What Are You Looking For?

Sign Up
Date:         Thu, 23 Apr 2009 15:36:37 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Critical: firefox on SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: firefox security update
Issue date:	2009-04-21
CVE Names:	CVE-2009-0652 CVE-2009-1302 CVE-2009-1303
                   CVE-2009-1304 CVE-2009-1305 CVE-2009-1306
                   CVE-2009-1307 CVE-2009-1308 CVE-2009-1309
                   CVE-2009-1310 CVE-2009-1311 CVE-2009-1312


Several flaws were found in the processing of malformed web content. A 
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)

Several flaws were found in the way malformed web content was processed. 
A web page containing malicious content could execute arbitrary 
JavaScript in the context of the site, possibly presenting misleading 
data to a user, or stealing sensitive information such as login 
credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, 
CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)

A flaw was found in the way Firefox saved certain web pages to a local
file. If a user saved the inner frame of a web page containing POST 
data, the POST data could be revealed to the inner frame, possibly 
surrendering sensitive information such as login credentials. 
(CVE-2009-1311)

After installing the update, Firefox must be restarted for the changes 
to take effect.

SL 4.x

      SRPMS:
firefox-3.0.9-1.el4.src.rpm
      i386:
firefox-3.0.9-1.el4.i386.rpm
      x86_64:
firefox-3.0.9-1.el4.i386.rpm
firefox-3.0.9-1.el4.x86_64.rpm

SL 5.x

      SRPMS:
firefox-3.0.9-1.el5.src.rpm
xulrunner-1.9.0.9-1.el5.src.rpm
      i386:
firefox-3.0.9-1.el5.i386.rpm
xulrunner-1.9.0.9-1.el5.i386.rpm
xulrunner-devel-1.9.0.9-1.el5.i386.rpm
xulrunner-devel-unstable-1.9.0.9-1.el5.i386.rpm
      x86_64:
firefox-3.0.9-1.el5.i386.rpm
firefox-3.0.9-1.el5.x86_64.rpm
xulrunner-1.9.0.9-1.el5.i386.rpm
xulrunner-1.9.0.9-1.el5.x86_64.rpm
xulrunner-devel-1.9.0.9-1.el5.i386.rpm
xulrunner-devel-1.9.0.9-1.el5.x86_64.rpm
xulrunner-devel-unstable-1.9.0.9-1.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-0652 Critical: firefox SL4.x, SL5.x i386/x86_64

Critical: firefox security update

Summary

Date:         Thu, 23 Apr 2009 15:36:37 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Critical: firefox on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Critical: firefox security updateIssue date:	2009-04-21CVE Names:	CVE-2009-0652 CVE-2009-1302 CVE-2009-1303                   CVE-2009-1304 CVE-2009-1305 CVE-2009-1306                   CVE-2009-1307 CVE-2009-1308 CVE-2009-1309                   CVE-2009-1310 CVE-2009-1311 CVE-2009-1312Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code as the user running Firefox.(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)Several flaws were found in the way malformed web content was processed. A web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)A flaw was found in the way Firefox saved certain web pages to a localfile. If a user saved the inner frame of a web page containing POST data, the POST data could be revealed to the inner frame, possibly surrendering sensitive information such as login credentials. (CVE-2009-1311)After installing the update, Firefox must be restarted for the changes to take effect.SL 4.x      SRPMS:firefox-3.0.9-1.el4.src.rpm      i386:firefox-3.0.9-1.el4.i386.rpm      x86_64:firefox-3.0.9-1.el4.i386.rpmfirefox-3.0.9-1.el4.x86_64.rpmSL 5.x      SRPMS:firefox-3.0.9-1.el5.src.rpmxulrunner-1.9.0.9-1.el5.src.rpm      i386:firefox-3.0.9-1.el5.i386.rpmxulrunner-1.9.0.9-1.el5.i386.rpmxulrunner-devel-1.9.0.9-1.el5.i386.rpmxulrunner-devel-unstable-1.9.0.9-1.el5.i386.rpm      x86_64:firefox-3.0.9-1.el5.i386.rpmfirefox-3.0.9-1.el5.x86_64.rpmxulrunner-1.9.0.9-1.el5.i386.rpmxulrunner-1.9.0.9-1.el5.x86_64.rpmxulrunner-devel-1.9.0.9-1.el5.i386.rpmxulrunner-devel-1.9.0.9-1.el5.x86_64.rpmxulrunner-devel-unstable-1.9.0.9-1.el5.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Kali vs. ParrotOS: 2 Versatile Linux Distros for Security Pros

Dec 9, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo