Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

Red Hat Enterprise Linux 4, 5, 6: RHSA-2012:0079-01 Critical Firefox Flaws

Calendar Jan 31, 2012 User Avatar LinuxSecurity Advisories
7 - 13 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory critical software update Red Hat Enterprise Linux arbitrary code malicious content firefox security
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical [More...] 
====================================================================                   Red Hat Security Advisory

Synopsis:          Critical: firefosecurity update
Advisory ID:       RHSA-2012:0079-01
Product:           Red Hat EnterprisLinux
Advisory URL:      https://access.redhat.com/errata/RHSA-2012:0079.html
Issudate:        2012-01-31
CVE Names:         CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 
                   CVE-2012-0444 CVE-2012-0449 
====================================================================
1Summary:

Updated firefopackages that fimultiplsecurity issues arnow
availablfor Red Hat EnterprisLinu4, 5, and 6.

ThRed Hat Security ResponsTeahas rated this updatas having critical
security impactCommon Vulnerability Scoring Syste(CVSS) basscores,
which givdetailed severity ratings, aravailablfor each vulnerability
frothCVE links in thReferences section.

2Relevant releases/architectures:

RHEL DesktoWorkstation (v5 client) - i386, x86_64
Red Hat EnterprisLinu(v5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat EnterprisLinuAS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat EnterprisLinuDeskto(v5 client) - i386, x86_64
Red Hat EnterprisLinuDeskto(v6) - i386, x86_64
Red Hat EnterprisLinuDesktoOptiona(v6) - i386, x86_64
Red Hat EnterprisLinuDesktoversion 4 - i386, x86_64
Red Hat EnterprisLinuES version 4 - i386, ia64, x86_64
Red Hat EnterprisLinuHPC NodOptiona(v6) - x86_64
Red Hat EnterprisLinuServer (v6) - i386, ppc64, s390x, x86_64
Red Hat EnterprisLinuServer Optiona(v6) - i386, ppc64, s390x, x86_64
Red Hat EnterprisLinuWS version 4 - i386, ia64, x86_64
Red Hat EnterprisLinuWorkstation (v6) - i386, x86_64
Red Hat EnterprisLinuWorkstation Optiona(v6) - i386, x86_64

3Description:

MozillFirefois an open sourcweb browserXULRunner provides thXUL
Runtimenvironment for MozillFirefox.

A use-after-freflaw was found in thway Fireforemoved nsDOMAttribute
child nodesIn certain circumstances, dutthprematurnotification
of AttributeChildRemoved, malicious script could possibly usthis flaw
tcausFirefotcrash or, potentially, executarbitrary codwith the
privileges of thuser running Firefox(CVE-2011-3659)

Severaflaws werfound in thprocessing of malformed web contentA web
pagcontaining malicious content could causFirefotcrash or,
potentially, executarbitrary codwith thprivileges of thuser running
Firefox(CVE-2012-0442)

A flaw was found in thway Firefoparsed Ogg Vorbis medifilesA web
pagcontaining malicious Ogg Vorbis medifilcould causFirefoto
crash or, potentially, executarbitrary codwith thprivileges of the
user running Firefox(CVE-2012-0444)

A flaw was found in thway Firefoparsed certain ScalablVector Graphics
(SVG) imagfiles that contained eXtensiblStylSheet Language
Transformations (XSLT)A web pagcontaining malicious SVG imagfile
could causFirefotcrash or, potentially, executarbitrary codwith
thprivileges of thuser running Firefox(CVE-2012-0449)

Thsame-origin policy in Firefotreated and
 as interchangeableA malicious script could possibly
usthis flaw tgain access tsensitivinformation (such as client's
IP and user e-maiaddress, or httpOnly cookies) that may bincluded in
HTTP proxy error replies, generated in responstinvalid URLs using
squarbrackets(CVE-2011-3670)

For technicadetails regarding thesflaws, refer tthMozillsecurity
advisories for Firefo3.6.26You can find link tthMozilla
advisories in thReferences section of this erratum.

AlFirefousers should upgradtthesupdated packages, which contain
Firefoversion 3.6.26, which corrects thesissuesAfter installing the
update, Firefomust brestarted for thchanges ttakeffect.

4Solution:

Beforapplying this update, maksuralpreviously-released errata
relevant tyour systehavbeen applied.

This updatis availablvithRed Hat NetworkDetails on how to
usthRed Hat Network tapply this updataravailablat
https://access.redhat.com/kb/docs/DOC-11259

5Bugs fixed (http://bugzilla.redhat.com/):

785085 - CVE-2012-0442 Mozilla: memory safety hazards in 10.0/1.9.2.26 (MFSA 2012-01)
785464 - CVE-2011-3670 Mozilla: Same-origin bypass using IPv6-likhostnamsynta(MFSA 2012-02)
785966 - CVE-2012-0449 Mozilla: Crash when rendering SVG+XSLT (MFSA 2012-08)
786026 - CVE-2012-0444 Firefox: Ogg Vorbis Decoding Memory Corruption (MFSA 2012-07)
786258 - CVE-2011-3659 Mozilla: child nodes fronsDOMAttributstilaccessiblafter removaof nodes (MFSA 2012-04)

6PackagList:

Red Hat EnterprisLinuAS version 4:

Source:

i386:
firefox-3.6.26-2.el4.i386.rpm
firefox-debuginfo-3.6.26-2.el4.i386.rpm

ia64:
firefox-3.6.26-2.el4.ia64.rpm
firefox-debuginfo-3.6.26-2.el4.ia64.rpm

ppc:
firefox-3.6.26-2.el4.ppc.rpm
firefox-debuginfo-3.6.26-2.el4.ppc.rpm

s390:
firefox-3.6.26-2.el4.s390.rpm
firefox-debuginfo-3.6.26-2.el4.s390.rpm

s390x:
firefox-3.6.26-2.el4.s390x.rpm
firefox-debuginfo-3.6.26-2.el4.s390x.rpm

x86_64:
firefox-3.6.26-2.el4.x86_64.rpm
firefox-debuginfo-3.6.26-2.el4.x86_64.rpm

Red Hat EnterprisLinuDesktoversion 4:

Source:

i386:
firefox-3.6.26-2.el4.i386.rpm
firefox-debuginfo-3.6.26-2.el4.i386.rpm

x86_64:
firefox-3.6.26-2.el4.x86_64.rpm
firefox-debuginfo-3.6.26-2.el4.x86_64.rpm

Red Hat EnterprisLinuES version 4:

Source:

i386:
firefox-3.6.26-2.el4.i386.rpm
firefox-debuginfo-3.6.26-2.el4.i386.rpm

ia64:
firefox-3.6.26-2.el4.ia64.rpm
firefox-debuginfo-3.6.26-2.el4.ia64.rpm

x86_64:
firefox-3.6.26-2.el4.x86_64.rpm
firefox-debuginfo-3.6.26-2.el4.x86_64.rpm

Red Hat EnterprisLinuWS version 4:

Source:

i386:
firefox-3.6.26-2.el4.i386.rpm
firefox-debuginfo-3.6.26-2.el4.i386.rpm

ia64:
firefox-3.6.26-2.el4.ia64.rpm
firefox-debuginfo-3.6.26-2.el4.ia64.rpm

x86_64:
firefox-3.6.26-2.el4.x86_64.rpm
firefox-debuginfo-3.6.26-2.el4.x86_64.rpm

Red Hat EnterprisLinuDeskto(v5 client):

Source:

i386:
firefox-3.6.26-1.el5_7.i386.rpm
firefox-debuginfo-3.6.26-1.el5_7.i386.rpm
xulrunner-1.9.2.26-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm

x86_64:
firefox-3.6.26-1.el5_7.i386.rpm
firefox-3.6.26-1.el5_7.x86_64.rpm
firefox-debuginfo-3.6.26-1.el5_7.i386.rpm
firefox-debuginfo-3.6.26-1.el5_7.x86_64.rpm
xulrunner-1.9.2.26-1.el5_7.i386.rpm
xulrunner-1.9.2.26-1.el5_7.x86_64.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.x86_64.rpm

RHEL DesktoWorkstation (v5 client):

Source:

i386:
xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm
xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm

x86_64:
xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.x86_64.rpm
xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm
xulrunner-devel-1.9.2.26-1.el5_7.x86_64.rpm

Red Hat EnterprisLinu(v5 server):

Source:

i386:
firefox-3.6.26-1.el5_7.i386.rpm
firefox-debuginfo-3.6.26-1.el5_7.i386.rpm
xulrunner-1.9.2.26-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm
xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm

ia64:
firefox-3.6.26-1.el5_7.ia64.rpm
firefox-debuginfo-3.6.26-1.el5_7.ia64.rpm
xulrunner-1.9.2.26-1.el5_7.ia64.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.ia64.rpm
xulrunner-devel-1.9.2.26-1.el5_7.ia64.rpm

ppc:
firefox-3.6.26-1.el5_7.ppc.rpm
firefox-debuginfo-3.6.26-1.el5_7.ppc.rpm
xulrunner-1.9.2.26-1.el5_7.ppc.rpm
xulrunner-1.9.2.26-1.el5_7.ppc64.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.ppc.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.ppc64.rpm
xulrunner-devel-1.9.2.26-1.el5_7.ppc.rpm
xulrunner-devel-1.9.2.26-1.el5_7.ppc64.rpm

s390x:
firefox-3.6.26-1.el5_7.s390.rpm
firefox-3.6.26-1.el5_7.s390x.rpm
firefox-debuginfo-3.6.26-1.el5_7.s390.rpm
firefox-debuginfo-3.6.26-1.el5_7.s390x.rpm
xulrunner-1.9.2.26-1.el5_7.s390.rpm
xulrunner-1.9.2.26-1.el5_7.s390x.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.s390.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.s390x.rpm
xulrunner-devel-1.9.2.26-1.el5_7.s390.rpm
xulrunner-devel-1.9.2.26-1.el5_7.s390x.rpm

x86_64:
firefox-3.6.26-1.el5_7.i386.rpm
firefox-3.6.26-1.el5_7.x86_64.rpm
firefox-debuginfo-3.6.26-1.el5_7.i386.rpm
firefox-debuginfo-3.6.26-1.el5_7.x86_64.rpm
xulrunner-1.9.2.26-1.el5_7.i386.rpm
xulrunner-1.9.2.26-1.el5_7.x86_64.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.x86_64.rpm
xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm
xulrunner-devel-1.9.2.26-1.el5_7.x86_64.rpm

Red Hat EnterprisLinuDeskto(v6):

Source:

i386:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm

x86_64:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-3.6.26-1.el6_2.x86_64.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.x86_64.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm

Red Hat EnterprisLinuDesktoOptiona(v6):

Source:

i386:
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.x86_64.rpm

Red Hat EnterprisLinuHPC NodOptiona(v6):

Source:

x86_64:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-3.6.26-1.el6_2.x86_64.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.x86_64.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.x86_64.rpm

Red Hat EnterprisLinuServer (v6):

Source:

i386:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm

ppc64:
firefox-3.6.26-1.el6_2.ppc.rpm
firefox-3.6.26-1.el6_2.ppc64.rpm
firefox-debuginfo-3.6.26-1.el6_2.ppc.rpm
firefox-debuginfo-3.6.26-1.el6_2.ppc64.rpm
xulrunner-1.9.2.26-1.el6_2.ppc.rpm
xulrunner-1.9.2.26-1.el6_2.ppc64.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.ppc.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.ppc64.rpm

s390x:
firefox-3.6.26-1.el6_2.s390.rpm
firefox-3.6.26-1.el6_2.s390x.rpm
firefox-debuginfo-3.6.26-1.el6_2.s390.rpm
firefox-debuginfo-3.6.26-1.el6_2.s390x.rpm
xulrunner-1.9.2.26-1.el6_2.s390.rpm
xulrunner-1.9.2.26-1.el6_2.s390x.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.s390.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.s390x.rpm

x86_64:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-3.6.26-1.el6_2.x86_64.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.x86_64.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm

Red Hat EnterprisLinuServer Optiona(v6):

Source:

i386:
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm

ppc64:
xulrunner-debuginfo-1.9.2.26-1.el6_2.ppc.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.ppc64.rpm
xulrunner-devel-1.9.2.26-1.el6_2.ppc.rpm
xulrunner-devel-1.9.2.26-1.el6_2.ppc64.rpm

s390x:
xulrunner-debuginfo-1.9.2.26-1.el6_2.s390.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.s390x.rpm
xulrunner-devel-1.9.2.26-1.el6_2.s390.rpm
xulrunner-devel-1.9.2.26-1.el6_2.s390x.rpm

x86_64:
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.x86_64.rpm

Red Hat EnterprisLinuWorkstation (v6):

Source:

i386:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm

x86_64:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-3.6.26-1.el6_2.x86_64.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.x86_64.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm

Red Hat EnterprisLinuWorkstation Optiona(v6):

Source:

i386:
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.x86_64.rpm

Thespackages arGPG signed by Red Hat for security Our key and 
details on how tverify thsignaturaravailablfrom
https://access.redhat.com/security/team/key#package

7References:

https://access.redhat.com/security/cve/CVE-2011-3659
https://access.redhat.com/security/cve/CVE-2011-3670
https://access.redhat.com/security/cve/CVE-2012-0442
https://access.redhat.com/security/cve/CVE-2012-0444
https://access.redhat.com/security/cve/CVE-2012-0449
https://access.redhat.com/security/updates/classification#critical
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.6/

8Contact:

ThRed Hat security contact is  Morcontact
details at https://access.redhat.com/security/team/contact

Copyright 2012 Red Hat, Inc.

Warning: Undefined variable $read_more_added_bug in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 1148

Red Hat Enterprise Linux 4, 5, 6: RHSA-2012:0079-01 Critical Firefox Flaws

red hat
Calendar Grey January 31, 2012
Dist Redhat Esm H88
Key notice from Red Hat reveals critical security flaws in Firefox affecting RHEL versions 4, 5, and 6. It's essential to implement updates without delay.
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6

Solution

Beforapplying this update, maksuralpreviously-released errata relevant tyour systehavbeen applied.

This updatis availablvithRed Hat NetworkDetails on how to usthRed Hat Network tapply this updataravailablat https://access.redhat.com/kb/docs/DOC-11259

Summary

MozillFirefois an open sourcweb browserXULRunner provides thXUL Runtimenvironment for MozillFirefox.
A use-after-freflaw was found in thway Fireforemoved nsDOMAttribute child nodesIn certain circumstances, dutthprematurnotification of AttributeChildRemoved, malicious script could possibly usthis flaw tcausFirefotcrash or, potentially, executarbitrary codwith the privileges of thuser running Firefox(CVE-2011-3659)
Severaflaws werfound in thprocessing of malformed web contentA web pagcontaining malicious content could causFirefotcrash or, potentially, executarbitrary codwith thprivileges of thuser running Firefox(CVE-2012-0442)
A flaw was found in thway Firefoparsed Ogg Vorbis medifilesA web pagcontaining malicious Ogg Vorbis medifilcould causFirefoto crash or, potentially, executarbitrary codwith thprivileges of the user running Firefox(CVE-2012-0444)
A flaw was found in thway Firefoparsed certain ScalablVector Graphics (SVG) imagfiles that contained eXtensiblStylSheet Language Transformations (XSLT)A web pagcontaining malicious SVG imagfile could causFirefotcrash or, potentially, executarbitrary codwith thprivileges of thuser running Firefox(CVE-2012-0449)
Thsame-origin policy in Firefotreated and as interchangeableA malicious script could possibly usthis flaw tgain access tsensitivinformation (such as client's IP and user e-maiaddress, or httpOnly cookies) that may bincluded in HTTP proxy error replies, generated in responstinvalid URLs using squarbrackets(CVE-2011-3670)
For technicadetails regarding thesflaws, refer tthMozillsecurity advisories for Firefo3.6.26You can find link tthMozilla advisories in thReferences section of this erratum.
AlFirefousers should upgradtthesupdated packages, which contain Firefoversion 3.6.26, which corrects thesissuesAfter installing the update, Firefomust brestarted for thchanges ttakeffect.

