Fedora Core 6: 2007-549 Critical: Firefox Code Execution Threat

Mozilla Firefox is an open-source web browser, designed for standards

compliance, performance and portability.

Updated firefox packages that fix several security bugs are

now available Fedora Core 6.

This update has been rated as having critical security

impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed

certain malformed JavaScript code. A web page containing

malicious JavaScript code could cause Firefox to crash or

potentially execute arbitrary code as the user running

Firefox. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV

commands. A malicious FTP server could use this flaw to

perform a rudimentary port-scan of machines behind a user's

firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way

Firefox handled certain form and cookie data. A malicious

web site that is able to set arbitrary form and cookie data

could prevent Firefox from functioning properly.

(CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the

addEventListener JavaScript method. A malicious web site

could use this method to access or modify sensitive data

from another web site. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web

content. A malicious web page could generate content that

would overlay user interface elements such as the hostname

and security indicators, tricking users into thinking they

are visiting a different site. (CVE-2007-2871)

Users of Firefox are advised to upgrade to these erratum

packages, which contain Firefox version 1.5.0.12 that

corrects these issues.

- Update to 1.5.0.12

f20bee9997965a6902a26caf0e3c9f18e96f482a SRPMS/firefox-1.5.0.12-1.fc6.src.rpm

f20bee9997965a6902a26caf0e3c9f18e96f482a noarch/firefox-1.5.0.12-1.fc6.src.rpm

a0e7febfb4264f5a0e2a475ac6cdb9371275cbd4 ppc/firefox-devel-1.5.0.12-1.fc6.ppc.rpm

a30ccee95490f6513e559d19994488db50933075 ppc/firefox-1.5.0.12-1.fc6.ppc.rpm

e90ca6294a76270b8b1b930ce51d894b67f949eb ppc/debug/firefox-debuginfo-1.5.0.12-1.fc6.ppc.rpm

5452ff82e9fbf62cad4ece460ef9415bd47728e0 x86_64/debug/firefox-debuginfo-1.5.0.12-1.fc6.x86_64.rpm

81fc5a70cc7f0591f7ec90eb0f8cf41cf03cfb4a x86_64/firefox-1.5.0.12-1.fc6.x86_64.rpm

1cce48d2a466f257411cdd421c855eb80fefcdfd x86_64/firefox-devel-1.5.0.12-1.fc6.x86_64.rpm

deff2b2abdac9925db3f0402075195322b884454 i386/firefox-1.5.0.12-1.fc6.i386.rpm

50f2730f492818d4fc34868710c1cb728cbd35ad i386/firefox-devel-1.5.0.12-1.fc6.i386.rpm

1abeeac266763742539dcd0a1582e62b97b86645 i386/debug/firefox-debuginfo-1.5.0.12-1.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/