Synopsis: Critical: firefox security update Issue date: 2007-10-19 CVE Names: CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially-crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially-crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) SL 3.0.x SRPMS: firefox-1.5.0.12-0.7.SL3.src.rpm i386: firefox-1.5.0.12-0.7.SL3.i386.rpm x86_64: firefox-1.5.0.12-0.7.SL3.i386.rpm firefox-1.5.0.12-0.7.SL3.x86_64.rpm SL 4.x SRPMS: firefox-1.5.0.12-0.7.el4.src.rpm i386: firefox-1.5.0.12-0.7.el4.i386.rpm x86_64: firefox-1.5.0.12-0.7.el4.i386.rpm firefox-1.5.0.12-0.7.el4.x86_64.rpm SL 5.x SRPMS: firefox-1.5.0.12-6.el5.src.rpm i386: firefox-1.5.0.12-6.el5.i386.rpm firefox-devel-1.5.0.12-6.el5.i386.rpm x86_64: firefox-1.5.0.12-6.el5.i386.rpm firefox-1.5.0.12-6.el5.x86_64.rpm firefox-devel-1.5.0.12-6.el5.i386.rpm firefox-devel-1.5.0.12-6.el5.x86_64.rpm -Connie Sieh -Troy Dawson