SciLinux: CVE-2007-1362 firefox SL5.x, SL4.x, SL3,x i386/x86_64
Summary
Date: Fri, 1 Jun 2007 15:54:43 -0500Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for firefox on SL5.x, SL4.x, SL3,x i386/x86_64Comments: To: scientific-linux-errata@fnal.govSynopsis: Critical: firefox security updateIssue date: 2007-05-30CVE Names: CVE-2007-1362 CVE-2007-1562 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871Several flaws were found in the way Firefox processed certain malformedJavaScript code. A web page containing malicious JavaScript code couldcause Firefox to crash or potentially execute arbitrary code as the userrunning Firefox. (CVE-2007-2867, CVE-2007-2868)A flaw was found in the way Firefox handled certain FTP PASV commands. Amalicious FTP server could use this flaw to perform a rudimentaryport-scan of machines behind a user's firewall. (CVE-2007-1562)Several denial of service flaws were found in the way Firefox handledcertain form and cookie data. A malicious web site that is able to setarbitrary form and cookie data could prevent Firefox fromfunctioning properly. (CVE-2007-1362, CVE-2007-2869)A flaw was found in the way Firefox handled the addEventListenerJavaScript method. A malicious web site could use this method to access or modify sensitive data from another web site. (CVE-2007-2870)A flaw was found in the way Firefox displayed certain web content. Amalicious web page could generate content that would overlay userinterface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871)SL 3.0.x SRPMS: firefox-1.5.0.12-0.1.SL3.src.rpm i386: firefox-1.5.0.12-0.1.SL3.i386.rpm x86_64: firefox-1.5.0.12-0.1.SL3.i386.rpm firefox-1.5.0.12-0.1.SL3.x86_64.rpmSL 4.x SRPMS: firefox-1.5.0.12-0.1.el4.src.rpm i386: firefox-1.5.0.12-0.1.el4.i386.rpm x86_64: firefox-1.5.0.12-0.1.el4.i386.rpm firefox-1.5.0.12-0.1.el4.x86_64.rpmSL 5.x SRPMS: devhelp-0.12-11.el5.src.rpm firefox-1.5.0.12-1.el5.src.rpm yelp-2.16.0-15.el5.src.rpm i386: devhelp-0.12-11.el5.i386.rpm firefox-1.5.0.12-1.el5.i386.rpm yelp-2.16.0-15.el5.i386.rpm x86_64: devhelp-0.12-11.el5.i386.rpm devhelp-0.12-11.el5.x86_64.rpm firefox-1.5.0.12-1.el5.i386.rpm firefox-1.5.0.12-1.el5.x86_64.rpm yelp-2.16.0-15.el5.x86_64.rpm-Connie Sieh-Troy Dawson