RedHat: Critical: firefox security update

    Date01 Mar 2005
    CategoryRed Hat
    7727
    Posted ByJoe Shakespeare
    Updated firefox packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.
    - ---------------------------------------------------------------------
                       Red Hat Security Advisory
    
    Synopsis:          Critical: firefox security update
    Advisory ID:       RHSA-2005:176-01
    Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-176.html
    Issue date:        2005-03-01
    Updated on:        2005-03-01
    Product:           Red Hat Enterprise Linux
    CVE Names:         CAN-2004-1156 CAN-2005-0231 CAN-2005-0232 CAN-2005-0233 CAN-2005-0255 CAN-2005-0527 CAN-2005-0578 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588 CAN-2005-0589 CAN-2005-0590 CAN-2005-0591 CAN-2005-0592 CAN-2005-0593
    - ---------------------------------------------------------------------
    
    1. Summary:
    
    Updated firefox packages that fix various bugs are now available.
    
    This update has been rated as having critical security impact by the Red
    Hat Security Response Team.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
    Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
    Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
    Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
    
    3. Problem description:
    
    Mozilla Firefox is an open source Web browser.
    
    A bug was found in the Firefox string handling functions. If a malicious
    website is able to exhaust a system's memory, it becomes possible to
    execute arbitrary code. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CAN-2005-0255 to this issue.
    
    A bug was found in the way Firefox handles pop-up windows. It is possible
    for a malicious website to control the content in an unrelated site's
    pop-up window. (CAN-2004-1156)
    
    A bug was found in the way Firefox allows plug-ins to load privileged
    content into a frame. It is possible that a malicious webpage could trick a
    user into clicking in certain places to modify configuration settings or
    execute arbitrary code. (CAN-2005-0232 and CAN-2005-0527).
    
    A flaw was found in the way Firefox displays international domain names. It
    is possible for an attacker to display a valid URL, tricking the user into
    thinking they are viewing a legitimate webpage when they are not.
    (CAN-2005-0233)
    
    A bug was found in the way Firefox handles plug-in temporary files. A
    malicious local user could create a symlink to a victims directory, causing
    it to be deleted when the victim exits Firefox. (CAN-2005-0578)
    
    A bug has been found in one of Firefox's UTF-8 converters. It may be
    possible for an attacker to supply a specially crafted UTF-8 string to the
    buggy converter, leading to arbitrary code execution. (CAN-2005-0592)
    
    A bug was found in the Firefox javascript security manager. If a user drags
    a malicious link to a tab, the javascript security manager is bypassed
    which could result in remote code execution or information disclosure.
    (CAN-2005-0231)
    
    A bug was found in the way Firefox displays the HTTP authentication prompt.
    When a user is prompted for authentication, the dialog window is displayed
    over the active tab, regardless of the tab that caused the pop-up to appear
    and could trick a user into entering their username and password for a
    trusted site.  (CAN-2005-0584)
    
    A bug was found in the way Firefox displays the save file dialog. It is
    possible for a malicious webserver to spoof the Content-Disposition header,
    tricking the user into thinking they are downloading a different filetype.
    (CAN-2005-0586)
    
    A bug was found in the way Firefox handles users "down-arrow" through auto
    completed choices. When an autocomplete choice is selected, the information
    is copied into the input control, possibly allowing a malicious web site to
    steal information by tricking a user into arrowing through autocompletion
    choices. (CAN-2005-0589)
    
    Several bugs were found in the way Firefox displays the secure site icon.
    It is possible that a malicious website could display the secure site icon
    along with incorrect certificate information. (CAN-2005-0593)
    
    A bug was found in the way Firefox displays the download dialog window. A
    malicious site can obfuscate the content displayed in the source field,
    tricking a user into thinking they are downloading content from a trusted
    source. (CAN-2005-0585)
    
    A bug was found in the way Firefox handles xsl:include and xsl:import
    directives. It is possible for a malicious website to import XSLT
    stylesheets from a domain behind a firewall, leaking information to an
    attacker. (CAN-2005-0588)
    
    A bug was found in the way Firefox displays the installation confirmation
    dialog. An attacker could add a long user:pass before the true hostname,
    tricking a user into thinking they were installing content from a trusted
    source. (CAN-2005-0590)
    
    A bug was found in the way Firefox displays download and security dialogs.
    An attacker could cover up part of a dialog window tricking the user into
    clicking "Allow" or "Open", which could potentially lead to arbitrary code
    execution. (CAN-2005-0591)
    
    Users of Firefox are advised to upgrade to this updated package which
    contains Firefox version 1.0.1 and is not vulnerable to these issues.
    
    4. Solution:
    
    Before applying this update, make sure that all previously-released
    errata relevant to your system have been applied.  Use Red Hat
    Network to download and update your packages.  To launch the Red Hat
    Update Agent, use the following command:
    
        up2date
    
    For information on how to install packages manually, refer to the
    following Web page for the System Administration or Customization
    guide specific to your system:
    
        http://www.redhat.com/docs/manuals/enterprise/
    
    5. Bug IDs fixed (http://bugzilla.redhat.com/):
    
    147727 - CAN-2005-0232 fireflashing vulnerability (CAN-2005-0527)
    149876 - CAN-2005-0255 Memory overwrite in string library
    147735 - CAN-2005-0231 firefox javascript tab security bypass
    147402 - CAN-2005-0233 homograph spoofing
    142506 - CAN-2004-1156 Frame injection vulnerability.
    144216 - CAN-2005-0585 download dialog URL spoofing
    149923 - CAN-2005-0578 Unsafe /tmp/plugtmp directory exploitable to erase user's files
    149929 - CAN-2005-0584 HTTP auth prompt tab spoofing
    149930 - CAN-2005-0586 Download dialog spoofing using Content-Disposition header
    149931 - CAN-2005-0588 XSLT can include stylesheets from arbitrary hosts
    149934 - CAN-2005-0589 Autocomplete data leak
    149936 - CAN-2005-0590 Install source spoofing with user:pass@host
    149937 - CAN-2005-0591 Spoofing download and security dialogs with overlapping windows
    149938 - CAN-2005-0592 Heap overflow possible in UTF8 to Unicode conversion
    149939 - CAN-2005-0593 SSL "secure site" indicator spoofing
    
    6. RPMs required:
    
    Red Hat Enterprise Linux AS version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.0.1-1.4.3.src.rpm
    8a6aedb095f62077e64124ddc577b9fb  firefox-1.0.1-1.4.3.src.rpm
    
    i386:
    b892ffeb126d1ef24f2c9059650d1000  firefox-1.0.1-1.4.3.i386.rpm
    
    ia64:
    303645b51596c4d7d0f0de81c3efdf4b  firefox-1.0.1-1.4.3.ia64.rpm
    
    ppc:
    7b3535d928649b7e2ae3c594fa4635bd  firefox-1.0.1-1.4.3.ppc.rpm
    
    s390:
    73ea97180b4ca648b996c3e33e4b8ed8  firefox-1.0.1-1.4.3.s390.rpm
    
    s390x:
    5cacc37451e98bcc57134d5e4fb9542b  firefox-1.0.1-1.4.3.s390x.rpm
    
    x86_64:
    5d826defe063b94510651a6b68e6e719  firefox-1.0.1-1.4.3.x86_64.rpm
    
    Red Hat Enterprise Linux Desktop version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.0.1-1.4.3.src.rpm
    8a6aedb095f62077e64124ddc577b9fb  firefox-1.0.1-1.4.3.src.rpm
    
    i386:
    b892ffeb126d1ef24f2c9059650d1000  firefox-1.0.1-1.4.3.i386.rpm
    
    x86_64:
    5d826defe063b94510651a6b68e6e719  firefox-1.0.1-1.4.3.x86_64.rpm
    
    Red Hat Enterprise Linux ES version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.0.1-1.4.3.src.rpm
    8a6aedb095f62077e64124ddc577b9fb  firefox-1.0.1-1.4.3.src.rpm
    
    i386:
    b892ffeb126d1ef24f2c9059650d1000  firefox-1.0.1-1.4.3.i386.rpm
    
    ia64:
    303645b51596c4d7d0f0de81c3efdf4b  firefox-1.0.1-1.4.3.ia64.rpm
    
    x86_64:
    5d826defe063b94510651a6b68e6e719  firefox-1.0.1-1.4.3.x86_64.rpm
    
    Red Hat Enterprise Linux WS version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.0.1-1.4.3.src.rpm
    8a6aedb095f62077e64124ddc577b9fb  firefox-1.0.1-1.4.3.src.rpm
    
    i386:
    b892ffeb126d1ef24f2c9059650d1000  firefox-1.0.1-1.4.3.i386.rpm
    
    ia64:
    303645b51596c4d7d0f0de81c3efdf4b  firefox-1.0.1-1.4.3.ia64.rpm
    
    x86_64:
    5d826defe063b94510651a6b68e6e719  firefox-1.0.1-1.4.3.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and 
    details on how to verify the signature are available from
    https://www.redhat.com/security/team/key/#package
    
    7. References:
    
    http://www.mozilla.org/projects/security/known-vulnerabilities.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0589
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0592
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593
    
    8. Contact:
    
    The Red Hat security contact is .  More contact
    details at https://www.redhat.com/security/team/contact/
    
    Copyright 2005 Red Hat, Inc.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.