LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

A perf ABI fix

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Scientific Linux alert SLSA-2013:1268-1 (firefox)



From:
    	      Pat Riehecky <riehecky@fnal.gov> 


To:
    	      <scientific-linux-errata@listserv.fnal.gov> 


Subject:
    	      Security ERRATA Critical: firefox on SL5.x, SL6.x i386/srpm/x86_64 


Date:
    	      Tue, 17 Sep 2013 20:59:28 +0000


Message-ID:
    	      <20130917205928.18878.6821@slpackages.fnal.gov>


Archive-link:
    	      Article, Thread
              


Synopsis:          Critical: firefox security update
Advisory ID:       SLSA-2013:1268-1
Issue Date:        2013-09-17
CVE Numbers:       CVE-2013-1718
                   CVE-2013-1725
                   CVE-2013-1730
                   CVE-2013-1736
                   CVE-2013-1737
                   CVE-2013-1735
                   CVE-2013-1732
                   CVE-2013-1722
--

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2013-1718, CVE-2013-1722, CVE-2013-1725,
CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736)

A flaw was found in the way Firefox handled certain DOM JavaScript
objects. An attacker could use this flaw to make JavaScript client or add-
on code make incorrect, security sensitive decisions. (CVE-2013-1737)

After installing the update, Firefox must be restarted for the changes to
take effect.
--

SL5
  x86_64
    xulrunner-devel-17.0.9-1.el5_9.x86_64.rpm
    firefox-17.0.9-1.el5_9.x86_64.rpm
    firefox-17.0.9-1.el5_9.i386.rpm
    xulrunner-17.0.9-1.el5_9.i386.rpm
    xulrunner-17.0.9-1.el5_9.x86_64.rpm
    xulrunner-devel-17.0.9-1.el5_9.i386.rpm
    firefox-debuginfo-17.0.9-1.el5_9.i386.rpm
    firefox-debuginfo-17.0.9-1.el5_9.x86_64.rpm
    xulrunner-debuginfo-17.0.9-1.el5_9.i386.rpm
    xulrunner-debuginfo-17.0.9-1.el5_9.x86_64.rpm
  i386
    xulrunner-devel-17.0.9-1.el5_9.i386.rpm
    firefox-17.0.9-1.el5_9.i386.rpm
    xulrunner-17.0.9-1.el5_9.i386.rpm
    firefox-debuginfo-17.0.9-1.el5_9.i386.rpm
    xulrunner-debuginfo-17.0.9-1.el5_9.i386.rpm
  srpm
    firefox-17.0.9-1.el5_9.src.rpm
    xulrunner-17.0.9-1.el5_9.src.rpm
  noarch
    xulrunner-debuginfo-17.0.9-1.el5_9.i386.rpm
    firefox-debuginfo-17.0.9-1.el5_9.x86_64.rpm
    firefox-debuginfo-17.0.9-1.el5_9.i386.rpm
    xulrunner-debuginfo-17.0.9-1.el5_9.x86_64.rpm
SL6
  x86_64
    xulrunner-devel-17.0.9-1.el6_4.x86_64.rpm
    firefox-17.0.9-1.el6_4.i686.rpm
    firefox-17.0.9-1.el6_4.x86_64.rpm
    xulrunner-17.0.9-1.el6_4.i686.rpm
    xulrunner-17.0.9-1.el6_4.x86_64.rpm
    xulrunner-devel-17.0.9-1.el6_4.i686.rpm
    firefox-debuginfo-17.0.9-1.el6_4.i686.rpm
    firefox-debuginfo-17.0.9-1.el6_4.x86_64.rpm
    xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm
    xulrunner-debuginfo-17.0.9-1.el6_4.x86_64.rpm
  srpm
    firefox-17.0.9-1.el6_4.src.rpm
    xulrunner-17.0.9-1.el6_4.src.rpm
  i386
    xulrunner-devel-17.0.9-1.el6_4.i686.rpm
    firefox-17.0.9-1.el6_4.i686.rpm
    xulrunner-17.0.9-1.el6_4.i686.rpm
    firefox-debuginfo-17.0.9-1.el6_4.i686.rpm
    xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm
  noarch
    firefox-debuginfo-17.0.9-1.el6_4.x86_64.rpm
    firefox-debuginfo-17.0.9-1.el6_4.i686.rpm
    xulrunner-debuginfo-17.0.9-1.el6_4.x86_64.rpm
    xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm

- Scientific Linux Development Team
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds