SciLinux: CVE-2009-2462 Critical: firefox SL4.x i386/x86_64
Summary
Date: Wed, 22 Jul 2009 23:21:17 -0500Reply-To: Connie SiehSender: Security Errata for Scientific Linux From: Connie Sieh Subject: Security ERRATA Critical: firefox on SL4.x i386/x86_64Comments: To: scientific Synopsis: Critical: firefox security updateCVE Names: CVE-2009-2462 Mozilla Browser engine crashesCVE-2009-2463 Mozilla Base64 decoding crashCVE-2009-2464 Mozilla crash with multiple RDFs in XUL treeCVE-2009-2465 Mozilla double frame construction crashesCVE-2009-2466 Mozilla JavaScript engine crashesCVE-2009-2467 Mozilla remote code execution during Flash player unloadingCVE-2009-2469 Mozilla remote code execution using watch and__defineSetter__ on SVG elementCVE-2009-2471 Mozilla setTimeout loses XPCNativeWrappersCVE-2009-2472 Mozilla multiple cross origin wrapper bypassesMozilla Firefox is an open source Web browser. XULRunner provides the XULRuntime environment for Mozilla Firefox.Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code as the user running Firefox.(CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471)Several flaws were found in the way Firefox handles malformed JavaScriptcode. A website containing malicious content could launch a cross-sitescripting (XSS) attack or execute arbitrary JavaScript with the permissions of another website. (CVE-2009-2472)SL4.xSRPM firefox-3.0.12-1.el4.src.rpmi386 firefox-3.0.12-1.el4.i386.rpmx86_64 firefox-3.0.12-1.el4.i386.rpm firefox-3.0.12-1.el4.x86_64.rpm--Connie Sieh--Troy Dawson