Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Critical Security Update for Firefox on Scientific Linux SL4.x and SL5.x

Scientific Large Esm H446
Critical: firefox security update
Date: Wed, 1 Feb 2012 14:00:29 -0600
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Erratfor ScientifiLinux
 
From: This email address is being protected from spambots. You need JavaScript enabled to view it.
Subject: Security ERRATA Critical: firefoon SL4.x, SL5.x,
 SL6.i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis: Critical: firefosecurity update
IssuDate: 2012-01-31
CVE Numbers: CVE-2012-0442
 CVE-2011-3670
 CVE-2012-0449
 CVE-2012-0444
 CVE-2011-3659

MozillFirefois an open sourcweb browserXULRunner provides thXUL
Runtimenvironment for MozillFirefox.

A use-after-freflaw was found in thway Fireforemoved nsDOMAttribute
child nodesIn certain circumstances, dutthprematurnotification
of AttributeChildRemoved, malicious script could possibly usthis flaw
tcausFirefotcrash or, potentially, executarbitrary codwith the
privileges of thuser running Firefox(CVE-2011-3659)

Severaflaws werfound in thprocessing of malformed web contentA web
pagcontaining malicious content could causFirefotcrash or,
potentially, executarbitrary codwith thprivileges of thuser running
Firefox(CVE-2012-0442)

A flaw was found in thway Firefoparsed Ogg Vorbis medifilesA web
pagcontaining malicious Ogg Vorbis medifilcould causFirefoto
crash or, potentially, executarbitrary codwith thprivileges of the
user running Firefox(CVE-2012-0444)

A flaw was found in thway Firefoparsed certain ScalablVector Graphics
(SVG) imagfiles that contained eXtensiblStylSheet Language
Transformations (XSLT)A web pagcontaining malicious SVG imagfile
could causFirefotcrash or, potentially, executarbitrary codwith
thprivileges of thuser running Firefox(CVE-2012-0449)

Thsame-origin policy in Firefotreated and
 as interchangeableA malicious script could possibly
usthis flaw tgain access tsensitivinformation (such as client's
IP and user e-maiaddress, or httpOnly cookies) that may bincluded in
HTTP proxy error replies, generated in responstinvalid URLs using
squarbrackets(CVE-2011-3670)

For technicadetails regarding thesflaws, refer tthMozillsecurity
advisories for Firefo3.6.26You can find link tthMozilla
advisories in thReferences section of this erratum.

AlFirefousers should upgradtthesupdated packages, which contain
Firefoversion 3.6.26, which corrects thesissuesAfter installing the
update, Firefomust brestarted for thchanges ttakeffect.

SL4:
 i386
 firefox-3.6.26-2.el4.i386.rpm
 firefox-debuginfo-3.6.26-2.el4.i386.rpm
 x86_64
 firefox-3.6.26-2.el4.x86_64.rpm
 firefox-debuginfo-3.6.26-2.el4.x86_64.rpm
SL5:
 i386
 firefox-3.6.26-1.el5_7.i386.rpm
 firefox-debuginfo-3.6.26-1.el5_7.i386.rpm
 xulrunner-1.9.2.26-1.el5_7.i386.rpm
 xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm
 xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm
 x86_64
 firefox-3.6.26-1.el5_7.i386.rpm
 firefox-3.6.26-1.el5_7.x86_64.rpm
 firefox-debuginfo-3.6.26-1.el5_7.i386.rpm
 firefox-debuginfo-3.6.26-1.el5_7.x86_64.rpm
 xulrunner-1.9.2.26-1.el5_7.i386.rpm
 xulrunner-1.9.2.26-1.el5_7.x86_64.rpm
 xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm
 xulrunner-debuginfo-1.9.2.26-1.el5_7.x86_64.rpm
 xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm
 xulrunner-devel-1.9.2.26-1.el5_7.x86_64.rpm
SL6:
 i386
 firefox-3.6.26-1.el6_2.i686.rpm
 firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
 xulrunner-1.9.2.26-1.el6_2.i686.rpm
 xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
 xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm
 x86_64
 firefox-3.6.26-1.el6_2.i686.rpm
 firefox-3.6.26-1.el6_2.x86_64.rpm
 firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
 firefox-debuginfo-3.6.26-1.el6_2.x86_64.rpm
 xulrunner-1.9.2.26-1.el6_2.i686.rpm
 xulrunner-1.9.2.26-1.el6_2.x86_64.rpm
 xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
 xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm
 xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm
 xulrunner-devel-1.9.2.26-1.el6_2.x86_64.rpm

- ScientifiLinuDevelopment Team