LWN.net Logo

Advertisement

Writers Wanted

Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2008-2662 (firefox)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 7 Update: firefox-2.0.0.13-1.fc7


Date:
    	      Wed, 26 Mar 2008 17:11:47 +0000


Message-ID:
    	      <200803261717.m2QHHVG4004301@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-2662
2008-03-26 16:45:26
--------------------------------------------------------------------------------

Name        : firefox
Product     : Fedora 7
Version     : 2.0.0.13
Release     : 1.fc7
URL         : http://www.mozilla.org/projects/firefox/
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Mozilla Firefox is an open source Web browser.    Several flaws were found in
the processing of some malformed web content. A web page containing such
malicious content could cause Firefox to crash or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235,
CVE-2008-1236, CVE-2008-1237)    Several flaws were found in the display of
malformed web content. A web page containing specially-crafted content could,
potentially, trick a Firefox user into surrendering sensitive information.
(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)    All Firefox users should
upgrade to these updated packages, which correct these issues, and are rebuilt
against the update Firefox packages.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 25 2008 Christopher Aillon <caillon@redhat.com> 2.0.0.13-1
- Update to 2.0.0.13
* Fri Feb  8 2008 Christopher Aillon <caillon@redhat.com> 2.0.0.12-1
- Update to 2.0.0.12
* Wed Nov 28 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.10-2
- Make Canvas.drawImage work again
* Mon Nov 26 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.10-1
- Update to 2.0.0.10
* Mon Nov  5 2007 Martin Stransky <stransky@redhat.com> - 2.0.0.9-1
- Update to 2.0.0.9
* Fri Oct 19 2007 Christopher Aillon <caillon@redhat.com> - 2.0.0.8-1
- Update to 2.0.0.8
* Tue Oct 16 2007 Martin Stransky <stransky@redhat.com>
- added fix for #246248 - firefox crashes when searching
* Wed Jul 18 2007 Kai Engert <kengert@redhat.com> - 2.0.0.5-1
- Update to 2.0.0.5
* Fri Jun 29 2007 Martin Stransky <stransky@redhat.com> 2.0.0.4-3
- backported pango patches from FC6 (1.5.0.12)
* Sun Jun  3 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.4-2
- Properly clean up threads with newer NSPR
* Wed May 30 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.4-1
- Final version
* Wed May 23 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.4-0.rc3
- Update to 2.0.0.4 RC3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #438715 - CVE-2008-1234 universal XSS using event handlers
        https://bugzilla.redhat.com/show_bug.cgi?id=438715
  [ 2 ] Bug #438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution
        https://bugzilla.redhat.com/show_bug.cgi?id=438713
  [ 3 ] Bug #438718 - CVE-2008-1236 browser engine crashes
        https://bugzilla.redhat.com/show_bug.cgi?id=438718
  [ 4 ] Bug #438724 - CVE-2008-1238 Referrer spoofing bug
        https://bugzilla.redhat.com/show_bug.cgi?id=438724
  [ 5 ] Bug #438721 - CVE-2008-1237 javascript crashes
        https://bugzilla.redhat.com/show_bug.cgi?id=438721
  [ 6 ] Bug #438730 - CVE-2008-1241 XUL popup spoofing
        https://bugzilla.redhat.com/show_bug.cgi?id=438730
  [ 7 ] Bug #438717 - CVE-2008-1235 chrome privilege via wrong principal
        https://bugzilla.redhat.com/show_bug.cgi?id=438717
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update firefox' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds