Synopsis: Critical: firefox security update CVE Names: CVE-2009-2462 Mozilla Browser engine crashes CVE-2009-2463 Mozilla Base64 decoding crash CVE-2009-2464 Mozilla crash with multiple RDFs in XUL tree CVE-2009-2465 Mozilla double frame construction crashes CVE-2009-2466 Mozilla JavaScript engine crashes CVE-2009-2467 Mozilla remote code execution during Flash player unloading CVE-2009-2469 Mozilla remote code execution using watch and__defineSetter__ on SVG element CVE-2009-2471 Mozilla setTimeout loses XPCNativeWrappers CVE-2009-2472 Mozilla multiple cross origin wrapper bypasses Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471) Several flaws were found in the way Firefox handles malformed JavaScript code. A website containing malicious content could launch a cross-site scripting (XSS) attack or execute arbitrary JavaScript with the permissions of another website. (CVE-2009-2472) SL4.x SRPM firefox-3.0.12-1.el4.src.rpm i386 firefox-3.0.12-1.el4.i386.rpm x86_64 firefox-3.0.12-1.el4.i386.rpm firefox-3.0.12-1.el4.x86_64.rpm --Connie Sieh --Troy Dawson