Red Hat alert RHSA-2007:0097-02 (firefox)
| From: | bugzilla@redhat.com | |
| To: | enterprise-watch-list@redhat.com | |
| Subject: | [RHSA-2007:0097-02] Critical: firefox security update | |
| Date: | Wed, 14 Mar 2007 11:37:22 -0400 |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2007:0097-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0097.html Issue date: 2007-03-14 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 - --------------------------------------------------------------------- 1. Summary: Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Mozilla Firefox is an open source Web browser. Flaws were found in the way Firefox executed malformed JavaScript code. A malicious web page could cause Firefox to crash or allow arbitrary code to be executed as the user running Firefox. (CVE-2007-0775, CVE-2007-0777) Cross-site scripting (XSS) flaws were found in Firefox. A malicious web page could display misleading information, allowing a user to unknowingly divulge sensitive information, such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Firefox processed JavaScript contained in certain tags. A malicious web page could cause Firefox to execute JavaScript code with the privileges of the user running Firefox. (CVE-2007-0994) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may have been able to inject arbitrary HTML into a browsing session if the user reloaded a targeted site. (CVE-2007-0778) Certain web content could overlay Firefox user interface elements such as the hostname and security indicators. A malicious web page could trick a user into thinking they were visiting a different site. (CVE-2007-0779) Two flaws were found in Firefox's displaying of blocked popup windows. If a user could be convinced to open a blocked popup, it was possible to read arbitrary local files, or conduct a cross-site scripting attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Firefox. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Firefox handled the "location.hostname" value. A malicious web page could set domain cookies for an arbitrary site, or possibly perform a cross-site scripting attack. (CVE-2007-0981) Users of Firefox are advised to upgrade to this erratum package, containing Firefox version 1.5.0.10 which is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 230050 - CVE-2007-0775 Multiple Firefox flaws (CVE-2007-0777, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981) 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/... ecc6ccfcf4c2c08e941f72f5cfeaa55c devhelp-0.12-10.0.1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/... 60cf3411d9e9b68bf0f25ac3541cf23a firefox-1.5.0.10-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/... 