Synopsis: Critical: firefox security update
Issue date: 2010-07-23
CVE Names: CVE-2010-2755
An invalid free flaw was found in Firefox's plugin handler. Malicious
web content could result in an invalid memory pointer being freed,
causing Firefox to crash or, potentially, execute arbitrary code with
the privileges of the user running the Firefox application. (CVE-2010-2755)
After installing the update, Firefox must be restarted for the changes
to take effect.
SL 4.x
SRPMS:
firefox-3.6.7-3.el4.src.rpm
i386:
firefox-3.6.7-3.el4.i386.rpm
x86_64:
firefox-3.6.7-3.el4.i386.rpm
firefox-3.6.7-3.el4.x86_64.rpm
SL 5.x
SRPMS:
firefox-3.6.7-3.el5.src.rpm
xulrunner-1.9.2.7-3.el5.src.rpm
i386:
firefox-3.6.7-3.el5.i386.rpm
xulrunner-1.9.2.7-3.el5.i386.rpm
xulrunner-devel-1.9.2.7-3.el5.i386.rpm
x86_64:
firefox-3.6.7-3.el5.i386.rpm
firefox-3.6.7-3.el5.x86_64.rpm
xulrunner-1.9.2.7-3.el5.i386.rpm
xulrunner-1.9.2.7-3.el5.x86_64.rpm
xulrunner-devel-1.9.2.7-3.el5.i386.rpm
xulrunner-devel-1.9.2.7-3.el5.x86_64.rpm
-Connie Sieh
-Troy Dawson