LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

April 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA April 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Critical: firefox security update on SL4.x, SL5.x, SL6.x i386/x86_64
From:	"Tyler L. Parsons" <[log in to unmask]>
Reply To:	Tyler L. Parsons
Date:	Fri, 29 Apr 2011 14:26:38 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (114 lines)

Synopsis: Critical: firefox security update
Issue date: 2011-04-28
CVE Names: CVE-2011-0065 CVE-2011-0066 CVE-2011-0067
                   CVE-2011-0069 CVE-2011-0070 CVE-2011-0071
                   CVE-2011-0072 CVE-2011-0073 CVE-2011-0074
                   CVE-2011-0075 CVE-2011-0077 CVE-2011-0078
                   CVE-2011-0080 CVE-2011-0081 CVE-2011-1202

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could possibly lead to arbitrary code
execution with the privileges of the user running Firefox. (CVE-2011-0080,
CVE-2011-0081)

An arbitrary memory write flaw was found in the way Firefox handled
out-of-memory conditions. If all memory was consumed when a user visited a
malicious web page, it could possibly lead to arbitrary code execution
with the privileges of the user running Firefox. (CVE-2011-0078)

An integer overflow flaw was found in the way Firefox handled the HTML
frameset tag. A web page with a frameset tag containing large values for
the "rows" and "cols" attributes could trigger this flaw, possibly leading
to arbitrary code execution with the privileges of the user running
Firefox. (CVE-2011-0077)

A flaw was found in the way Firefox handled the HTML iframe tag. A web page
with an iframe tag containing a specially-crafted source address could
trigger this flaw, possibly leading to arbitrary code execution with the
privileges of the user running Firefox. (CVE-2011-0075)

A flaw was found in the way Firefox displayed multiple marquee elements. A
malformed HTML document could cause Firefox to execute arbitrary code with
the privileges of the user running Firefox. (CVE-2011-0074)

A flaw was found in the way Firefox handled the nsTreeSelection element.
Malformed content could cause Firefox to execute arbitrary code with the
privileges of the user running Firefox. (CVE-2011-0073)

A use-after-free flaw was found in the way Firefox appended frame and
iframe elements to a DOM tree when the NoScript add-on was enabled.
Malicious HTML content could cause Firefox to execute arbitrary code with
the privileges of the user running Firefox. (CVE-2011-0072)

A directory traversal flaw was found in the Firefox resource:// protocol
handler. Malicious content could cause Firefox to access arbitrary files
accessible to the user running Firefox. (CVE-2011-0071)

A double free flaw was found in the way Firefox handled
"application/http-index-format" documents. A malformed HTTP response could
cause Firefox to execute arbitrary code with the privileges of the user
running Firefox. (CVE-2011-0070)

A flaw was found in the way Firefox handled certain JavaScript cross-domain
requests. If malicious content generated a large number of cross-domain
JavaScript requests, it could cause Firefox to execute arbitrary code with
the privileges of the user running Firefox. (CVE-2011-0069)

A flaw was found in the way Firefox displayed the autocomplete pop-up.
Malicious content could use this flaw to steal form history information.
(CVE-2011-0067)

Two use-after-free flaws were found in the Firefox mObserverList and
mChannel objects. Malicious content could use these flaws to execute
arbitrary code with the privileges of the user running Firefox.
(CVE-2011-0066, CVE-2011-0065)

A flaw was found in the Firefox XSLT generate-id() function. This function
returned the memory address of an object in memory, which could possibly be
used by attackers to bypass address randomization protections.
(CVE-2011-1202)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.17. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.17, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

SL 4.x
        i386:
firefox-3.6.17-2.el4.i386.rpm
        x86_64:
firefox-3.6.17-2.el4.i386.rpm

SL 5.x
        i386:
firefox-3.6.17-1.el5_6.i386.rpm
xulrunner-1.9.2.17-3.el5_6.i386.rpm
xulrunner-devel-1.9.2.17-3.el5_6.i386.rpm
        x86_64:
firefox-3.6.17-1.el5_6.i386.rpm
firefox-3.6.17-1.el5_6.x86_64.rpm
xulrunner-1.9.2.17-3.el5_6.i386.rpm
xulrunner-1.9.2.17-3.el5_6.x86_64.rpm
xulrunner-devel-1.9.2.17-3.el5_6.i386.rpm
xulrunner-devel-1.9.2.17-3.el5_6.x86_64.rpm

SL 6.x
        i386:
firefox-3.6.17-1.el6_0.i686.rpm
xulrunner-1.9.2.17-4.el6_0.i686.rpm
xulrunner-devel-1.9.2.17-4.el6_0.i686.rpm
        x86_64:
firefox-3.6.17-1.el6_0.x86_64.rpm
xulrunner-1.9.2.17-4.el6_0.i686.rpm
xulrunner-1.9.2.17-4.el6_0.x86_64.rpm
xulrunner-devel-1.9.2.17-4.el6_0.i686.rpm
xulrunner-devel-1.9.2.17-4.el6_0.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV