The new java 3.6.x does not use the old java plugin, only the new java 
plugin.  As a result, we had to update java-1.6.0-sun-compat to put both 
the old and the new java plugin into the correct plugin areas.
This new java-1.6.0-sun-compat will work with both the old firefox 
(3.0.x) and the new firefox (3.6.x)

Dependancies:
   SRPMS:
java-1.6.0-sun-compat-1.6.0.20-3.sl5.jpp.src.rpm
   i386:
java-1.6.0-sun-compat-1.6.0.20-3.sl5.jpp.i586.rpm
   x86_64:
java-1.6.0-sun-compat-1.6.0.20-3.sl5.jpp.i586.rpm
java-1.6.0-sun-compat-1.6.0.20-3.sl5.jpp.x86_64.rpm

Thanks
Troy

On 06/23/2010 10:54 AM, Troy J Dawson wrote:
> Synopsis:	Critical: firefox security, bug fix, and enhancement update
> Issue date:	2010-06-22
> CVE Names:	CVE-2008-5913 CVE-2010-0182 CVE-2010-1121
>                     CVE-2010-1125 CVE-2010-1196 CVE-2010-1197
>                     CVE-2010-1198 CVE-2010-1199 CVE-2010-1200
>                     CVE-2010-1202 CVE-2010-1203
>
> Several flaws were found in the processing of malformed web content. A
> web page containing malicious content could cause Firefox to crash or,
> potentially, execute arbitrary code with the privileges of the user
> running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202,
> CVE-2010-1203)
>
> A flaw was found in the way browser plug-ins interact. It was possible
> for a plug-in to reference the freed memory from a different plug-in,
> resulting in the execution of arbitrary code with the privileges of the
> user running Firefox. (CVE-2010-1198)
>
> Several integer overflow flaws were found in the processing of malformed
> web content. A web page containing malicious content could cause Firefox
> to crash or, potentially, execute arbitrary code with the privileges of
> the user running Firefox. (CVE-2010-1196, CVE-2010-1199)
>
> A focus stealing flaw was found in the way Firefox handled focus
> changes. A malicious website could use this flaw to steal sensitive data
> from a user, such as usernames and passwords. (CVE-2010-1125)
>
> A flaw was found in the way Firefox handled the "Content-Disposition:
> attachment" HTTP header when the "Content-Type: multipart" HTTP header
> was also present. A website that allows arbitrary uploads and relies on
> the "Content-Disposition: attachment" HTTP header to prevent content
> from being displayed inline, could be used by an attacker to serve
> malicious content to users. (CVE-2010-1197)
>
> A flaw was found in the Firefox Math.random() function. This function
> could be used to identify a browsing session and track a user across
> different websites. (CVE-2008-5913)
>
> A flaw was found in the Firefox XML document loading security checks.
> Certain security checks were not being called when an XML document was
> loaded. This could possibly be leveraged later by an attacker to load
> certain resources that violate the security policies of the browser or
> its add-ons. Note that this issue cannot be exploited by only loading an
> XML document. (CVE-2010-0182)
>
> This erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due
> to the requirements of Firefox 3.6.4, this erratum also provides a
> number of other updated packages, including esc, totem, and yelp.
>
> This erratum also contains multiple bug fixes and numerous enhancements.
> Space precludes documenting these changes in this advisory.
>
> Important: Firefox 3.6.4 is not completely backwards-compatible with all
> Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19.
> Firefox 3.6 checks compatibility on first-launch, and, depending on the
> individual configuration and the installed Add-ons and plug-ins, may
> disable said Add-ons and plug-ins, or attempt to check for updates and
> upgrade them. Add-ons and plug-ins may have to be manually updated.
>
> After installing the update, Firefox must be restarted for the changes
> to take effect.
>
> SL 5.x
>
>       SRPMS:
> devhelp-0.12-21.el5.src.rpm
> esc-1.1.0-12.el5.src.rpm
> firefox-3.6.4-8.el5.src.rpm
> gnome-python2-extras-2.14.2-7.el5.src.rpm
> totem-2.16.7-7.el5.src.rpm
> xulrunner-1.9.2.4-9.el5.src.rpm
> yelp-2.16.0-26.el5.src.rpm
>       i386:
> devhelp-0.12-21.el5.i386.rpm
> devhelp-devel-0.12-21.el5.i386.rpm
> esc-1.1.0-12.el5.i386.rpm
> firefox-3.6.4-8.el5.i386.rpm
> gnome-python2-extras-2.14.2-7.el5.i386.rpm
> gnome-python2-gtkhtml2-2.14.2-7.el5.i386.rpm
> gnome-python2-gtkmozembed-2.14.2-7.el5.i386.rpm
> gnome-python2-gtkspell-2.14.2-7.el5.i386.rpm
> gnome-python2-libegg-2.14.2-7.el5.i386.rpm
> totem-2.16.7-7.el5.i386.rpm
> totem-devel-2.16.7-7.el5.i386.rpm
> totem-mozplugin-2.16.7-7.el5.i386.rpm
> xulrunner-1.9.2.4-9.el5.i386.rpm
> xulrunner-devel-1.9.2.4-9.el5.i386.rpm
> yelp-2.16.0-26.el5.i386.rpm
>       x86_64:
> devhelp-0.12-21.el5.i386.rpm
> devhelp-0.12-21.el5.x86_64.rpm
> devhelp-devel-0.12-21.el5.i386.rpm
> devhelp-devel-0.12-21.el5.x86_64.rpm
> esc-1.1.0-12.el5.x86_64.rpm
> firefox-3.6.4-8.el5.i386.rpm
> firefox-3.6.4-8.el5.x86_64.rpm
> gnome-python2-extras-2.14.2-7.el5.x86_64.rpm
> gnome-python2-gtkhtml2-2.14.2-7.el5.x86_64.rpm
> gnome-python2-gtkmozembed-2.14.2-7.el5.x86_64.rpm
> gnome-python2-gtkspell-2.14.2-7.el5.x86_64.rpm
> gnome-python2-libegg-2.14.2-7.el5.x86_64.rpm
> totem-2.16.7-7.el5.i386.rpm
> totem-2.16.7-7.el5.x86_64.rpm
> totem-devel-2.16.7-7.el5.i386.rpm
> totem-devel-2.16.7-7.el5.x86_64.rpm
> totem-mozplugin-2.16.7-7.el5.x86_64.rpm
> xulrunner-1.9.2.4-9.el5.i386.rpm
> xulrunner-1.9.2.4-9.el5.x86_64.rpm
> xulrunner-devel-1.9.2.4-9.el5.i386.rpm
> xulrunner-devel-1.9.2.4-9.el5.x86_64.rpm
> yelp-2.16.0-26.el5.x86_64.rpm
>
> -Connie Sieh
> -Troy Dawson


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LSCS/CSI/USS Group
__________________________________________________