Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Wed, 1 Feb 2012 14:00:29 -0600 Reply-To:This email address is being protected from spambots. You need JavaScript enabled to view it. Sender: Security Erratfor ScientifiLinuxFrom: This email address is being protected from spambots. You need JavaScript enabled to view it. Subject: Security ERRATA Critical: firefoon SL4.x, SL5.x, SL6.i386/x86_64 Comments: To:This email address is being protected from spambots. You need JavaScript enabled to view it. Synopsis: Critical: firefosecurity update IssuDate: 2012-01-31 CVE Numbers: CVE-2012-0442 CVE-2011-3670 CVE-2012-0449 CVE-2012-0444 CVE-2011-3659 MozillFirefois an open sourcweb browserXULRunner provides thXUL Runtimenvironment for MozillFirefox. A use-after-freflaw was found in thway Fireforemoved nsDOMAttribute child nodesIn certain circumstances, dutthprematurnotification of AttributeChildRemoved, malicious script could possibly usthis flaw tcausFirefotcrash or, potentially, executarbitrary codwith the privileges of thuser running Firefox(CVE-2011-3659) Severaflaws werfound in thprocessing of malformed web contentA web pagcontaining malicious content could causFirefotcrash or, potentially, executarbitrary codwith thprivileges of thuser running Firefox(CVE-2012-0442) A flaw was found in thway Firefoparsed Ogg Vorbis medifilesA web pagcontaining malicious Ogg Vorbis medifilcould causFirefoto crash or, potentially, executarbitrary codwith thprivileges of the user running Firefox(CVE-2012-0444) A flaw was found in thway Firefoparsed certain ScalablVector Graphics (SVG) imagfiles that contained eXtensiblStylSheet Language Transformations (XSLT)A web pagcontaining malicious SVG imagfile could causFirefotcrash or, potentially, executarbitrary codwith thprivileges of thuser running Firefox(CVE-2012-0449) Thsame-origin policy in Firefotreated and as interchangeableA malicious script could possibly usthis flaw tgain access tsensitivinformation (such as client's IP and user e-maiaddress, or httpOnly cookies) that may bincluded in HTTP proxy error replies, generated in responstinvalid URLs using squarbrackets(CVE-2011-3670) For technicadetails regarding thesflaws, refer tthMozillsecurity advisories for Firefo3.6.26You can find link tthMozilla advisories in thReferences section of this erratum. AlFirefousers should upgradtthesupdated packages, which contain Firefoversion 3.6.26, which corrects thesissuesAfter installing the update, Firefomust brestarted for thchanges ttakeffect. SL4: i386 firefox-3.6.26-2.el4.i386.rpm firefox-debuginfo-3.6.26-2.el4.i386.rpm x86_64 firefox-3.6.26-2.el4.x86_64.rpm firefox-debuginfo-3.6.26-2.el4.x86_64.rpm SL5: i386 firefox-3.6.26-1.el5_7.i386.rpm firefox-debuginfo-3.6.26-1.el5_7.i386.rpm xulrunner-1.9.2.26-1.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm x86_64 firefox-3.6.26-1.el5_7.i386.rpm firefox-3.6.26-1.el5_7.x86_64.rpm firefox-debuginfo-3.6.26-1.el5_7.i386.rpm firefox-debuginfo-3.6.26-1.el5_7.x86_64.rpm xulrunner-1.9.2.26-1.el5_7.i386.rpm xulrunner-1.9.2.26-1.el5_7.x86_64.rpm xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.26-1.el5_7.x86_64.rpm xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm xulrunner-devel-1.9.2.26-1.el5_7.x86_64.rpm SL6: i386 firefox-3.6.26-1.el6_2.i686.rpm firefox-debuginfo-3.6.26-1.el6_2.i686.rpm xulrunner-1.9.2.26-1.el6_2.i686.rpm xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm x86_64 firefox-3.6.26-1.el6_2.i686.rpm firefox-3.6.26-1.el6_2.x86_64.rpm firefox-debuginfo-3.6.26-1.el6_2.i686.rpm firefox-debuginfo-3.6.26-1.el6_2.x86_64.rpm xulrunner-1.9.2.26-1.el6_2.i686.rpm xulrunner-1.9.2.26-1.el6_2.x86_64.rpm xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm xulrunner-devel-1.9.2.26-1.el6_2.x86_64.rpm - ScientifiLinuDevelopment Team