56ce5fe3b3776b01fc7886f65ef1404b yelp-2.16.0-14.0.1.el5.src.rpm i386: 0774d6e92c98fd2507952d9ce59ce891 devhelp-0.12-10.0.1.el5.i386.rpm 3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm 39b98bd5460439dbdd1f0c495028fd33 firefox-1.5.0.10-2.el5.i386.rpm 4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm 7ac3f70e9c5ba8e68a068946a66a3163 yelp-2.16.0-14.0.1.el5.i386.rpm 210a17a4c674ef1863bd30498fe91a38 yelp-debuginfo-2.16.0-14.0.1.el5.i386.rpm x86_64: 0774d6e92c98fd2507952d9ce59ce891 devhelp-0.12-10.0.1.el5.i386.rpm 2c7791aad7d6e18b322f4834088f8708 devhelp-0.12-10.0.1.el5.x86_64.rpm 3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm b3bf53bcbd8f5e4bc254196496831e74 devhelp-debuginfo-0.12-10.0.1.el5.x86_64.rpm 39b98bd5460439dbdd1f0c495028fd33 firefox-1.5.0.10-2.el5.i386.rpm a0ffe472bf6a3c517d41f0dc8900af86 firefox-1.5.0.10-2.el5.x86_64.rpm 4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm 1ae549e2cab746aa1e2615a6b73c5e20 firefox-debuginfo-1.5.0.10-2.el5.x86_64.rpm 502e2b4dd68c59593652bf8f44d7dee4 yelp-2.16.0-14.0.1.el5.x86_64.rpm 0974ac1fd3c19e02765a750427efae46 yelp-debuginfo-2.16.0-14.0.1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/... ecc6ccfcf4c2c08e941f72f5cfeaa55c devhelp-0.12-10.0.1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/... 60cf3411d9e9b68bf0f25ac3541cf23a firefox-1.5.0.10-2.el5.src.rpm i386: 3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm ede028c4f35108e54ded794f91d4f82e devhelp-devel-0.12-10.0.1.el5.i386.rpm 4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm c334841929aae1eb36a71772f51d89da firefox-devel-1.5.0.10-2.el5.i386.rpm x86_64: 3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm b3bf53bcbd8f5e4bc254196496831e74 devhelp-debuginfo-0.12-10.0.1.el5.x86_64.rpm ede028c4f35108e54ded794f91d4f82e devhelp-devel-0.12-10.0.1.el5.i386.rpm 44f47bf9e6a7ecb39f7c907ca4a381d9 devhelp-devel-0.12-10.0.1.el5.x86_64.rpm 4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm 1ae549e2cab746aa1e2615a6b73c5e20 firefox-debuginfo-1.5.0.10-2.el5.x86_64.rpm c334841929aae1eb36a71772f51d89da firefox-devel-1.5.0.10-2.el5.i386.rpm 5ba38c9a8e94ed9bb254e8b2010bdbbb firefox-devel-1.5.0.10-2.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/... ecc6ccfcf4c2c08e941f72f5cfeaa55c devhelp-0.12-10.0.1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/... 60cf3411d9e9b68bf0f25ac3541cf23a firefox-1.5.0.10-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/... 56ce5fe3b3776b01fc7886f65ef1404b yelp-2.16.0-14.0.1.el5.src.rpm i386: 0774d6e92c98fd2507952d9ce59ce891 devhelp-0.12-10.0.1.el5.i386.rpm 3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm ede028c4f35108e54ded794f91d4f82e devhelp-devel-0.12-10.0.1.el5.i386.rpm 39b98bd5460439dbdd1f0c495028fd33 firefox-1.5.0.10-2.el5.i386.rpm 4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm c334841929aae1eb36a71772f51d89da firefox-devel-1.5.0.10-2.el5.i386.rpm 7ac3f70e9c5ba8e68a068946a66a3163 yelp-2.16.0-14.0.1.el5.i386.rpm 210a17a4c674ef1863bd30498fe91a38 yelp-debuginfo-2.16.0-14.0.1.el5.i386.rpm ia64: 0543d59be616203f72d6b46b33051ac2 devhelp-0.12-10.0.1.el5.ia64.rpm acab03e92aa6c9cf472218bd698859de devhelp-debuginfo-0.12-10.0.1.el5.ia64.rpm f40918a968dd3425e534e589cda9b81b devhelp-devel-0.12-10.0.1.el5.ia64.rpm f22781eca58556113552b288dd7fe76b firefox-1.5.0.10-2.el5.ia64.rpm a6aaba32c9b8522a18526640c0f8d396 firefox-debuginfo-1.5.0.10-2.el5.ia64.rpm 56ea2d1debbf5c4d7a0f1ae3ebb3e741 