Topics%20covered

Topics Covered

security advisory critical software update Red Hat Enterprise Linux arbitrary code malicious content firefox security

References

https://access.redhat.com/security/cve/CVE-2011-3659 https://access.redhat.com/security/cve/CVE-2011-3670 https://access.redhat.com/security/cve/CVE-2012-0442 https://access.redhat.com/security/cve/CVE-2012-0444 https://access.redhat.com/security/cve/CVE-2012-0449 https://access.redhat.com/security/updates/classification#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.6/

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2012:0079-01
Product: Red Hat EnterprisLinux
Advisory URL: https://access.redhat.com/errata/RHSA-2012:0079.html
Issudate: 2012-01-31

Topic

Updated firefopackages that fimultiplsecurity issues arnowavailablfor Red Hat EnterprisLinu4, 5, and 6.ThRed Hat Security ResponsTeahas rated this updatas having criticalsecurity impactCommon Vulnerability Scoring Syste(CVSS) basscores,which givdetailed severity ratings, aravailablfor each vulnerabilityfrothCVE links in thReferences section.

Topics%20covered

Topics Covered

security advisory critical software update Red Hat Enterprise Linux arbitrary code malicious content firefox security

Relevant Releases Architectures

RHEL DesktoWorkstation (v5 client) - i386, x86_64

Red Hat EnterprisLinu(v5 server) - i386, ia64, ppc, s390x, x86_64

Red Hat EnterprisLinuAS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat EnterprisLinuDeskto(v5 client) - i386, x86_64

Red Hat EnterprisLinuDeskto(v6) - i386, x86_64

Red Hat EnterprisLinuDesktoOptiona(v6) - i386, x86_64

Red Hat EnterprisLinuDesktoversion 4 - i386, x86_64

Red Hat EnterprisLinuES version 4 - i386, ia64, x86_64

Red Hat EnterprisLinuHPC NodOptiona(v6) - x86_64

Red Hat EnterprisLinuServer (v6) - i386, ppc64, s390x, x86_64

Red Hat EnterprisLinuServer Optiona(v6) - i386, ppc64, s390x, x86_64

Red Hat EnterprisLinuWS version 4 - i386, ia64, x86_64

Red Hat EnterprisLinuWorkstation (v6) - i386, x86_64

Red Hat EnterprisLinuWorkstation Optiona(v6) - i386, x86_64

Bugs Fixed

785085 - CVE-2012-0442 Mozilla: memory safety hazards in 10.0/1.9.2.26 (MFSA 2012-01)

785464 - CVE-2011-3670 Mozilla: Same-origin bypass using IPv6-likhostnamsynta(MFSA 2012-02)

785966 - CVE-2012-0449 Mozilla: Crash when rendering SVG+XSLT (MFSA 2012-08)

786026 - CVE-2012-0444 Firefox: Ogg Vorbis Decoding Memory Corruption (MFSA 2012-07)

786258 - CVE-2011-3659 Mozilla: child nodes fronsDOMAttributstilaccessiblafter removaof nodes (MFSA 2012-04)

6PackagList:

Red Hat EnterprisLinuAS version 4:

Source:

i386:

firefox-3.6.26-2.el4.i386.rpm

firefox-debuginfo-3.6.26-2.el4.i386.rpm

ia64:

firefox-3.6.26-2.el4.ia64.rpm

firefox-debuginfo-3.6.26-2.el4.ia64.rpm

ppc:

firefox-3.6.26-2.el4.ppc.rpm

firefox-debuginfo-3.6.26-2.el4.ppc.rpm

s390:

firefox-3.6.26-2.el4.s390.rpm

firefox-debuginfo-3.6.26-2.el4.s390.rpm

s390x:

firefox-3.6.26-2.el4.s390x.rpm

firefox-debuginfo-3.6.26-2.el4.s390x.rpm

x86_64:

firefox-3.6.26-2.el4.x86_64.rpm

firefox-debuginfo-3.6.26-2.el4.x86_64.rpm

Red Hat EnterprisLinuDesktoversion 4:

Source:

i386:

firefox-3.6.26-2.el4.i386.rpm

firefox-debuginfo-3.6.26-2.el4.i386.rpm

x86_64:

firefox-3.6.26-2.el4.x86_64.rpm

firefox-debuginfo-3.6.26-2.el4.x86_64.rpm

Red Hat EnterprisLinuES version 4:

Source:

i386:

firefox-3.6.26-2.el4.i386.rpm

firefox-debuginfo-3.6.26-2.el4.i386.rpm

ia64:

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here