Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
89
security advisorycriticalFedoraFedora 10: galeon-2.0.7-15.fc10 critical memory corruption in Firefox
Update to new upstream Firefox version 3.0.15, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-10981 2009-11-04 10:56:11 -------------------------------------------------------------------------------- Name : galeon Product : Fedora 10 Version : 2.0.7 Release : 15.fc10 URL : https://sourceforge.net/projects/galeon/ Summary : GNOME2 Web browser based on Mozilla Description : Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.0.15, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 27 2009 Jan Horak - 2.0.7-15 - Rebuild against newer gecko * Wed Sep 9 2009 Jan Horak - 2.0.7-14 - Rebuild against newer gecko * Tue Aug 4 2009 Jan Horak - 2.0.7-13 - Rebuild against newer gecko * Tue Jul 21 2009 Jan Horak - 2.0.7-12 - Rebuild against newer gecko * Thu Jun 11 2009 Christopher Aillon - 2.0.7-11 - Rebuild against newer gecko * Mon Apr 27 2009 Christopher Aillon - 2.0.7-10 - Rebuild against newer gecko * Tue Apr 21 2009 Christopher Aillon - 2.0.7-9 - Rebuild against newer gecko * FriMar 27 2009 Christopher Aillon - 2.0.7-8 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 2.0.7-7 - Rebuild against newer gecko * Sun Feb 15 2009 Denis Leroy - 2.0.7-6 - Added upstream patch to use Gnome Print * Wed Feb 4 2009 Christopher Aillon - 2.0.7-5 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 2.0.7-4 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=530567 [ 2 ] Bug #530569 - CVE-2009-3382 Firefox crashes with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=530569 [ 3 ] Bug #530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override https://bugzilla.redhat.com/show_bug.cgi?id=530168 [ 4 ] Bug #530167 - CVE-2009-3375 Firefox cross-origin data theft through document.getSelection() https://bugzilla.redhat.com/show_bug.cgi?id=530167 [ 5 ] Bug #530162 - CVE-2009-1563 Firefox heap buffer overflow in string to number conversion https://bugzilla.redhat.com/show_bug.cgi?id=530162 [ 6 ] Bug #530157 - CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS() https://bugzilla.redhat.com/show_bug.cgi?id=530157 [ 7 ] Bug #530156 - CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser https://bugzilla.redhat.com/show_bug.cgi?id=530156 [ 8 ] Bug #530155 - CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing https://bugzilla.redhat.com/show_bug.cgi?id=530155 [ 9 ] Bug #524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use https://bugzilla.redhat.com/show_bug.cgi?id=524815 [ 10 ] Bug #530151 - CVE-2009-3370 Firefox form history vulnerable to stealing https://bugzilla.redhat.com/show_bug.cgi?id=530151 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update galeon' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Nov 04, 2009
•Critical
Fedora
89
security advisoryupdatecriticalFedora 11 Galeon Update: 2009-9505 Critical Security Fixes
Update to new upstream Firefox version 3.5.3, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-9505 2009-09-11 22:40:07 -------------------------------------------------------------------------------- Name : galeon Product : Fedora 11 Version : 2.0.7 Release : 14.fc11 URL : Summary : GNOME2 Web browser based on Mozilla Description : Galeon is a web browser built around Gecko (Mozilla's rendering engine) and Necko (Mozilla's networking engine). It's a GNOME web browser, designed to take advantage of as many GNOME technologies as makes sense. Galeon was written to do just one thing - browse the web. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.3, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 9 2009 Jan Horak - 2.0.7-14 - Rebuild against newer gecko * Mon Aug 3 2009 Christopher Aillon - 2.0.7-13 - Rebuild against newer gecko * Fri Jul 17 2009 Jan Horak - 2.0.7-12 - Rebuild against newer gecko * Tue Jun 30 2009 Christopher Aillon - 2.0.7-11 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #521684 - CVE-2009-3069 Firefox 3.5 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521684 [ 2 ] Bug #521686 - CVE-2009-3070 Firefox 3.53.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521686 [ 3 ] Bug #521687 - CVE-2009-3071 Firefox 3.5.2 3.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521687 [ 4 ] Bug #521688 - CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521688 [ 5 ] Bug #521689 - CVE-2009-3073 Firefox 3.5 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521689 [ 6 ] Bug #521690 - CVE-2009-3074 Firefox 3.5 3.0.14 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521690 [ 7 ] Bug #521691 - CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521691 [ 8 ] Bug #521693 - CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=521693 [ 9 ] Bug #521694 - CVE-2009-3078 Firefox 3.5.3 3.0.14 Location bar spoofing via tall line-height Unicode characters https://bugzilla.redhat.com/show_bug.cgi?id=521694 [ 10 ] Bug #521695 - CVE-2009-3079 Firefox 3.5.3 3.0.14 Chrome privilege escalation with FeedWriter https://bugzilla.redhat.com/show_bug.cgi?id=521695 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update galeon' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Sep 11, 2009
•Critical
Fedora
89
security advisorymoderatefedoraFedora 11 FEDORA-2009-9505 Moderate: Firefox 3.5.3 Security Issues
Update to new upstream Firefox version 3.5.3, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-9505 2009-09-11 22:40:07 -------------------------------------------------------------------------------- Name : chmsee Product : Fedora 11 Version : 1.0.1 Release : 11.fc11 URL : https://code.google.com/archive/p/chmsee Summary : A Gtk+2 CHM document viewer Description : A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. It is actively developed and maintained. The author of chmsee is Jungle Ji and several other great people. Hint * Unlike other chm viewers, chmsee extracts files from chm file, and then read and display them. The extracted files could be found in $HOME/.chmsee/bookshelf directory. You can clean those files at any time and there is a special config option for that. * The bookmark is related to each file so not all bookmarks will be loaded, only current file's. * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.3, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox /XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 9 2009 Jan Horak - 1.0.1-11 - Rebuild against newer gecko * Mon Aug 3 2009 Christopher Aillon - 1.0.1-10 - Rebuild against newer gecko * Fri Jul 17 2009 Jan Horak - 1.0.1-9 - Rebuild against newer gecko * Tue Jul 14 2009 bbbush - 1.0.1-8 - revert to 1.0.1 as latest version crash on xulrunner-1.9.1.2 * Sun Jul 12 2009 bbbush - 1.0.6-1 - update to 1.0.6 - update project location. Chmsee moved to google code since 2009-01-05, co-maintained by Li Daobing and Jungle Ji - update build steps to use CMake - Chmsee 1.0.3 was released on 2009-01-10, added "copy page location" in context menu, updated translation - Chmsee 1.0.4 was released on 2009-03-14, added "drag and drop" support, dropped cs2w - Chmsee 1.0.5 was released on 2009-05-17, added fullscreen support, switched to CMake, supported 6 more new languages - Chmsee 1.0.6 was released on 2009-07-12, added index support, supported 8 more new languages * Tue Jun 30 2009 Christopher Aillon - 1.0.1-7 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #521684 - CVE-2009-3069 Firefox 3.5 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521684 [ 2 ] Bug #521686 - CVE-2009-3070 Firefox 3.5 3.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521686 [ 3 ] Bug #521687 - CVE-2009-3071 Firefox 3.5.2 3.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521687 [ 4 ] Bug #521688 - CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521688 [ 5 ] Bug #521689 - CVE-2009-3073 Firefox 3.5 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521689 [ 6 ] Bug #521690 - CVE-2009-3074 Firefox 3.5 3.0.14 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521690 [ 7 ]Bug #521691 - CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521691 [ 8 ] Bug #521693 - CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=521693 [ 9 ] Bug #521694 - CVE-2009-3078 Firefox 3.5.3 3.0.14 Location bar spoofing via tall line-height Unicode characters https://bugzilla.redhat.com/show_bug.cgi?id=521694 [ 10 ] Bug #521695 - CVE-2009-3079 Firefox 3.5.3 3.0.14 Chrome privilege escalation with FeedWriter https://bugzilla.redhat.com/show_bug.cgi?id=521695 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update chmsee' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Sep 11, 2009
Fedora
89
security advisoryupdateFedoraFedora 10: FEDORA-2009-8288 Moderate: Firefox Security Issues