firefox-devel-1.5.0.10-2.el5.ia64.rpm 250095927ac38854ab4b42a473a785f7 yelp-2.16.0-14.0.1.el5.ia64.rpm 5df4b3ff6b5cb315a97b7e7f7095cda8 yelp-debuginfo-2.16.0-14.0.1.el5.ia64.rpm ppc: 576bd9205f61c07a8328ac3309c3cccd devhelp-0.12-10.0.1.el5.ppc.rpm dcaf49587708080277a2f10b346babd5 devhelp-debuginfo-0.12-10.0.1.el5.ppc.rpm 57b04a6c88b63d1227129f1509ecf8ae devhelp-devel-0.12-10.0.1.el5.ppc.rpm 266c896a44c5818506058d3f43fb510a firefox-1.5.0.10-2.el5.ppc.rpm 6dd9e1c3f0743ec8fb388f601badebcf firefox-debuginfo-1.5.0.10-2.el5.ppc.rpm 81d6fd77e467137a6383ebd75aac7c38 firefox-devel-1.5.0.10-2.el5.ppc.rpm cdd89632e1d496fdc00db638bbb85297 yelp-2.16.0-14.0.1.el5.ppc.rpm 9a033f9605570160561823425b547720 yelp-debuginfo-2.16.0-14.0.1.el5.ppc.rpm s390x: 92415d0cd192d89b829d5cea4957ffd3 devhelp-0.12-10.0.1.el5.s390.rpm 249086f31984ef20db1edcc668769c64 devhelp-0.12-10.0.1.el5.s390x.rpm dc724a4361cb4dd66381b4d82059c8d1 devhelp-debuginfo-0.12-10.0.1.el5.s390.rpm 97a65832a3dd2f76723e0d5d9b6a6d1f devhelp-debuginfo-0.12-10.0.1.el5.s390x.rpm 3c659c50b265f059367e3572d5dc908c devhelp-devel-0.12-10.0.1.el5.s390.rpm 8821c3e5f96844a0563ba7a773925ea4 devhelp-devel-0.12-10.0.1.el5.s390x.rpm 0c8ef9a9f6246dd277247fedcf65e2ef firefox-1.5.0.10-2.el5.s390.rpm 1f2fc90bc59dc42e3068fb358aec67bd firefox-1.5.0.10-2.el5.s390x.rpm 108ef308488056b3df8feb04fc535cee firefox-debuginfo-1.5.0.10-2.el5.s390.rpm 539070e0ca79c624a07230ee7058aff7 firefox-debuginfo-1.5.0.10-2.el5.s390x.rpm 1364113945647fd64b1d2b2b42a40d52 firefox-devel-1.5.0.10-2.el5.s390.rpm eda1b9d310aeeb22821a0c807794349c firefox-devel-1.5.0.10-2.el5.s390x.rpm 73bb10b49cc143dce64fafea46b74081 yelp-2.16.0-14.0.1.el5.s390x.rpm 00255312f531140dee6d191dcffbce34 yelp-debuginfo-2.16.0-14.0.1.el5.s390x.rpm x86_64: 0774d6e92c98fd2507952d9ce59ce891 devhelp-0.12-10.0.1.el5.i386.rpm 2c7791aad7d6e18b322f4834088f8708 devhelp-0.12-10.0.1.el5.x86_64.rpm 3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm b3bf53bcbd8f5e4bc254196496831e74 devhelp-debuginfo-0.12-10.0.1.el5.x86_64.rpm ede028c4f35108e54ded794f91d4f82e devhelp-devel-0.12-10.0.1.el5.i386.rpm 44f47bf9e6a7ecb39f7c907ca4a381d9 devhelp-devel-0.12-10.0.1.el5.x86_64.rpm 39b98bd5460439dbdd1f0c495028fd33 firefox-1.5.0.10-2.el5.i386.rpm a0ffe472bf6a3c517d41f0dc8900af86 firefox-1.5.0.10-2.el5.x86_64.rpm 4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm 1ae549e2cab746aa1e2615a6b73c5e20 firefox-debuginfo-1.5.0.10-2.el5.x86_64.rpm c334841929aae1eb36a71772f51d89da firefox-devel-1.5.0.10-2.el5.i386.rpm 5ba38c9a8e94ed9bb254e8b2010bdbbb firefox-devel-1.5.0.10-2.el5.x86_64.rpm 502e2b4dd68c59593652bf8f44d7dee4 yelp-2.16.0-14.0.1.el5.x86_64.rpm 0974ac1fd3c19e02765a750427efae46 yelp-debuginfo-2.16.0-14.0.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0994 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0996 http://www.redhat.com/security/updates/classification/#cr... 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+BaiXlSAg2UNWIIRAokoAKCzszdtoga3C9d8uXtAegi72gD44QCgvMdN uRs95KjG0jL0EmzKD2qQ1Kg= =SSdn -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-...