Date:         Thu, 23 Jul 2009 14:09:58 -0500
Reply-To:     Connie Sieh 
Sender:       Security Errata for Scientific Linux
              
From:         Connie Sieh 
Subject:      Security ERRATA Critical: firefox on SL5.x i386/x86_64
Comments: To: scientific 

Synopsis:          Critical: firefox security update

CVE Names: CVE-2009-2462 Mozilla Browser engine crashes
CVE-2009-2463 Mozilla Base64 decoding crash
CVE-2009-2464 Mozilla crash with multiple RDFs in XUL tree
CVE-2009-2465 Mozilla double frame construction crashes
CVE-2009-2466 Mozilla JavaScript engine crashes
CVE-2009-2467 Mozilla remote code execution during Flash player unloading
CVE-2009-2469 Mozilla remote code execution using watch and__defineSetter__ on 
SVG element
CVE-2009-2471 Mozilla setTimeout loses XPCNativeWrappersCVE-2009-2472 Mozilla multiple cross origin wrapper bypasses

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, 
CVE-2009-2467, CVE-2009-2469, CVE-2009-2471)

Several flaws were found in the way Firefox handles malformed JavaScript
code. A website containing malicious content could launch a cross-site
scripting (XSS) attack or execute arbitrary JavaScript with the permissions of 
another website. (CVE-2009-2472)

SL5.x

SRPM
 	 firefox-3.0.12-1.el5_3.src.rpm

i386

 	firefox-3.0.12-1.el5_3.i386.rpm

x86_64

 	firefox-3.0.12-1.el5_3.i386.rpm
 	firefox-3.0.12-1.el5_3.x86_64.rpm

--Connie Sieh
--Troy Dawson

SciLinux: CVE-2009-2462 Critical: firefox SL5.x i386/x86_64

Critical: firefox security update

Summary

Date:         Thu, 23 Jul 2009 14:09:58 -0500Reply-To:     Connie Sieh Sender:       Security Errata for Scientific Linux              From:         Connie Sieh Subject:      Security ERRATA Critical: firefox on SL5.x i386/x86_64Comments: To: scientific Synopsis:          Critical: firefox security updateCVE Names: CVE-2009-2462 Mozilla Browser engine crashesCVE-2009-2463 Mozilla Base64 decoding crashCVE-2009-2464 Mozilla crash with multiple RDFs in XUL treeCVE-2009-2465 Mozilla double frame construction crashesCVE-2009-2466 Mozilla JavaScript engine crashesCVE-2009-2467 Mozilla remote code execution during Flash player unloadingCVE-2009-2469 Mozilla remote code execution using watch and__defineSetter__ on SVG elementCVE-2009-2471 Mozilla setTimeout loses XPCNativeWrappersCVE-2009-2472 Mozilla multiple cross origin wrapper bypassesMozilla Firefox is an open source Web browser. XULRunner provides the XULRuntime environment for Mozilla Firefox.Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code as the user running Firefox.(CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471)Several flaws were found in the way Firefox handles malformed JavaScriptcode. A website containing malicious content could launch a cross-sitescripting (XSS) attack or execute arbitrary JavaScript with the permissions of another website. (CVE-2009-2472)SL5.xSRPM 	 firefox-3.0.12-1.el5_3.src.rpmi386 	firefox-3.0.12-1.el5_3.i386.rpmx86_64 	firefox-3.0.12-1.el5_3.i386.rpm 	firefox-3.0.12-1.el5_3.x86_64.rpm--Connie Sieh--Troy Dawson



Security Fixes

Severity

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved