Synopsis: Critical: firefox security update Issue date: 2010-03-30 CVE Names: CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in Firefox that could allow an applet to generate a drag and drop action from a mouse click. Such an action could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0178) A privilege escalation flaw was found in Firefox when the Firebug add-on is in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome privilege escalation flaw that could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0179) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0174) After installing the update, Firefox must be restarted for the changes to take effect. SL 4.x SRPMS: firefox-3.0.19-1.el4.src.rpm i386: firefox-3.0.19-1.el4.i386.rpm x86_64: firefox-3.0.19-1.el4.i386.rpm firefox-3.0.19-1.el4.x86_64.rpm -Connie Sieh -Troy Dawson