Synopsis: Critical: firefox security update Issue date: 2009-10-27 CVE Names: CVE-2009-1563 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370) A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3372) A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3373) A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563) A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382) After installing the update, Firefox must be restarted for the changes to take effect. SL 4.x SRPMS: firefox-3.0.15-3.el4.src.rpm nspr-4.7.6-1.el4_8.src.rpm i386: firefox-3.0.15-3.el4.i386.rpm nspr-4.7.6-1.el4_8.i386.rpm nspr-devel-4.7.6-1.el4_8.i386.rpm x86_64: firefox-3.0.15-3.el4.i386.rpm firefox-3.0.15-3.el4.x86_64.rpm nspr-4.7.6-1.el4_8.i386.rpm nspr-4.7.6-1.el4_8.x86_64.rpm nspr-devel-4.7.6-1.el4_8.x86_64.rpm SL 5.x SRPMS: firefox-3.0.15-3.el5_4.src.rpm nspr-4.7.6-1.el5_4.src.rpm xulrunner-1.9.0.15-3.el5_4.src.rpm i386: firefox-3.0.15-3.el5_4.i386.rpm nspr-4.7.6-1.el5_4.i386.rpm nspr-devel-4.7.6-1.el5_4.i386.rpm xulrunner-1.9.0.15-3.el5_4.i386.rpm xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm xulrunner-devel-unstable-1.9.0.15-3.el5_4.i386.rpm x86_64: firefox-3.0.15-3.el5_4.i386.rpm firefox-3.0.15-3.el5_4.x86_64.rpm nspr-4.7.6-1.el5_4.i386.rpm nspr-4.7.6-1.el5_4.x86_64.rpm nspr-devel-4.7.6-1.el5_4.i386.rpm nspr-devel-4.7.6-1.el5_4.x86_64.rpm xulrunner-1.9.0.15-3.el5_4.i386.rpm xulrunner-1.9.0.15-3.el5_4.x86_64.rpm xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm xulrunner-devel-1.9.0.15-3.el5_4.x86_64.rpm xulrunner-devel-unstable-1.9.0.15-3.el5_4.x86_64.rpm -Connie Sieh -Troy Dawson