SciLinux: CVE-2009-1563 Critical: firefox SL4.x, SL5.x i386/x86_64
Summary
Date: Wed, 28 Oct 2009 13:25:51 -0500Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Critical: firefox on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Critical: firefox security updateIssue date: 2009-10-27CVE Names: CVE-2009-1563 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370)A flaw was found in the way Firefox creates temporary file names fordownloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file witharbitrary contents. (CVE-2009-3274)A flaw was found in the Firefox Proxy Auto-Configuration (PAC) fileprocessor. If Firefox loads a malicious PAC file, it could crash Firefoxor, potentially, execute arbitrary code with the privileges of the userrunning Firefox. (CVE-2009-3372)A heap-based buffer overflow flaw was found in the Firefox GIF imageprocessor. A malicious GIF image could crash Firefox or, potentially,execute arbitrary code with the privileges of the user running Firefox.(CVE-2009-3373)A heap-based buffer overflow flaw was found in the Firefox string tofloating point conversion routines. A web page containing maliciousJavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563)A flaw was found in the way Firefox handles text selection. A maliciouswebsite may be able to read highlighted text in a different domain (e.g.another website the user is viewing), bypassing the same-origin policy.(CVE-2009-3375)A flaw was found in the way Firefox displays a right-to-left overridecharacter when downloading a file. In these cases, the name displayed inthe title bar differs from the name displayed in the dialog body. Anattacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376)Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382)After installing the update, Firefox must be restarted for the changes to take effect.SL 4.x SRPMS:firefox-3.0.15-3.el4.src.rpmnspr-4.7.6-1.el4_8.src.rpm i386:firefox-3.0.15-3.el4.i386.rpmnspr-4.7.6-1.el4_8.i386.rpmnspr-devel-4.7.6-1.el4_8.i386.rpm x86_64:firefox-3.0.15-3.el4.i386.rpmfirefox-3.0.15-3.el4.x86_64.rpmnspr-4.7.6-1.el4_8.i386.rpmnspr-4.7.6-1.el4_8.x86_64.rpmnspr-devel-4.7.6-1.el4_8.x86_64.rpmSL 5.x SRPMS:firefox-3.0.15-3.el5_4.src.rpmnspr-4.7.6-1.el5_4.src.rpmxulrunner-1.9.0.15-3.el5_4.src.rpm i386:firefox-3.0.15-3.el5_4.i386.rpmnspr-4.7.6-1.el5_4.i386.rpmnspr-devel-4.7.6-1.el5_4.i386.rpmxulrunner-1.9.0.15-3.el5_4.i386.rpmxulrunner-devel-1.9.0.15-3.el5_4.i386.rpmxulrunner-devel-unstable-1.9.0.15-3.el5_4.i386.rpm x86_64:firefox-3.0.15-3.el5_4.i386.rpmfirefox-3.0.15-3.el5_4.x86_64.rpmnspr-4.7.6-1.el5_4.i386.rpmnspr-4.7.6-1.el5_4.x86_64.rpmnspr-devel-4.7.6-1.el5_4.i386.rpmnspr-devel-4.7.6-1.el5_4.x86_64.rpmxulrunner-1.9.0.15-3.el5_4.i386.rpmxulrunner-1.9.0.15-3.el5_4.x86_64.rpmxulrunner-devel-1.9.0.15-3.el5_4.i386.rpmxulrunner-devel-1.9.0.15-3.el5_4.x86_64.rpmxulrunner-devel-unstable-1.9.0.15-3.el5_4.x86_64.rpm-Connie Sieh-Troy Dawson