Synopsis: Critical: firefox security update Issue date: 2008-07-16 CVE Names: CVE-2008-2785 CVE-2008-2933 An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious web site could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933) SL 5.x SRPMS: devhelp-0.12-18.el5.src.rpm firefox-3.0.1-1.el5.src.rpm xulrunner-1.9.0.1-1.el5.src.rpm yelp-2.16.0-20.el5.src.rpm i386: devhelp-0.12-18.el5.i386.rpm devhelp-devel-0.12-18.el5.i386.rpm firefox-3.0.1-1.el5.i386.rpm xulrunner-1.9.0.1-1.el5.i386.rpm xulrunner-devel-1.9.0.1-1.el5.i386.rpm xulrunner-devel-unstable-1.9.0.1-1.el5.i386.rpm yelp-2.16.0-20.el5.i386.rpm x86_64: devhelp-0.12-18.el5.i386.rpm devhelp-0.12-18.el5.x86_64.rpm devhelp-devel-0.12-18.el5.i386.rpm devhelp-devel-0.12-18.el5.x86_64.rpm firefox-3.0.1-1.el5.i386.rpm firefox-3.0.1-1.el5.x86_64.rpm xulrunner-1.9.0.1-1.el5.i386.rpm xulrunner-1.9.0.1-1.el5.x86_64.rpm xulrunner-devel-1.9.0.1-1.el5.i386.rpm xulrunner-devel-1.9.0.1-1.el5.x86_64.rpm xulrunner-devel-unstable-1.9.0.1-1.el5.x86_64.rpm yelp-2.16.0-20.el5.x86_64.rpm -Connie Sieh -Troy Dawson