Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Red Hat Enterprise Linux 4: RHSA-2010:0558-01 Critical Update for Firefox

red hat
Calendar Grey July 23, 2010
Dist Redhat Esm H88
Important patch for Firefox on Red Hat Enterprise Linux addressing a potential memory vulnerability that may result in unauthorized code execution.
Updated firefox packages that fix a security issue are now available for Red Hat Enterprise Linux 4

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

Summary

Mozilla Firefox is an open source web browser.
An invalid free flaw was found in Firefox's plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2755)
All Firefox users should upgrade to these updated packages, which contain a backported patch that corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.

References

https://access.redhat.com/security/cve/CVE-2010-2755 https://access.redhat.com/security/updates/classification#critical

Package List

Red Hat Enterprise Linux AS version 4:
Source:
i386: firefox-3.6.7-3.el4.i386.rpm firefox-debuginfo-3.6.7-3.el4.i386.rpm
ia64: firefox-3.6.7-3.el4.ia64.rpm firefox-debuginfo-3.6.7-3.el4.ia64.rpm
ppc: firefox-3.6.7-3.el4.ppc.rpm firefox-debuginfo-3.6.7-3.el4.ppc.rpm
s390: firefox-3.6.7-3.el4.s390.rpm firefox-debuginfo-3.6.7-3.el4.s390.rpm
s390x: firefox-3.6.7-3.el4.s390x.rpm firefox-debuginfo-3.6.7-3.el4.s390x.rpm
x86_64: firefox-3.6.7-3.el4.x86_64.rpm firefox-debuginfo-3.6.7-3.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
Source:
i386: firefox-3.6.7-3.el4.i386.rpm firefox-debuginfo-3.6.7-3.el4.i386.rpm
x86_64: firefox-3.6.7-3.el4.x86_64.rpm firefox-debuginfo-3.6.7-3.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
Source:
i386: firefox-3.6.7-3.el4.i386.rpm firefox-debuginfo-3.6.7-3.el4.i386.rpm
ia64: firefox-3.6.7-3.el4.ia64.rpm firefox-debuginfo-3.6.7-3.el4.ia64.rpm
x86_64: firefox-3.6.7-3.el4.x86_64.rpm firefox-debuginfo-3.6.7-3.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
Source:
i386: firefox-3.6.7-3.el4.i386.rpm firefox-debuginfo-3.6.7-3.el4.i386.rpm
ia64: firefox-3.6.7-3.el4.ia64.rpm firefox-debuginfo-3.6.7-3.el4.ia64.rpm
x86_64: firefox-3.6.7-3.el4.x86_64.rpm firefox-debuginfo-3.6.7-3.el4.x86_64.rpm


Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2010:0558-01
Product: Red Hat Enterprise Linux
Issue date: 2010-07-23

Topic

Updated firefox packages that fix a security issue are now availablefor Red Hat Enterprise Linux 4.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

Bugs Fixed

617657 - CVE-2010-2755 Mozilla arbitrary free flaw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.