Fedora Core 6: 2007-549 Urgent: Vulnerabilities In Firefox Explained

Yelp is the Gnome 2 help/documentation browser. It is designed

to help you browse all the documentation on your system in

one central tool.

Updated firefox packages that fix several security bugs are

now available Fedora Core 6.

This update has been rated as having critical security

impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed

certain malformed JavaScript code. A web page containing

malicious JavaScript code could cause Firefox to crash or

potentially execute arbitrary code as the user running

Firefox. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV

commands. A malicious FTP server could use this flaw to

perform a rudimentary port-scan of machines behind a user's

firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way

Firefox handled certain form and cookie data. A malicious

web site that is able to set arbitrary form and cookie data

could prevent Firefox from functioning properly.

(CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the

addEventListener JavaScript method. A malicious web site

could use this method to access or modify sensitive data

from another web site. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web

content. A malicious web page could generate content that

would overlay user interface elements such as the hostname

and security indicators, tricking users into thinking they

are visiting a different site. (CVE-2007-2871)

Users of Firefox are advised to upgrade to these erratum

packages, which contain Firefox version 1.5.0.12 that

corrects these issues.

- Rebuild against newer gecko

f180b68f4c5970753df93402214121a63f429aeb SRPMS/yelp-2.16.0-13.fc6.src.rpm

f180b68f4c5970753df93402214121a63f429aeb noarch/yelp-2.16.0-13.fc6.src.rpm

51a2f81c7e8e0ec06934f37bfc87d11640b77ead ppc/debug/yelp-debuginfo-2.16.0-13.fc6.ppc.rpm

1779f3eb0565252531055330a3954b22016b202d ppc/yelp-2.16.0-13.fc6.ppc.rpm

59d1165fe5704217a8965c7b863b9a3933d03c53 x86_64/debug/yelp-debuginfo-2.16.0-13.fc6.x86_64.rpm

8c54a35cdabaae9ba415c5a588daf94cc54f1050 x86_64/yelp-2.16.0-13.fc6.x86_64.rpm

adfc02cecf94414ff1219855e878a753bcdef44f i386/debug/yelp-debuginfo-2.16.0-13.fc6.i386.rpm

690097b89973a5e2221c1911a66c9583c7e25b78 i386/yelp-2.16.0-13.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/