issue cannot be exploited by only loading an
> XML document. (CVE-2010-0182)
>
> This erratum upgrades Firefox from version 3.0.19 to version 3.6.4, and
> as such, contains multiple bug fixes and numerous enhancements. Space
> precludes documenting these changes in this advisory.
>
> Important: Firefox 3.6.4 is not completely backwards-compatible with all
> Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19.
> Firefox 3.6 checks compatibility on first-launch, and, depending on the
> individual configuration and the installed Add-ons and plug-ins, may
> disable said Add-ons and plug-ins, or attempt to check for updates and
> upgrade them. Add-ons and plug-ins may have to be manually updated.
>
> After installing the update, Firefox must be restarted for the changes
> to take effect.
>
> SL 4.x
>
> SRPMS:
> firefox-3.6.4-8.el4.src.rpm
> i386:
> firefox-3.6.4-8.el4.i386.rpm
> x86_64:
> firefox-3.6.4-8.el4.i386.rpm
> firefox-3.6.4-8.el4.x86_64.rpm
>
> -Connie Sieh
> -Troy Dawson
>
>
>
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/LSCS/CSI/USS Group
__________________________________________________
|
