The new java 3.6.x does not use the old java plugin, only the new java plugin. As a result, we had to update java-1.6.0-sun-compat to put both the old and the new java plugin into the correct plugin areas. This new java-1.6.0-sun-compat will work with both the old firefox (3.0.x) and the new firefox (3.6.x) Dependancies: SRPMS: java-1.6.0-sun-compat-1.6.0.20-3.sl5.jpp.src.rpm i386: java-1.6.0-sun-compat-1.6.0.20-3.sl5.jpp.i586.rpm x86_64: java-1.6.0-sun-compat-1.6.0.20-3.sl5.jpp.i586.rpm java-1.6.0-sun-compat-1.6.0.20-3.sl5.jpp.x86_64.rpm Thanks Troy On 06/23/2010 10:54 AM, Troy J Dawson wrote: > Synopsis: Critical: firefox security, bug fix, and enhancement update > Issue date: 2010-06-22 > CVE Names: CVE-2008-5913 CVE-2010-0182 CVE-2010-1121 > CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 > CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 > CVE-2010-1202 CVE-2010-1203 > > Several flaws were found in the processing of malformed web content. A > web page containing malicious content could cause Firefox to crash or, > potentially, execute arbitrary code with the privileges of the user > running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, > CVE-2010-1203) > > A flaw was found in the way browser plug-ins interact. It was possible > for a plug-in to reference the freed memory from a different plug-in, > resulting in the execution of arbitrary code with the privileges of the > user running Firefox. (CVE-2010-1198) > > Several integer overflow flaws were found in the processing of malformed > web content. A web page containing malicious content could cause Firefox > to crash or, potentially, execute arbitrary code with the privileges of > the user running Firefox. (CVE-2010-1196, CVE-2010-1199) > > A focus stealing flaw was found in the way Firefox handled focus > changes. A malicious website could use this flaw to steal sensitive data > from a user, such as usernames and passwords. (CVE-2010-1125) > > A flaw was found in the way Firefox handled the "Content-Disposition: > attachment" HTTP header when the "Content-Type: multipart" HTTP header > was also present. A website that allows arbitrary uploads and relies on > the "Content-Disposition: attachment" HTTP header to prevent content > from being displayed inline, could be used by an attacker to serve > malicious content to users. (CVE-2010-1197) > > A flaw was found in the Firefox Math.random() function. This function > could be used to identify a browsing session and track a user across > different websites. (CVE-2008-5913) > > A flaw was found in the Firefox XML document loading security checks. > Certain security checks were not being called when an XML document was > loaded. This could possibly be leveraged later by an attacker to load > certain resources that violate the security policies of the browser or > its add-ons. Note that this issue cannot be exploited by only loading an > XML document. (CVE-2010-0182) > > This erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due > to the requirements of Firefox 3.6.4, this erratum also provides a > number of other updated packages, including esc, totem, and yelp. > > This erratum also contains multiple bug fixes and numerous enhancements. > Space precludes documenting these changes in this advisory. > > Important: Firefox 3.6.4 is not completely backwards-compatible with all > Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19. > Firefox 3.6 checks compatibility on first-launch, and, depending on the > individual configuration and the installed Add-ons and plug-ins, may > disable said Add-ons and plug-ins, or attempt to check for updates and > upgrade them. Add-ons and plug-ins may have to be manually updated. > > After installing the update, Firefox must be restarted for the changes > to take effect. > > SL 5.x > > SRPMS: > devhelp-0.12-21.el5.src.rpm > esc-1.1.0-12.el5.src.rpm > firefox-3.6.4-8.el5.src.rpm > gnome-python2-extras-2.14.2-7.el5.src.rpm > totem-2.16.7-7.el5.src.rpm > xulrunner-1.9.2.4-9.el5.src.rpm > yelp-2.16.0-26.el5.src.rpm > i386: > devhelp-0.12-21.el5.i386.rpm > devhelp-devel-0.12-21.el5.i386.rpm > esc-1.1.0-12.el5.i386.rpm > firefox-3.6.4-8.el5.i386.rpm > gnome-python2-extras-2.14.2-7.el5.i386.rpm > gnome-python2-gtkhtml2-2.14.2-7.el5.i386.rpm > gnome-python2-gtkmozembed-2.14.2-7.el5.i386.rpm > gnome-python2-gtkspell-2.14.2-7.el5.i386.rpm > gnome-python2-libegg-2.14.2-7.el5.i386.rpm > totem-2.16.7-7.el5.i386.rpm > totem-devel-2.16.7-7.el5.i386.rpm > totem-mozplugin-2.16.7-7.el5.i386.rpm > xulrunner-1.9.2.4-9.el5.i386.rpm > xulrunner-devel-1.9.2.4-9.el5.i386.rpm > yelp-2.16.0-26.el5.i386.rpm > x86_64: > devhelp-0.12-21.el5.i386.rpm > devhelp-0.12-21.el5.x86_64.rpm > devhelp-devel-0.12-21.el5.i386.rpm > devhelp-devel-0.12-21.el5.x86_64.rpm > esc-1.1.0-12.el5.x86_64.rpm > firefox-3.6.4-8.el5.i386.rpm > firefox-3.6.4-8.el5.x86_64.rpm > gnome-python2-extras-2.14.2-7.el5.x86_64.rpm > gnome-python2-gtkhtml2-2.14.2-7.el5.x86_64.rpm > gnome-python2-gtkmozembed-2.14.2-7.el5.x86_64.rpm > gnome-python2-gtkspell-2.14.2-7.el5.x86_64.rpm > gnome-python2-libegg-2.14.2-7.el5.x86_64.rpm > totem-2.16.7-7.el5.i386.rpm > totem-2.16.7-7.el5.x86_64.rpm > totem-devel-2.16.7-7.el5.i386.rpm > totem-devel-2.16.7-7.el5.x86_64.rpm > totem-mozplugin-2.16.7-7.el5.x86_64.rpm > xulrunner-1.9.2.4-9.el5.i386.rpm > xulrunner-1.9.2.4-9.el5.x86_64.rpm > xulrunner-devel-1.9.2.4-9.el5.i386.rpm > xulrunner-devel-1.9.2.4-9.el5.x86_64.rpm > yelp-2.16.0-26.el5.x86_64.rpm > > -Connie Sieh > -Troy Dawson -- __________________________________________________ Troy Dawson [log in to unmask] (630)840-6468 Fermilab ComputingDivision/LSCS/CSI/USS Group __________________________________________________