Update to new upstream Firefox version 3.0.13, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note: Issues described in MFSA 2009-42 and MFSA 2009-43 were previously addressed via rebase of the NSS packages.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-8288 2009-08-05 00:00:31 -------------------------------------------------------------------------------- Name : yelp Product : Fedora 10 Version : 2.24.0 Release : 12.fc10 URL : Summary : A system documentation reader from the Gnome project Description : Yelp is the Gnome 2 help/documentation browser. It is designed to help you browse all the documentation on your system in one central tool. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.0.13, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note: Issues described in MFSA 2009-42 and MFSA 2009-43 were previously addressed via rebase of the NSS packages. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 4 2009 Jan Horak - 2.24.0-12 - Rebuild against newer gecko * Tue Jul 21 2009 Jan Horak - 2.24.0-11 - Rebuild against newer gecko * Thu Jun 11 2009 Christopher Aillon - 2.24.0-10 - Rebuild against newer gecko * Mon Apr 27 2009 Christopher Aillon - 2.24.0-9 - Rebuild against newer gecko * Tue Apr 21 2009 Christopher Aillon - 2.24.0-8 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 2.24.0-7 - Rebuild againstnewer gecko * Fri Mar 6 2009 Jan Horak - 2.24.0-6 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 2.24.0-5 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 2.24.0-4 - Rebuild against newer gecko -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update yelp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Aug 04, 2009
•Important
Fedora
89
security advisorysecurity issuecriticalFedora 11: FEDORA-2009-8279 Critical: Firefox 3.5.2 Security Update
Update to new upstream Firefox version 3.5.2, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-8279 2009-08-05 00:00:09 -------------------------------------------------------------------------------- Name : kazehakase Product : Fedora 11 Version : 0.5.6 Release : 11.svn3771_trunk.fc11.4 URL : Summary : Kazehakase browser using Gecko rendering engine Description : Kazehakase is a Web browser which aims to provide a user interface that is truly user-friendly & fully customizable. This package uses Gecko for HTML rendering engine. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.2, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2009 Christopher Aillon - 0.5.6-11.svn3771_trunk.4 - Rebuild against newer gecko * Fri Jul 17 2009 Jan Horak - 0.5.6-11.svn3771_trunk.3 - Rebuild against newer gecko * Tue Jun 30 2009 Christopher Aillon - 0.5.6-11.svn3771_trunk.2 - Rebuild against newer gecko -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update kazehakase' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keysused by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Aug 04, 2009
•Critical
Fedora
89
security advisoryfedoracriticalFedora 11: 2009-8279 Critical: xulrunner Security Update for Firefox 3.5.2
Update to new upstream Firefox version 3.5.2, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-8279 2009-08-05 00:00:09 -------------------------------------------------------------------------------- Name : xulrunner Product : Fedora 11 Version : 1.9.1.2 Release : 1.fc11 URL : Summary : XUL Runtime for Gecko Applications Description : XULRunner provides the XUL Runtime environment for Gecko applications. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.2, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2009 Martin Stransky 1.9.1.1-2 - Update to 1.9.1.2 * Fri Jul 17 2009 Martin Stransky 1.9.1.1-1 - Update to 1.9.1.1 * Thu Jul 16 2009 Christopher Aillon - 1.9.1-5 - Fix for milw0rm 9137 * Tue Jul 14 2009 Jan Horak - 1.9.1-4 - Fixed multilib issues * Tue Jul 7 2009 Jan Horak - 1.9.1-3 - Fixed wrong version of Firefox when loading 'about:' as location * Tue Jun 30 2009 Yanko Kaneti - 1.9.1-2 - Build using system hunspell * Tue Jun 30 2009 Christopher Aillon 1.9.1-1 - Update to 1.9.1 final release -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update xulrunner' at the command line. For more information, refer to "ManagingSoftware with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Aug 04, 2009
•Critical
Fedora
89
security advisoryfedoracriticalFedora 9: 2009-6411 Critical: Chmsee Update for Firefox Browser Flaws
Update to new upstream Firefox version 3.0.11, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuild against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-6411 2009-06-15 22:07:28 -------------------------------------------------------------------------------- Name : chmsee Product : Fedora 9 Version : 1.0.1 Release : 13.fc9 URL : Summary : A Gtk+2 CHM document viewer Description : A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. It is actively developed and maintained. The author of chmsee is Jungle Ji and several other great people. Hint * Unlike other chm viewers, chmsee extracts files from chm file, and then read and display them. The extracted files could be found in $HOME/.chmsee/bookshelf directory. You can clean those files at any time and there is a special config option for that. * The bookmark is related to each file so not all bookmarks will be loaded, only current file's. * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.0.11, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuild against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 112009 Christopher Aillon - 1.0.1-13 - Rebuild against newer gecko * Mon Apr 27 2009 Christopher Aillon - 1.0.1-12 - Rebuild against newer gecko * Tue Apr 21 2009 Christopher Aillon - 1.0.1-11 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 1.0.1-10 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 1.0.1-9 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 1.0.1-8 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 1.0.1-7 - Rebuild against newer gecko * Wed Nov 12 2008 Christopher Aillon - 1.0.1-6 - Rebuild against newer gecko * Wed Sep 24 2008 Christopher Aillon - 1.0.1-5 - Rebuild against newer gecko * Fri Jun 20 2008 Martin Stransky - 1.0.1-4 - Rebuild against new xulrunner * Sat May 17 2008 bbbush - 1.0.1-3 - update to 1.0.1 - specify gecko-provider to "libxul", add nspr in patch to configure - BR libgcrypt-devel instead of openssl-devel * Fri Apr 25 2008 bbbush - 1.0.0-2.37 - patch from Martin Stransky to fix crash on open files (rh#427622) -------------------------------------------------------------------------------- References: [ 1 ] Bug #503568 - CVE-2009-1392 Firefox browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=503568 [ 2 ] Bug #503569 - CVE-2009-1832 Firefox double frame construction flaw https://bugzilla.redhat.com/show_bug.cgi?id=503569 [ 3 ] Bug #503570 - CVE-2009-1833 Firefox JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=503570 [ 4 ] Bug #503573 - CVE-2009-1834 Firefox URL spoofing with invalid unicode characters https://bugzilla.redhat.com/show_bug.cgi?id=503573 [ 5 ] Bug #503576 - CVE-2009-1835 Firefox Arbitrary domain cookie access by local file: resources https://bugzilla.redhat.com/show_bug.cgi?id=503576 [ 6 ] Bug #503578 - CVE-2009-1836 Firefox SSL tampering via non-200 responses to proxy CONNECT requests https://bugzilla.redhat.com/show_bug.cgi?id=503578 [ 7 ] Bug #503579 - CVE-2009-1837 FirefoxRace condition while accessing the private data of a NPObject JS wrapper class object https://bugzilla.redhat.com/show_bug.cgi?id=503579 [ 8 ] Bug #503580 - CVE-2009-1838 Firefox arbitrary code execution flaw https://bugzilla.redhat.com/show_bug.cgi?id=503580 [ 9 ] Bug #503581 - CVE-2009-1839 Firefox information disclosure flaw https://bugzilla.redhat.com/show_bug.cgi?id=503581 [ 10 ] Bug #503582 - CVE-2009-1840 Firefox XUL scripts skip some security checks https://bugzilla.redhat.com/show_bug.cgi?id=503582 [ 11 ] Bug #503583 - CVE-2009-1841 Firefox JavaScript arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=503583 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update chmsee' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Jun 15, 2009
•Critical
Fedora
89
security advisoryFedoraremote attackFedora 10: 2009-3100 Critical: Firefox Memory Flaws and Updates
A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-3100 2009-03-28 00:57:36 --------------------------------------------------------------------------------Name : gecko-sharp2 Product : Fedora 10 Version : 0.13 Release : 6.fc10 URL : https://www.mono-project.com/ Summary : Gecko bindings for Mono Description : This package provides Mono bindings for the Gecko engine, through an easy-to-use widget that will allow you to embed a Mozilla browser window into your Gtk# application. --------------------------------------------------------------------------------Update Information: A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) --------------------------------------------------------------------------------ChangeLog: * Fri Mar 27 2009 Christopher Aillon - 0.13-6 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 0.13-5 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 0.13-4 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 0.13-3 -Rebuild against newer gecko --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update gecko-sharp2' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Mar 28, 2009
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!