What Are You Looking For?

Sign Up
Date:         Fri, 4 Jul 2008 10:10:29 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for firefox on SL4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: firefox security update
Issue date:	2008-07-02
CVE Names:	CVE-2008-2798 CVE-2008-2799 CVE-2008-2800
                   CVE-2008-2801 CVE-2008-2802 CVE-2008-2803
                   CVE-2008-2805 CVE-2008-2807 CVE-2008-2808
                   CVE-2008-2809 CVE-2008-2810 CVE-2008-2811

Multiple flaws were found in the processing of malformed JavaScript
content. A web page containing such malicious content could cause 
Firefox to crash or, potentially, execute arbitrary code as the user 
running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)

Several flaws were found in the processing of malformed web content. A 
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)

Several flaws were found in the way malformed web content was displayed. 
A web page containing specially-crafted content could potentially trick 
a Firefox user into surrendering sensitive information. (CVE-2008-2800)

Two local file disclosure flaws were found in Firefox. A web page
containing malicious content could cause Firefox to reveal the contents 
of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)

A flaw was found in the way a malformed .properties file was processed 
by Firefox. A malicious extension could read uninitialized memory, 
possibly leaking sensitive data to the extension. (CVE-2008-2807)

A flaw was found in the way Firefox escaped a listing of local file 
names. If a user could be tricked into listing a local directory 
containing malicious file names, arbitrary JavaScript could be run with 
the permissions of the user running Firefox. (CVE-2008-2808)

A flaw was found in the way Firefox displayed information about 
self-signed certificates. It was possible for a self-signed certificate 
to contain multiple alternate name entries, which were not all displayed 
to the user, allowing them to mistakenly extend trust to an unknown 
site. (CVE-2008-2809)


SL 4.x

    SRPMS:
firefox-1.5.0.12-0.19.el4.src.rpm
    i386:
firefox-1.5.0.12-0.19.el4.i386.rpm
    x86_64:
firefox-1.5.0.12-0.19.el4.i386.rpm
firefox-1.5.0.12-0.19.el4.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2008-2798 firefox SL4.x i386/x86_64

Critical: firefox security update

Summary

Date:         Fri, 4 Jul 2008 10:10:29 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for firefox on SL4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Critical: firefox security updateIssue date:	2008-07-02CVE Names:	CVE-2008-2798 CVE-2008-2799 CVE-2008-2800                   CVE-2008-2801 CVE-2008-2802 CVE-2008-2803                   CVE-2008-2805 CVE-2008-2807 CVE-2008-2808                   CVE-2008-2809 CVE-2008-2810 CVE-2008-2811Multiple flaws were found in the processing of malformed JavaScriptcontent. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code as the user running Firefox.(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)Several flaws were found in the way malformed web content was displayed. A web page containing specially-crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-2800)Two local file disclosure flaws were found in Firefox. A web pagecontaining malicious content could cause Firefox to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)A flaw was found in the way a malformed .properties file was processed by Firefox. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807)A flaw was found in the way Firefox escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Firefox. (CVE-2008-2808)A flaw was found in the way Firefox displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809)SL 4.x    SRPMS:firefox-1.5.0.12-0.19.el4.src.rpm    i386:firefox-1.5.0.12-0.19.el4.i386.rpm    x86_64:firefox-1.5.0.12-0.19.el4.i386.rpmfirefox-1.5.0.12-0.19.el4.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo