LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

February 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA February 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Critical: firefox on SL5.x, SL6.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	Pat Riehecky <[log in to unmask]>
Date:	Wed, 20 Feb 2013 13:16:36 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (119 lines)

Synopsis:          Critical: firefox security update
Issue Date:        2013-02-19
CVE Numbers:       CVE-2013-0783
                    CVE-2013-0775
                    CVE-2013-0776
                    CVE-2013-0780
                    CVE-2013-0782
--

Several flaws were found in the processing of malformed web content. A 
web page
containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783)

It was found that, after canceling a proxy server's authentication 
prompt, the
address bar continued to show the requested site's address. An attacker 
could
use this flaw to conduct phishing attacks by tricking a user into believing
they are viewing a trusted site. (CVE-2013-0776)

Note that due to a Kerberos credentials change, the following configuration
steps may be required when using Firefox 17.0.3 ESR with the Enterprise
Identity Management (IPA) web interface:

Important: Firefox 17 is not completely backwards-compatible with all 
Mozilla
add-ons and Firefox plug-ins that worked with Firefox 10.0. Firefox 17 
checks
compatibility on first-launch, and, depending on the individual 
configuration
and the installed add-ons and plug-ins, may disable said Add-ons and 
plug-ins,
or attempt to check for updates and upgrade them. Add-ons and plug-ins 
may have
to be manually updated.

After installing the update, Firefox must be restarted for the changes to
take effect.
--

SL5
   x86_64
     devhelp-0.12-23.el5_9.i386.rpm
     devhelp-0.12-23.el5_9.x86_64.rpm
     devhelp-debuginfo-0.12-23.el5_9.i386.rpm
     devhelp-debuginfo-0.12-23.el5_9.x86_64.rpm
     firefox-17.0.3-1.el5_9.i386.rpm
     firefox-17.0.3-1.el5_9.x86_64.rpm
     firefox-debuginfo-17.0.3-1.el5_9.i386.rpm
     firefox-debuginfo-17.0.3-1.el5_9.x86_64.rpm
     xulrunner-17.0.3-1.el5_9.i386.rpm
     xulrunner-17.0.3-1.el5_9.x86_64.rpm
     xulrunner-debuginfo-17.0.3-1.el5_9.i386.rpm
     xulrunner-debuginfo-17.0.3-1.el5_9.x86_64.rpm
     yelp-2.16.0-30.el5_9.x86_64.rpm
     yelp-debuginfo-2.16.0-30.el5_9.x86_64.rpm
     devhelp-devel-0.12-23.el5_9.i386.rpm
     devhelp-devel-0.12-23.el5_9.x86_64.rpm
     xulrunner-devel-17.0.3-1.el5_9.i386.rpm
     xulrunner-devel-17.0.3-1.el5_9.x86_64.rpm
   i386
     devhelp-0.12-23.el5_9.i386.rpm
     devhelp-debuginfo-0.12-23.el5_9.i386.rpm
     firefox-17.0.3-1.el5_9.i386.rpm
     firefox-debuginfo-17.0.3-1.el5_9.i386.rpm
     xulrunner-17.0.3-1.el5_9.i386.rpm
     xulrunner-debuginfo-17.0.3-1.el5_9.i386.rpm
     yelp-2.16.0-30.el5_9.i386.rpm
     yelp-debuginfo-2.16.0-30.el5_9.i386.rpm
     devhelp-devel-0.12-23.el5_9.i386.rpm
     xulrunner-devel-17.0.3-1.el5_9.i386.rpm
SL6
   x86_64
     firefox-17.0.3-1.el6_3.i686.rpm
     firefox-17.0.3-1.el6_3.x86_64.rpm
     firefox-debuginfo-17.0.3-1.el6_3.i686.rpm
     firefox-debuginfo-17.0.3-1.el6_3.x86_64.rpm
     libproxy-0.3.0-4.el6_3.i686.rpm
     libproxy-0.3.0-4.el6_3.x86_64.rpm
     libproxy-bin-0.3.0-4.el6_3.x86_64.rpm
     libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm
     libproxy-debuginfo-0.3.0-4.el6_3.x86_64.rpm
     libproxy-python-0.3.0-4.el6_3.x86_64.rpm
     xulrunner-17.0.3-1.el6_3.i686.rpm
     xulrunner-17.0.3-1.el6_3.x86_64.rpm
     xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm
     xulrunner-debuginfo-17.0.3-1.el6_3.x86_64.rpm
     yelp-2.28.1-17.el6_3.x86_64.rpm
     yelp-debuginfo-2.28.1-17.el6_3.x86_64.rpm
     libproxy-devel-0.3.0-4.el6_3.i686.rpm
     libproxy-devel-0.3.0-4.el6_3.x86_64.rpm
     libproxy-gnome-0.3.0-4.el6_3.x86_64.rpm
     libproxy-kde-0.3.0-4.el6_3.x86_64.rpm
     libproxy-mozjs-0.3.0-4.el6_3.x86_64.rpm
     libproxy-webkit-0.3.0-4.el6_3.x86_64.rpm
     xulrunner-devel-17.0.3-1.el6_3.i686.rpm
     xulrunner-devel-17.0.3-1.el6_3.x86_64.rpm
   i386
     firefox-17.0.3-1.el6_3.i686.rpm
     firefox-debuginfo-17.0.3-1.el6_3.i686.rpm
     libproxy-0.3.0-4.el6_3.i686.rpm
     libproxy-bin-0.3.0-4.el6_3.i686.rpm
     libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm
     libproxy-python-0.3.0-4.el6_3.i686.rpm
     xulrunner-17.0.3-1.el6_3.i686.rpm
     xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm
     yelp-2.28.1-17.el6_3.i686.rpm
     yelp-debuginfo-2.28.1-17.el6_3.i686.rpm
     libproxy-devel-0.3.0-4.el6_3.i686.rpm
     libproxy-gnome-0.3.0-4.el6_3.i686.rpm
     libproxy-kde-0.3.0-4.el6_3.i686.rpm
     libproxy-mozjs-0.3.0-4.el6_3.i686.rpm
     libproxy-webkit-0.3.0-4.el6_3.i686.rpm
     xulrunner-devel-17.0.3-1.el6_3.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV