Pardus alert 2011-56 (xulrunner firefox)

From:
    	     
 
Meltem Parmaksız <meltem@pardus.org.tr> 
To:
    	     
 
pardus-security@pardus.org.tr 
Subject:
    	     
 
[Pardus-security] [PLSA 2011-56] Firefox: Multiple Vulnerabilities 
Date:
    	     
 
Mon, 21 Mar 2011 09:22:36 +0200
Message-ID:
    	     
 
<201103210922.36895.meltem@pardus.org.tr>
Archive-link:
    	     
 
Article, Thread
              
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-56            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-03-21
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Multiple vulnerabilities have been fixed in firefox. 


Description
===========

MFSA 2011-10 - CVE-2011-0059 CSRF risk with plugins and 307 redirects 

MFSA 2011-09 - CVE-2011-0061 Crash caused by corrupted JPEG image 

MFSA 2011-08 - CVE-2011-1585  ParanoidFragmentSink  allows  javascript: 
URLs in chrome documents 

MFSA  2011-07 -  CVE-2011-0058  Memory  corruption  during  text   run  
construction (Windows) 

MFSA 2011-06 - CVE-2011-0057 Use-after-free error using Web Workers 

MFSA 2011-05 - CVE-2011-0056 Buffer overflow in JavaScript atom map 

MFSA 2011-04 - CVE-2011-0054Buffer overflow in JavaScript upvarMap 

MFSA 2011-03 - CVE-2011-0055 Use-after-free error in JSON.stringify 

MFSA 2011-02 - CVE-2011-0051 Recursive eval call causes confirm dialogs 
to evaluate to true 

MFSA 2011-01 - CVE-2011-0053 Miscellaneous memory safety hazards 



Affected packages:

  Pardus 2009:
    xulrunner, all before 1.9.2.15-40-35
    firefox, all before 3.6.15-136-39



Resolution
==========

There are update(s) for xulrunner, firefox. You  can  update  them  via 
Package Manager or with a single command from console: 

    pisi up xulrunner firefox

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=17170
  * http://www.mozilla.org/security/announce/

------------------------------------------------------------------------

_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security