On Thu, 23 Jul 2009, Connie Sieh wrote: > Synopsis: Critical: firefox security update > > CVE Names: > > CVE-2009-2462 Mozilla Browser engine crashes > CVE-2009-2463 Mozilla Base64 decoding crash > CVE-2009-2464 Mozilla crash with multiple RDFs in XUL tree > CVE-2009-2465 Mozilla double frame construction crashes > CVE-2009-2466 Mozilla JavaScript engine crashes > CVE-2009-2467 Mozilla remote code execution during Flash player unloading > CVE-2009-2469 Mozilla remote code execution using watch and__defineSetter__ > on SVG element > CVE-2009-2471 Mozilla setTimeout loses XPCNativeWrappers > CVE-2009-2472 Mozilla multiple cross origin wrapper bypasses > > Mozilla Firefox is an open source Web browser. XULRunner provides the XUL > Runtime environment for Mozilla Firefox. > > Several flaws were found in the processing of malformed web content. A web > page containing malicious content could cause Firefox to crash or, > potentially, execute arbitrary code as the user running Firefox. > (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, > CVE-2009-2467, CVE-2009-2469, CVE-2009-2471) > > Several flaws were found in the way Firefox handles malformed JavaScript > code. A website containing malicious content could launch a cross-site > scripting (XSS) attack or execute arbitrary JavaScript with the permissions > of another website. (CVE-2009-2472) > > SL5.x > > SRPM > firefox-3.0.12-1.el5_3.src.rpm > > i386 > > firefox-3.0.12-1.el5_3.i386.rpm xulrunner-1.9.0.12-1.el5_3.i386.rpm xulrunner-devel-1.9.0.12-1.el5_3.i386.rpm xulrunner-devel-unstable-1.9.0.12-1.el5_3.i386.rpm > > x86_64 > > firefox-3.0.12-1.el5_3.i386.rpm > firefox-3.0.12-1.el5_3.x86_64.rpm xulrunner-1.9.0.12-1.el5_3.i386.rpm xulrunner-1.9.0.12-1.el5_3.x86_64.rpm xulrunner-devel-1.9.0.12-1.el5_3.i386.rpm xulrunner-devel-1.9.0.12-1.el5_3.x86_64.rpm xulrunner-devel-unstable-1.9.0.12-1.el5_3.x86_64.rpm > > --Connie Sieh > --Troy Dawson >