FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Enterprise Watch List

 
 
LinkBack Thread Tools
 
Old 10-19-2010, 11:48 PM
 
Default Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2010:0782-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0782.html
Issue date: 2010-10-19
CVE Names: CVE-2010-3170 CVE-2010-3173 CVE-2010-3175
CVE-2010-3176 CVE-2010-3177 CVE-2010-3178
CVE-2010-3179 CVE-2010-3180 CVE-2010-3182
CVE-2010-3183
================================================== ===================

1. Summary:

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox. Network Security Services (NSS) is
a set of libraries designed to support the development of security-enabled
client and server applications.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,
CVE-2010-3180)

A flaw was found in the way the Gopher parser in Firefox converted text
into HTML. A malformed file name on a Gopher server could, when accessed by
a victim running Firefox, allow arbitrary JavaScript to be executed in the
context of the Gopher domain. (CVE-2010-3177)

A same-origin policy bypass flaw was found in Firefox. An attacker could
create a malicious web page that, when viewed by a victim, could steal
private data from a different website the victim has loaded with Firefox.
(CVE-2010-3178)

A flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH
variable was appending a "." character, which could allow a local attacker
to execute arbitrary code with the privileges of a different user running
Firefox, if that user ran Firefox from within an attacker-controlled
directory. (CVE-2010-3182)

This update also provides NSS version 3.12.8 which is required by the
updated Firefox version, fixing the following security issues:

It was found that the SSL DHE (Diffie-Hellman Ephemeral) mode
implementation for key exchanges in Firefox accepted DHE keys that were 256
bits in length. This update removes support for 256 bit DHE keys, as such
keys are easily broken using modern hardware. (CVE-2010-3173)

A flaw was found in the way NSS matched SSL certificates when the
certificates had a Common Name containing a wildcard and a partial IP
address. NSS incorrectly accepted connections to IP addresses that fell
within the SSL certificate's wildcard range as valid SSL connections,
possibly allowing an attacker to conduct a man-in-the-middle attack.
(CVE-2010-3170)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.11. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.11, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

630047 - CVE-2010-3170 firefox/nss: Doesn't handle wildcards in Common Name properly
642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
642302 - CVE-2010-3173 Mozilla insecure Diffie-Hellman key exchange

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.11-2.el4.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nss-3.12.8-1.el4.src.rpm

i386:
firefox-3.6.11-2.el4.i386.rpm
firefox-debuginfo-3.6.11-2.el4.i386.rpm
nss-3.12.8-1.el4.i386.rpm
nss-debuginfo-3.12.8-1.el4.i386.rpm
nss-devel-3.12.8-1.el4.i386.rpm
nss-tools-3.12.8-1.el4.i386.rpm

ia64:
firefox-3.6.11-2.el4.ia64.rpm
firefox-debuginfo-3.6.11-2.el4.ia64.rpm
nss-3.12.8-1.el4.i386.rpm
nss-3.12.8-1.el4.ia64.rpm
nss-debuginfo-3.12.8-1.el4.i386.rpm
nss-debuginfo-3.12.8-1.el4.ia64.rpm
nss-devel-3.12.8-1.el4.ia64.rpm
nss-tools-3.12.8-1.el4.ia64.rpm

ppc:
firefox-3.6.11-2.el4.ppc.rpm
firefox-debuginfo-3.6.11-2.el4.ppc.rpm
nss-3.12.8-1.el4.ppc.rpm
nss-3.12.8-1.el4.ppc64.rpm
nss-debuginfo-3.12.8-1.el4.ppc.rpm
nss-debuginfo-3.12.8-1.el4.ppc64.rpm
nss-devel-3.12.8-1.el4.ppc.rpm
nss-tools-3.12.8-1.el4.ppc.rpm

s390:
firefox-3.6.11-2.el4.s390.rpm
firefox-debuginfo-3.6.11-2.el4.s390.rpm
nss-3.12.8-1.el4.s390.rpm
nss-debuginfo-3.12.8-1.el4.s390.rpm
nss-devel-3.12.8-1.el4.s390.rpm
nss-tools-3.12.8-1.el4.s390.rpm

s390x:
firefox-3.6.11-2.el4.s390x.rpm
firefox-debuginfo-3.6.11-2.el4.s390x.rpm
nss-3.12.8-1.el4.s390.rpm
nss-3.12.8-1.el4.s390x.rpm
nss-debuginfo-3.12.8-1.el4.s390.rpm
nss-debuginfo-3.12.8-1.el4.s390x.rpm
nss-devel-3.12.8-1.el4.s390x.rpm
nss-tools-3.12.8-1.el4.s390x.rpm

x86_64:
firefox-3.6.11-2.el4.x86_64.rpm
firefox-debuginfo-3.6.11-2.el4.x86_64.rpm
nss-3.12.8-1.el4.i386.rpm
nss-3.12.8-1.el4.x86_64.rpm
nss-debuginfo-3.12.8-1.el4.i386.rpm
nss-debuginfo-3.12.8-1.el4.x86_64.rpm
nss-devel-3.12.8-1.el4.x86_64.rpm
nss-tools-3.12.8-1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.11-2.el4.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nss-3.12.8-1.el4.src.rpm

i386:
firefox-3.6.11-2.el4.i386.rpm
firefox-debuginfo-3.6.11-2.el4.i386.rpm
nss-3.12.8-1.el4.i386.rpm
nss-debuginfo-3.12.8-1.el4.i386.rpm
nss-devel-3.12.8-1.el4.i386.rpm
nss-tools-3.12.8-1.el4.i386.rpm

x86_64:
firefox-3.6.11-2.el4.x86_64.rpm
firefox-debuginfo-3.6.11-2.el4.x86_64.rpm
nss-3.12.8-1.el4.i386.rpm
nss-3.12.8-1.el4.x86_64.rpm
nss-debuginfo-3.12.8-1.el4.i386.rpm
nss-debuginfo-3.12.8-1.el4.x86_64.rpm
nss-devel-3.12.8-1.el4.x86_64.rpm
nss-tools-3.12.8-1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.11-2.el4.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nss-3.12.8-1.el4.src.rpm

i386:
firefox-3.6.11-2.el4.i386.rpm
firefox-debuginfo-3.6.11-2.el4.i386.rpm
nss-3.12.8-1.el4.i386.rpm
nss-debuginfo-3.12.8-1.el4.i386.rpm
nss-devel-3.12.8-1.el4.i386.rpm
nss-tools-3.12.8-1.el4.i386.rpm

ia64:
firefox-3.6.11-2.el4.ia64.rpm
firefox-debuginfo-3.6.11-2.el4.ia64.rpm
nss-3.12.8-1.el4.i386.rpm
nss-3.12.8-1.el4.ia64.rpm
nss-debuginfo-3.12.8-1.el4.i386.rpm
nss-debuginfo-3.12.8-1.el4.ia64.rpm
nss-devel-3.12.8-1.el4.ia64.rpm
nss-tools-3.12.8-1.el4.ia64.rpm

x86_64:
firefox-3.6.11-2.el4.x86_64.rpm
firefox-debuginfo-3.6.11-2.el4.x86_64.rpm
nss-3.12.8-1.el4.i386.rpm
nss-3.12.8-1.el4.x86_64.rpm
nss-debuginfo-3.12.8-1.el4.i386.rpm
nss-debuginfo-3.12.8-1.el4.x86_64.rpm
nss-devel-3.12.8-1.el4.x86_64.rpm
nss-tools-3.12.8-1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.11-2.el4.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nss-3.12.8-1.el4.src.rpm

i386:
firefox-3.6.11-2.el4.i386.rpm
firefox-debuginfo-3.6.11-2.el4.i386.rpm
nss-3.12.8-1.el4.i386.rpm
nss-debuginfo-3.12.8-1.el4.i386.rpm
nss-devel-3.12.8-1.el4.i386.rpm
nss-tools-3.12.8-1.el4.i386.rpm

ia64:
firefox-3.6.11-2.el4.ia64.rpm
firefox-debuginfo-3.6.11-2.el4.ia64.rpm
nss-3.12.8-1.el4.i386.rpm
nss-3.12.8-1.el4.ia64.rpm
nss-debuginfo-3.12.8-1.el4.i386.rpm
nss-debuginfo-3.12.8-1.el4.ia64.rpm
nss-devel-3.12.8-1.el4.ia64.rpm
nss-tools-3.12.8-1.el4.ia64.rpm

x86_64:
firefox-3.6.11-2.el4.x86_64.rpm
firefox-debuginfo-3.6.11-2.el4.x86_64.rpm
nss-3.12.8-1.el4.i386.rpm
nss-3.12.8-1.el4.x86_64.rpm
nss-debuginfo-3.12.8-1.el4.i386.rpm
nss-debuginfo-3.12.8-1.el4.x86_64.rpm
nss-devel-3.12.8-1.el4.x86_64.rpm
nss-tools-3.12.8-1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.11-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.8-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.11-2.el5.src.rpm

i386:
firefox-3.6.11-2.el5.i386.rpm
firefox-debuginfo-3.6.11-2.el5.i386.rpm
nss-3.12.8-1.el5.i386.rpm
nss-debuginfo-3.12.8-1.el5.i386.rpm
nss-tools-3.12.8-1.el5.i386.rpm
xulrunner-1.9.2.11-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.i386.rpm

x86_64:
firefox-3.6.11-2.el5.i386.rpm
firefox-3.6.11-2.el5.x86_64.rpm
firefox-debuginfo-3.6.11-2.el5.i386.rpm
firefox-debuginfo-3.6.11-2.el5.x86_64.rpm
nss-3.12.8-1.el5.i386.rpm
nss-3.12.8-1.el5.x86_64.rpm
nss-debuginfo-3.12.8-1.el5.i386.rpm
nss-debuginfo-3.12.8-1.el5.x86_64.rpm
nss-tools-3.12.8-1.el5.x86_64.rpm
xulrunner-1.9.2.11-2.el5.i386.rpm
xulrunner-1.9.2.11-2.el5.x86_64.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.8-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.11-2.el5.src.rpm

i386:
nss-debuginfo-3.12.8-1.el5.i386.rpm
nss-devel-3.12.8-1.el5.i386.rpm
nss-pkcs11-devel-3.12.8-1.el5.i386.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.i386.rpm
xulrunner-devel-1.9.2.11-2.el5.i386.rpm

x86_64:
nss-debuginfo-3.12.8-1.el5.i386.rpm
nss-debuginfo-3.12.8-1.el5.x86_64.rpm
nss-devel-3.12.8-1.el5.i386.rpm
nss-devel-3.12.8-1.el5.x86_64.rpm
nss-pkcs11-devel-3.12.8-1.el5.i386.rpm
nss-pkcs11-devel-3.12.8-1.el5.x86_64.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.x86_64.rpm
xulrunner-devel-1.9.2.11-2.el5.i386.rpm
xulrunner-devel-1.9.2.11-2.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.11-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss-3.12.8-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.11-2.el5.src.rpm

i386:
firefox-3.6.11-2.el5.i386.rpm
firefox-debuginfo-3.6.11-2.el5.i386.rpm
nss-3.12.8-1.el5.i386.rpm
nss-debuginfo-3.12.8-1.el5.i386.rpm
nss-devel-3.12.8-1.el5.i386.rpm
nss-pkcs11-devel-3.12.8-1.el5.i386.rpm
nss-tools-3.12.8-1.el5.i386.rpm
xulrunner-1.9.2.11-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.i386.rpm
xulrunner-devel-1.9.2.11-2.el5.i386.rpm

ia64:
firefox-3.6.11-2.el5.ia64.rpm
firefox-debuginfo-3.6.11-2.el5.ia64.rpm
nss-3.12.8-1.el5.i386.rpm
nss-3.12.8-1.el5.ia64.rpm
nss-debuginfo-3.12.8-1.el5.i386.rpm
nss-debuginfo-3.12.8-1.el5.ia64.rpm
nss-devel-3.12.8-1.el5.ia64.rpm
nss-pkcs11-devel-3.12.8-1.el5.ia64.rpm
nss-tools-3.12.8-1.el5.ia64.rpm
xulrunner-1.9.2.11-2.el5.ia64.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.ia64.rpm
xulrunner-devel-1.9.2.11-2.el5.ia64.rpm

ppc:
firefox-3.6.11-2.el5.ppc.rpm
firefox-debuginfo-3.6.11-2.el5.ppc.rpm
nss-3.12.8-1.el5.ppc.rpm
nss-3.12.8-1.el5.ppc64.rpm
nss-debuginfo-3.12.8-1.el5.ppc.rpm
nss-debuginfo-3.12.8-1.el5.ppc64.rpm
nss-devel-3.12.8-1.el5.ppc.rpm
nss-devel-3.12.8-1.el5.ppc64.rpm
nss-pkcs11-devel-3.12.8-1.el5.ppc.rpm
nss-pkcs11-devel-3.12.8-1.el5.ppc64.rpm
nss-tools-3.12.8-1.el5.ppc.rpm
xulrunner-1.9.2.11-2.el5.ppc.rpm
xulrunner-1.9.2.11-2.el5.ppc64.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.ppc.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.ppc64.rpm
xulrunner-devel-1.9.2.11-2.el5.ppc.rpm
xulrunner-devel-1.9.2.11-2.el5.ppc64.rpm

s390x:
firefox-3.6.11-2.el5.s390.rpm
firefox-3.6.11-2.el5.s390x.rpm
firefox-debuginfo-3.6.11-2.el5.s390.rpm
firefox-debuginfo-3.6.11-2.el5.s390x.rpm
nss-3.12.8-1.el5.s390.rpm
nss-3.12.8-1.el5.s390x.rpm
nss-debuginfo-3.12.8-1.el5.s390.rpm
nss-debuginfo-3.12.8-1.el5.s390x.rpm
nss-devel-3.12.8-1.el5.s390.rpm
nss-devel-3.12.8-1.el5.s390x.rpm
nss-pkcs11-devel-3.12.8-1.el5.s390.rpm
nss-pkcs11-devel-3.12.8-1.el5.s390x.rpm
nss-tools-3.12.8-1.el5.s390x.rpm
xulrunner-1.9.2.11-2.el5.s390.rpm
xulrunner-1.9.2.11-2.el5.s390x.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.s390.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.s390x.rpm
xulrunner-devel-1.9.2.11-2.el5.s390.rpm
xulrunner-devel-1.9.2.11-2.el5.s390x.rpm

x86_64:
firefox-3.6.11-2.el5.i386.rpm
firefox-3.6.11-2.el5.x86_64.rpm
firefox-debuginfo-3.6.11-2.el5.i386.rpm
firefox-debuginfo-3.6.11-2.el5.x86_64.rpm
nss-3.12.8-1.el5.i386.rpm
nss-3.12.8-1.el5.x86_64.rpm
nss-debuginfo-3.12.8-1.el5.i386.rpm
nss-debuginfo-3.12.8-1.el5.x86_64.rpm
nss-devel-3.12.8-1.el5.i386.rpm
nss-devel-3.12.8-1.el5.x86_64.rpm
nss-pkcs11-devel-3.12.8-1.el5.i386.rpm
nss-pkcs11-devel-3.12.8-1.el5.x86_64.rpm
nss-tools-3.12.8-1.el5.x86_64.rpm
xulrunner-1.9.2.11-2.el5.i386.rpm
xulrunner-1.9.2.11-2.el5.x86_64.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.11-2.el5.x86_64.rpm
xulrunner-devel-1.9.2.11-2.el5.i386.rpm
xulrunner-devel-1.9.2.11-2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3170.html
https://www.redhat.com/security/data/cve/CVE-2010-3173.html
https://www.redhat.com/security/data/cve/CVE-2010-3175.html
https://www.redhat.com/security/data/cve/CVE-2010-3176.html
https://www.redhat.com/security/data/cve/CVE-2010-3177.html
https://www.redhat.com/security/data/cve/CVE-2010-3178.html
https://www.redhat.com/security/data/cve/CVE-2010-3179.html
https://www.redhat.com/security/data/cve/CVE-2010-3180.html
https://www.redhat.com/security/data/cve/CVE-2010-3182.html
https://www.redhat.com/security/data/cve/CVE-2010-3183.html
http://www.redhat.com/security/updates/classification/#critical
http://www.mozilla.com/en-US/firefox/3.6.11/releasenotes/
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMvi7TXlSAg2UNWIIRAtSlAJoD2ZytU/zUW3G+C5TtyNyouCiOXQCdHhNe
IvFupYr7788ORIbfMayaNdQ=
=FVkd
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 10-27-2010, 11:58 PM
 
Default Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2010:0808-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0808.html
Issue date: 2010-10-27
CVE Names: CVE-2010-3765
================================================== ===================

1. Summary:

An updated firefox package that fixes one security issue is now available
for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Mozilla Firefox is an open source web browser.

A race condition flaw was found in the way Firefox handled Document Object
Model (DOM) element properties. A web page containing malicious content
could cause Firefox to crash or, potentially, execute arbitrary code with
the privileges of the user running Firefox. (CVE-2010-3765)

For technical details regarding this flaw, refer to the Mozilla security
advisories for Firefox 3.6.12. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to this updated package, which contains a
backported patch to correct this issue. After installing the update,
Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.11-4.el4_8.src.rpm

i386:
firefox-3.6.11-4.el4_8.i386.rpm
firefox-debuginfo-3.6.11-4.el4_8.i386.rpm

ia64:
firefox-3.6.11-4.el4_8.ia64.rpm
firefox-debuginfo-3.6.11-4.el4_8.ia64.rpm

ppc:
firefox-3.6.11-4.el4_8.ppc.rpm
firefox-debuginfo-3.6.11-4.el4_8.ppc.rpm

s390:
firefox-3.6.11-4.el4_8.s390.rpm
firefox-debuginfo-3.6.11-4.el4_8.s390.rpm

s390x:
firefox-3.6.11-4.el4_8.s390x.rpm
firefox-debuginfo-3.6.11-4.el4_8.s390x.rpm

x86_64:
firefox-3.6.11-4.el4_8.x86_64.rpm
firefox-debuginfo-3.6.11-4.el4_8.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.11-4.el4_8.src.rpm

i386:
firefox-3.6.11-4.el4_8.i386.rpm
firefox-debuginfo-3.6.11-4.el4_8.i386.rpm

x86_64:
firefox-3.6.11-4.el4_8.x86_64.rpm
firefox-debuginfo-3.6.11-4.el4_8.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.11-4.el4_8.src.rpm

i386:
firefox-3.6.11-4.el4_8.i386.rpm
firefox-debuginfo-3.6.11-4.el4_8.i386.rpm

ia64:
firefox-3.6.11-4.el4_8.ia64.rpm
firefox-debuginfo-3.6.11-4.el4_8.ia64.rpm

x86_64:
firefox-3.6.11-4.el4_8.x86_64.rpm
firefox-debuginfo-3.6.11-4.el4_8.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.11-4.el4_8.src.rpm

i386:
firefox-3.6.11-4.el4_8.i386.rpm
firefox-debuginfo-3.6.11-4.el4_8.i386.rpm

ia64:
firefox-3.6.11-4.el4_8.ia64.rpm
firefox-debuginfo-3.6.11-4.el4_8.ia64.rpm

x86_64:
firefox-3.6.11-4.el4_8.x86_64.rpm
firefox-debuginfo-3.6.11-4.el4_8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3765.html
http://www.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.12

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMyLx7XlSAg2UNWIIRAlI6AKC0R6EVZgUr/F1GQDcy4DBhWQsk/gCcDNEW
NUfuYoGzzGHIZeapwSoFqdY=
=cAW1
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 11-10-2010, 06:31 PM
 
Default Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2010:0861-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0861.html
Issue date: 2010-11-10
CVE Names: CVE-2010-3175 CVE-2010-3176 CVE-2010-3177
CVE-2010-3178 CVE-2010-3179 CVE-2010-3180
CVE-2010-3182 CVE-2010-3183 CVE-2010-3765
================================================== ===================

1. Summary:

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

A race condition flaw was found in the way Firefox handled Document Object
Model (DOM) element properties. Malicious HTML content could cause Firefox
to crash or, potentially, execute arbitrary code with the privileges of the
user running Firefox. (CVE-2010-3765)

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,
CVE-2010-3180)

A flaw was found in the way the Gopher parser in Firefox converted text
into HTML. A malformed file name on a Gopher server could, when accessed by
a victim running Firefox, allow arbitrary JavaScript to be executed in the
context of the Gopher domain. (CVE-2010-3177)

A same-origin policy bypass flaw was found in Firefox. An attacker could
create a malicious web page that, when viewed by a victim, could steal
private data from a different website the victim had loaded with Firefox.
(CVE-2010-3178)

A flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH
variable was appending a "." character, which could allow a local attacker
to execute arbitrary code with the privileges of a different user running
Firefox, if that user ran Firefox from within an attacker-controlled
directory. (CVE-2010-3182)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.11 and 3.6.12. You can find links to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.12, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.12-1.el6_0.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.12-1.el6_0.src.rpm

i386:
firefox-3.6.12-1.el6_0.i686.rpm
firefox-debuginfo-3.6.12-1.el6_0.i686.rpm
xulrunner-1.9.2.12-1.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm

x86_64:
firefox-3.6.12-1.el6_0.x86_64.rpm
firefox-debuginfo-3.6.12-1.el6_0.x86_64.rpm
xulrunner-1.9.2.12-1.el6_0.i686.rpm
xulrunner-1.9.2.12-1.el6_0.x86_64.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.12-1.el6_0.src.rpm

i386:
xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm
xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm
xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm
xulrunner-devel-1.9.2.12-1.el6_0.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
firefox-3.6.12-1.el6_0.x86_64.rpm
firefox-debuginfo-3.6.12-1.el6_0.x86_64.rpm
xulrunner-1.9.2.12-1.el6_0.i686.rpm
xulrunner-1.9.2.12-1.el6_0.x86_64.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm
xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm
xulrunner-devel-1.9.2.12-1.el6_0.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.12-1.el6_0.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.12-1.el6_0.src.rpm

i386:
firefox-3.6.12-1.el6_0.i686.rpm
firefox-debuginfo-3.6.12-1.el6_0.i686.rpm
xulrunner-1.9.2.12-1.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm

ppc64:
firefox-3.6.12-1.el6_0.ppc64.rpm
firefox-debuginfo-3.6.12-1.el6_0.ppc64.rpm
xulrunner-1.9.2.12-1.el6_0.ppc.rpm
xulrunner-1.9.2.12-1.el6_0.ppc64.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.ppc.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.ppc64.rpm

s390x:
firefox-3.6.12-1.el6_0.s390x.rpm
firefox-debuginfo-3.6.12-1.el6_0.s390x.rpm
xulrunner-1.9.2.12-1.el6_0.s390.rpm
xulrunner-1.9.2.12-1.el6_0.s390x.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.s390.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.s390x.rpm

x86_64:
firefox-3.6.12-1.el6_0.x86_64.rpm
firefox-debuginfo-3.6.12-1.el6_0.x86_64.rpm
xulrunner-1.9.2.12-1.el6_0.i686.rpm
xulrunner-1.9.2.12-1.el6_0.x86_64.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.12-1.el6_0.src.rpm

i386:
xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm
xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm

ppc64:
xulrunner-debuginfo-1.9.2.12-1.el6_0.ppc.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.ppc64.rpm
xulrunner-devel-1.9.2.12-1.el6_0.ppc.rpm
xulrunner-devel-1.9.2.12-1.el6_0.ppc64.rpm

s390x:
xulrunner-debuginfo-1.9.2.12-1.el6_0.s390.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.s390x.rpm
xulrunner-devel-1.9.2.12-1.el6_0.s390.rpm
xulrunner-devel-1.9.2.12-1.el6_0.s390x.rpm

x86_64:
xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm
xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm
xulrunner-devel-1.9.2.12-1.el6_0.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.12-1.el6_0.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.12-1.el6_0.src.rpm

i386:
firefox-3.6.12-1.el6_0.i686.rpm
firefox-debuginfo-3.6.12-1.el6_0.i686.rpm
xulrunner-1.9.2.12-1.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm

x86_64:
firefox-3.6.12-1.el6_0.x86_64.rpm
firefox-debuginfo-3.6.12-1.el6_0.x86_64.rpm
xulrunner-1.9.2.12-1.el6_0.i686.rpm
xulrunner-1.9.2.12-1.el6_0.x86_64.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.12-1.el6_0.src.rpm

i386:
xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm
xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm
xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm
xulrunner-devel-1.9.2.12-1.el6_0.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3175.html
https://www.redhat.com/security/data/cve/CVE-2010-3176.html
https://www.redhat.com/security/data/cve/CVE-2010-3177.html
https://www.redhat.com/security/data/cve/CVE-2010-3178.html
https://www.redhat.com/security/data/cve/CVE-2010-3179.html
https://www.redhat.com/security/data/cve/CVE-2010-3180.html
https://www.redhat.com/security/data/cve/CVE-2010-3182.html
https://www.redhat.com/security/data/cve/CVE-2010-3183.html
https://www.redhat.com/security/data/cve/CVE-2010-3765.html
http://www.redhat.com/security/updates/classification/#critical
http://www.mozilla.com/en-US/firefox/3.6.11/releasenotes/
http://www.mozilla.com/en-US/firefox/3.6.12/releasenotes/
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.12

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFM2vMWXlSAg2UNWIIRApOkAJsHsYKuJS6rZV/wiB/t3rVMmXCSCQCfdcZe
msXDY+N3K39YWrJoxpY7dLM=
=xA4/
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 12-09-2010, 11:07 PM
 
Default Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2010:0966-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0966.html
Issue date: 2010-12-09
CVE Names: CVE-2010-3766 CVE-2010-3767 CVE-2010-3768
CVE-2010-3770 CVE-2010-3771 CVE-2010-3772
CVE-2010-3773 CVE-2010-3774 CVE-2010-3775
CVE-2010-3776 CVE-2010-3777
================================================== ===================

1. Summary:

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Mozilla Firefox is an open source web browser.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772, CVE-2010-3776,
CVE-2010-3777)

A flaw was found in the way Firefox handled malformed JavaScript. A website
with an object containing malicious JavaScript could cause Firefox to
execute that JavaScript with the privileges of the user running Firefox.
(CVE-2010-3771)

This update adds support for the Sanitiser for OpenType (OTS) library to
Firefox. This library helps prevent potential exploits in malformed
OpenType fonts by verifying the font file prior to use. (CVE-2010-3768)

A flaw was found in the way Firefox loaded Java LiveConnect scripts.
Malicious web content could load a Java LiveConnect script in a way that
would result in the plug-in object having elevated privileges, allowing it
to execute Java code with the privileges of the user running Firefox.
(CVE-2010-3775)

It was found that the fix for CVE-2010-0179 was incomplete when the Firebug
add-on was used. If a user visited a website containing malicious
JavaScript while the Firebug add-on was enabled, it could cause Firefox to
execute arbitrary JavaScript with the privileges of the user running
Firefox. (CVE-2010-3773)

A flaw was found in the way Firefox presented the location bar to users. A
malicious website could trick a user into thinking they are visiting the
site reported by the location bar, when the page is actually content
controlled by an attacker. (CVE-2010-3774)

A cross-site scripting (XSS) flaw was found in the Firefox x-mac-arabic,
x-mac-farsi, and x-mac-hebrew character encodings. Certain characters were
converted to angle brackets when displayed. If server-side script filtering
missed these cases, it could result in Firefox executing JavaScript code
with the permissions of a different website. (CVE-2010-3770)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.13. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.13, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

660408 - CVE-2010-3776 Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
660415 - CVE-2010-3777 Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
660417 - CVE-2010-3771 Mozilla Chrome privilege escalation with window.open and <isindex> element (MFSA 2010-76)
660419 - CVE-2010-3772 Mozilla crash and remote code execution using HTML tags inside a XUL tree (MFSA 2010-77)
660420 - CVE-2010-3768 Mozilla add support for OTS font sanitizer (MFSA 2010-78)
660422 - CVE-2010-3775 Mozilla Java security bypass from LiveConnect loaded via data: URL meta refresh (MFSA 2010-79)
660429 - CVE-2010-3766 Mozilla use-after-free error with nsDOMAttribute MutationObserver (MFSA 2010-80)
660431 - CVE-2010-3767 Mozilla integer overflow vulnerability in NewIdArray (MFSA 2010-81)
660435 - CVE-2010-3773 Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82)
660438 - CVE-2010-3774 Mozilla location bar SSL spoofing using network error page (MFSA 2010-83)
660439 - CVE-2010-3770 Mozilla XSS hazard in multiple character encodings (MFSA 2010-84)

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.13-3.el4.src.rpm

i386:
firefox-3.6.13-3.el4.i386.rpm
firefox-debuginfo-3.6.13-3.el4.i386.rpm

ia64:
firefox-3.6.13-3.el4.ia64.rpm
firefox-debuginfo-3.6.13-3.el4.ia64.rpm

ppc:
firefox-3.6.13-3.el4.ppc.rpm
firefox-debuginfo-3.6.13-3.el4.ppc.rpm

s390:
firefox-3.6.13-3.el4.s390.rpm
firefox-debuginfo-3.6.13-3.el4.s390.rpm

s390x:
firefox-3.6.13-3.el4.s390x.rpm
firefox-debuginfo-3.6.13-3.el4.s390x.rpm

x86_64:
firefox-3.6.13-3.el4.x86_64.rpm
firefox-debuginfo-3.6.13-3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.13-3.el4.src.rpm

i386:
firefox-3.6.13-3.el4.i386.rpm
firefox-debuginfo-3.6.13-3.el4.i386.rpm

x86_64:
firefox-3.6.13-3.el4.x86_64.rpm
firefox-debuginfo-3.6.13-3.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.13-3.el4.src.rpm

i386:
firefox-3.6.13-3.el4.i386.rpm
firefox-debuginfo-3.6.13-3.el4.i386.rpm

ia64:
firefox-3.6.13-3.el4.ia64.rpm
firefox-debuginfo-3.6.13-3.el4.ia64.rpm

x86_64:
firefox-3.6.13-3.el4.x86_64.rpm
firefox-debuginfo-3.6.13-3.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.13-3.el4.src.rpm

i386:
firefox-3.6.13-3.el4.i386.rpm
firefox-debuginfo-3.6.13-3.el4.i386.rpm

ia64:
firefox-3.6.13-3.el4.ia64.rpm
firefox-debuginfo-3.6.13-3.el4.ia64.rpm

x86_64:
firefox-3.6.13-3.el4.x86_64.rpm
firefox-debuginfo-3.6.13-3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.13-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.13-3.el5.src.rpm

i386:
firefox-3.6.13-2.el5.i386.rpm
firefox-debuginfo-3.6.13-2.el5.i386.rpm
xulrunner-1.9.2.13-3.el5.i386.rpm
xulrunner-debuginfo-1.9.2.13-3.el5.i386.rpm

x86_64:
firefox-3.6.13-2.el5.i386.rpm
firefox-3.6.13-2.el5.x86_64.rpm
firefox-debuginfo-3.6.13-2.el5.i386.rpm
firefox-debuginfo-3.6.13-2.el5.x86_64.rpm
xulrunner-1.9.2.13-3.el5.i386.rpm
xulrunner-1.9.2.13-3.el5.x86_64.rpm
xulrunner-debuginfo-1.9.2.13-3.el5.i386.rpm
xulrunner-debuginfo-1.9.2.13-3.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.13-3.el5.src.rpm

i386:
xulrunner-debuginfo-1.9.2.13-3.el5.i386.rpm
xulrunner-devel-1.9.2.13-3.el5.i386.rpm

x86_64:
xulrunner-debuginfo-1.9.2.13-3.el5.i386.rpm
xulrunner-debuginfo-1.9.2.13-3.el5.x86_64.rpm
xulrunner-devel-1.9.2.13-3.el5.i386.rpm
xulrunner-devel-1.9.2.13-3.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.13-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.13-3.el5.src.rpm

i386:
firefox-3.6.13-2.el5.i386.rpm
firefox-debuginfo-3.6.13-2.el5.i386.rpm
xulrunner-1.9.2.13-3.el5.i386.rpm
xulrunner-debuginfo-1.9.2.13-3.el5.i386.rpm
xulrunner-devel-1.9.2.13-3.el5.i386.rpm

ia64:
firefox-3.6.13-2.el5.ia64.rpm
firefox-debuginfo-3.6.13-2.el5.ia64.rpm
xulrunner-1.9.2.13-3.el5.ia64.rpm
xulrunner-debuginfo-1.9.2.13-3.el5.ia64.rpm
xulrunner-devel-1.9.2.13-3.el5.ia64.rpm

ppc:
firefox-3.6.13-2.el5.ppc.rpm
firefox-debuginfo-3.6.13-2.el5.ppc.rpm
xulrunner-1.9.2.13-3.el5.ppc.rpm
xulrunner-1.9.2.13-3.el5.ppc64.rpm
xulrunner-debuginfo-1.9.2.13-3.el5.ppc.rpm
xulrunner-debuginfo-1.9.2.13-3.el5.ppc64.rpm
xulrunner-devel-1.9.2.13-3.el5.ppc.rpm
xulrunner-devel-1.9.2.13-3.el5.ppc64.rpm

s390x:
firefox-3.6.13-2.el5.s390.rpm
firefox-3.6.13-2.el5.s390x.rpm
firefox-debuginfo-3.6.13-2.el5.s390.rpm
firefox-debuginfo-3.6.13-2.el5.s390x.rpm
xulrunner-1.9.2.13-3.el5.s390.rpm
xulrunner-1.9.2.13-3.el5.s390x.rpm
xulrunner-debuginfo-1.9.2.13-3.el5.s390.rpm
xulrunner-debuginfo-1.9.2.13-3.el5.s390x.rpm
xulrunner-devel-1.9.2.13-3.el5.s390.rpm
xulrunner-devel-1.9.2.13-3.el5.s390x.rpm

x86_64:
firefox-3.6.13-2.el5.i386.rpm
firefox-3.6.13-2.el5.x86_64.rpm
firefox-debuginfo-3.6.13-2.el5.i386.rpm
firefox-debuginfo-3.6.13-2.el5.x86_64.rpm
xulrunner-1.9.2.13-3.el5.i386.rpm
xulrunner-1.9.2.13-3.el5.x86_64.rpm
xulrunner-debuginfo-1.9.2.13-3.el5.i386.rpm
xulrunner-debuginfo-1.9.2.13-3.el5.x86_64.rpm
xulrunner-devel-1.9.2.13-3.el5.i386.rpm
xulrunner-devel-1.9.2.13-3.el5.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.13-2.el6_0.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm

i386:
firefox-3.6.13-2.el6_0.i686.rpm
firefox-debuginfo-3.6.13-2.el6_0.i686.rpm
xulrunner-1.9.2.13-3.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm

x86_64:
firefox-3.6.13-2.el6_0.x86_64.rpm
firefox-debuginfo-3.6.13-2.el6_0.x86_64.rpm
xulrunner-1.9.2.13-3.el6_0.i686.rpm
xulrunner-1.9.2.13-3.el6_0.x86_64.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm

i386:
xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm
xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm
xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm
xulrunner-devel-1.9.2.13-3.el6_0.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-3.6.13-2.el6_0.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm

x86_64:
firefox-3.6.13-2.el6_0.x86_64.rpm
firefox-debuginfo-3.6.13-2.el6_0.x86_64.rpm
xulrunner-1.9.2.13-3.el6_0.i686.rpm
xulrunner-1.9.2.13-3.el6_0.x86_64.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm
xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm
xulrunner-devel-1.9.2.13-3.el6_0.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.13-2.el6_0.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm

i386:
firefox-3.6.13-2.el6_0.i686.rpm
firefox-debuginfo-3.6.13-2.el6_0.i686.rpm
xulrunner-1.9.2.13-3.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm

ppc64:
firefox-3.6.13-2.el6_0.ppc64.rpm
firefox-debuginfo-3.6.13-2.el6_0.ppc64.rpm
xulrunner-1.9.2.13-3.el6_0.ppc.rpm
xulrunner-1.9.2.13-3.el6_0.ppc64.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.ppc.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.ppc64.rpm

s390x:
firefox-3.6.13-2.el6_0.s390x.rpm
firefox-debuginfo-3.6.13-2.el6_0.s390x.rpm
xulrunner-1.9.2.13-3.el6_0.s390.rpm
xulrunner-1.9.2.13-3.el6_0.s390x.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.s390.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.s390x.rpm

x86_64:
firefox-3.6.13-2.el6_0.x86_64.rpm
firefox-debuginfo-3.6.13-2.el6_0.x86_64.rpm
xulrunner-1.9.2.13-3.el6_0.i686.rpm
xulrunner-1.9.2.13-3.el6_0.x86_64.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm

i386:
xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm
xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm

ppc64:
xulrunner-debuginfo-1.9.2.13-3.el6_0.ppc.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.ppc64.rpm
xulrunner-devel-1.9.2.13-3.el6_0.ppc.rpm
xulrunner-devel-1.9.2.13-3.el6_0.ppc64.rpm

s390x:
xulrunner-debuginfo-1.9.2.13-3.el6_0.s390.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.s390x.rpm
xulrunner-devel-1.9.2.13-3.el6_0.s390.rpm
xulrunner-devel-1.9.2.13-3.el6_0.s390x.rpm

x86_64:
xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm
xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm
xulrunner-devel-1.9.2.13-3.el6_0.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.13-2.el6_0.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm

i386:
firefox-3.6.13-2.el6_0.i686.rpm
firefox-debuginfo-3.6.13-2.el6_0.i686.rpm
xulrunner-1.9.2.13-3.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm

x86_64:
firefox-3.6.13-2.el6_0.x86_64.rpm
firefox-debuginfo-3.6.13-2.el6_0.x86_64.rpm
xulrunner-1.9.2.13-3.el6_0.i686.rpm
xulrunner-1.9.2.13-3.el6_0.x86_64.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm

i386:
xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm
xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm
xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm
xulrunner-devel-1.9.2.13-3.el6_0.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3766.html
https://www.redhat.com/security/data/cve/CVE-2010-3767.html
https://www.redhat.com/security/data/cve/CVE-2010-3768.html
https://www.redhat.com/security/data/cve/CVE-2010-3770.html
https://www.redhat.com/security/data/cve/CVE-2010-3771.html
https://www.redhat.com/security/data/cve/CVE-2010-3772.html
https://www.redhat.com/security/data/cve/CVE-2010-3773.html
https://www.redhat.com/security/data/cve/CVE-2010-3774.html
https://www.redhat.com/security/data/cve/CVE-2010-3775.html
https://www.redhat.com/security/data/cve/CVE-2010-3776.html
https://www.redhat.com/security/data/cve/CVE-2010-3777.html
https://access.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.13
http://code.google.com/p/ots/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNAW8sXlSAg2UNWIIRAljXAJ48fvxnCtsScCN93q2naE DuowzMlQCePaBQ
GH301bbX+epcQXMvu1n9Ccc=
=KnKv
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 04-29-2011, 03:22 AM
 
Default Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2011:0471-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0471.html
Issue date: 2011-04-28
CVE Names: CVE-2011-0065 CVE-2011-0066 CVE-2011-0067
CVE-2011-0069 CVE-2011-0070 CVE-2011-0071
CVE-2011-0072 CVE-2011-0073 CVE-2011-0074
CVE-2011-0075 CVE-2011-0077 CVE-2011-0078
CVE-2011-0080 CVE-2011-0081 CVE-2011-1202
================================================== ===================

1. Summary:

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could possibly lead to arbitrary code
execution with the privileges of the user running Firefox. (CVE-2011-0080,
CVE-2011-0081)

An arbitrary memory write flaw was found in the way Firefox handled
out-of-memory conditions. If all memory was consumed when a user visited a
malicious web page, it could possibly lead to arbitrary code execution
with the privileges of the user running Firefox. (CVE-2011-0078)

An integer overflow flaw was found in the way Firefox handled the HTML
frameset tag. A web page with a frameset tag containing large values for
the "rows" and "cols" attributes could trigger this flaw, possibly leading
to arbitrary code execution with the privileges of the user running
Firefox. (CVE-2011-0077)

A flaw was found in the way Firefox handled the HTML iframe tag. A web page
with an iframe tag containing a specially-crafted source address could
trigger this flaw, possibly leading to arbitrary code execution with the
privileges of the user running Firefox. (CVE-2011-0075)

A flaw was found in the way Firefox displayed multiple marquee elements. A
malformed HTML document could cause Firefox to execute arbitrary code with
the privileges of the user running Firefox. (CVE-2011-0074)

A flaw was found in the way Firefox handled the nsTreeSelection element.
Malformed content could cause Firefox to execute arbitrary code with the
privileges of the user running Firefox. (CVE-2011-0073)

A use-after-free flaw was found in the way Firefox appended frame and
iframe elements to a DOM tree when the NoScript add-on was enabled.
Malicious HTML content could cause Firefox to execute arbitrary code with
the privileges of the user running Firefox. (CVE-2011-0072)

A directory traversal flaw was found in the Firefox resource:// protocol
handler. Malicious content could cause Firefox to access arbitrary files
accessible to the user running Firefox. (CVE-2011-0071)

A double free flaw was found in the way Firefox handled
"application/http-index-format" documents. A malformed HTTP response could
cause Firefox to execute arbitrary code with the privileges of the user
running Firefox. (CVE-2011-0070)

A flaw was found in the way Firefox handled certain JavaScript cross-domain
requests. If malicious content generated a large number of cross-domain
JavaScript requests, it could cause Firefox to execute arbitrary code with
the privileges of the user running Firefox. (CVE-2011-0069)

A flaw was found in the way Firefox displayed the autocomplete pop-up.
Malicious content could use this flaw to steal form history information.
(CVE-2011-0067)

Two use-after-free flaws were found in the Firefox mObserverList and
mChannel objects. Malicious content could use these flaws to execute
arbitrary code with the privileges of the user running Firefox.
(CVE-2011-0066, CVE-2011-0065)

A flaw was found in the Firefox XSLT generate-id() function. This function
returned the memory address of an object in memory, which could possibly be
used by attackers to bypass address randomization protections.
(CVE-2011-1202)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.17. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.17, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

684386 - CVE-2011-1202 libxslt: Heap address leak in XLST
700603 - CVE-2011-0078 Mozilla OOM condition arbitrary memory write (MFSA 2011-12)
700613 - CVE-2011-0077 Mozilla integer overflow in frameset spec (MFSA 2011-12)
700615 - CVE-2011-0075 Mozilla crash from bad iframe source (MFSA 2011-12)
700617 - CVE-2011-0074 Mozilla crash from several marquee elements (MFSA 2011-12)
700619 - CVE-2011-0073 Mozilla dangling pointer flaw (MFSA 2011-13)
700622 - CVE-2011-0072 Mozilla use after free flaw (MFSA 2011-12)
700635 - CVE-2011-0071 Mozilla directory traversal via resource protocol (MFSA 2011-16)
700640 - CVE-2011-0070 Mozilla double free flaw (MFSA 2011-12)
700642 - CVE-2011-0069 Mozilla javascript crash (MFSA 2011-12)
700644 - CVE-2011-0067 Mozilla untrusted events can trigger autocomplete popup (MFSA 2011-14)
700657 - CVE-2011-0066 Mozilla mObserverList use after free (MFSA 2011-13)
700658 - CVE-2011-0065 Mozilla mChannel use after free (MFSA 2011-13)
700676 - CVE-2011-0081 Mozilla memory safety issue (MFSA 2011-12)
700677 - CVE-2011-0080 Mozilla memory safety issue (MFSA 2011-12)

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.17-2.el4.src.rpm

i386:
firefox-3.6.17-2.el4.i386.rpm
firefox-debuginfo-3.6.17-2.el4.i386.rpm

ia64:
firefox-3.6.17-2.el4.ia64.rpm
firefox-debuginfo-3.6.17-2.el4.ia64.rpm

ppc:
firefox-3.6.17-2.el4.ppc.rpm
firefox-debuginfo-3.6.17-2.el4.ppc.rpm

s390:
firefox-3.6.17-2.el4.s390.rpm
firefox-debuginfo-3.6.17-2.el4.s390.rpm

s390x:
firefox-3.6.17-2.el4.s390x.rpm
firefox-debuginfo-3.6.17-2.el4.s390x.rpm

x86_64:
firefox-3.6.17-2.el4.x86_64.rpm
firefox-debuginfo-3.6.17-2.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.17-2.el4.src.rpm

i386:
firefox-3.6.17-2.el4.i386.rpm
firefox-debuginfo-3.6.17-2.el4.i386.rpm

x86_64:
firefox-3.6.17-2.el4.x86_64.rpm
firefox-debuginfo-3.6.17-2.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.17-2.el4.src.rpm

i386:
firefox-3.6.17-2.el4.i386.rpm
firefox-debuginfo-3.6.17-2.el4.i386.rpm

ia64:
firefox-3.6.17-2.el4.ia64.rpm
firefox-debuginfo-3.6.17-2.el4.ia64.rpm

x86_64:
firefox-3.6.17-2.el4.x86_64.rpm
firefox-debuginfo-3.6.17-2.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.17-2.el4.src.rpm

i386:
firefox-3.6.17-2.el4.i386.rpm
firefox-debuginfo-3.6.17-2.el4.i386.rpm

ia64:
firefox-3.6.17-2.el4.ia64.rpm
firefox-debuginfo-3.6.17-2.el4.ia64.rpm

x86_64:
firefox-3.6.17-2.el4.x86_64.rpm
firefox-debuginfo-3.6.17-2.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.17-1.el5_6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.17-3.el5_6.src.rpm

i386:
firefox-3.6.17-1.el5_6.i386.rpm
firefox-debuginfo-3.6.17-1.el5_6.i386.rpm
xulrunner-1.9.2.17-3.el5_6.i386.rpm
xulrunner-debuginfo-1.9.2.17-3.el5_6.i386.rpm

x86_64:
firefox-3.6.17-1.el5_6.i386.rpm
firefox-3.6.17-1.el5_6.x86_64.rpm
firefox-debuginfo-3.6.17-1.el5_6.i386.rpm
firefox-debuginfo-3.6.17-1.el5_6.x86_64.rpm
xulrunner-1.9.2.17-3.el5_6.i386.rpm
xulrunner-1.9.2.17-3.el5_6.x86_64.rpm
xulrunner-debuginfo-1.9.2.17-3.el5_6.i386.rpm
xulrunner-debuginfo-1.9.2.17-3.el5_6.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.17-3.el5_6.src.rpm

i386:
xulrunner-debuginfo-1.9.2.17-3.el5_6.i386.rpm
xulrunner-devel-1.9.2.17-3.el5_6.i386.rpm

x86_64:
xulrunner-debuginfo-1.9.2.17-3.el5_6.i386.rpm
xulrunner-debuginfo-1.9.2.17-3.el5_6.x86_64.rpm
xulrunner-devel-1.9.2.17-3.el5_6.i386.rpm
xulrunner-devel-1.9.2.17-3.el5_6.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.17-1.el5_6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.17-3.el5_6.src.rpm

i386:
firefox-3.6.17-1.el5_6.i386.rpm
firefox-debuginfo-3.6.17-1.el5_6.i386.rpm
xulrunner-1.9.2.17-3.el5_6.i386.rpm
xulrunner-debuginfo-1.9.2.17-3.el5_6.i386.rpm
xulrunner-devel-1.9.2.17-3.el5_6.i386.rpm

ia64:
firefox-3.6.17-1.el5_6.ia64.rpm
firefox-debuginfo-3.6.17-1.el5_6.ia64.rpm
xulrunner-1.9.2.17-3.el5_6.ia64.rpm
xulrunner-debuginfo-1.9.2.17-3.el5_6.ia64.rpm
xulrunner-devel-1.9.2.17-3.el5_6.ia64.rpm

ppc:
firefox-3.6.17-1.el5_6.ppc.rpm
firefox-debuginfo-3.6.17-1.el5_6.ppc.rpm
xulrunner-1.9.2.17-3.el5_6.ppc.rpm
xulrunner-1.9.2.17-3.el5_6.ppc64.rpm
xulrunner-debuginfo-1.9.2.17-3.el5_6.ppc.rpm
xulrunner-debuginfo-1.9.2.17-3.el5_6.ppc64.rpm
xulrunner-devel-1.9.2.17-3.el5_6.ppc.rpm
xulrunner-devel-1.9.2.17-3.el5_6.ppc64.rpm

s390x:
firefox-3.6.17-1.el5_6.s390.rpm
firefox-3.6.17-1.el5_6.s390x.rpm
firefox-debuginfo-3.6.17-1.el5_6.s390.rpm
firefox-debuginfo-3.6.17-1.el5_6.s390x.rpm
xulrunner-1.9.2.17-3.el5_6.s390.rpm
xulrunner-1.9.2.17-3.el5_6.s390x.rpm
xulrunner-debuginfo-1.9.2.17-3.el5_6.s390.rpm
xulrunner-debuginfo-1.9.2.17-3.el5_6.s390x.rpm
xulrunner-devel-1.9.2.17-3.el5_6.s390.rpm
xulrunner-devel-1.9.2.17-3.el5_6.s390x.rpm

x86_64:
firefox-3.6.17-1.el5_6.i386.rpm
firefox-3.6.17-1.el5_6.x86_64.rpm
firefox-debuginfo-3.6.17-1.el5_6.i386.rpm
firefox-debuginfo-3.6.17-1.el5_6.x86_64.rpm
xulrunner-1.9.2.17-3.el5_6.i386.rpm
xulrunner-1.9.2.17-3.el5_6.x86_64.rpm
xulrunner-debuginfo-1.9.2.17-3.el5_6.i386.rpm
xulrunner-debuginfo-1.9.2.17-3.el5_6.x86_64.rpm
xulrunner-devel-1.9.2.17-3.el5_6.i386.rpm
xulrunner-devel-1.9.2.17-3.el5_6.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.17-1.el6_0.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.17-4.el6_0.src.rpm

i386:
firefox-3.6.17-1.el6_0.i686.rpm
firefox-debuginfo-3.6.17-1.el6_0.i686.rpm
xulrunner-1.9.2.17-4.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.i686.rpm

x86_64:
firefox-3.6.17-1.el6_0.i686.rpm
firefox-3.6.17-1.el6_0.x86_64.rpm
firefox-debuginfo-3.6.17-1.el6_0.i686.rpm
firefox-debuginfo-3.6.17-1.el6_0.x86_64.rpm
xulrunner-1.9.2.17-4.el6_0.i686.rpm
xulrunner-1.9.2.17-4.el6_0.x86_64.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.17-4.el6_0.src.rpm

i386:
xulrunner-debuginfo-1.9.2.17-4.el6_0.i686.rpm
xulrunner-devel-1.9.2.17-4.el6_0.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.17-4.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.x86_64.rpm
xulrunner-devel-1.9.2.17-4.el6_0.i686.rpm
xulrunner-devel-1.9.2.17-4.el6_0.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-3.6.17-1.el6_0.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.17-4.el6_0.src.rpm

x86_64:
firefox-3.6.17-1.el6_0.i686.rpm
firefox-3.6.17-1.el6_0.x86_64.rpm
firefox-debuginfo-3.6.17-1.el6_0.i686.rpm
firefox-debuginfo-3.6.17-1.el6_0.x86_64.rpm
xulrunner-1.9.2.17-4.el6_0.i686.rpm
xulrunner-1.9.2.17-4.el6_0.x86_64.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.x86_64.rpm
xulrunner-devel-1.9.2.17-4.el6_0.i686.rpm
xulrunner-devel-1.9.2.17-4.el6_0.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.17-1.el6_0.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.17-4.el6_0.src.rpm

i386:
firefox-3.6.17-1.el6_0.i686.rpm
firefox-debuginfo-3.6.17-1.el6_0.i686.rpm
xulrunner-1.9.2.17-4.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.i686.rpm

ppc64:
firefox-3.6.17-1.el6_0.ppc.rpm
firefox-3.6.17-1.el6_0.ppc64.rpm
firefox-debuginfo-3.6.17-1.el6_0.ppc.rpm
firefox-debuginfo-3.6.17-1.el6_0.ppc64.rpm
xulrunner-1.9.2.17-4.el6_0.ppc.rpm
xulrunner-1.9.2.17-4.el6_0.ppc64.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.ppc.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.ppc64.rpm

s390x:
firefox-3.6.17-1.el6_0.s390.rpm
firefox-3.6.17-1.el6_0.s390x.rpm
firefox-debuginfo-3.6.17-1.el6_0.s390.rpm
firefox-debuginfo-3.6.17-1.el6_0.s390x.rpm
xulrunner-1.9.2.17-4.el6_0.s390.rpm
xulrunner-1.9.2.17-4.el6_0.s390x.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.s390.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.s390x.rpm

x86_64:
firefox-3.6.17-1.el6_0.i686.rpm
firefox-3.6.17-1.el6_0.x86_64.rpm
firefox-debuginfo-3.6.17-1.el6_0.i686.rpm
firefox-debuginfo-3.6.17-1.el6_0.x86_64.rpm
xulrunner-1.9.2.17-4.el6_0.i686.rpm
xulrunner-1.9.2.17-4.el6_0.x86_64.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.17-4.el6_0.src.rpm

i386:
xulrunner-debuginfo-1.9.2.17-4.el6_0.i686.rpm
xulrunner-devel-1.9.2.17-4.el6_0.i686.rpm

ppc64:
xulrunner-debuginfo-1.9.2.17-4.el6_0.ppc.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.ppc64.rpm
xulrunner-devel-1.9.2.17-4.el6_0.ppc.rpm
xulrunner-devel-1.9.2.17-4.el6_0.ppc64.rpm

s390x:
xulrunner-debuginfo-1.9.2.17-4.el6_0.s390.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.s390x.rpm
xulrunner-devel-1.9.2.17-4.el6_0.s390.rpm
xulrunner-devel-1.9.2.17-4.el6_0.s390x.rpm

x86_64:
xulrunner-debuginfo-1.9.2.17-4.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.x86_64.rpm
xulrunner-devel-1.9.2.17-4.el6_0.i686.rpm
xulrunner-devel-1.9.2.17-4.el6_0.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.17-1.el6_0.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.17-4.el6_0.src.rpm

i386:
firefox-3.6.17-1.el6_0.i686.rpm
firefox-debuginfo-3.6.17-1.el6_0.i686.rpm
xulrunner-1.9.2.17-4.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.i686.rpm

x86_64:
firefox-3.6.17-1.el6_0.i686.rpm
firefox-3.6.17-1.el6_0.x86_64.rpm
firefox-debuginfo-3.6.17-1.el6_0.i686.rpm
firefox-debuginfo-3.6.17-1.el6_0.x86_64.rpm
xulrunner-1.9.2.17-4.el6_0.i686.rpm
xulrunner-1.9.2.17-4.el6_0.x86_64.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.17-4.el6_0.src.rpm

i386:
xulrunner-debuginfo-1.9.2.17-4.el6_0.i686.rpm
xulrunner-devel-1.9.2.17-4.el6_0.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.17-4.el6_0.i686.rpm
xulrunner-debuginfo-1.9.2.17-4.el6_0.x86_64.rpm
xulrunner-devel-1.9.2.17-4.el6_0.i686.rpm
xulrunner-devel-1.9.2.17-4.el6_0.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0065.html
https://www.redhat.com/security/data/cve/CVE-2011-0066.html
https://www.redhat.com/security/data/cve/CVE-2011-0067.html
https://www.redhat.com/security/data/cve/CVE-2011-0069.html
https://www.redhat.com/security/data/cve/CVE-2011-0070.html
https://www.redhat.com/security/data/cve/CVE-2011-0071.html
https://www.redhat.com/security/data/cve/CVE-2011-0072.html
https://www.redhat.com/security/data/cve/CVE-2011-0073.html
https://www.redhat.com/security/data/cve/CVE-2011-0074.html
https://www.redhat.com/security/data/cve/CVE-2011-0075.html
https://www.redhat.com/security/data/cve/CVE-2011-0077.html
https://www.redhat.com/security/data/cve/CVE-2011-0078.html
https://www.redhat.com/security/data/cve/CVE-2011-0080.html
https://www.redhat.com/security/data/cve/CVE-2011-0081.html
https://www.redhat.com/security/data/cve/CVE-2011-1202.html
https://access.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.17

8. Contact:

The Red Hat security contact is &lt;secalert@redhat.com&gt;. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNui6wXlSAg2UNWIIRAgVpAJ9IbCCG6uZdEr0HBmU2il PW/j3b6ACfb3zE
G+6522fLVq+Wc5YHmVpdz50=
=sBjt
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 08-16-2011, 06:53 PM
 
Default Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2011:1164-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1164.html
Issue date: 2011-08-16
CVE Names: CVE-2011-0084 CVE-2011-2378 CVE-2011-2981
CVE-2011-2982 CVE-2011-2983 CVE-2011-2984
================================================== ===================

1. Summary:

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2011-2982)

A dangling pointer flaw was found in the Firefox Scalable Vector Graphics
(SVG) text manipulation routine. A web page containing a malicious SVG
image could cause Firefox to crash or, potentially, execute arbitrary code
with the privileges of the user running Firefox. (CVE-2011-0084)

A dangling pointer flaw was found in the way Firefox handled a certain
Document Object Model (DOM) element. A web page containing malicious
content could cause Firefox to crash or, potentially, execute arbitrary
code with the privileges of the user running Firefox. (CVE-2011-2378)

A flaw was found in the event management code in Firefox. A website
containing malicious JavaScript could cause Firefox to execute that
JavaScript with the privileges of the user running Firefox. (CVE-2011-2981)

A flaw was found in the way Firefox handled malformed JavaScript. A web
page containing malicious JavaScript could cause Firefox to access already
freed memory, causing Firefox to crash or, potentially, execute arbitrary
code with the privileges of the user running Firefox. (CVE-2011-2983)

It was found that a malicious web page could execute arbitrary code with
the privileges of the user running Firefox if the user dropped a tab onto
the malicious web page. (CVE-2011-2984)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.20. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.20, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

730518 - CVE-2011-2982 Mozilla: Miscellaneous memory safety hazards
730519 - CVE-2011-0084 Mozilla: Crash in SVGTextElement.getCharNumAtPosition()
730520 - CVE-2011-2981 Mozilla: Privilege escalation using event handlers
730521 - CVE-2011-2378 Mozilla: Dangling pointer vulnerability in appendChild
730522 - CVE-2011-2984 Mozilla: Privilege escalation dropping a tab element in content area
730523 - CVE-2011-2983 Mozilla: Private data leakage using RegExp.input

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.20-2.el4.src.rpm

i386:
firefox-3.6.20-2.el4.i386.rpm
firefox-debuginfo-3.6.20-2.el4.i386.rpm

ia64:
firefox-3.6.20-2.el4.ia64.rpm
firefox-debuginfo-3.6.20-2.el4.ia64.rpm

ppc:
firefox-3.6.20-2.el4.ppc.rpm
firefox-debuginfo-3.6.20-2.el4.ppc.rpm

s390:
firefox-3.6.20-2.el4.s390.rpm
firefox-debuginfo-3.6.20-2.el4.s390.rpm

s390x:
firefox-3.6.20-2.el4.s390x.rpm
firefox-debuginfo-3.6.20-2.el4.s390x.rpm

x86_64:
firefox-3.6.20-2.el4.x86_64.rpm
firefox-debuginfo-3.6.20-2.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.20-2.el4.src.rpm

i386:
firefox-3.6.20-2.el4.i386.rpm
firefox-debuginfo-3.6.20-2.el4.i386.rpm

x86_64:
firefox-3.6.20-2.el4.x86_64.rpm
firefox-debuginfo-3.6.20-2.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.20-2.el4.src.rpm

i386:
firefox-3.6.20-2.el4.i386.rpm
firefox-debuginfo-3.6.20-2.el4.i386.rpm

ia64:
firefox-3.6.20-2.el4.ia64.rpm
firefox-debuginfo-3.6.20-2.el4.ia64.rpm

x86_64:
firefox-3.6.20-2.el4.x86_64.rpm
firefox-debuginfo-3.6.20-2.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.20-2.el4.src.rpm

i386:
firefox-3.6.20-2.el4.i386.rpm
firefox-debuginfo-3.6.20-2.el4.i386.rpm

ia64:
firefox-3.6.20-2.el4.ia64.rpm
firefox-debuginfo-3.6.20-2.el4.ia64.rpm

x86_64:
firefox-3.6.20-2.el4.x86_64.rpm
firefox-debuginfo-3.6.20-2.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.20-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.20-2.el5.src.rpm

i386:
firefox-3.6.20-2.el5.i386.rpm
firefox-debuginfo-3.6.20-2.el5.i386.rpm
xulrunner-1.9.2.20-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.20-2.el5.i386.rpm

x86_64:
firefox-3.6.20-2.el5.i386.rpm
firefox-3.6.20-2.el5.x86_64.rpm
firefox-debuginfo-3.6.20-2.el5.i386.rpm
firefox-debuginfo-3.6.20-2.el5.x86_64.rpm
xulrunner-1.9.2.20-2.el5.i386.rpm
xulrunner-1.9.2.20-2.el5.x86_64.rpm
xulrunner-debuginfo-1.9.2.20-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.20-2.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.20-2.el5.src.rpm

i386:
xulrunner-debuginfo-1.9.2.20-2.el5.i386.rpm
xulrunner-devel-1.9.2.20-2.el5.i386.rpm

x86_64:
xulrunner-debuginfo-1.9.2.20-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.20-2.el5.x86_64.rpm
xulrunner-devel-1.9.2.20-2.el5.i386.rpm
xulrunner-devel-1.9.2.20-2.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.20-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.20-2.el5.src.rpm

i386:
firefox-3.6.20-2.el5.i386.rpm
firefox-debuginfo-3.6.20-2.el5.i386.rpm
xulrunner-1.9.2.20-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.20-2.el5.i386.rpm
xulrunner-devel-1.9.2.20-2.el5.i386.rpm

ia64:
firefox-3.6.20-2.el5.ia64.rpm
firefox-debuginfo-3.6.20-2.el5.ia64.rpm
xulrunner-1.9.2.20-2.el5.ia64.rpm
xulrunner-debuginfo-1.9.2.20-2.el5.ia64.rpm
xulrunner-devel-1.9.2.20-2.el5.ia64.rpm

ppc:
firefox-3.6.20-2.el5.ppc.rpm
firefox-debuginfo-3.6.20-2.el5.ppc.rpm
xulrunner-1.9.2.20-2.el5.ppc.rpm
xulrunner-1.9.2.20-2.el5.ppc64.rpm
xulrunner-debuginfo-1.9.2.20-2.el5.ppc.rpm
xulrunner-debuginfo-1.9.2.20-2.el5.ppc64.rpm
xulrunner-devel-1.9.2.20-2.el5.ppc.rpm
xulrunner-devel-1.9.2.20-2.el5.ppc64.rpm

s390x:
firefox-3.6.20-2.el5.s390.rpm
firefox-3.6.20-2.el5.s390x.rpm
firefox-debuginfo-3.6.20-2.el5.s390.rpm
firefox-debuginfo-3.6.20-2.el5.s390x.rpm
xulrunner-1.9.2.20-2.el5.s390.rpm
xulrunner-1.9.2.20-2.el5.s390x.rpm
xulrunner-debuginfo-1.9.2.20-2.el5.s390.rpm
xulrunner-debuginfo-1.9.2.20-2.el5.s390x.rpm
xulrunner-devel-1.9.2.20-2.el5.s390.rpm
xulrunner-devel-1.9.2.20-2.el5.s390x.rpm

x86_64:
firefox-3.6.20-2.el5.i386.rpm
firefox-3.6.20-2.el5.x86_64.rpm
firefox-debuginfo-3.6.20-2.el5.i386.rpm
firefox-debuginfo-3.6.20-2.el5.x86_64.rpm
xulrunner-1.9.2.20-2.el5.i386.rpm
xulrunner-1.9.2.20-2.el5.x86_64.rpm
xulrunner-debuginfo-1.9.2.20-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.20-2.el5.x86_64.rpm
xulrunner-devel-1.9.2.20-2.el5.i386.rpm
xulrunner-devel-1.9.2.20-2.el5.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.20-2.el6_1.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm

i386:
firefox-3.6.20-2.el6_1.i686.rpm
firefox-debuginfo-3.6.20-2.el6_1.i686.rpm
xulrunner-1.9.2.20-2.el6_1.i686.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm

x86_64:
firefox-3.6.20-2.el6_1.i686.rpm
firefox-3.6.20-2.el6_1.x86_64.rpm
firefox-debuginfo-3.6.20-2.el6_1.i686.rpm
firefox-debuginfo-3.6.20-2.el6_1.x86_64.rpm
xulrunner-1.9.2.20-2.el6_1.i686.rpm
xulrunner-1.9.2.20-2.el6_1.x86_64.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm

i386:
xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm
xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm
xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm
xulrunner-devel-1.9.2.20-2.el6_1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-3.6.20-2.el6_1.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm

x86_64:
firefox-3.6.20-2.el6_1.i686.rpm
firefox-3.6.20-2.el6_1.x86_64.rpm
firefox-debuginfo-3.6.20-2.el6_1.i686.rpm
firefox-debuginfo-3.6.20-2.el6_1.x86_64.rpm
xulrunner-1.9.2.20-2.el6_1.i686.rpm
xulrunner-1.9.2.20-2.el6_1.x86_64.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm
xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm
xulrunner-devel-1.9.2.20-2.el6_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.20-2.el6_1.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm

i386:
firefox-3.6.20-2.el6_1.i686.rpm
firefox-debuginfo-3.6.20-2.el6_1.i686.rpm
xulrunner-1.9.2.20-2.el6_1.i686.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm

ppc64:
firefox-3.6.20-2.el6_1.ppc.rpm
firefox-3.6.20-2.el6_1.ppc64.rpm
firefox-debuginfo-3.6.20-2.el6_1.ppc.rpm
firefox-debuginfo-3.6.20-2.el6_1.ppc64.rpm
xulrunner-1.9.2.20-2.el6_1.ppc.rpm
xulrunner-1.9.2.20-2.el6_1.ppc64.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.ppc.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.ppc64.rpm

s390x:
firefox-3.6.20-2.el6_1.s390.rpm
firefox-3.6.20-2.el6_1.s390x.rpm
firefox-debuginfo-3.6.20-2.el6_1.s390.rpm
firefox-debuginfo-3.6.20-2.el6_1.s390x.rpm
xulrunner-1.9.2.20-2.el6_1.s390.rpm
xulrunner-1.9.2.20-2.el6_1.s390x.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.s390.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.s390x.rpm

x86_64:
firefox-3.6.20-2.el6_1.i686.rpm
firefox-3.6.20-2.el6_1.x86_64.rpm
firefox-debuginfo-3.6.20-2.el6_1.i686.rpm
firefox-debuginfo-3.6.20-2.el6_1.x86_64.rpm
xulrunner-1.9.2.20-2.el6_1.i686.rpm
xulrunner-1.9.2.20-2.el6_1.x86_64.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm

i386:
xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm
xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm

ppc64:
xulrunner-debuginfo-1.9.2.20-2.el6_1.ppc.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.ppc64.rpm
xulrunner-devel-1.9.2.20-2.el6_1.ppc.rpm
xulrunner-devel-1.9.2.20-2.el6_1.ppc64.rpm

s390x:
xulrunner-debuginfo-1.9.2.20-2.el6_1.s390.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.s390x.rpm
xulrunner-devel-1.9.2.20-2.el6_1.s390.rpm
xulrunner-devel-1.9.2.20-2.el6_1.s390x.rpm

x86_64:
xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm
xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm
xulrunner-devel-1.9.2.20-2.el6_1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.20-2.el6_1.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm

i386:
firefox-3.6.20-2.el6_1.i686.rpm
firefox-debuginfo-3.6.20-2.el6_1.i686.rpm
xulrunner-1.9.2.20-2.el6_1.i686.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm

x86_64:
firefox-3.6.20-2.el6_1.i686.rpm
firefox-3.6.20-2.el6_1.x86_64.rpm
firefox-debuginfo-3.6.20-2.el6_1.i686.rpm
firefox-debuginfo-3.6.20-2.el6_1.x86_64.rpm
xulrunner-1.9.2.20-2.el6_1.i686.rpm
xulrunner-1.9.2.20-2.el6_1.x86_64.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm

i386:
xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm
xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm
xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm
xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm
xulrunner-devel-1.9.2.20-2.el6_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0084.html
https://www.redhat.com/security/data/cve/CVE-2011-2378.html
https://www.redhat.com/security/data/cve/CVE-2011-2981.html
https://www.redhat.com/security/data/cve/CVE-2011-2982.html
https://www.redhat.com/security/data/cve/CVE-2011-2983.html
https://www.redhat.com/security/data/cve/CVE-2011-2984.html
https://access.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.20

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFOSryHXlSAg2UNWIIRAptPAJ99gZXIjd+9/dVgtYF4rTf8/VInGQCdEvZK
9dBny490Y9V159N9ThVgl64=
=bIh+
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 09-28-2011, 11:57 PM
 
Default Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2011:1341-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1341.html
Issue date: 2011-09-28
CVE Names: CVE-2011-2372 CVE-2011-2995 CVE-2011-2998
CVE-2011-2999 CVE-2011-3000
================================================== ===================

1. Summary:

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2011-2995)

A flaw was found in the way Firefox processed the "Enter" keypress event. A
malicious web page could present a download dialog while the key is
pressed, activating the default "Open" action. A remote attacker could
exploit this vulnerability by causing the browser to open malicious web
content. (CVE-2011-2372)

A flaw was found in the way Firefox handled Location headers in redirect
responses. Two copies of this header with different values could be a
symptom of a CRLF injection attack against a vulnerable server. Firefox now
treats two copies of the Location, Content-Length, or Content-Disposition
header as an error condition. (CVE-2011-3000)

A flaw was found in the way Firefox handled frame objects with certain
names. An attacker could use this flaw to cause a plug-in to grant its
content access to another site or the local file system, violating the
same-origin policy. (CVE-2011-2999)

An integer underflow flaw was found in the way Firefox handled large
JavaScript regular expressions. A web page containing malicious JavaScript
could cause Firefox to access already freed memory, causing Firefox to
crash or, potentially, execute arbitrary code with the privileges of the
user running Firefox. (CVE-2011-2998)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.23. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.23, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

741902 - CVE-2011-2995 Mozilla: Miscellaneous memory safety hazards (MFSA 2011-36)
741904 - CVE-2011-2999 Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38)
741905 - CVE-2011-3000 Mozillaefense against multiple Location headers due to CRLF Injection (MFSA 2011-39)
741917 - CVE-2011-2372 Mozilla:Code installation through holding down Enter (MFSA 2011-40)
741924 - CVE-2011-2998 Mozilla: Integer underflow when using JavaScript RegExp (MFSA 2011-37)

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.23-1.el4.src.rpm

i386:
firefox-3.6.23-1.el4.i386.rpm
firefox-debuginfo-3.6.23-1.el4.i386.rpm

ia64:
firefox-3.6.23-1.el4.ia64.rpm
firefox-debuginfo-3.6.23-1.el4.ia64.rpm

ppc:
firefox-3.6.23-1.el4.ppc.rpm
firefox-debuginfo-3.6.23-1.el4.ppc.rpm

s390:
firefox-3.6.23-1.el4.s390.rpm
firefox-debuginfo-3.6.23-1.el4.s390.rpm

s390x:
firefox-3.6.23-1.el4.s390x.rpm
firefox-debuginfo-3.6.23-1.el4.s390x.rpm

x86_64:
firefox-3.6.23-1.el4.x86_64.rpm
firefox-debuginfo-3.6.23-1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.23-1.el4.src.rpm

i386:
firefox-3.6.23-1.el4.i386.rpm
firefox-debuginfo-3.6.23-1.el4.i386.rpm

x86_64:
firefox-3.6.23-1.el4.x86_64.rpm
firefox-debuginfo-3.6.23-1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.23-1.el4.src.rpm

i386:
firefox-3.6.23-1.el4.i386.rpm
firefox-debuginfo-3.6.23-1.el4.i386.rpm

ia64:
firefox-3.6.23-1.el4.ia64.rpm
firefox-debuginfo-3.6.23-1.el4.ia64.rpm

x86_64:
firefox-3.6.23-1.el4.x86_64.rpm
firefox-debuginfo-3.6.23-1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.23-1.el4.src.rpm

i386:
firefox-3.6.23-1.el4.i386.rpm
firefox-debuginfo-3.6.23-1.el4.i386.rpm

ia64:
firefox-3.6.23-1.el4.ia64.rpm
firefox-debuginfo-3.6.23-1.el4.ia64.rpm

x86_64:
firefox-3.6.23-1.el4.x86_64.rpm
firefox-debuginfo-3.6.23-1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.23-2.el5_7.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.23-1.el5_7.src.rpm

i386:
firefox-3.6.23-2.el5_7.i386.rpm
firefox-debuginfo-3.6.23-2.el5_7.i386.rpm
xulrunner-1.9.2.23-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.23-1.el5_7.i386.rpm

x86_64:
firefox-3.6.23-2.el5_7.i386.rpm
firefox-3.6.23-2.el5_7.x86_64.rpm
firefox-debuginfo-3.6.23-2.el5_7.i386.rpm
firefox-debuginfo-3.6.23-2.el5_7.x86_64.rpm
xulrunner-1.9.2.23-1.el5_7.i386.rpm
xulrunner-1.9.2.23-1.el5_7.x86_64.rpm
xulrunner-debuginfo-1.9.2.23-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.23-1.el5_7.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.23-1.el5_7.src.rpm

i386:
xulrunner-debuginfo-1.9.2.23-1.el5_7.i386.rpm
xulrunner-devel-1.9.2.23-1.el5_7.i386.rpm

x86_64:
xulrunner-debuginfo-1.9.2.23-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.23-1.el5_7.x86_64.rpm
xulrunner-devel-1.9.2.23-1.el5_7.i386.rpm
xulrunner-devel-1.9.2.23-1.el5_7.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.23-2.el5_7.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.23-1.el5_7.src.rpm

i386:
firefox-3.6.23-2.el5_7.i386.rpm
firefox-debuginfo-3.6.23-2.el5_7.i386.rpm
xulrunner-1.9.2.23-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.23-1.el5_7.i386.rpm
xulrunner-devel-1.9.2.23-1.el5_7.i386.rpm

ia64:
firefox-3.6.23-2.el5_7.ia64.rpm
firefox-debuginfo-3.6.23-2.el5_7.ia64.rpm
xulrunner-1.9.2.23-1.el5_7.ia64.rpm
xulrunner-debuginfo-1.9.2.23-1.el5_7.ia64.rpm
xulrunner-devel-1.9.2.23-1.el5_7.ia64.rpm

ppc:
firefox-3.6.23-2.el5_7.ppc.rpm
firefox-debuginfo-3.6.23-2.el5_7.ppc.rpm
xulrunner-1.9.2.23-1.el5_7.ppc.rpm
xulrunner-1.9.2.23-1.el5_7.ppc64.rpm
xulrunner-debuginfo-1.9.2.23-1.el5_7.ppc.rpm
xulrunner-debuginfo-1.9.2.23-1.el5_7.ppc64.rpm
xulrunner-devel-1.9.2.23-1.el5_7.ppc.rpm
xulrunner-devel-1.9.2.23-1.el5_7.ppc64.rpm

s390x:
firefox-3.6.23-2.el5_7.s390.rpm
firefox-3.6.23-2.el5_7.s390x.rpm
firefox-debuginfo-3.6.23-2.el5_7.s390.rpm
firefox-debuginfo-3.6.23-2.el5_7.s390x.rpm
xulrunner-1.9.2.23-1.el5_7.s390.rpm
xulrunner-1.9.2.23-1.el5_7.s390x.rpm
xulrunner-debuginfo-1.9.2.23-1.el5_7.s390.rpm
xulrunner-debuginfo-1.9.2.23-1.el5_7.s390x.rpm
xulrunner-devel-1.9.2.23-1.el5_7.s390.rpm
xulrunner-devel-1.9.2.23-1.el5_7.s390x.rpm

x86_64:
firefox-3.6.23-2.el5_7.i386.rpm
firefox-3.6.23-2.el5_7.x86_64.rpm
firefox-debuginfo-3.6.23-2.el5_7.i386.rpm
firefox-debuginfo-3.6.23-2.el5_7.x86_64.rpm
xulrunner-1.9.2.23-1.el5_7.i386.rpm
xulrunner-1.9.2.23-1.el5_7.x86_64.rpm
xulrunner-debuginfo-1.9.2.23-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.23-1.el5_7.x86_64.rpm
xulrunner-devel-1.9.2.23-1.el5_7.i386.rpm
xulrunner-devel-1.9.2.23-1.el5_7.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.23-2.el6_1.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm

i386:
firefox-3.6.23-2.el6_1.i686.rpm
firefox-debuginfo-3.6.23-2.el6_1.i686.rpm
xulrunner-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm

x86_64:
firefox-3.6.23-2.el6_1.i686.rpm
firefox-3.6.23-2.el6_1.x86_64.rpm
firefox-debuginfo-3.6.23-2.el6_1.i686.rpm
firefox-debuginfo-3.6.23-2.el6_1.x86_64.rpm
xulrunner-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-1.9.2.23-1.el6_1.1.x86_64.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm

i386:
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-3.6.23-2.el6_1.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm

x86_64:
firefox-3.6.23-2.el6_1.i686.rpm
firefox-3.6.23-2.el6_1.x86_64.rpm
firefox-debuginfo-3.6.23-2.el6_1.i686.rpm
firefox-debuginfo-3.6.23-2.el6_1.x86_64.rpm
xulrunner-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-1.9.2.23-1.el6_1.1.x86_64.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.23-2.el6_1.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm

i386:
firefox-3.6.23-2.el6_1.i686.rpm
firefox-debuginfo-3.6.23-2.el6_1.i686.rpm
xulrunner-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm

ppc64:
firefox-3.6.23-2.el6_1.ppc.rpm
firefox-3.6.23-2.el6_1.ppc64.rpm
firefox-debuginfo-3.6.23-2.el6_1.ppc.rpm
firefox-debuginfo-3.6.23-2.el6_1.ppc64.rpm
xulrunner-1.9.2.23-1.el6_1.1.ppc.rpm
xulrunner-1.9.2.23-1.el6_1.1.ppc64.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.ppc.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.ppc64.rpm

s390x:
firefox-3.6.23-2.el6_1.s390.rpm
firefox-3.6.23-2.el6_1.s390x.rpm
firefox-debuginfo-3.6.23-2.el6_1.s390.rpm
firefox-debuginfo-3.6.23-2.el6_1.s390x.rpm
xulrunner-1.9.2.23-1.el6_1.1.s390.rpm
xulrunner-1.9.2.23-1.el6_1.1.s390x.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.s390.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.s390x.rpm

x86_64:
firefox-3.6.23-2.el6_1.i686.rpm
firefox-3.6.23-2.el6_1.x86_64.rpm
firefox-debuginfo-3.6.23-2.el6_1.i686.rpm
firefox-debuginfo-3.6.23-2.el6_1.x86_64.rpm
xulrunner-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-1.9.2.23-1.el6_1.1.x86_64.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm

i386:
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm

ppc64:
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.ppc.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.ppc64.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.ppc.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.ppc64.rpm

s390x:
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.s390.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.s390x.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.s390.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.s390x.rpm

x86_64:
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.23-2.el6_1.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm

i386:
firefox-3.6.23-2.el6_1.i686.rpm
firefox-debuginfo-3.6.23-2.el6_1.i686.rpm
xulrunner-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm

x86_64:
firefox-3.6.23-2.el6_1.i686.rpm
firefox-3.6.23-2.el6_1.x86_64.rpm
firefox-debuginfo-3.6.23-2.el6_1.i686.rpm
firefox-debuginfo-3.6.23-2.el6_1.x86_64.rpm
xulrunner-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-1.9.2.23-1.el6_1.1.x86_64.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm

i386:
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.23-1.el6_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-2372.html
https://www.redhat.com/security/data/cve/CVE-2011-2995.html
https://www.redhat.com/security/data/cve/CVE-2011-2998.html
https://www.redhat.com/security/data/cve/CVE-2011-2999.html
https://www.redhat.com/security/data/cve/CVE-2011-3000.html
https://access.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFOg7R3XlSAg2UNWIIRAsf9AKCsT7B8ZVPN1E4p4L9crz XyWgmjjwCcCsjc
Y4TMx6iv+uO3sVsIkI5MEIw=
=+PaX
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 11-08-2011, 09:08 PM
 
Default Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2011:1437-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1437.html
Issue date: 2011-11-08
CVE Names: CVE-2011-3647 CVE-2011-3648 CVE-2011-3650
================================================== ===================

1. Summary:

Updated firefox packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

A flaw was found in the way Firefox handled certain add-ons. A web page
containing malicious content could cause an add-on to grant itself full
browser privileges, which could lead to arbitrary code execution with the
privileges of the user running Firefox. (CVE-2011-3647)

A cross-site scripting (XSS) flaw was found in the way Firefox handled
certain multibyte character sets. A web page containing malicious content
could cause Firefox to run JavaScript code with the permissions of a
different website. (CVE-2011-3648)

A flaw was found in the way Firefox handled large JavaScript scripts. A web
page containing malicious JavaScript could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2011-3650)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.24. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.24, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

751931 - CVE-2011-3647 Mozilla: Security problem with loadSubScript on 1.9.2 branch (MFSA 2011-46)
751932 - CVE-2011-3648 Mozilla: Universal XSS likely with MultiByte charset (MFSA 2011-47)
751933 - CVE-2011-3650 Mozilla: crash while profiling page with many functions (MFSA 2011-49)

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.24-3.el4.src.rpm

i386:
firefox-3.6.24-3.el4.i386.rpm
firefox-debuginfo-3.6.24-3.el4.i386.rpm

ia64:
firefox-3.6.24-3.el4.ia64.rpm
firefox-debuginfo-3.6.24-3.el4.ia64.rpm

ppc:
firefox-3.6.24-3.el4.ppc.rpm
firefox-debuginfo-3.6.24-3.el4.ppc.rpm

s390:
firefox-3.6.24-3.el4.s390.rpm
firefox-debuginfo-3.6.24-3.el4.s390.rpm

s390x:
firefox-3.6.24-3.el4.s390x.rpm
firefox-debuginfo-3.6.24-3.el4.s390x.rpm

x86_64:
firefox-3.6.24-3.el4.x86_64.rpm
firefox-debuginfo-3.6.24-3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.24-3.el4.src.rpm

i386:
firefox-3.6.24-3.el4.i386.rpm
firefox-debuginfo-3.6.24-3.el4.i386.rpm

x86_64:
firefox-3.6.24-3.el4.x86_64.rpm
firefox-debuginfo-3.6.24-3.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.24-3.el4.src.rpm

i386:
firefox-3.6.24-3.el4.i386.rpm
firefox-debuginfo-3.6.24-3.el4.i386.rpm

ia64:
firefox-3.6.24-3.el4.ia64.rpm
firefox-debuginfo-3.6.24-3.el4.ia64.rpm

x86_64:
firefox-3.6.24-3.el4.x86_64.rpm
firefox-debuginfo-3.6.24-3.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.24-3.el4.src.rpm

i386:
firefox-3.6.24-3.el4.i386.rpm
firefox-debuginfo-3.6.24-3.el4.i386.rpm

ia64:
firefox-3.6.24-3.el4.ia64.rpm
firefox-debuginfo-3.6.24-3.el4.ia64.rpm

x86_64:
firefox-3.6.24-3.el4.x86_64.rpm
firefox-debuginfo-3.6.24-3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.24-3.el5_7.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.24-2.el5_7.src.rpm

i386:
firefox-3.6.24-3.el5_7.i386.rpm
firefox-debuginfo-3.6.24-3.el5_7.i386.rpm
xulrunner-1.9.2.24-2.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.24-2.el5_7.i386.rpm

x86_64:
firefox-3.6.24-3.el5_7.i386.rpm
firefox-3.6.24-3.el5_7.x86_64.rpm
firefox-debuginfo-3.6.24-3.el5_7.i386.rpm
firefox-debuginfo-3.6.24-3.el5_7.x86_64.rpm
xulrunner-1.9.2.24-2.el5_7.i386.rpm
xulrunner-1.9.2.24-2.el5_7.x86_64.rpm
xulrunner-debuginfo-1.9.2.24-2.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.24-2.el5_7.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.24-2.el5_7.src.rpm

i386:
xulrunner-debuginfo-1.9.2.24-2.el5_7.i386.rpm
xulrunner-devel-1.9.2.24-2.el5_7.i386.rpm

x86_64:
xulrunner-debuginfo-1.9.2.24-2.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.24-2.el5_7.x86_64.rpm
xulrunner-devel-1.9.2.24-2.el5_7.i386.rpm
xulrunner-devel-1.9.2.24-2.el5_7.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.24-3.el5_7.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.24-2.el5_7.src.rpm

i386:
firefox-3.6.24-3.el5_7.i386.rpm
firefox-debuginfo-3.6.24-3.el5_7.i386.rpm
xulrunner-1.9.2.24-2.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.24-2.el5_7.i386.rpm
xulrunner-devel-1.9.2.24-2.el5_7.i386.rpm

ia64:
firefox-3.6.24-3.el5_7.ia64.rpm
firefox-debuginfo-3.6.24-3.el5_7.ia64.rpm
xulrunner-1.9.2.24-2.el5_7.ia64.rpm
xulrunner-debuginfo-1.9.2.24-2.el5_7.ia64.rpm
xulrunner-devel-1.9.2.24-2.el5_7.ia64.rpm

ppc:
firefox-3.6.24-3.el5_7.ppc.rpm
firefox-debuginfo-3.6.24-3.el5_7.ppc.rpm
xulrunner-1.9.2.24-2.el5_7.ppc.rpm
xulrunner-1.9.2.24-2.el5_7.ppc64.rpm
xulrunner-debuginfo-1.9.2.24-2.el5_7.ppc.rpm
xulrunner-debuginfo-1.9.2.24-2.el5_7.ppc64.rpm
xulrunner-devel-1.9.2.24-2.el5_7.ppc.rpm
xulrunner-devel-1.9.2.24-2.el5_7.ppc64.rpm

s390x:
firefox-3.6.24-3.el5_7.s390.rpm
firefox-3.6.24-3.el5_7.s390x.rpm
firefox-debuginfo-3.6.24-3.el5_7.s390.rpm
firefox-debuginfo-3.6.24-3.el5_7.s390x.rpm
xulrunner-1.9.2.24-2.el5_7.s390.rpm
xulrunner-1.9.2.24-2.el5_7.s390x.rpm
xulrunner-debuginfo-1.9.2.24-2.el5_7.s390.rpm
xulrunner-debuginfo-1.9.2.24-2.el5_7.s390x.rpm
xulrunner-devel-1.9.2.24-2.el5_7.s390.rpm
xulrunner-devel-1.9.2.24-2.el5_7.s390x.rpm

x86_64:
firefox-3.6.24-3.el5_7.i386.rpm
firefox-3.6.24-3.el5_7.x86_64.rpm
firefox-debuginfo-3.6.24-3.el5_7.i386.rpm
firefox-debuginfo-3.6.24-3.el5_7.x86_64.rpm
xulrunner-1.9.2.24-2.el5_7.i386.rpm
xulrunner-1.9.2.24-2.el5_7.x86_64.rpm
xulrunner-debuginfo-1.9.2.24-2.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.24-2.el5_7.x86_64.rpm
xulrunner-devel-1.9.2.24-2.el5_7.i386.rpm
xulrunner-devel-1.9.2.24-2.el5_7.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.24-3.el6_1.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm

i386:
firefox-3.6.24-3.el6_1.i686.rpm
firefox-debuginfo-3.6.24-3.el6_1.i686.rpm
xulrunner-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm

x86_64:
firefox-3.6.24-3.el6_1.i686.rpm
firefox-3.6.24-3.el6_1.x86_64.rpm
firefox-debuginfo-3.6.24-3.el6_1.i686.rpm
firefox-debuginfo-3.6.24-3.el6_1.x86_64.rpm
xulrunner-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-1.9.2.24-2.el6_1.1.x86_64.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm

i386:
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-3.6.24-3.el6_1.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm

x86_64:
firefox-3.6.24-3.el6_1.i686.rpm
firefox-3.6.24-3.el6_1.x86_64.rpm
firefox-debuginfo-3.6.24-3.el6_1.i686.rpm
firefox-debuginfo-3.6.24-3.el6_1.x86_64.rpm
xulrunner-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-1.9.2.24-2.el6_1.1.x86_64.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.24-3.el6_1.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm

i386:
firefox-3.6.24-3.el6_1.i686.rpm
firefox-debuginfo-3.6.24-3.el6_1.i686.rpm
xulrunner-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm

ppc64:
firefox-3.6.24-3.el6_1.ppc.rpm
firefox-3.6.24-3.el6_1.ppc64.rpm
firefox-debuginfo-3.6.24-3.el6_1.ppc.rpm
firefox-debuginfo-3.6.24-3.el6_1.ppc64.rpm
xulrunner-1.9.2.24-2.el6_1.1.ppc.rpm
xulrunner-1.9.2.24-2.el6_1.1.ppc64.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.ppc.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.ppc64.rpm

s390x:
firefox-3.6.24-3.el6_1.s390.rpm
firefox-3.6.24-3.el6_1.s390x.rpm
firefox-debuginfo-3.6.24-3.el6_1.s390.rpm
firefox-debuginfo-3.6.24-3.el6_1.s390x.rpm
xulrunner-1.9.2.24-2.el6_1.1.s390.rpm
xulrunner-1.9.2.24-2.el6_1.1.s390x.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.s390.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.s390x.rpm

x86_64:
firefox-3.6.24-3.el6_1.i686.rpm
firefox-3.6.24-3.el6_1.x86_64.rpm
firefox-debuginfo-3.6.24-3.el6_1.i686.rpm
firefox-debuginfo-3.6.24-3.el6_1.x86_64.rpm
xulrunner-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-1.9.2.24-2.el6_1.1.x86_64.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm

i386:
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm

ppc64:
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.ppc.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.ppc64.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.ppc.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.ppc64.rpm

s390x:
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.s390.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.s390x.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.s390.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.s390x.rpm

x86_64:
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.24-3.el6_1.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm

i386:
firefox-3.6.24-3.el6_1.i686.rpm
firefox-debuginfo-3.6.24-3.el6_1.i686.rpm
xulrunner-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm

x86_64:
firefox-3.6.24-3.el6_1.i686.rpm
firefox-3.6.24-3.el6_1.x86_64.rpm
firefox-debuginfo-3.6.24-3.el6_1.i686.rpm
firefox-debuginfo-3.6.24-3.el6_1.x86_64.rpm
xulrunner-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-1.9.2.24-2.el6_1.1.x86_64.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm

i386:
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm
xulrunner-devel-1.9.2.24-2.el6_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-3647.html
https://www.redhat.com/security/data/cve/CVE-2011-3648.html
https://www.redhat.com/security/data/cve/CVE-2011-3650.html
https://access.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.24

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFOuaf7XlSAg2UNWIIRAgZ1AJ9ZRgRzJ4TrukNipSh53Q jsWetKBwCcDveI
IyYRU2V+wm0lpQuwa3MGHlw=
=P8n8
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 02-01-2012, 12:15 AM
 
Default Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2012:0079-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0079.html
Issue date: 2012-01-31
CVE Names: CVE-2011-3659 CVE-2011-3670 CVE-2012-0442
CVE-2012-0444 CVE-2012-0449
================================================== ===================

1. Summary:

Updated firefox packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

A use-after-free flaw was found in the way Firefox removed nsDOMAttribute
child nodes. In certain circumstances, due to the premature notification
of AttributeChildRemoved, a malicious script could possibly use this flaw
to cause Firefox to crash or, potentially, execute arbitrary code with the
privileges of the user running Firefox. (CVE-2011-3659)

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2012-0442)

A flaw was found in the way Firefox parsed Ogg Vorbis media files. A web
page containing a malicious Ogg Vorbis media file could cause Firefox to
crash or, potentially, execute arbitrary code with the privileges of the
user running Firefox. (CVE-2012-0444)

A flaw was found in the way Firefox parsed certain Scalable Vector Graphics
(SVG) image files that contained eXtensible Style Sheet Language
Transformations (XSLT). A web page containing a malicious SVG image file
could cause Firefox to crash or, potentially, execute arbitrary code with
the privileges of the user running Firefox. (CVE-2012-0449)

The same-origin policy in Firefox treated http://example.com and
http://[example.com] as interchangeable. A malicious script could possibly
use this flaw to gain access to sensitive information (such as a client's
IP and user e-mail address, or httpOnly cookies) that may be included in
HTTP proxy error replies, generated in response to invalid URLs using
square brackets. (CVE-2011-3670)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.26. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.26, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

785085 - CVE-2012-0442 Mozilla: memory safety hazards in 10.0/1.9.2.26 (MFSA 2012-01)
785464 - CVE-2011-3670 Mozilla: Same-origin bypass using IPv6-like hostname syntax (MFSA 2012-02)
785966 - CVE-2012-0449 Mozilla: Crash when rendering SVG+XSLT (MFSA 2012-08)
786026 - CVE-2012-0444 Firefox: Ogg Vorbis Decoding Memory Corruption (MFSA 2012-07)
786258 - CVE-2011-3659 Mozilla: child nodes from nsDOMAttribute still accessible after removal of nodes (MFSA 2012-04)

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.26-2.el4.src.rpm

i386:
firefox-3.6.26-2.el4.i386.rpm
firefox-debuginfo-3.6.26-2.el4.i386.rpm

ia64:
firefox-3.6.26-2.el4.ia64.rpm
firefox-debuginfo-3.6.26-2.el4.ia64.rpm

ppc:
firefox-3.6.26-2.el4.ppc.rpm
firefox-debuginfo-3.6.26-2.el4.ppc.rpm

s390:
firefox-3.6.26-2.el4.s390.rpm
firefox-debuginfo-3.6.26-2.el4.s390.rpm

s390x:
firefox-3.6.26-2.el4.s390x.rpm
firefox-debuginfo-3.6.26-2.el4.s390x.rpm

x86_64:
firefox-3.6.26-2.el4.x86_64.rpm
firefox-debuginfo-3.6.26-2.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.26-2.el4.src.rpm

i386:
firefox-3.6.26-2.el4.i386.rpm
firefox-debuginfo-3.6.26-2.el4.i386.rpm

x86_64:
firefox-3.6.26-2.el4.x86_64.rpm
firefox-debuginfo-3.6.26-2.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.26-2.el4.src.rpm

i386:
firefox-3.6.26-2.el4.i386.rpm
firefox-debuginfo-3.6.26-2.el4.i386.rpm

ia64:
firefox-3.6.26-2.el4.ia64.rpm
firefox-debuginfo-3.6.26-2.el4.ia64.rpm

x86_64:
firefox-3.6.26-2.el4.x86_64.rpm
firefox-debuginfo-3.6.26-2.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.26-2.el4.src.rpm

i386:
firefox-3.6.26-2.el4.i386.rpm
firefox-debuginfo-3.6.26-2.el4.i386.rpm

ia64:
firefox-3.6.26-2.el4.ia64.rpm
firefox-debuginfo-3.6.26-2.el4.ia64.rpm

x86_64:
firefox-3.6.26-2.el4.x86_64.rpm
firefox-debuginfo-3.6.26-2.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.26-1.el5_7.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.26-1.el5_7.src.rpm

i386:
firefox-3.6.26-1.el5_7.i386.rpm
firefox-debuginfo-3.6.26-1.el5_7.i386.rpm
xulrunner-1.9.2.26-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm

x86_64:
firefox-3.6.26-1.el5_7.i386.rpm
firefox-3.6.26-1.el5_7.x86_64.rpm
firefox-debuginfo-3.6.26-1.el5_7.i386.rpm
firefox-debuginfo-3.6.26-1.el5_7.x86_64.rpm
xulrunner-1.9.2.26-1.el5_7.i386.rpm
xulrunner-1.9.2.26-1.el5_7.x86_64.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.26-1.el5_7.src.rpm

i386:
xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm
xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm

x86_64:
xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.x86_64.rpm
xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm
xulrunner-devel-1.9.2.26-1.el5_7.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.26-1.el5_7.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.26-1.el5_7.src.rpm

i386:
firefox-3.6.26-1.el5_7.i386.rpm
firefox-debuginfo-3.6.26-1.el5_7.i386.rpm
xulrunner-1.9.2.26-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm
xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm

ia64:
firefox-3.6.26-1.el5_7.ia64.rpm
firefox-debuginfo-3.6.26-1.el5_7.ia64.rpm
xulrunner-1.9.2.26-1.el5_7.ia64.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.ia64.rpm
xulrunner-devel-1.9.2.26-1.el5_7.ia64.rpm

ppc:
firefox-3.6.26-1.el5_7.ppc.rpm
firefox-debuginfo-3.6.26-1.el5_7.ppc.rpm
xulrunner-1.9.2.26-1.el5_7.ppc.rpm
xulrunner-1.9.2.26-1.el5_7.ppc64.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.ppc.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.ppc64.rpm
xulrunner-devel-1.9.2.26-1.el5_7.ppc.rpm
xulrunner-devel-1.9.2.26-1.el5_7.ppc64.rpm

s390x:
firefox-3.6.26-1.el5_7.s390.rpm
firefox-3.6.26-1.el5_7.s390x.rpm
firefox-debuginfo-3.6.26-1.el5_7.s390.rpm
firefox-debuginfo-3.6.26-1.el5_7.s390x.rpm
xulrunner-1.9.2.26-1.el5_7.s390.rpm
xulrunner-1.9.2.26-1.el5_7.s390x.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.s390.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.s390x.rpm
xulrunner-devel-1.9.2.26-1.el5_7.s390.rpm
xulrunner-devel-1.9.2.26-1.el5_7.s390x.rpm

x86_64:
firefox-3.6.26-1.el5_7.i386.rpm
firefox-3.6.26-1.el5_7.x86_64.rpm
firefox-debuginfo-3.6.26-1.el5_7.i386.rpm
firefox-debuginfo-3.6.26-1.el5_7.x86_64.rpm
xulrunner-1.9.2.26-1.el5_7.i386.rpm
xulrunner-1.9.2.26-1.el5_7.x86_64.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.i386.rpm
xulrunner-debuginfo-1.9.2.26-1.el5_7.x86_64.rpm
xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm
xulrunner-devel-1.9.2.26-1.el5_7.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.26-1.el6_2.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.26-1.el6_2.src.rpm

i386:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm

x86_64:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-3.6.26-1.el6_2.x86_64.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.x86_64.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.26-1.el6_2.src.rpm

i386:
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-3.6.26-1.el6_2.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.26-1.el6_2.src.rpm

x86_64:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-3.6.26-1.el6_2.x86_64.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.x86_64.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.26-1.el6_2.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.26-1.el6_2.src.rpm

i386:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm

ppc64:
firefox-3.6.26-1.el6_2.ppc.rpm
firefox-3.6.26-1.el6_2.ppc64.rpm
firefox-debuginfo-3.6.26-1.el6_2.ppc.rpm
firefox-debuginfo-3.6.26-1.el6_2.ppc64.rpm
xulrunner-1.9.2.26-1.el6_2.ppc.rpm
xulrunner-1.9.2.26-1.el6_2.ppc64.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.ppc.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.ppc64.rpm

s390x:
firefox-3.6.26-1.el6_2.s390.rpm
firefox-3.6.26-1.el6_2.s390x.rpm
firefox-debuginfo-3.6.26-1.el6_2.s390.rpm
firefox-debuginfo-3.6.26-1.el6_2.s390x.rpm
xulrunner-1.9.2.26-1.el6_2.s390.rpm
xulrunner-1.9.2.26-1.el6_2.s390x.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.s390.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.s390x.rpm

x86_64:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-3.6.26-1.el6_2.x86_64.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.x86_64.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.26-1.el6_2.src.rpm

i386:
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm

ppc64:
xulrunner-debuginfo-1.9.2.26-1.el6_2.ppc.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.ppc64.rpm
xulrunner-devel-1.9.2.26-1.el6_2.ppc.rpm
xulrunner-devel-1.9.2.26-1.el6_2.ppc64.rpm

s390x:
xulrunner-debuginfo-1.9.2.26-1.el6_2.s390.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.s390x.rpm
xulrunner-devel-1.9.2.26-1.el6_2.s390.rpm
xulrunner-devel-1.9.2.26-1.el6_2.s390x.rpm

x86_64:
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.26-1.el6_2.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.26-1.el6_2.src.rpm

i386:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm

x86_64:
firefox-3.6.26-1.el6_2.i686.rpm
firefox-3.6.26-1.el6_2.x86_64.rpm
firefox-debuginfo-3.6.26-1.el6_2.i686.rpm
firefox-debuginfo-3.6.26-1.el6_2.x86_64.rpm
xulrunner-1.9.2.26-1.el6_2.i686.rpm
xulrunner-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.26-1.el6_2.src.rpm

i386:
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm

x86_64:
xulrunner-debuginfo-1.9.2.26-1.el6_2.i686.rpm
xulrunner-debuginfo-1.9.2.26-1.el6_2.x86_64.rpm
xulrunner-devel-1.9.2.26-1.el6_2.i686.rpm
xulrunner-devel-1.9.2.26-1.el6_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-3659.html
https://www.redhat.com/security/data/cve/CVE-2011-3670.html
https://www.redhat.com/security/data/cve/CVE-2012-0442.html
https://www.redhat.com/security/data/cve/CVE-2012-0444.html
https://www.redhat.com/security/data/cve/CVE-2012-0449.html
https://access.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.26

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPKJI4XlSAg2UNWIIRAu86AJ90vRQABz4iAP8lTwpgWh itoNBuVgCeP4u+
iCHNxUGgZ8ljJAn819lOK5I=
=W7UK
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 02-16-2012, 06:22 PM
 
Default Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2012:0142-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0142.html
Issue date: 2012-02-16
CVE Names: CVE-2011-3026
================================================== ===================

1. Summary:

An updated firefox package that fixes one security issue is now available
for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Mozilla Firefox is an open source web browser.

A heap-based buffer overflow flaw was found in the way Firefox handled
PNG (Portable Network Graphics) images. A web page containing a malicious
PNG image could cause Firefox to crash or, possibly, execute arbitrary
code with the privileges of the user running Firefox. (CVE-2011-3026)

All Firefox users should upgrade to this updated package, which corrects
this issue. After installing the update, Firefox must be restarted for the
changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

790737 - CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.26-3.el4.src.rpm

i386:
firefox-3.6.26-3.el4.i386.rpm
firefox-debuginfo-3.6.26-3.el4.i386.rpm

ia64:
firefox-3.6.26-3.el4.ia64.rpm
firefox-debuginfo-3.6.26-3.el4.ia64.rpm

ppc:
firefox-3.6.26-3.el4.ppc.rpm
firefox-debuginfo-3.6.26-3.el4.ppc.rpm

s390:
firefox-3.6.26-3.el4.s390.rpm
firefox-debuginfo-3.6.26-3.el4.s390.rpm

s390x:
firefox-3.6.26-3.el4.s390x.rpm
firefox-debuginfo-3.6.26-3.el4.s390x.rpm

x86_64:
firefox-3.6.26-3.el4.x86_64.rpm
firefox-debuginfo-3.6.26-3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.26-3.el4.src.rpm

i386:
firefox-3.6.26-3.el4.i386.rpm
firefox-debuginfo-3.6.26-3.el4.i386.rpm

x86_64:
firefox-3.6.26-3.el4.x86_64.rpm
firefox-debuginfo-3.6.26-3.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.26-3.el4.src.rpm

i386:
firefox-3.6.26-3.el4.i386.rpm
firefox-debuginfo-3.6.26-3.el4.i386.rpm

ia64:
firefox-3.6.26-3.el4.ia64.rpm
firefox-debuginfo-3.6.26-3.el4.ia64.rpm

x86_64:
firefox-3.6.26-3.el4.x86_64.rpm
firefox-debuginfo-3.6.26-3.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.26-3.el4.src.rpm

i386:
firefox-3.6.26-3.el4.i386.rpm
firefox-debuginfo-3.6.26-3.el4.i386.rpm

ia64:
firefox-3.6.26-3.el4.ia64.rpm
firefox-debuginfo-3.6.26-3.el4.ia64.rpm

x86_64:
firefox-3.6.26-3.el4.x86_64.rpm
firefox-debuginfo-3.6.26-3.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-3026.html
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPPVd/XlSAg2UNWIIRAo3eAJ9slN5trVLVtwqJv3ci4mo0Np9JFACgrw 9X
PBGGaRmPHj+nqbTT3XvCggY=
=QZ11
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 

Thread Tools




All times are GMT. The time now is 04:01 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org