SciLinux: CVE-2009-1571 Critical: firefox SL4.x, SL5.x i386/x86_64
Summary
2010-01)CVE-2010-0160 Mozilla implementation of Web Workers can lead to crashwith evidence of memory corruption (MFSA 2010-02)CVE-2009-1571 Mozilla incorrectly frees used memory (MFSA 2010-03)CVE-2009-3988 Mozilla violation of same-origin policy due to propertiesset on objects passed to showModalDialog (MFSA 2010-04)CVE-2010-0162 Mozilla bypass of same-origin policy due to improper SVGdocument processing (MFSA 2010-05)A use-after-free flaw was found in Firefox. Under low memory conditions,visiting a web page containing malicious content could result in Firefoxexecuting arbitrary code with the privileges of the user runningFirefox. (CVE-2009-1571)Several flaws were found in the processing of malformed web content. Aweb page containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code with the privileges of the userrunning Firefox. (CVE-2010-0159, CVE-2010-0160)Two flaws were found in the way certain content was processed. Anattacker could use these flaws to create a malicious web page that couldbypass the same-origin policy, or possibly run untrusted JavaScript.(CVE-2009-3988, CVE-2010-0162)After installing the update, Firefox must be restarted for the changesto take effect.