--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2007-3952
2007-11-29 01:44:21.449766
--------------------------------------------------------------------------------Name        : firefox
Product     : Fedora 7
Version     : 2.0.0.10
Release     : 1.fc7
URL         : Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
--------------------------------------------------------------------------------ChangeLog:

* Mon Nov 26 2007 Christopher Aillon  2.0.0.10-1
- Update to 2.0.0.10
* Mon Nov  5 2007 Martin Stransky  - 2.0.0.9-1
- Update to 2.0.0.9
* Fri Oct 19 2007 Christopher Aillon  - 2.0.0.8-1
- Update to 2.0.0.8
* Tue Oct 16 2007 Martin Stransky 
- added fix for #246248 - firefox crashes when searching
* Wed Jul 18 2007 Kai Engert  - 2.0.0.5-1
- Update to 2.0.0.5
* Fri Jun 29 2007 Martin Stransky  2.0.0.4-3
- backported pango patches from FC6 (1.5.0.12)
* Sun Jun  3 2007 Christopher Aillon  2.0.0.4-2
- Properly clean up threads with newer NSPR
* Wed May 30 2007 Christopher Aillon  2.0.0.4-1
- Final version
* Wed May 23 2007 Christopher Aillon  2.0.0.4-0.rc3
- Update to 2.0.0.4 RC3
--------------------------------------------------------------------------------Updated packages:

5f82702a784c18ca7d95e40cac357a8a270ec0ef firefox-2.0.0.10-1.fc7.ppc64.rpm
c5b65c29ec1ac0894ca8e97e04408fb5517312a6 firefox-devel-2.0.0.10-1.fc7.ppc64.rpm
f9c562f877641658be04d0eea9dd2271a420a981 firefox-debuginfo-2.0.0.10-1.fc7.ppc64.rpm
5b7429aa2da63128d205c4f4ecec70a3e7857058 firefox-devel-2.0.0.10-1.fc7.i386.rpm
3336f3e9a798970f7bbee58f131df1bffdd64261 firefox-debuginfo-2.0.0.10-1.fc7.i386.rpm
9119dfbf1255b77a9e716253f85f489bf808ca91 firefox-2.0.0.10-1.fc7.i386.rpm
d77ecd089cf879bded44d4a7511db13f1e86bbea firefox-2.0.0.10-1.fc7.x86_64.rpm
fbec7cd5600ac4adf25e5bae5ee3a13a7f1630aa firefox-devel-2.0.0.10-1.fc7.x86_64.rpm
d45a47a2e3d2cbf3cef8a0b1a95975b3eec41501 firefox-debuginfo-2.0.0.10-1.fc7.x86_64.rpm
d6c62a8d2bd9d1c458d48e65017a0140aab0eba5 firefox-debuginfo-2.0.0.10-1.fc7.ppc.rpm
8e84244029764b858651deee75aa5cc398df0636 firefox-2.0.0.10-1.fc7.ppc.rpm
ff108dfe5450667292bd145bd7d298ba8b1f2aa1 firefox-devel-2.0.0.10-1.fc7.ppc.rpm
2beb6aa9a394af9dca72f410dd723513516cfec8 firefox-2.0.0.10-1.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update firefox' 
at the command line.  For more information, refer to "Managing Software
with yum", available at .
--------------------------------------------------------------------------------_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 7 Update: firefox-2.0.0.10-1.fc7

November 28, 2007
Updated firefox packages that fix several security issues are now available for Fedora 7. This update has been rated as having critical security impact by the Fedora Security Resp...

Summary

Mozilla Firefox is an open-source web browser, designed for standards

compliance, performance and portability.

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

* Mon Nov 26 2007 Christopher Aillon 2.0.0.10-1

- Update to 2.0.0.10

* Mon Nov 5 2007 Martin Stransky - 2.0.0.9-1

- Update to 2.0.0.9

* Fri Oct 19 2007 Christopher Aillon - 2.0.0.8-1

- Update to 2.0.0.8

* Tue Oct 16 2007 Martin Stransky

- added fix for #246248 - firefox crashes when searching

* Wed Jul 18 2007 Kai Engert - 2.0.0.5-1

- Update to 2.0.0.5

* Fri Jun 29 2007 Martin Stransky 2.0.0.4-3

- backported pango patches from FC6 (1.5.0.12)

* Sun Jun 3 2007 Christopher Aillon 2.0.0.4-2

- Properly clean up threads with newer NSPR

* Wed May 30 2007 Christopher Aillon 2.0.0.4-1

- Final version

* Wed May 23 2007 Christopher Aillon 2.0.0.4-0.rc3

- Update to 2.0.0.4 RC3

5f82702a784c18ca7d95e40cac357a8a270ec0ef firefox-2.0.0.10-1.fc7.ppc64.rpm

c5b65c29ec1ac0894ca8e97e04408fb5517312a6 firefox-devel-2.0.0.10-1.fc7.ppc64.rpm

f9c562f877641658be04d0eea9dd2271a420a981 firefox-debuginfo-2.0.0.10-1.fc7.ppc64.rpm

5b7429aa2da63128d205c4f4ecec70a3e7857058 firefox-devel-2.0.0.10-1.fc7.i386.rpm

3336f3e9a798970f7bbee58f131df1bffdd64261 firefox-debuginfo-2.0.0.10-1.fc7.i386.rpm

9119dfbf1255b77a9e716253f85f489bf808ca91 firefox-2.0.0.10-1.fc7.i386.rpm

d77ecd089cf879bded44d4a7511db13f1e86bbea firefox-2.0.0.10-1.fc7.x86_64.rpm

fbec7cd5600ac4adf25e5bae5ee3a13a7f1630aa firefox-devel-2.0.0.10-1.fc7.x86_64.rpm

d45a47a2e3d2cbf3cef8a0b1a95975b3eec41501 firefox-debuginfo-2.0.0.10-1.fc7.x86_64.rpm

d6c62a8d2bd9d1c458d48e65017a0140aab0eba5 firefox-debuginfo-2.0.0.10-1.fc7.ppc.rpm

8e84244029764b858651deee75aa5cc398df0636 firefox-2.0.0.10-1.fc7.ppc.rpm

ff108dfe5450667292bd145bd7d298ba8b1f2aa1 firefox-devel-2.0.0.10-1.fc7.ppc.rpm

2beb6aa9a394af9dca72f410dd723513516cfec8 firefox-2.0.0.10-1.fc7.src.rpm

This update can be installed with the "yum" update program. Use

su -c 'yum update firefox'

at the command line. For more information, refer to "Managing Software

with yum", available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-package-announce

FEDORA-2007-3952 2007-11-29 01:44:21.449766 Product : Fedora 7 Version : 2.0.0.10 Release : 1.fc7 URL : Summary : Mozilla Firefox Web browser. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Updated firefox packages that fix several security issues are now available for Fedora 7. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959) A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960) Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. * Mon Nov 26 2007 Christopher Aillon 2.0.0.10-1 - Update to 2.0.0.10 * Mon Nov 5 2007 Martin Stransky - 2.0.0.9-1 - Update to 2.0.0.9 * Fri Oct 19 2007 Christopher Aillon - 2.0.0.8-1 - Update to 2.0.0.8 * Tue Oct 16 2007 Martin Stransky - added fix for #246248 - firefox crashes when searching * Wed Jul 18 2007 Kai Engert - 2.0.0.5-1 - Update to 2.0.0.5 * Fri Jun 29 2007 Martin Stransky 2.0.0.4-3 - backported pango patches from FC6 (1.5.0.12) * Sun Jun 3 2007 Christopher Aillon 2.0.0.4-2 - Properly clean up threads with newer NSPR * Wed May 30 2007 Christopher Aillon 2.0.0.4-1 - Final version * Wed May 23 2007 Christopher Aillon 2.0.0.4-0.rc3 - Update to 2.0.0.4 RC3 5f82702a784c18ca7d95e40cac357a8a270ec0ef firefox-2.0.0.10-1.fc7.ppc64.rpm c5b65c29ec1ac0894ca8e97e04408fb5517312a6 firefox-devel-2.0.0.10-1.fc7.ppc64.rpm f9c562f877641658be04d0eea9dd2271a420a981 firefox-debuginfo-2.0.0.10-1.fc7.ppc64.rpm 5b7429aa2da63128d205c4f4ecec70a3e7857058 firefox-devel-2.0.0.10-1.fc7.i386.rpm 3336f3e9a798970f7bbee58f131df1bffdd64261 firefox-debuginfo-2.0.0.10-1.fc7.i386.rpm 9119dfbf1255b77a9e716253f85f489bf808ca91 firefox-2.0.0.10-1.fc7.i386.rpm d77ecd089cf879bded44d4a7511db13f1e86bbea firefox-2.0.0.10-1.fc7.x86_64.rpm fbec7cd5600ac4adf25e5bae5ee3a13a7f1630aa firefox-devel-2.0.0.10-1.fc7.x86_64.rpm d45a47a2e3d2cbf3cef8a0b1a95975b3eec41501 firefox-debuginfo-2.0.0.10-1.fc7.x86_64.rpm d6c62a8d2bd9d1c458d48e65017a0140aab0eba5 firefox-debuginfo-2.0.0.10-1.fc7.ppc.rpm 8e84244029764b858651deee75aa5cc398df0636 firefox-2.0.0.10-1.fc7.ppc.rpm ff108dfe5450667292bd145bd7d298ba8b1f2aa1 firefox-devel-2.0.0.10-1.fc7.ppc.rpm 2beb6aa9a394af9dca72f410dd723513516cfec8 firefox-2.0.0.10-1.fc7.src.rpm This update can be installed with the "yum" update program. Use su -c 'yum update firefox' at the command line. For more information, refer to "Managing Software with yum", available at . Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce

Change Log

References

Update Instructions

Severity
Product : Fedora 7
Version : 2.0.0.10
Release : 1.fc7
URL : Summary : Mozilla Firefox Web browser.

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved