security advisorycritical updatefirefox
Critical: firefox security update. Date: Fri, 4 Jul 2008 10:10:29 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for firefox on SL4.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Critical: firefox security update Issue date: 2008-07-02 CVE Names: CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811 Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed web content was displayed. A web page containing specially-crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in Firefox. A web page containing malicious content could cause Firefox to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed.properties file was processed by Firefox. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Firefox escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Firefox. (CVE-2008-2808) A flaw was found in the way Firefox displayed information about self-signed certificates. It waspossible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) SL 4.x SRPMS: firefox-1.5.0.12-0.19.el4.src.rpm i386: firefox-1.5.0.12-0.19.el4.i386.rpm x86_64: firefox-1.5.0.12-0.19.el4.i386.rpm firefox-1.5.0.12-0.19.el4.x86_64.rpm -Connie Sieh -Troy Dawson . A major security patch for Chrome fixes various vulnerabilities to thwart potential threats. Protect your device now!. firefox security patch, Scientific Linux updates, critical security fixes. . Severity: Critical. LinuxSecurity.com Team
Jul 04, 2008
•Critical
Scientific Linux
Refine advisories
