SciLinux: CVE-2010-0174 Critical: firefox SL4.x i386/x86_64
Summary
containing malicious content could result in Firefox executing arbitrarycode with the privileges of the user running Firefox. (CVE-2010-0175,CVE-2010-0176, CVE-2010-0177)A flaw was found in Firefox that could allow an applet to generate adrag and drop action from a mouse click. Such an action could be used toexecute arbitrary JavaScript with the privileges of the user runningFirefox. (CVE-2010-0178)A privilege escalation flaw was found in Firefox when the Firebug add-onis in use. The XMLHttpRequestSpy module in the Firebug add-on exposes aChrome privilege escalation flaw that could be used to execute arbitraryJavaScript with the privileges of the user running Firefox. (CVE-2010-0179)Several flaws were found in the processing of malformed web content. Aweb page containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code with the privileges of the userrunning Firefox. (CVE-2010-0174)After installing the update, Firefox must be restarted for the changesto take effect.