Fedora Core: 2007-549 Critical: Firefox Code Execution Threats

An API document browser for GNOME 2.

Updated firefox packages that fix several security bugs are

now available Fedora Core 6.

This update has been rated as having critical security

impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed

certain malformed JavaScript code. A web page containing

malicious JavaScript code could cause Firefox to crash or

potentially execute arbitrary code as the user running

Firefox. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV

commands. A malicious FTP server could use this flaw to

perform a rudimentary port-scan of machines behind a user's

firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way

Firefox handled certain form and cookie data. A malicious

web site that is able to set arbitrary form and cookie data

could prevent Firefox from functioning properly.

(CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the

addEventListener JavaScript method. A malicious web site

could use this method to access or modify sensitive data

from another web site. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web

content. A malicious web page could generate content that

would overlay user interface elements such as the hostname

and security indicators, tricking users into thinking they

are visiting a different site. (CVE-2007-2871)

Users of Firefox are advised to upgrade to these erratum

packages, which contain Firefox version 1.5.0.12 that

corrects these issues.

- Rebuild against newer gecko

70ee7c32894c1158b59884de8742100bef138f65 SRPMS/devhelp-0.12-11.fc6.src.rpm

70ee7c32894c1158b59884de8742100bef138f65 noarch/devhelp-0.12-11.fc6.src.rpm

71e9a2f02c5fc326cd5accd7b20436c6c0ab3f2b ppc/devhelp-0.12-11.fc6.ppc.rpm

415d12d0b3657037ecae354231a1a61cf5ee0b2b ppc/devhelp-devel-0.12-11.fc6.ppc.rpm

08bc2b4b49242ba0419e3abe7238ec8e69bf5193 ppc/debug/devhelp-debuginfo-0.12-11.fc6.ppc.rpm

79ac552cf2c77ad0912f97b7743a6f06c7abe171 x86_64/devhelp-devel-0.12-11.fc6.x86_64.rpm

61271faad2305391c547cdb0476e710a4163abdd x86_64/devhelp-0.12-11.fc6.x86_64.rpm

c1f70c85c528c5f6d318be91b8de0eb79b9c2bfd x86_64/debug/devhelp-debuginfo-0.12-11.fc6.x86_64.rpm

7b01b121ed65b54193d679662502cb67b3a69f16 i386/devhelp-devel-0.12-11.fc6.i386.rpm

87d50aabfbc55eb72ded243ddb8cc58bf32a4049 i386/debug/devhelp-debuginfo-0.12-11.fc6.i386.rpm

bbe06fac18abeb2df42bdf1ad28b5226720df419 i386/devhelp-0.12-11.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/