Synopsis: Critical: firefox security update Issue date: 2009-03-27 CVE Names: CVE-2009-1044 CVE-2009-1169 A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) For Scientific Linux 4, they contain backported patches to the firefox package. For Scientific Linux 5, they contain backported patches to the xulrunner packages. XULRunner provides the XUL Runtime environment for Mozilla Firefox. After installing the update, Firefox must be restarted for the changes to take effect. SL 4.x SRPMS: firefox-3.0.7-3.el4.src.rpm i386: firefox-3.0.7-3.el4.i386.rpm x86_64: firefox-3.0.7-3.el4.i386.rpm firefox-3.0.7-3.el4.x86_64.rpm SL 5.x SRPMS: xulrunner-1.9.0.7-3.el5.src.rpm i386: xulrunner-1.9.0.7-3.el5.i386.rpm xulrunner-devel-1.9.0.7-3.el5.i386.rpm xulrunner-devel-unstable-1.9.0.7-3.el5.i386.rpm x86_64: xulrunner-1.9.0.7-3.el5.i386.rpm xulrunner-1.9.0.7-3.el5.x86_64.rpm xulrunner-devel-1.9.0.7-3.el5.i386.rpm xulrunner-devel-1.9.0.7-3.el5.x86_64.rpm xulrunner-devel-unstable-1.9.0.7-3.el5.x86_64.rpm -Connie Sieh -Troy Dawson