Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Red Hat: RHSA-2006:0328-01 Critical: Firefox Browser Exploits

red hat
Calendar Grey April 14, 2006
Dist Redhat Esm H88
Essential Firefox security patch from Red Hat addresses various vulnerabilities to safeguard users against possible threats.
Updated firefox packages that fix several security bugs are now available

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

183537 - CVE-2006-0749 Firefox Tag Order Vulnerability 188814 - CVE-2006-1741 Cross-site JavaScript injection using event handlers 188816 - CVE-2006-1742 JavaScript garbage-collection hazard audit 188818 - CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739) 188820 - CVE-2006-1740 Secure-site spoof (requires security warning dialog) 188822 - CVE-2006-1735 Privilege escalation via XBL.method.eval 188824 - CVE-2006-1734 Privilege escalation using a JavaScript function's cloned parent 188826 - CVE-2006-1733 Accessing XBL compilation scope via valueOf.call() 188828 - CVE-2006-1732 cross-site scripting through window.controllers 188830 - CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability 188832 - CVE-2006-1731 Cross-site scripting using .valueOf.call() 188834 - CVE-2006-1724 Crashes with evidence of memory corruption (1.5.0.2) 188836 - CVE-2006-1730 CSS Letter-Spacing Heap Overflow Vulnerability 188838 - CVE-2006-1729 File stealing by changing input type 188840 - CVE-2006-1728 Privilege escalation using crypto.generateCRMFRequest 188842 - CVE-2006-1727 Privilege escalation through Print Preview

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS: 56b5c27ea2ddbd0867f8ee87eda96cd9 firefox-1.0.8-1.4.1.src.rpm

i386: d092a0e383f0d171a515cf3c1b50a310 firefox-1.0.8-1.4.1.i386.rpm 4f66c3525cd7904e42d1477e806a583c firefox-debuginfo-1.0.8-1.4.1.i386.rpm

ia64: 826bc0089706ec833a75c82dd4c16555 firefox-1.0.8-1.4.1.ia64.rpm fdb7a7c2a79ddfa19a890104abca06f4 firefox-debuginfo-1.0.8-1.4.1.ia64.rpm

ppc: 8c201529a81f5b75c23adc15dca47f9e firefox-1.0.8-1.4.1.ppc.rpm 443c4fbffe45dd4b400c4f226b3c7d42 firefox-debuginfo-1.0.8-1.4.1.ppc.rpm

s390: 577c0d3f56cca04343d77eadf5b1680f firefox-1.0.8-1.4.1.s390.rpm 3e9ff99420d652af75538e2ea99b3ce0 firefox-debuginfo-1.0.8-1.4.1.s390.rpm

s390x: 1e31976de69cb4eef9171bbfb1fb7621 firefox-1.0.8-1.4.1.s390x.rpm 977147cba3f966482f561d93c881a8d3 firefox-debuginfo-1.0.8-1.4.1.s390x.rpm

x86_64: 2cc4c552d8942f0b7e44457069fbaa67 firefox-1.0.8-1.4.1.x86_64.rpm db96f3e2d520ef51ed5ebbd4e99d52a6 firefox-debuginfo-1.0.8-1.4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS: 56b5c27ea2ddbd0867f8ee87eda96cd9 firefox-1.0.8-1.4.1.src.rpm

i386: d092a0e383f0d171a515cf3c1b50a310 firefox-1.0.8-1.4.1.i386.rpm 4f66c3525cd7904e42d1477e806a583c firefox-debuginfo-1.0.8-1.4.1.i386.rpm

x86_64: 2cc4c552d8942f0b7e44457069fbaa67 firefox-1.0.8-1.4.1.x86_64.rpm db96f3e2d520ef51ed5ebbd4e99d52a6 firefox-debuginfo-1.0.8-1.4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS: 56b5c27ea2ddbd0867f8ee87eda96cd9 firefox-1.0.8-1.4.1.src.rpm

i386: d092a0e383f0d171a515cf3c1b50a310 firefox-1.0.8-1.4.1.i386.rpm 4f66c3525cd7904e42d1477e806a583c firefox-debuginfo-1.0.8-1.4.1.i386.rpm

ia64: 826bc0089706ec833a75c82dd4c16555 firefox-1.0.8-1.4.1.ia64.rpm fdb7a7c2a79ddfa19a890104abca06f4 firefox-debuginfo-1.0.8-1.4.1.ia64.rpm

x86_64: 2cc4c552d8942f0b7e44457069fbaa67 firefox-1.0.8-1.4.1.x86_64.rpm db96f3e2d520ef51ed5ebbd4e99d52a6 firefox-debuginfo-1.0.8-1.4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS: 56b5c27ea2ddbd0867f8ee87eda96cd9 firefox-1.0.8-1.4.1.src.rpm

i386: d092a0e383f0d171a515cf3c1b50a310 firefox-1.0.8-1.4.1.i386.rpm 4f66c3525cd7904e42d1477e806a583c firefox-debuginfo-1.0.8-1.4.1.i386.rpm

ia64: 826bc0089706ec833a75c82dd4c16555 firefox-1.0.8-1.4.1.ia64.rpm fdb7a7c2a79ddfa19a890104abca06f4 firefox-debuginfo-1.0.8-1.4.1.ia64.rpm

x86_64: 2cc4c552d8942f0b7e44457069fbaa67 firefox-1.0.8-1.4.1.x86_64.rpm db96f3e2d520ef51ed5ebbd4e99d52a6 firefox-debuginfo-1.0.8-1.4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-2006-0749 https://www.cve.org/CVERecord?id=CVE-2006-1724 https://www.cve.org/CVERecord?id=CVE-2006-1727 https://www.cve.org/CVERecord?id=CVE-2006-1728 https://www.cve.org/CVERecord?id=CVE-2006-1729 https://www.cve.org/CVERecord?id=CVE-2006-1730 https://www.cve.org/CVERecord?id=CVE-2006-1731 https://www.cve.org/CVERecord?id=CVE-2006-1732 https://www.cve.org/CVERecord?id=CVE-2006-1733 https://www.cve.org/CVERecord?id=CVE-2006-1734 https://www.cve.org/CVERecord?id=CVE-2006-1735 https://www.cve.org/CVERecord?id=CVE-2006-1737 https://www.cve.org/CVERecord?id=CVE-2006-1738 https://www.cve.org/CVERecord?id=CVE-2006-1739 https://www.cve.org/CVERecord?id=CVE-2006-1740 https://www.cve.org/CVERecord?id=CVE-2006-1741 https://www.cve.org/CVERecord?id=CVE-2006-1742 https://website-archive.mozilla.org/ https://access.redhat.com/security/updates/classification#critical

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2006:0328-01
Issue date: 2006-04-14
Updated on: 2006-04-14
Product: Red Hat Enterprise Linux

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here