Date:         Fri, 2 Apr 2010 10:20:27 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Critical: firefox on SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: firefox security update
Issue date:	2010-03-30
CVE Names:	CVE-2010-0174 CVE-2010-0175 CVE-2010-0176
                    CVE-2010-0177 CVE-2010-0178 CVE-2010-0179

Several use-after-free flaws were found in Firefox. Visiting a web page
containing malicious content could result in Firefox executing arbitrary
code with the privileges of the user running Firefox. (CVE-2010-0175,
CVE-2010-0176, CVE-2010-0177)

A flaw was found in Firefox that could allow an applet to generate a
drag and drop action from a mouse click. Such an action could be used to
execute arbitrary JavaScript with the privileges of the user running
Firefox. (CVE-2010-0178)

A privilege escalation flaw was found in Firefox when the Firebug add-on
is in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a
Chrome privilege escalation flaw that could be used to execute arbitrary
JavaScript with the privileges of the user running Firefox. (CVE-2010-0179)

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2010-0174)

After installing the update, Firefox must be restarted for the changes
to take effect.

SL 5.x

     SRPMS:
firefox-3.0.19-1.el5_5.src.rpm
xulrunner-1.9.0.19-1.el5_5.src.rpm
     i386:
firefox-3.0.19-1.el5_5.i386.rpm
xulrunner-1.9.0.19-1.el5_5.i386.rpm
xulrunner-devel-1.9.0.19-1.el5_5.i386.rpm
xulrunner-devel-unstable-1.9.0.19-1.el5_5.i386.rpm
     x86_64:
firefox-3.0.19-1.el5_5.i386.rpm
firefox-3.0.19-1.el5_5.x86_64.rpm
xulrunner-1.9.0.19-1.el5_5.i386.rpm
xulrunner-1.9.0.19-1.el5_5.x86_64.rpm
xulrunner-devel-1.9.0.19-1.el5_5.i386.rpm
xulrunner-devel-1.9.0.19-1.el5_5.x86_64.rpm
xulrunner-devel-unstable-1.9.0.19-1.el5_5.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2010-0174 Critical: firefox SL5.x i386/x86_64

Critical: firefox security update

Summary

containing malicious content could result in Firefox executing arbitrarycode with the privileges of the user running Firefox. (CVE-2010-0175,CVE-2010-0176, CVE-2010-0177)A flaw was found in Firefox that could allow an applet to generate adrag and drop action from a mouse click. Such an action could be used toexecute arbitrary JavaScript with the privileges of the user runningFirefox. (CVE-2010-0178)A privilege escalation flaw was found in Firefox when the Firebug add-onis in use. The XMLHttpRequestSpy module in the Firebug add-on exposes aChrome privilege escalation flaw that could be used to execute arbitraryJavaScript with the privileges of the user running Firefox. (CVE-2010-0179)Several flaws were found in the processing of malformed web content. Aweb page containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code with the privileges of the userrunning Firefox. (CVE-2010-0174)After installing the update, Firefox must be restarted for the changesto take effect.SL 5.xSRPMS:firefox-3.0.19-1.el5_5.src.rpmxulrunner-1.9.0.19-1.el5_5.src.rpmi386:firefox-3.0.19-1.el5_5.i386.rpmxulrunner-1.9.0.19-1.el5_5.i386.rpmxulrunner-devel-1.9.0.19-1.el5_5.i386.rpmxulrunner-devel-unstable-1.9.0.19-1.el5_5.i386.rpmx86_64:firefox-3.0.19-1.el5_5.i386.rpmfirefox-3.0.19-1.el5_5.x86_64.rpmxulrunner-1.9.0.19-1.el5_5.i386.rpmxulrunner-1.9.0.19-1.el5_5.x86_64.rpmxulrunner-devel-1.9.0.19-1.el5_5.i386.rpmxulrunner-devel-1.9.0.19-1.el5_5.x86_64.rpmxulrunner-devel-unstable-1.9.0.19-1.el5_5.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity
Issued Date: : 2010-03-30
CVE Names: CVE-2010-0174 CVE-2010-0175 CVE-2010-0176
CVE-2010-0177 CVE-2010-0178 CVE-2010-0179
Several use-after-free flaws were found in Firefox. Visiting a web page

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved