Linux Archive - Critical: firefox security update

Linux Archive

Page 1 of 4

1

Show 40 post(s) from this thread on one page

Linux Archive (http://www.linux-archive.org/)

- Enterprise Watch List (http://www.linux-archive.org/enterprise-watch-list/)

- - Critical: firefox security update (http://www.linux-archive.org/enterprise-watch-list/5842-critical-firefox-security-update.html)

11-26-2007 10:38 PM

Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2007:1082-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1082.html
Issue date: 2007-11-26
Updated on: 2007-11-26
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-5947 CVE-2007-5959 CVE-2007-5960
- ---------------------------------------------------------------------

1. Summary:

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux AS version 4.5.z - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux ES version 4.5.z - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

394211 - CVE-2007-5947 Mozilla jar: protocol XSS
394241 - CVE-2007-5959 Multiple flaws in Firefox
394261 - CVE-2007-5960 Mozilla Cross-site Request Forgery flaw

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008 firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87 firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

ppc:
2849e6a776fe9d7427f373d2634051bd firefox-1.5.0.12-0.8.el4.ppc.rpm
20e0e2ef9266025221beca008d75eaa0 firefox-debuginfo-1.5.0.12-0.8.el4.ppc.rpm

s390:
39c83103495fb726421799de80f8553d firefox-1.5.0.12-0.8.el4.s390.rpm
d899e6879dbae602227a1326a78d92d2 firefox-debuginfo-1.5.0.12-0.8.el4.s390.rpm

s390x:
719c9da1a4d6c07b5ffa970859d687bf firefox-1.5.0.12-0.8.el4.s390x.rpm
baa53ea0dd0d4e423acbdbbf06eb9363 firefox-debuginfo-1.5.0.12-0.8.el4.s390x.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803 firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux AS version 4.5.z:

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4AS-4.5.z/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008 firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87 firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

ppc:
2849e6a776fe9d7427f373d2634051bd firefox-1.5.0.12-0.8.el4.ppc.rpm
20e0e2ef9266025221beca008d75eaa0 firefox-debuginfo-1.5.0.12-0.8.el4.ppc.rpm

s390:
39c83103495fb726421799de80f8553d firefox-1.5.0.12-0.8.el4.s390.rpm
d899e6879dbae602227a1326a78d92d2 firefox-debuginfo-1.5.0.12-0.8.el4.s390.rpm

s390x:
719c9da1a4d6c07b5ffa970859d687bf firefox-1.5.0.12-0.8.el4.s390x.rpm
baa53ea0dd0d4e423acbdbbf06eb9363 firefox-debuginfo-1.5.0.12-0.8.el4.s390x.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803 firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008 firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87 firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803 firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008 firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87 firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803 firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4.5.z:

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4ES-4.5.z/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008 firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87 firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803 firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008 firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87 firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803 firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-7.el5.src.rpm
9e6f9f8659b25e6420a1f395bbe09896 firefox-1.5.0.12-7.el5.src.rpm

i386:
e1b690ba4dfdd41e20aacfbb9d8fbb9a firefox-1.5.0.12-7.el5.i386.rpm
e576368db6ed9eb70c65a596d5d684aa firefox-debuginfo-1.5.0.12-7.el5.i386.rpm

x86_64:
e1b690ba4dfdd41e20aacfbb9d8fbb9a firefox-1.5.0.12-7.el5.i386.rpm
88f3e7c170437da320696055350436dc firefox-1.5.0.12-7.el5.x86_64.rpm
e576368db6ed9eb70c65a596d5d684aa firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
bdddabfbc73567c7537291b931abee4c firefox-debuginfo-1.5.0.12-7.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-7.el5.src.rpm
9e6f9f8659b25e6420a1f395bbe09896 firefox-1.5.0.12-7.el5.src.rpm

i386:
e576368db6ed9eb70c65a596d5d684aa firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
06509ba586d9f37e71483107137f7843 firefox-devel-1.5.0.12-7.el5.i386.rpm

x86_64:
e576368db6ed9eb70c65a596d5d684aa firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
bdddabfbc73567c7537291b931abee4c firefox-debuginfo-1.5.0.12-7.el5.x86_64.rpm
06509ba586d9f37e71483107137f7843 firefox-devel-1.5.0.12-7.el5.i386.rpm
ca90b71f3c70b0543a91cea11aec9b08 firefox-devel-1.5.0.12-7.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.12-7.el5.src.rpm
9e6f9f8659b25e6420a1f395bbe09896 firefox-1.5.0.12-7.el5.src.rpm

i386:
e1b690ba4dfdd41e20aacfbb9d8fbb9a firefox-1.5.0.12-7.el5.i386.rpm
e576368db6ed9eb70c65a596d5d684aa firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
06509ba586d9f37e71483107137f7843 firefox-devel-1.5.0.12-7.el5.i386.rpm

ia64:
695649f81669a4bafb978c88c642a39d firefox-1.5.0.12-7.el5.ia64.rpm
ca793f2ebcfc331a8e268959ee4d6eb4 firefox-debuginfo-1.5.0.12-7.el5.ia64.rpm
e83a2c4bbf2b8a8047eff54a92c73cf0 firefox-devel-1.5.0.12-7.el5.ia64.rpm

ppc:
2cd4f2936f18ce3aadc7738dcd1f64a5 firefox-1.5.0.12-7.el5.ppc.rpm
07bde30423e53504cac2c903b98f166d firefox-debuginfo-1.5.0.12-7.el5.ppc.rpm
f974e753a4a1406e0f2c765bd1c6a903 firefox-devel-1.5.0.12-7.el5.ppc.rpm

s390x:
275ec90ac2e5119ef3a368f3635a6bed firefox-1.5.0.12-7.el5.s390.rpm
f555a92ba6d9ccdab5b4f02dc6e0d486 firefox-1.5.0.12-7.el5.s390x.rpm
801eeef24bc79972ffeac00345bc4826 firefox-debuginfo-1.5.0.12-7.el5.s390.rpm
ddeb88632059d8fde675a8bbcb81bb0f firefox-debuginfo-1.5.0.12-7.el5.s390x.rpm
6047f5e8ba382cca4e49bd203382ff33 firefox-devel-1.5.0.12-7.el5.s390.rpm
9ecba47676489b65b5975f32c3332d0f firefox-devel-1.5.0.12-7.el5.s390x.rpm

x86_64:
e1b690ba4dfdd41e20aacfbb9d8fbb9a firefox-1.5.0.12-7.el5.i386.rpm
88f3e7c170437da320696055350436dc firefox-1.5.0.12-7.el5.x86_64.rpm
e576368db6ed9eb70c65a596d5d684aa firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
bdddabfbc73567c7537291b931abee4c firefox-debuginfo-1.5.0.12-7.el5.x86_64.rpm
06509ba586d9f37e71483107137f7843 firefox-devel-1.5.0.12-7.el5.i386.rpm
ca90b71f3c70b0543a91cea11aec9b08 firefox-devel-1.5.0.12-7.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5960
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHS1juXlSAg2UNWIIRAoInAJ40qomr+lUcuk9bAMCHrz nL2mnLMgCfYO2s
5B1V7B+O62KTYbKE9vMkCWE=
=xxN3
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

02-08-2008 01:52 AM

Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2008:0103-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0103.html
Issue date: 2008-02-07
CVE Names: CVE-2008-0412 CVE-2008-0413 CVE-2008-0415
CVE-2008-0417 CVE-2008-0418 CVE-2008-0419
CVE-2008-0591 CVE-2008-0592 CVE-2008-0593
================================================== ===================

1. Summary:

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)

Several flaws were found in the way Firefox displayed malformed web
content. A webpage containing specially-crafted content could trick a user
into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)

A flaw was found in the way Firefox stored password data. If a user saves
login information for a malicious website, it could be possible to corrupt
the password database, preventing the user from properly accessing saved
password data. (CVE-2008-0417)

A flaw was found in the way Firefox handles certain chrome URLs. If a user
has certain extensions installed, it could allow a malicious website to
steal sensitive session data. Note: this flaw does not affect a default
installation of Firefox. (CVE-2008-0418)

A flaw was found in the way Firefox saves certain text files. If a
website offers a file of type "plain/text", rather than "text/plain",
Firefox will not show future "text/plain" content to the user in the
browser, forcing them to save those files locally to view the content.
(CVE-2008-0592)

Users of firefox are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

431732 - CVE-2008-0412 Mozilla layout engine crashes
431733 - CVE-2008-0413 Mozilla javascript engine crashes
431739 - CVE-2008-0415 Mozilla arbitrary code execution
431742 - CVE-2008-0417 Mozilla arbitrary code execution
431748 - CVE-2008-0418 Mozilla chrome: directory traversal
431749 - CVE-2008-0419 Mozilla arbitrary code execution
431751 - CVE-2008-0591 Mozilla information disclosure flaw
431752 - CVE-2008-0592 Mozilla text file mishandling
431756 - CVE-2008-0593 Mozilla URL token stealing flaw

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.10.el4.src.rpm

i386:
firefox-1.5.0.12-0.10.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.10.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.ia64.rpm

ppc:
firefox-1.5.0.12-0.10.el4.ppc.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.ppc.rpm

s390:
firefox-1.5.0.12-0.10.el4.s390.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.s390.rpm

s390x:
firefox-1.5.0.12-0.10.el4.s390x.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.s390x.rpm

x86_64:
firefox-1.5.0.12-0.10.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.10.el4.src.rpm

i386:
firefox-1.5.0.12-0.10.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.i386.rpm

x86_64:
firefox-1.5.0.12-0.10.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.10.el4.src.rpm

i386:
firefox-1.5.0.12-0.10.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.10.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.ia64.rpm

x86_64:
firefox-1.5.0.12-0.10.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.10.el4.src.rpm

i386:
firefox-1.5.0.12-0.10.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.10.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.ia64.rpm

x86_64:
firefox-1.5.0.12-0.10.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.10.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-9.el5.src.rpm

i386:
firefox-1.5.0.12-9.el5.i386.rpm
firefox-debuginfo-1.5.0.12-9.el5.i386.rpm

x86_64:
firefox-1.5.0.12-9.el5.i386.rpm
firefox-1.5.0.12-9.el5.x86_64.rpm
firefox-debuginfo-1.5.0.12-9.el5.i386.rpm
firefox-debuginfo-1.5.0.12-9.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-9.el5.src.rpm

i386:
firefox-debuginfo-1.5.0.12-9.el5.i386.rpm
firefox-devel-1.5.0.12-9.el5.i386.rpm

x86_64:
firefox-debuginfo-1.5.0.12-9.el5.i386.rpm
firefox-debuginfo-1.5.0.12-9.el5.x86_64.rpm
firefox-devel-1.5.0.12-9.el5.i386.rpm
firefox-devel-1.5.0.12-9.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.12-9.el5.src.rpm

i386:
firefox-1.5.0.12-9.el5.i386.rpm
firefox-debuginfo-1.5.0.12-9.el5.i386.rpm
firefox-devel-1.5.0.12-9.el5.i386.rpm

ia64:
firefox-1.5.0.12-9.el5.ia64.rpm
firefox-debuginfo-1.5.0.12-9.el5.ia64.rpm
firefox-devel-1.5.0.12-9.el5.ia64.rpm

ppc:
firefox-1.5.0.12-9.el5.ppc.rpm
firefox-debuginfo-1.5.0.12-9.el5.ppc.rpm
firefox-devel-1.5.0.12-9.el5.ppc.rpm

s390x:
firefox-1.5.0.12-9.el5.s390.rpm
firefox-1.5.0.12-9.el5.s390x.rpm
firefox-debuginfo-1.5.0.12-9.el5.s390.rpm
firefox-debuginfo-1.5.0.12-9.el5.s390x.rpm
firefox-devel-1.5.0.12-9.el5.s390.rpm
firefox-devel-1.5.0.12-9.el5.s390x.rpm

x86_64:
firefox-1.5.0.12-9.el5.i386.rpm
firefox-1.5.0.12-9.el5.x86_64.rpm
firefox-debuginfo-1.5.0.12-9.el5.i386.rpm
firefox-debuginfo-1.5.0.12-9.el5.x86_64.rpm
firefox-devel-1.5.0.12-9.el5.i386.rpm
firefox-devel-1.5.0.12-9.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0593
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHq8P3XlSAg2UNWIIRAiwUAKDEhVOF1MaHoBHoxZJfkm 1to0LjHQCfe3tz
YXAwimdo3jkWcuehgg5OTRc=
=DP8X
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

03-27-2008 12:36 AM

Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2008:0207-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0207.html
Issue date: 2008-03-26
CVE Names: CVE-2008-1233 CVE-2008-1234 CVE-2008-1235
CVE-2008-1236 CVE-2008-1237 CVE-2008-1238
CVE-2008-1241
================================================== ===================

1. Summary:

Updated firefox packages that fix several security bugs are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

Mozilla Firefox is an open source Web browser.

Several flaws were found in the processing of some malformed web content. A
web page containing such malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)

Several flaws were found in the display of malformed web content. A web
page containing specially-crafted content could, potentially, trick a
Firefox user into surrendering sensitive information. (CVE-2008-1234,
CVE-2008-1238, CVE-2008-1241)

All Firefox users should upgrade to these updated packages, which contain
backported patches that correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution
438715 - CVE-2008-1234 universal XSS using event handlers
438717 - CVE-2008-1235 chrome privilege via wrong principal
438718 - CVE-2008-1236 browser engine crashes
438721 - CVE-2008-1237 javascript crashes
438724 - CVE-2008-1238 Referrer spoofing bug
438730 - CVE-2008-1241 XUL popup spoofing

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.14.el4.src.rpm

i386:
firefox-1.5.0.12-0.14.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.14.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.ia64.rpm

ppc:
firefox-1.5.0.12-0.14.el4.ppc.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.ppc.rpm

s390:
firefox-1.5.0.12-0.14.el4.s390.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.s390.rpm

s390x:
firefox-1.5.0.12-0.14.el4.s390x.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.s390x.rpm

x86_64:
firefox-1.5.0.12-0.14.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.14.el4.src.rpm

i386:
firefox-1.5.0.12-0.14.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.i386.rpm

x86_64:
firefox-1.5.0.12-0.14.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.14.el4.src.rpm

i386:
firefox-1.5.0.12-0.14.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.14.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.ia64.rpm

x86_64:
firefox-1.5.0.12-0.14.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.14.el4.src.rpm

i386:
firefox-1.5.0.12-0.14.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.14.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.ia64.rpm

x86_64:
firefox-1.5.0.12-0.14.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.14.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-14.el5_1.src.rpm

i386:
firefox-1.5.0.12-14.el5_1.i386.rpm
firefox-debuginfo-1.5.0.12-14.el5_1.i386.rpm

x86_64:
firefox-1.5.0.12-14.el5_1.i386.rpm
firefox-1.5.0.12-14.el5_1.x86_64.rpm
firefox-debuginfo-1.5.0.12-14.el5_1.i386.rpm
firefox-debuginfo-1.5.0.12-14.el5_1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-14.el5_1.src.rpm

i386:
firefox-debuginfo-1.5.0.12-14.el5_1.i386.rpm
firefox-devel-1.5.0.12-14.el5_1.i386.rpm

x86_64:
firefox-debuginfo-1.5.0.12-14.el5_1.i386.rpm
firefox-debuginfo-1.5.0.12-14.el5_1.x86_64.rpm
firefox-devel-1.5.0.12-14.el5_1.i386.rpm
firefox-devel-1.5.0.12-14.el5_1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.12-14.el5_1.src.rpm

i386:
firefox-1.5.0.12-14.el5_1.i386.rpm
firefox-debuginfo-1.5.0.12-14.el5_1.i386.rpm
firefox-devel-1.5.0.12-14.el5_1.i386.rpm

ia64:
firefox-1.5.0.12-14.el5_1.ia64.rpm
firefox-debuginfo-1.5.0.12-14.el5_1.ia64.rpm
firefox-devel-1.5.0.12-14.el5_1.ia64.rpm

ppc:
firefox-1.5.0.12-14.el5_1.ppc.rpm
firefox-debuginfo-1.5.0.12-14.el5_1.ppc.rpm
firefox-devel-1.5.0.12-14.el5_1.ppc.rpm

s390x:
firefox-1.5.0.12-14.el5_1.s390.rpm
firefox-1.5.0.12-14.el5_1.s390x.rpm
firefox-debuginfo-1.5.0.12-14.el5_1.s390.rpm
firefox-debuginfo-1.5.0.12-14.el5_1.s390x.rpm
firefox-devel-1.5.0.12-14.el5_1.s390.rpm
firefox-devel-1.5.0.12-14.el5_1.s390x.rpm

x86_64:
firefox-1.5.0.12-14.el5_1.i386.rpm
firefox-1.5.0.12-14.el5_1.x86_64.rpm
firefox-debuginfo-1.5.0.12-14.el5_1.i386.rpm
firefox-debuginfo-1.5.0.12-14.el5_1.x86_64.rpm
firefox-devel-1.5.0.12-14.el5_1.i386.rpm
firefox-devel-1.5.0.12-14.el5_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFH6voZXlSAg2UNWIIRAuPjAKChhhNMqFXaQCoWJt9pjR t0asOyYwCfcL3L
nAD957ZeuYfuf/BXbfRx0Ls=
=PQum
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

04-17-2008 01:47 AM

Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2008:0222-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0222.html
Issue date: 2008-04-16
CVE Names: CVE-2008-1380
================================================== ===================

1. Summary:

Updated firefox packages that fix a security bug are now available for Red
Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

Mozilla Firefox is an open source Web browser.

A flaw was found in the processing of malformed JavaScript content. A web
page containing such malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-1380)

All Firefox users should upgrade to these updated packages, which contain
backported patches that correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

440518 - CVE-2008-1380 Firefox JavaScript garbage collection crash

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.15.el4.src.rpm

i386:
firefox-1.5.0.12-0.15.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.15.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.ia64.rpm

ppc:
firefox-1.5.0.12-0.15.el4.ppc.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.ppc.rpm

s390:
firefox-1.5.0.12-0.15.el4.s390.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.s390.rpm

s390x:
firefox-1.5.0.12-0.15.el4.s390x.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.s390x.rpm

x86_64:
firefox-1.5.0.12-0.15.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.15.el4.src.rpm

i386:
firefox-1.5.0.12-0.15.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.i386.rpm

x86_64:
firefox-1.5.0.12-0.15.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.15.el4.src.rpm

i386:
firefox-1.5.0.12-0.15.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.15.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.ia64.rpm

x86_64:
firefox-1.5.0.12-0.15.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.15.el4.src.rpm

i386:
firefox-1.5.0.12-0.15.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.15.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.ia64.rpm

x86_64:
firefox-1.5.0.12-0.15.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.15.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-15.el5_1.src.rpm

i386:
firefox-1.5.0.12-15.el5_1.i386.rpm
firefox-debuginfo-1.5.0.12-15.el5_1.i386.rpm

x86_64:
firefox-1.5.0.12-15.el5_1.i386.rpm
firefox-1.5.0.12-15.el5_1.x86_64.rpm
firefox-debuginfo-1.5.0.12-15.el5_1.i386.rpm
firefox-debuginfo-1.5.0.12-15.el5_1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-15.el5_1.src.rpm

i386:
firefox-debuginfo-1.5.0.12-15.el5_1.i386.rpm
firefox-devel-1.5.0.12-15.el5_1.i386.rpm

x86_64:
firefox-debuginfo-1.5.0.12-15.el5_1.i386.rpm
firefox-debuginfo-1.5.0.12-15.el5_1.x86_64.rpm
firefox-devel-1.5.0.12-15.el5_1.i386.rpm
firefox-devel-1.5.0.12-15.el5_1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.12-15.el5_1.src.rpm

i386:
firefox-1.5.0.12-15.el5_1.i386.rpm
firefox-debuginfo-1.5.0.12-15.el5_1.i386.rpm
firefox-devel-1.5.0.12-15.el5_1.i386.rpm

ia64:
firefox-1.5.0.12-15.el5_1.ia64.rpm
firefox-debuginfo-1.5.0.12-15.el5_1.ia64.rpm
firefox-devel-1.5.0.12-15.el5_1.ia64.rpm

ppc:
firefox-1.5.0.12-15.el5_1.ppc.rpm
firefox-debuginfo-1.5.0.12-15.el5_1.ppc.rpm
firefox-devel-1.5.0.12-15.el5_1.ppc.rpm

s390x:
firefox-1.5.0.12-15.el5_1.s390.rpm
firefox-1.5.0.12-15.el5_1.s390x.rpm
firefox-debuginfo-1.5.0.12-15.el5_1.s390.rpm
firefox-debuginfo-1.5.0.12-15.el5_1.s390x.rpm
firefox-devel-1.5.0.12-15.el5_1.s390.rpm
firefox-devel-1.5.0.12-15.el5_1.s390x.rpm

x86_64:
firefox-1.5.0.12-15.el5_1.i386.rpm
firefox-1.5.0.12-15.el5_1.x86_64.rpm
firefox-debuginfo-1.5.0.12-15.el5_1.i386.rpm
firefox-debuginfo-1.5.0.12-15.el5_1.x86_64.rpm
firefox-devel-1.5.0.12-15.el5_1.i386.rpm
firefox-devel-1.5.0.12-15.el5_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIBqwsXlSAg2UNWIIRAsMaAKCawB0j7Jc0BCb2rBM0/UAy526ehgCgvq8G
3Qe8sAws3CKuKIJ3xGhijRU=
=CYe7
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

07-02-2008 01:01 PM

Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2008:0549-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0549.html
Issue date: 2008-07-02
CVE Names: CVE-2008-2798 CVE-2008-2799 CVE-2008-2800
CVE-2008-2801 CVE-2008-2802 CVE-2008-2803
CVE-2008-2805 CVE-2008-2807 CVE-2008-2808
CVE-2008-2809 CVE-2008-2810 CVE-2008-2811
================================================== ===================

1. Summary:

An updated firefox package that fixes several security issues is now
available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Mozilla Firefox is an open source Web browser.

Multiple flaws were found in the processing of malformed JavaScript
content. A web page containing such malicious content could cause Firefox
to crash or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)

Several flaws were found in the way malformed web content was displayed. A
web page containing specially-crafted content could potentially trick a
Firefox user into surrendering sensitive information. (CVE-2008-2800)

Two local file disclosure flaws were found in Firefox. A web page
containing malicious content could cause Firefox to reveal the contents of
a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)

A flaw was found in the way a malformed .properties file was processed by
Firefox. A malicious extension could read uninitialized memory, possibly
leaking sensitive data to the extension. (CVE-2008-2807)

A flaw was found in the way Firefox escaped a listing of local file names.
If a user could be tricked into listing a local directory containing
malicious file names, arbitrary JavaScript could be run with the
permissions of the user running Firefox. (CVE-2008-2808)

A flaw was found in the way Firefox displayed information about self-signed
certificates. It was possible for a self-signed certificate to contain
multiple alternate name entries, which were not all displayed to the user,
allowing them to mistakenly extend trust to an unknown site.
(CVE-2008-2809)

All Mozilla Firefox users should upgrade to this updated package, which
contains backported patches that correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

452597 - CVE-2008-2798 Firefox malformed web content flaws
452598 - CVE-2008-2799 Firefox javascript arbitrary code execution
452599 - CVE-2008-2800 Firefox XSS attacks
452600 - CVE-2008-2802 Firefox arbitrary JavaScript code execution
452602 - CVE-2008-2803 Firefox javascript arbitrary code execution
452604 - CVE-2008-2805 Firefox arbitrary file disclosure
452605 - CVE-2008-2801 Firefox arbitrary signed JAR code execution
452709 - CVE-2008-2807 Firefox .properties memory leak
452710 - CVE-2008-2808 Firefox file location escaping flaw
452711 - CVE-2008-2809 Firefox self signed certificate flaw
452712 - CVE-2008-2810 Firefox arbitrary file disclosure
453007 - CVE-2008-2811 Firefox block reflow flaw

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.19.el4.src.rpm

i386:
firefox-1.5.0.12-0.19.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.19.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.ia64.rpm

ppc:
firefox-1.5.0.12-0.19.el4.ppc.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.ppc.rpm

s390:
firefox-1.5.0.12-0.19.el4.s390.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.s390.rpm

s390x:
firefox-1.5.0.12-0.19.el4.s390x.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.s390x.rpm

x86_64:
firefox-1.5.0.12-0.19.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.19.el4.src.rpm

i386:
firefox-1.5.0.12-0.19.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.i386.rpm

x86_64:
firefox-1.5.0.12-0.19.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.19.el4.src.rpm

i386:
firefox-1.5.0.12-0.19.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.19.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.ia64.rpm

x86_64:
firefox-1.5.0.12-0.19.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.19.el4.src.rpm

i386:
firefox-1.5.0.12-0.19.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.19.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.ia64.rpm

x86_64:
firefox-1.5.0.12-0.19.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.19.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIa3w6XlSAg2UNWIIRAtfkAJ9E9//fKb6pCnz93elzWJUsMNaDbQCdEByv
9G9/WvETDac5pG/g1rAPuJk=
=Qdo6
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

07-02-2008 01:01 PM

Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2008:0569-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0569.html
Issue date: 2008-07-02
CVE Names: CVE-2008-2798 CVE-2008-2799 CVE-2008-2800
CVE-2008-2801 CVE-2008-2802 CVE-2008-2803
CVE-2008-2805 CVE-2008-2807 CVE-2008-2808
CVE-2008-2809 CVE-2008-2810 CVE-2008-2811
================================================== ===================

1. Summary:

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

Mozilla Firefox is an open source Web browser.

Multiple flaws were found in the processing of malformed JavaScript
content. A web page containing such malicious content could cause Firefox
to crash or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)

Several flaws were found in the way malformed web content was displayed. A
web page containing specially-crafted content could potentially trick a
Firefox user into surrendering sensitive information. (CVE-2008-2800)

Two local file disclosure flaws were found in Firefox. A web page
containing malicious content could cause Firefox to reveal the contents of
a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)

A flaw was found in the way a malformed .properties file was processed by
Firefox. A malicious extension could read uninitialized memory, possibly
leaking sensitive data to the extension. (CVE-2008-2807)

A flaw was found in the way Firefox escaped a listing of local file names.
If a user could be tricked into listing a local directory containing
malicious file names, arbitrary JavaScript could be run with the
permissions of the user running Firefox. (CVE-2008-2808)

A flaw was found in the way Firefox displayed information about self-signed
certificates. It was possible for a self-signed certificate to contain
multiple alternate name entries, which were not all displayed to the user,
allowing them to mistakenly extend trust to an unknown site.
(CVE-2008-2809)

All Mozilla Firefox users should upgrade to these updated packages, which
contain backported patches that correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

452597 - CVE-2008-2798 Firefox malformed web content flaws
452598 - CVE-2008-2799 Firefox javascript arbitrary code execution
452599 - CVE-2008-2800 Firefox XSS attacks
452600 - CVE-2008-2802 Firefox arbitrary JavaScript code execution
452602 - CVE-2008-2803 Firefox javascript arbitrary code execution
452604 - CVE-2008-2805 Firefox arbitrary file disclosure
452605 - CVE-2008-2801 Firefox arbitrary signed JAR code execution
452709 - CVE-2008-2807 Firefox .properties memory leak
452710 - CVE-2008-2808 Firefox file location escaping flaw
452711 - CVE-2008-2809 Firefox self signed certificate flaw
452712 - CVE-2008-2810 Firefox arbitrary file disclosure
453007 - CVE-2008-2811 Firefox block reflow flaw

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-17.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.0-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/yelp-2.16.0-19.el5.src.rpm

i386:
devhelp-0.12-17.el5.i386.rpm
devhelp-debuginfo-0.12-17.el5.i386.rpm
firefox-3.0-2.el5.i386.rpm
firefox-debuginfo-3.0-2.el5.i386.rpm
xulrunner-1.9-1.el5.i386.rpm
xulrunner-debuginfo-1.9-1.el5.i386.rpm
yelp-2.16.0-19.el5.i386.rpm
yelp-debuginfo-2.16.0-19.el5.i386.rpm

x86_64:
devhelp-0.12-17.el5.i386.rpm
devhelp-0.12-17.el5.x86_64.rpm
devhelp-debuginfo-0.12-17.el5.i386.rpm
devhelp-debuginfo-0.12-17.el5.x86_64.rpm
firefox-3.0-2.el5.i386.rpm
firefox-3.0-2.el5.x86_64.rpm
firefox-debuginfo-3.0-2.el5.i386.rpm
firefox-debuginfo-3.0-2.el5.x86_64.rpm
xulrunner-1.9-1.el5.i386.rpm
xulrunner-1.9-1.el5.x86_64.rpm
xulrunner-debuginfo-1.9-1.el5.i386.rpm
xulrunner-debuginfo-1.9-1.el5.x86_64.rpm
yelp-2.16.0-19.el5.x86_64.rpm
yelp-debuginfo-2.16.0-19.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-17.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9-1.el5.src.rpm

i386:
devhelp-debuginfo-0.12-17.el5.i386.rpm
devhelp-devel-0.12-17.el5.i386.rpm
xulrunner-debuginfo-1.9-1.el5.i386.rpm
xulrunner-devel-1.9-1.el5.i386.rpm
xulrunner-devel-unstable-1.9-1.el5.i386.rpm

x86_64:
devhelp-debuginfo-0.12-17.el5.i386.rpm
devhelp-debuginfo-0.12-17.el5.x86_64.rpm
devhelp-devel-0.12-17.el5.i386.rpm
devhelp-devel-0.12-17.el5.x86_64.rpm
xulrunner-debuginfo-1.9-1.el5.i386.rpm
xulrunner-debuginfo-1.9-1.el5.x86_64.rpm
xulrunner-devel-1.9-1.el5.i386.rpm
xulrunner-devel-1.9-1.el5.x86_64.rpm
xulrunner-devel-unstable-1.9-1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/devhelp-0.12-17.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.0-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/yelp-2.16.0-19.el5.src.rpm

i386:
devhelp-0.12-17.el5.i386.rpm
devhelp-debuginfo-0.12-17.el5.i386.rpm
devhelp-devel-0.12-17.el5.i386.rpm
firefox-3.0-2.el5.i386.rpm
firefox-debuginfo-3.0-2.el5.i386.rpm
xulrunner-1.9-1.el5.i386.rpm
xulrunner-debuginfo-1.9-1.el5.i386.rpm
xulrunner-devel-1.9-1.el5.i386.rpm
xulrunner-devel-unstable-1.9-1.el5.i386.rpm
yelp-2.16.0-19.el5.i386.rpm
yelp-debuginfo-2.16.0-19.el5.i386.rpm

ia64:
devhelp-0.12-17.el5.ia64.rpm
devhelp-debuginfo-0.12-17.el5.ia64.rpm
devhelp-devel-0.12-17.el5.ia64.rpm
firefox-3.0-2.el5.ia64.rpm
firefox-debuginfo-3.0-2.el5.ia64.rpm
xulrunner-1.9-1.el5.ia64.rpm
xulrunner-debuginfo-1.9-1.el5.ia64.rpm
xulrunner-devel-1.9-1.el5.ia64.rpm
xulrunner-devel-unstable-1.9-1.el5.ia64.rpm
yelp-2.16.0-19.el5.ia64.rpm
yelp-debuginfo-2.16.0-19.el5.ia64.rpm

ppc:
devhelp-0.12-17.el5.ppc.rpm
devhelp-debuginfo-0.12-17.el5.ppc.rpm
devhelp-devel-0.12-17.el5.ppc.rpm
firefox-3.0-2.el5.ppc.rpm
firefox-debuginfo-3.0-2.el5.ppc.rpm
xulrunner-1.9-1.el5.ppc.rpm
xulrunner-1.9-1.el5.ppc64.rpm
xulrunner-debuginfo-1.9-1.el5.ppc.rpm
xulrunner-debuginfo-1.9-1.el5.ppc64.rpm
xulrunner-devel-1.9-1.el5.ppc.rpm
xulrunner-devel-1.9-1.el5.ppc64.rpm
xulrunner-devel-unstable-1.9-1.el5.ppc.rpm
yelp-2.16.0-19.el5.ppc.rpm
yelp-debuginfo-2.16.0-19.el5.ppc.rpm

s390x:
devhelp-0.12-17.el5.s390.rpm
devhelp-0.12-17.el5.s390x.rpm
devhelp-debuginfo-0.12-17.el5.s390.rpm
devhelp-debuginfo-0.12-17.el5.s390x.rpm
devhelp-devel-0.12-17.el5.s390.rpm
devhelp-devel-0.12-17.el5.s390x.rpm
firefox-3.0-2.el5.s390.rpm
firefox-3.0-2.el5.s390x.rpm
firefox-debuginfo-3.0-2.el5.s390.rpm
firefox-debuginfo-3.0-2.el5.s390x.rpm
xulrunner-1.9-1.el5.s390.rpm
xulrunner-1.9-1.el5.s390x.rpm
xulrunner-debuginfo-1.9-1.el5.s390.rpm
xulrunner-debuginfo-1.9-1.el5.s390x.rpm
xulrunner-devel-1.9-1.el5.s390.rpm
xulrunner-devel-1.9-1.el5.s390x.rpm
xulrunner-devel-unstable-1.9-1.el5.s390x.rpm
yelp-2.16.0-19.el5.s390x.rpm
yelp-debuginfo-2.16.0-19.el5.s390x.rpm

x86_64:
devhelp-0.12-17.el5.i386.rpm
devhelp-0.12-17.el5.x86_64.rpm
devhelp-debuginfo-0.12-17.el5.i386.rpm
devhelp-debuginfo-0.12-17.el5.x86_64.rpm
devhelp-devel-0.12-17.el5.i386.rpm
devhelp-devel-0.12-17.el5.x86_64.rpm
firefox-3.0-2.el5.i386.rpm
firefox-3.0-2.el5.x86_64.rpm
firefox-debuginfo-3.0-2.el5.i386.rpm
firefox-debuginfo-3.0-2.el5.x86_64.rpm
xulrunner-1.9-1.el5.i386.rpm
xulrunner-1.9-1.el5.x86_64.rpm
xulrunner-debuginfo-1.9-1.el5.i386.rpm
xulrunner-debuginfo-1.9-1.el5.x86_64.rpm
xulrunner-devel-1.9-1.el5.i386.rpm
xulrunner-devel-1.9-1.el5.x86_64.rpm
xulrunner-devel-unstable-1.9-1.el5.x86_64.rpm
yelp-2.16.0-19.el5.x86_64.rpm
yelp-debuginfo-2.16.0-19.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIa3xEXlSAg2UNWIIRAvmeAJ9qR6psPhewrwgJlRf87R 5No5fwOQCfR3HH
2FUWLwa/Lzisds3Yec8D8k8=
=ZcPh
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

07-16-2008 05:12 PM

Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2008:0597-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0597.html
Issue date: 2008-07-16
CVE Names: CVE-2008-2785 CVE-2008-2933
================================================== ===================

1. Summary:

Updated firefox packages that fix various security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

Mozilla Firefox is an open source Web browser.

An integer overflow flaw was found in the way Firefox displayed certain web
content. A malicious web site could cause Firefox to crash, or execute
arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785)

A flaw was found in the way Firefox handled certain command line URLs. If
another application passed Firefox a malformed URL, it could result in
Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933)

All firefox users should upgrade to these updated packages, which contain
Firefox 3.0.1 that corrects these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-18.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.0.1-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.1-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/yelp-2.16.0-20.el5.src.rpm

i386:
devhelp-0.12-18.el5.i386.rpm
devhelp-debuginfo-0.12-18.el5.i386.rpm
firefox-3.0.1-1.el5.i386.rpm
firefox-debuginfo-3.0.1-1.el5.i386.rpm
xulrunner-1.9.0.1-1.el5.i386.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.i386.rpm
yelp-2.16.0-20.el5.i386.rpm
yelp-debuginfo-2.16.0-20.el5.i386.rpm

x86_64:
devhelp-0.12-18.el5.i386.rpm
devhelp-0.12-18.el5.x86_64.rpm
devhelp-debuginfo-0.12-18.el5.i386.rpm
devhelp-debuginfo-0.12-18.el5.x86_64.rpm
firefox-3.0.1-1.el5.i386.rpm
firefox-3.0.1-1.el5.x86_64.rpm
firefox-debuginfo-3.0.1-1.el5.i386.rpm
firefox-debuginfo-3.0.1-1.el5.x86_64.rpm
xulrunner-1.9.0.1-1.el5.i386.rpm
xulrunner-1.9.0.1-1.el5.x86_64.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.i386.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.x86_64.rpm
yelp-2.16.0-20.el5.x86_64.rpm
yelp-debuginfo-2.16.0-20.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-18.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.1-1.el5.src.rpm

i386:
devhelp-debuginfo-0.12-18.el5.i386.rpm
devhelp-devel-0.12-18.el5.i386.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.i386.rpm
xulrunner-devel-1.9.0.1-1.el5.i386.rpm
xulrunner-devel-unstable-1.9.0.1-1.el5.i386.rpm

x86_64:
devhelp-debuginfo-0.12-18.el5.i386.rpm
devhelp-debuginfo-0.12-18.el5.x86_64.rpm
devhelp-devel-0.12-18.el5.i386.rpm
devhelp-devel-0.12-18.el5.x86_64.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.i386.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.x86_64.rpm
xulrunner-devel-1.9.0.1-1.el5.i386.rpm
xulrunner-devel-1.9.0.1-1.el5.x86_64.rpm
xulrunner-devel-unstable-1.9.0.1-1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/devhelp-0.12-18.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.0.1-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.0.1-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/yelp-2.16.0-20.el5.src.rpm

i386:
devhelp-0.12-18.el5.i386.rpm
devhelp-debuginfo-0.12-18.el5.i386.rpm
devhelp-devel-0.12-18.el5.i386.rpm
firefox-3.0.1-1.el5.i386.rpm
firefox-debuginfo-3.0.1-1.el5.i386.rpm
xulrunner-1.9.0.1-1.el5.i386.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.i386.rpm
xulrunner-devel-1.9.0.1-1.el5.i386.rpm
xulrunner-devel-unstable-1.9.0.1-1.el5.i386.rpm
yelp-2.16.0-20.el5.i386.rpm
yelp-debuginfo-2.16.0-20.el5.i386.rpm

ia64:
devhelp-0.12-18.el5.ia64.rpm
devhelp-debuginfo-0.12-18.el5.ia64.rpm
devhelp-devel-0.12-18.el5.ia64.rpm
firefox-3.0.1-1.el5.ia64.rpm
firefox-debuginfo-3.0.1-1.el5.ia64.rpm
xulrunner-1.9.0.1-1.el5.ia64.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.ia64.rpm
xulrunner-devel-1.9.0.1-1.el5.ia64.rpm
xulrunner-devel-unstable-1.9.0.1-1.el5.ia64.rpm
yelp-2.16.0-20.el5.ia64.rpm
yelp-debuginfo-2.16.0-20.el5.ia64.rpm

ppc:
devhelp-0.12-18.el5.ppc.rpm
devhelp-debuginfo-0.12-18.el5.ppc.rpm
devhelp-devel-0.12-18.el5.ppc.rpm
firefox-3.0.1-1.el5.ppc.rpm
firefox-debuginfo-3.0.1-1.el5.ppc.rpm
xulrunner-1.9.0.1-1.el5.ppc.rpm
xulrunner-1.9.0.1-1.el5.ppc64.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.ppc.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.ppc64.rpm
xulrunner-devel-1.9.0.1-1.el5.ppc.rpm
xulrunner-devel-1.9.0.1-1.el5.ppc64.rpm
xulrunner-devel-unstable-1.9.0.1-1.el5.ppc.rpm
yelp-2.16.0-20.el5.ppc.rpm
yelp-debuginfo-2.16.0-20.el5.ppc.rpm

s390x:
devhelp-0.12-18.el5.s390.rpm
devhelp-0.12-18.el5.s390x.rpm
devhelp-debuginfo-0.12-18.el5.s390.rpm
devhelp-debuginfo-0.12-18.el5.s390x.rpm
devhelp-devel-0.12-18.el5.s390.rpm
devhelp-devel-0.12-18.el5.s390x.rpm
firefox-3.0.1-1.el5.s390.rpm
firefox-3.0.1-1.el5.s390x.rpm
firefox-debuginfo-3.0.1-1.el5.s390.rpm
firefox-debuginfo-3.0.1-1.el5.s390x.rpm
xulrunner-1.9.0.1-1.el5.s390.rpm
xulrunner-1.9.0.1-1.el5.s390x.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.s390.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.s390x.rpm
xulrunner-devel-1.9.0.1-1.el5.s390.rpm
xulrunner-devel-1.9.0.1-1.el5.s390x.rpm
xulrunner-devel-unstable-1.9.0.1-1.el5.s390x.rpm
yelp-2.16.0-20.el5.s390x.rpm
yelp-debuginfo-2.16.0-20.el5.s390x.rpm

x86_64:
devhelp-0.12-18.el5.i386.rpm
devhelp-0.12-18.el5.x86_64.rpm
devhelp-debuginfo-0.12-18.el5.i386.rpm
devhelp-debuginfo-0.12-18.el5.x86_64.rpm
devhelp-devel-0.12-18.el5.i386.rpm
devhelp-devel-0.12-18.el5.x86_64.rpm
firefox-3.0.1-1.el5.i386.rpm
firefox-3.0.1-1.el5.x86_64.rpm
firefox-debuginfo-3.0.1-1.el5.i386.rpm
firefox-debuginfo-3.0.1-1.el5.x86_64.rpm
xulrunner-1.9.0.1-1.el5.i386.rpm
xulrunner-1.9.0.1-1.el5.x86_64.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.i386.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.x86_64.rpm
xulrunner-devel-1.9.0.1-1.el5.i386.rpm
xulrunner-devel-1.9.0.1-1.el5.x86_64.rpm
xulrunner-devel-unstable-1.9.0.1-1.el5.x86_64.rpm
yelp-2.16.0-20.el5.x86_64.rpm
yelp-debuginfo-2.16.0-20.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2933
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIfiv/XlSAg2UNWIIRAvq7AKCNheU6hBjn3hRNYUbmpy+0o3sBIACePT uQ
vXCoV0E+gCDqjB8RcL5fZc8=
=Oy9Z
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

07-16-2008 05:12 PM

Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2008:0598-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0598.html
Issue date: 2008-07-16
CVE Names: CVE-2008-2785 CVE-2008-2933
================================================== ===================

1. Summary:

An updated firefox package that fixes various security issues is now
available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux AS version 4.5.z - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux ES version 4.5.z - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Mozilla Firefox is an open source Web browser.

An integer overflow flaw was found in the way Firefox displayed certain web
content. A malicious web site could cause Firefox to crash, or execute
arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785)

A flaw was found in the way Firefox handled certain command line URLs. If
another application passed Firefox a malformed URL, it could result in
Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933)

All firefox users should upgrade to this updated package, which contains
backported patches that correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.21.el4.src.rpm

i386:
firefox-1.5.0.12-0.21.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.21.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.ia64.rpm

ppc:
firefox-1.5.0.12-0.21.el4.ppc.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.ppc.rpm

s390:
firefox-1.5.0.12-0.21.el4.s390.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.s390.rpm

s390x:
firefox-1.5.0.12-0.21.el4.s390x.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.s390x.rpm

x86_64:
firefox-1.5.0.12-0.21.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.x86_64.rpm

Red Hat Enterprise Linux AS version 4.5.z:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4AS-4.5.z/en/os/SRPMS/firefox-1.5.0.12-0.21.el4.src.rpm

i386:
firefox-1.5.0.12-0.21.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.21.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.ia64.rpm

ppc:
firefox-1.5.0.12-0.21.el4.ppc.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.ppc.rpm

s390:
firefox-1.5.0.12-0.21.el4.s390.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.s390.rpm

s390x:
firefox-1.5.0.12-0.21.el4.s390x.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.s390x.rpm

x86_64:
firefox-1.5.0.12-0.21.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.21.el4.src.rpm

i386:
firefox-1.5.0.12-0.21.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.i386.rpm

x86_64:
firefox-1.5.0.12-0.21.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.21.el4.src.rpm

i386:
firefox-1.5.0.12-0.21.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.21.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.ia64.rpm

x86_64:
firefox-1.5.0.12-0.21.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4.5.z:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4ES-4.5.z/en/os/SRPMS/firefox-1.5.0.12-0.21.el4.src.rpm

i386:
firefox-1.5.0.12-0.21.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.21.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.ia64.rpm

x86_64:
firefox-1.5.0.12-0.21.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.21.el4.src.rpm

i386:
firefox-1.5.0.12-0.21.el4.i386.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.i386.rpm

ia64:
firefox-1.5.0.12-0.21.el4.ia64.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.ia64.rpm

x86_64:
firefox-1.5.0.12-0.21.el4.x86_64.rpm
firefox-debuginfo-1.5.0.12-0.21.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2933
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIfiwLXlSAg2UNWIIRAuzDAJ9/hIL1wH8Rx8Yrj5ewIaqUE76ZnwCePjlL
Hc1vcRZGG9iZHbGcrn+qmMc=
=CvOl
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

09-24-2008 02:20 AM

Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2008:0879-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0879.html
Issue date: 2008-09-23
CVE Names: CVE-2008-3837 CVE-2008-4058 CVE-2008-4060
CVE-2008-4061 CVE-2008-4062 CVE-2008-4063
CVE-2008-4064 CVE-2008-4065 CVE-2008-4067
CVE-2008-4068
================================================== ===================

1. Summary:

An updated firefox package that fixes various security issues is now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

Mozilla Firefox is an open source Web browser.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,
CVE-2008-4063, CVE-2008-4064)

Several flaws were found in the way malformed web content was displayed. A
web page containing specially crafted content could potentially trick a
Firefox user into surrendering sensitive information. (CVE-2008-4067,
CVE-2008-4068)

A flaw was found in the way Firefox handles mouse click events. A web page
containing specially crafted JavaScript code could move the content window
while a mouse-button was pressed, causing any item under the pointer to be
dragged. This could, potentially, cause the user to perform an unsafe
drag-and-drop action. (CVE-2008-3837)

A flaw was found in Firefox that caused certain characters to be stripped
from JavaScript code. This flaw could allow malicious JavaScript to bypass
or evade script filters. (CVE-2008-4065)

For technical details regarding these flaws, please see the Mozilla
security advisories for Firefox 3.0.2. You can find a link to the Mozilla
advisories in the References section.

All firefox users should upgrade to this updated package, which contains
backported patches that correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

463189 - CVE-2008-3837 Forced mouse drag
463190 - CVE-2008-4058 Mozilla privilege escalation via XPCnativeWrapper pollution
463198 - CVE-2008-4060 Mozilla privilege escalation via XPCnativeWrapper pollution
463199 - CVE-2008-4061 Mozilla layout engine crash
463201 - CVE-2008-4062 Mozilla crashes with evidence of memory corruption
463203 - CVE-2008-4063 Mozilla crashes with evidence of memory corruption
463204 - CVE-2008-4064 Mozilla crashes with evidence of memory corruption
463234 - CVE-2008-4065 Mozilla BOM characters stripped from JavaScript before execution
463246 - CVE-2008-4067 Mozilla resource: traversal vulnerability
463248 - CVE-2008-4068 Mozilla local HTML file recource: bypass

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.0.2-3.el4.src.rpm

i386:
firefox-3.0.2-3.el4.i386.rpm
firefox-debuginfo-3.0.2-3.el4.i386.rpm

ia64:
firefox-3.0.2-3.el4.ia64.rpm
firefox-debuginfo-3.0.2-3.el4.ia64.rpm

ppc:
firefox-3.0.2-3.el4.ppc.rpm
firefox-debuginfo-3.0.2-3.el4.ppc.rpm

s390:
firefox-3.0.2-3.el4.s390.rpm
firefox-debuginfo-3.0.2-3.el4.s390.rpm

s390x:
firefox-3.0.2-3.el4.s390x.rpm
firefox-debuginfo-3.0.2-3.el4.s390x.rpm

x86_64:
firefox-3.0.2-3.el4.x86_64.rpm
firefox-debuginfo-3.0.2-3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.0.2-3.el4.src.rpm

i386:
firefox-3.0.2-3.el4.i386.rpm
firefox-debuginfo-3.0.2-3.el4.i386.rpm

x86_64:
firefox-3.0.2-3.el4.x86_64.rpm
firefox-debuginfo-3.0.2-3.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.0.2-3.el4.src.rpm

i386:
firefox-3.0.2-3.el4.i386.rpm
firefox-debuginfo-3.0.2-3.el4.i386.rpm

ia64:
firefox-3.0.2-3.el4.ia64.rpm
firefox-debuginfo-3.0.2-3.el4.ia64.rpm

x86_64:
firefox-3.0.2-3.el4.x86_64.rpm
firefox-debuginfo-3.0.2-3.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.0.2-3.el4.src.rpm

i386:
firefox-3.0.2-3.el4.i386.rpm
firefox-debuginfo-3.0.2-3.el4.i386.rpm

ia64:
firefox-3.0.2-3.el4.ia64.rpm
firefox-debuginfo-3.0.2-3.el4.ia64.rpm

x86_64:
firefox-3.0.2-3.el4.x86_64.rpm
firefox-debuginfo-3.0.2-3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-19.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.0.2-3.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.1.1-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.2-5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/yelp-2.16.0-21.el5.src.rpm

i386:
devhelp-0.12-19.el5.i386.rpm
devhelp-debuginfo-0.12-19.el5.i386.rpm
firefox-3.0.2-3.el5.i386.rpm
firefox-debuginfo-3.0.2-3.el5.i386.rpm
nss-3.12.1.1-1.el5.i386.rpm
nss-debuginfo-3.12.1.1-1.el5.i386.rpm
nss-tools-3.12.1.1-1.el5.i386.rpm
xulrunner-1.9.0.2-5.el5.i386.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.i386.rpm
yelp-2.16.0-21.el5.i386.rpm
yelp-debuginfo-2.16.0-21.el5.i386.rpm

x86_64:
devhelp-0.12-19.el5.i386.rpm
devhelp-0.12-19.el5.x86_64.rpm
devhelp-debuginfo-0.12-19.el5.i386.rpm
devhelp-debuginfo-0.12-19.el5.x86_64.rpm
firefox-3.0.2-3.el5.i386.rpm
firefox-3.0.2-3.el5.x86_64.rpm
firefox-debuginfo-3.0.2-3.el5.i386.rpm
firefox-debuginfo-3.0.2-3.el5.x86_64.rpm
nss-3.12.1.1-1.el5.i386.rpm
nss-3.12.1.1-1.el5.x86_64.rpm
nss-debuginfo-3.12.1.1-1.el5.i386.rpm
nss-debuginfo-3.12.1.1-1.el5.x86_64.rpm
nss-tools-3.12.1.1-1.el5.x86_64.rpm
xulrunner-1.9.0.2-5.el5.i386.rpm
xulrunner-1.9.0.2-5.el5.x86_64.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.i386.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.x86_64.rpm
yelp-2.16.0-21.el5.x86_64.rpm
yelp-debuginfo-2.16.0-21.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-19.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.1.1-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.2-5.el5.src.rpm

i386:
devhelp-debuginfo-0.12-19.el5.i386.rpm
devhelp-devel-0.12-19.el5.i386.rpm
nss-debuginfo-3.12.1.1-1.el5.i386.rpm
nss-devel-3.12.1.1-1.el5.i386.rpm
nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.i386.rpm
xulrunner-devel-1.9.0.2-5.el5.i386.rpm
xulrunner-devel-unstable-1.9.0.2-5.el5.i386.rpm

x86_64:
devhelp-debuginfo-0.12-19.el5.i386.rpm
devhelp-debuginfo-0.12-19.el5.x86_64.rpm
devhelp-devel-0.12-19.el5.i386.rpm
devhelp-devel-0.12-19.el5.x86_64.rpm
nss-debuginfo-3.12.1.1-1.el5.i386.rpm
nss-debuginfo-3.12.1.1-1.el5.x86_64.rpm
nss-devel-3.12.1.1-1.el5.i386.rpm
nss-devel-3.12.1.1-1.el5.x86_64.rpm
nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm
nss-pkcs11-devel-3.12.1.1-1.el5.x86_64.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.i386.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.x86_64.rpm
xulrunner-devel-1.9.0.2-5.el5.i386.rpm
xulrunner-devel-1.9.0.2-5.el5.x86_64.rpm
xulrunner-devel-unstable-1.9.0.2-5.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/devhelp-0.12-19.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.0.2-3.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss-3.12.1.1-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.0.2-5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/yelp-2.16.0-21.el5.src.rpm

i386:
devhelp-0.12-19.el5.i386.rpm
devhelp-debuginfo-0.12-19.el5.i386.rpm
devhelp-devel-0.12-19.el5.i386.rpm
firefox-3.0.2-3.el5.i386.rpm
firefox-debuginfo-3.0.2-3.el5.i386.rpm
nss-3.12.1.1-1.el5.i386.rpm
nss-debuginfo-3.12.1.1-1.el5.i386.rpm
nss-devel-3.12.1.1-1.el5.i386.rpm
nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm
nss-tools-3.12.1.1-1.el5.i386.rpm
xulrunner-1.9.0.2-5.el5.i386.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.i386.rpm
xulrunner-devel-1.9.0.2-5.el5.i386.rpm
xulrunner-devel-unstable-1.9.0.2-5.el5.i386.rpm
yelp-2.16.0-21.el5.i386.rpm
yelp-debuginfo-2.16.0-21.el5.i386.rpm

ia64:
devhelp-0.12-19.el5.ia64.rpm
devhelp-debuginfo-0.12-19.el5.ia64.rpm
devhelp-devel-0.12-19.el5.ia64.rpm
firefox-3.0.2-3.el5.ia64.rpm
firefox-debuginfo-3.0.2-3.el5.ia64.rpm
nss-3.12.1.1-1.el5.i386.rpm
nss-3.12.1.1-1.el5.ia64.rpm
nss-debuginfo-3.12.1.1-1.el5.i386.rpm
nss-debuginfo-3.12.1.1-1.el5.ia64.rpm
nss-devel-3.12.1.1-1.el5.ia64.rpm
nss-pkcs11-devel-3.12.1.1-1.el5.ia64.rpm
nss-tools-3.12.1.1-1.el5.ia64.rpm
xulrunner-1.9.0.2-5.el5.ia64.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.ia64.rpm
xulrunner-devel-1.9.0.2-5.el5.ia64.rpm
xulrunner-devel-unstable-1.9.0.2-5.el5.ia64.rpm
yelp-2.16.0-21.el5.ia64.rpm
yelp-debuginfo-2.16.0-21.el5.ia64.rpm

ppc:
devhelp-0.12-19.el5.ppc.rpm
devhelp-debuginfo-0.12-19.el5.ppc.rpm
devhelp-devel-0.12-19.el5.ppc.rpm
firefox-3.0.2-3.el5.ppc.rpm
firefox-debuginfo-3.0.2-3.el5.ppc.rpm
nss-3.12.1.1-1.el5.ppc.rpm
nss-3.12.1.1-1.el5.ppc64.rpm
nss-debuginfo-3.12.1.1-1.el5.ppc.rpm
nss-debuginfo-3.12.1.1-1.el5.ppc64.rpm
nss-devel-3.12.1.1-1.el5.ppc.rpm
nss-devel-3.12.1.1-1.el5.ppc64.rpm
nss-pkcs11-devel-3.12.1.1-1.el5.ppc.rpm
nss-pkcs11-devel-3.12.1.1-1.el5.ppc64.rpm
nss-tools-3.12.1.1-1.el5.ppc.rpm
xulrunner-1.9.0.2-5.el5.ppc.rpm
xulrunner-1.9.0.2-5.el5.ppc64.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.ppc.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.ppc64.rpm
xulrunner-devel-1.9.0.2-5.el5.ppc.rpm
xulrunner-devel-1.9.0.2-5.el5.ppc64.rpm
xulrunner-devel-unstable-1.9.0.2-5.el5.ppc.rpm
yelp-2.16.0-21.el5.ppc.rpm
yelp-debuginfo-2.16.0-21.el5.ppc.rpm

s390x:
devhelp-0.12-19.el5.s390.rpm
devhelp-0.12-19.el5.s390x.rpm
devhelp-debuginfo-0.12-19.el5.s390.rpm
devhelp-debuginfo-0.12-19.el5.s390x.rpm
devhelp-devel-0.12-19.el5.s390.rpm
devhelp-devel-0.12-19.el5.s390x.rpm
firefox-3.0.2-3.el5.s390.rpm
firefox-3.0.2-3.el5.s390x.rpm
firefox-debuginfo-3.0.2-3.el5.s390.rpm
firefox-debuginfo-3.0.2-3.el5.s390x.rpm
nss-3.12.1.1-1.el5.s390.rpm
nss-3.12.1.1-1.el5.s390x.rpm
nss-debuginfo-3.12.1.1-1.el5.s390.rpm
nss-debuginfo-3.12.1.1-1.el5.s390x.rpm
nss-devel-3.12.1.1-1.el5.s390.rpm
nss-devel-3.12.1.1-1.el5.s390x.rpm
nss-pkcs11-devel-3.12.1.1-1.el5.s390.rpm
nss-pkcs11-devel-3.12.1.1-1.el5.s390x.rpm
nss-tools-3.12.1.1-1.el5.s390x.rpm
xulrunner-1.9.0.2-5.el5.s390.rpm
xulrunner-1.9.0.2-5.el5.s390x.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.s390.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.s390x.rpm
xulrunner-devel-1.9.0.2-5.el5.s390.rpm
xulrunner-devel-1.9.0.2-5.el5.s390x.rpm
xulrunner-devel-unstable-1.9.0.2-5.el5.s390x.rpm
yelp-2.16.0-21.el5.s390x.rpm
yelp-debuginfo-2.16.0-21.el5.s390x.rpm

x86_64:
devhelp-0.12-19.el5.i386.rpm
devhelp-0.12-19.el5.x86_64.rpm
devhelp-debuginfo-0.12-19.el5.i386.rpm
devhelp-debuginfo-0.12-19.el5.x86_64.rpm
devhelp-devel-0.12-19.el5.i386.rpm
devhelp-devel-0.12-19.el5.x86_64.rpm
firefox-3.0.2-3.el5.i386.rpm
firefox-3.0.2-3.el5.x86_64.rpm
firefox-debuginfo-3.0.2-3.el5.i386.rpm
firefox-debuginfo-3.0.2-3.el5.x86_64.rpm
nss-3.12.1.1-1.el5.i386.rpm
nss-3.12.1.1-1.el5.x86_64.rpm
nss-debuginfo-3.12.1.1-1.el5.i386.rpm
nss-debuginfo-3.12.1.1-1.el5.x86_64.rpm
nss-devel-3.12.1.1-1.el5.i386.rpm
nss-devel-3.12.1.1-1.el5.x86_64.rpm
nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm
nss-pkcs11-devel-3.12.1.1-1.el5.x86_64.rpm
nss-tools-3.12.1.1-1.el5.x86_64.rpm
xulrunner-1.9.0.2-5.el5.i386.rpm
xulrunner-1.9.0.2-5.el5.x86_64.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.i386.rpm
xulrunner-debuginfo-1.9.0.2-5.el5.x86_64.rpm
xulrunner-devel-1.9.0.2-5.el5.i386.rpm
xulrunner-devel-1.9.0.2-5.el5.x86_64.rpm
xulrunner-devel-unstable-1.9.0.2-5.el5.x86_64.rpm
yelp-2.16.0-21.el5.x86_64.rpm
yelp-debuginfo-2.16.0-21.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.2

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFI2aPGXlSAg2UNWIIRAjOKAJ9HDll1WzlDoGIxaGb9LQ Bp/Pj79QCgiS7P
/TaVMwxAFB9D96eC+I95s5s=
=+cOv
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

11-13-2008 01:50 AM

Critical: firefox security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2008:0978-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0978.html
Issue date: 2008-11-12
CVE Names: CVE-2008-0017 CVE-2008-5014 CVE-2008-5015
CVE-2008-5016 CVE-2008-5017 CVE-2008-5018
CVE-2008-5019 CVE-2008-5021 CVE-2008-5022
CVE-2008-5023 CVE-2008-5024
================================================== ===================

1. Summary:

An updated firefox package that fixes various security issues is now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

Mozilla Firefox is an open source Web browser.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017,
CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)

Several flaws were found in the way malformed content was processed. A web
site containing specially-crafted content could potentially trick a Firefox
user into surrendering sensitive information. (CVE-2008-5022,
CVE-2008-5023, CVE-2008-5024)

A flaw was found in the way Firefox opened "file:" URIs. If a file: URI was
loaded in the same tab as a chrome or privileged "about:" page, the file:
URI could execute arbitrary code with the permissions of the user running
Firefox. (CVE-2008-5015)

For technical details regarding these flaws, please see the Mozilla
security advisories for Firefox 3.0.4. You can find a link to the Mozilla
advisories in the References section.

All firefox users should upgrade to these updated packages, which contain
backported patches that correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

454283 - firefox-2.0-getstartpage.patch breaks extensions which set homepage
470873 - CVE-2008-5014 Mozilla crash and remote code execution via __proto__ tampering
470876 - CVE-2008-5015 Mozilla file: URIs inherit chrome privileges
470881 - CVE-2008-5016 Mozilla crash with evidence of memory corruption
470883 - CVE-2008-5017 Mozilla crash with evidence of memory corruption
470884 - CVE-2008-5018 Mozilla crash with evidence of memory corruption
470889 - CVE-2008-5019 Mozilla XSS via session restore
470892 - CVE-2008-0017 Mozilla buffer overflow in http-index-format parser
470894 - CVE-2008-5021 Mozilla crash and remote code execution in nsFrameManager
470895 - CVE-2008-5022 Mozilla nsXMLHttpRequest::NotifyEventListeners() same-origin violation
470898 - CVE-2008-5023 Mozilla -moz-binding property bypasses security checks on codebase principals
470902 - CVE-2008-5024 Mozilla parsing error in E4X default namespace

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.0.4-1.el4.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nss-3.12.1.1-3.el4.src.rpm

i386:
firefox-3.0.4-1.el4.i386.rpm
firefox-debuginfo-3.0.4-1.el4.i386.rpm
nss-3.12.1.1-3.el4.i386.rpm
nss-debuginfo-3.12.1.1-3.el4.i386.rpm
nss-devel-3.12.1.1-3.el4.i386.rpm

ia64:
firefox-3.0.4-1.el4.ia64.rpm
firefox-debuginfo-3.0.4-1.el4.ia64.rpm
nss-3.12.1.1-3.el4.i386.rpm
nss-3.12.1.1-3.el4.ia64.rpm
nss-debuginfo-3.12.1.1-3.el4.ia64.rpm
nss-devel-3.12.1.1-3.el4.ia64.rpm

ppc:
firefox-3.0.4-1.el4.ppc.rpm
firefox-debuginfo-3.0.4-1.el4.ppc.rpm
nss-3.12.1.1-3.el4.ppc.rpm
nss-3.12.1.1-3.el4.ppc64.rpm
nss-debuginfo-3.12.1.1-3.el4.ppc.rpm
nss-debuginfo-3.12.1.1-3.el4.ppc64.rpm
nss-devel-3.12.1.1-3.el4.ppc.rpm

s390:
firefox-3.0.4-1.el4.s390.rpm
firefox-debuginfo-3.0.4-1.el4.s390.rpm
nss-3.12.1.1-3.el4.s390.rpm
nss-debuginfo-3.12.1.1-3.el4.s390.rpm
nss-devel-3.12.1.1-3.el4.s390.rpm

s390x:
firefox-3.0.4-1.el4.s390x.rpm
firefox-debuginfo-3.0.4-1.el4.s390x.rpm
nss-3.12.1.1-3.el4.s390.rpm
nss-3.12.1.1-3.el4.s390x.rpm
nss-debuginfo-3.12.1.1-3.el4.s390x.rpm
nss-devel-3.12.1.1-3.el4.s390x.rpm

x86_64:
firefox-3.0.4-1.el4.x86_64.rpm
firefox-debuginfo-3.0.4-1.el4.x86_64.rpm
nss-3.12.1.1-3.el4.i386.rpm
nss-3.12.1.1-3.el4.x86_64.rpm
nss-debuginfo-3.12.1.1-3.el4.x86_64.rpm
nss-devel-3.12.1.1-3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.0.4-1.el4.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nss-3.12.1.1-3.el4.src.rpm

i386:
firefox-3.0.4-1.el4.i386.rpm
firefox-debuginfo-3.0.4-1.el4.i386.rpm
nss-3.12.1.1-3.el4.i386.rpm
nss-debuginfo-3.12.1.1-3.el4.i386.rpm
nss-devel-3.12.1.1-3.el4.i386.rpm

x86_64:
firefox-3.0.4-1.el4.x86_64.rpm
firefox-debuginfo-3.0.4-1.el4.x86_64.rpm
nss-3.12.1.1-3.el4.i386.rpm
nss-3.12.1.1-3.el4.x86_64.rpm
nss-debuginfo-3.12.1.1-3.el4.x86_64.rpm
nss-devel-3.12.1.1-3.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.0.4-1.el4.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nss-3.12.1.1-3.el4.src.rpm

i386:
firefox-3.0.4-1.el4.i386.rpm
firefox-debuginfo-3.0.4-1.el4.i386.rpm
nss-3.12.1.1-3.el4.i386.rpm
nss-debuginfo-3.12.1.1-3.el4.i386.rpm
nss-devel-3.12.1.1-3.el4.i386.rpm

ia64:
firefox-3.0.4-1.el4.ia64.rpm
firefox-debuginfo-3.0.4-1.el4.ia64.rpm
nss-3.12.1.1-3.el4.i386.rpm
nss-3.12.1.1-3.el4.ia64.rpm
nss-debuginfo-3.12.1.1-3.el4.ia64.rpm
nss-devel-3.12.1.1-3.el4.ia64.rpm

x86_64:
firefox-3.0.4-1.el4.x86_64.rpm
firefox-debuginfo-3.0.4-1.el4.x86_64.rpm
nss-3.12.1.1-3.el4.i386.rpm
nss-3.12.1.1-3.el4.x86_64.rpm
nss-debuginfo-3.12.1.1-3.el4.x86_64.rpm
nss-devel-3.12.1.1-3.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.0.4-1.el4.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nss-3.12.1.1-3.el4.src.rpm

i386:
firefox-3.0.4-1.el4.i386.rpm
firefox-debuginfo-3.0.4-1.el4.i386.rpm
nss-3.12.1.1-3.el4.i386.rpm
nss-debuginfo-3.12.1.1-3.el4.i386.rpm
nss-devel-3.12.1.1-3.el4.i386.rpm

ia64:
firefox-3.0.4-1.el4.ia64.rpm
firefox-debuginfo-3.0.4-1.el4.ia64.rpm
nss-3.12.1.1-3.el4.i386.rpm
nss-3.12.1.1-3.el4.ia64.rpm
nss-debuginfo-3.12.1.1-3.el4.ia64.rpm
nss-devel-3.12.1.1-3.el4.ia64.rpm

x86_64:
firefox-3.0.4-1.el4.x86_64.rpm
firefox-debuginfo-3.0.4-1.el4.x86_64.rpm
nss-3.12.1.1-3.el4.i386.rpm
nss-3.12.1.1-3.el4.x86_64.rpm
nss-debuginfo-3.12.1.1-3.el4.x86_64.rpm
nss-devel-3.12.1.1-3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-20.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.0.4-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.1.1-3.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.4-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/yelp-2.16.0-22.el5.src.rpm

i386:
devhelp-0.12-20.el5.i386.rpm
devhelp-debuginfo-0.12-20.el5.i386.rpm
firefox-3.0.4-1.el5.i386.rpm
firefox-debuginfo-3.0.4-1.el5.i386.rpm
nss-3.12.1.1-3.el5.i386.rpm
nss-debuginfo-3.12.1.1-3.el5.i386.rpm
nss-tools-3.12.1.1-3.el5.i386.rpm
xulrunner-1.9.0.4-1.el5.i386.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.i386.rpm
yelp-2.16.0-22.el5.i386.rpm
yelp-debuginfo-2.16.0-22.el5.i386.rpm

x86_64:
devhelp-0.12-20.el5.i386.rpm
devhelp-0.12-20.el5.x86_64.rpm
devhelp-debuginfo-0.12-20.el5.i386.rpm
devhelp-debuginfo-0.12-20.el5.x86_64.rpm
firefox-3.0.4-1.el5.i386.rpm
firefox-3.0.4-1.el5.x86_64.rpm
firefox-debuginfo-3.0.4-1.el5.i386.rpm
firefox-debuginfo-3.0.4-1.el5.x86_64.rpm
nss-3.12.1.1-3.el5.i386.rpm
nss-3.12.1.1-3.el5.x86_64.rpm
nss-debuginfo-3.12.1.1-3.el5.i386.rpm
nss-debuginfo-3.12.1.1-3.el5.x86_64.rpm
nss-tools-3.12.1.1-3.el5.x86_64.rpm
xulrunner-1.9.0.4-1.el5.i386.rpm
xulrunner-1.9.0.4-1.el5.x86_64.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.i386.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.x86_64.rpm
yelp-2.16.0-22.el5.x86_64.rpm
yelp-debuginfo-2.16.0-22.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-20.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.1.1-3.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.4-1.el5.src.rpm

i386:
devhelp-debuginfo-0.12-20.el5.i386.rpm
devhelp-devel-0.12-20.el5.i386.rpm
nss-debuginfo-3.12.1.1-3.el5.i386.rpm
nss-devel-3.12.1.1-3.el5.i386.rpm
nss-pkcs11-devel-3.12.1.1-3.el5.i386.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.i386.rpm
xulrunner-devel-1.9.0.4-1.el5.i386.rpm
xulrunner-devel-unstable-1.9.0.4-1.el5.i386.rpm

x86_64:
devhelp-debuginfo-0.12-20.el5.i386.rpm
devhelp-debuginfo-0.12-20.el5.x86_64.rpm
devhelp-devel-0.12-20.el5.i386.rpm
devhelp-devel-0.12-20.el5.x86_64.rpm
nss-debuginfo-3.12.1.1-3.el5.i386.rpm
nss-debuginfo-3.12.1.1-3.el5.x86_64.rpm
nss-devel-3.12.1.1-3.el5.i386.rpm
nss-devel-3.12.1.1-3.el5.x86_64.rpm
nss-pkcs11-devel-3.12.1.1-3.el5.i386.rpm
nss-pkcs11-devel-3.12.1.1-3.el5.x86_64.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.i386.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.x86_64.rpm
xulrunner-devel-1.9.0.4-1.el5.i386.rpm
xulrunner-devel-1.9.0.4-1.el5.x86_64.rpm
xulrunner-devel-unstable-1.9.0.4-1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/devhelp-0.12-20.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.0.4-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss-3.12.1.1-3.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.0.4-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/yelp-2.16.0-22.el5.src.rpm

i386:
devhelp-0.12-20.el5.i386.rpm
devhelp-debuginfo-0.12-20.el5.i386.rpm
devhelp-devel-0.12-20.el5.i386.rpm
firefox-3.0.4-1.el5.i386.rpm
firefox-debuginfo-3.0.4-1.el5.i386.rpm
nss-3.12.1.1-3.el5.i386.rpm
nss-debuginfo-3.12.1.1-3.el5.i386.rpm
nss-devel-3.12.1.1-3.el5.i386.rpm
nss-pkcs11-devel-3.12.1.1-3.el5.i386.rpm
nss-tools-3.12.1.1-3.el5.i386.rpm
xulrunner-1.9.0.4-1.el5.i386.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.i386.rpm
xulrunner-devel-1.9.0.4-1.el5.i386.rpm
xulrunner-devel-unstable-1.9.0.4-1.el5.i386.rpm
yelp-2.16.0-22.el5.i386.rpm
yelp-debuginfo-2.16.0-22.el5.i386.rpm

ia64:
devhelp-0.12-20.el5.ia64.rpm
devhelp-debuginfo-0.12-20.el5.ia64.rpm
devhelp-devel-0.12-20.el5.ia64.rpm
firefox-3.0.4-1.el5.ia64.rpm
firefox-debuginfo-3.0.4-1.el5.ia64.rpm
nss-3.12.1.1-3.el5.i386.rpm
nss-3.12.1.1-3.el5.ia64.rpm
nss-debuginfo-3.12.1.1-3.el5.i386.rpm
nss-debuginfo-3.12.1.1-3.el5.ia64.rpm
nss-devel-3.12.1.1-3.el5.ia64.rpm
nss-pkcs11-devel-3.12.1.1-3.el5.ia64.rpm
nss-tools-3.12.1.1-3.el5.ia64.rpm
xulrunner-1.9.0.4-1.el5.ia64.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.ia64.rpm
xulrunner-devel-1.9.0.4-1.el5.ia64.rpm
xulrunner-devel-unstable-1.9.0.4-1.el5.ia64.rpm
yelp-2.16.0-22.el5.ia64.rpm
yelp-debuginfo-2.16.0-22.el5.ia64.rpm

ppc:
devhelp-0.12-20.el5.ppc.rpm
devhelp-debuginfo-0.12-20.el5.ppc.rpm
devhelp-devel-0.12-20.el5.ppc.rpm
firefox-3.0.4-1.el5.ppc.rpm
firefox-debuginfo-3.0.4-1.el5.ppc.rpm
nss-3.12.1.1-3.el5.ppc.rpm
nss-3.12.1.1-3.el5.ppc64.rpm
nss-debuginfo-3.12.1.1-3.el5.ppc.rpm
nss-debuginfo-3.12.1.1-3.el5.ppc64.rpm
nss-devel-3.12.1.1-3.el5.ppc.rpm
nss-devel-3.12.1.1-3.el5.ppc64.rpm
nss-pkcs11-devel-3.12.1.1-3.el5.ppc.rpm
nss-pkcs11-devel-3.12.1.1-3.el5.ppc64.rpm
nss-tools-3.12.1.1-3.el5.ppc.rpm
xulrunner-1.9.0.4-1.el5.ppc.rpm
xulrunner-1.9.0.4-1.el5.ppc64.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.ppc.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.ppc64.rpm
xulrunner-devel-1.9.0.4-1.el5.ppc.rpm
xulrunner-devel-1.9.0.4-1.el5.ppc64.rpm
xulrunner-devel-unstable-1.9.0.4-1.el5.ppc.rpm
yelp-2.16.0-22.el5.ppc.rpm
yelp-debuginfo-2.16.0-22.el5.ppc.rpm

s390x:
devhelp-0.12-20.el5.s390.rpm
devhelp-0.12-20.el5.s390x.rpm
devhelp-debuginfo-0.12-20.el5.s390.rpm
devhelp-debuginfo-0.12-20.el5.s390x.rpm
devhelp-devel-0.12-20.el5.s390.rpm
devhelp-devel-0.12-20.el5.s390x.rpm
firefox-3.0.4-1.el5.s390.rpm
firefox-3.0.4-1.el5.s390x.rpm
firefox-debuginfo-3.0.4-1.el5.s390.rpm
firefox-debuginfo-3.0.4-1.el5.s390x.rpm
nss-3.12.1.1-3.el5.s390.rpm
nss-3.12.1.1-3.el5.s390x.rpm
nss-debuginfo-3.12.1.1-3.el5.s390.rpm
nss-debuginfo-3.12.1.1-3.el5.s390x.rpm
nss-devel-3.12.1.1-3.el5.s390.rpm
nss-devel-3.12.1.1-3.el5.s390x.rpm
nss-pkcs11-devel-3.12.1.1-3.el5.s390.rpm
nss-pkcs11-devel-3.12.1.1-3.el5.s390x.rpm
nss-tools-3.12.1.1-3.el5.s390x.rpm
xulrunner-1.9.0.4-1.el5.s390.rpm
xulrunner-1.9.0.4-1.el5.s390x.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.s390.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.s390x.rpm
xulrunner-devel-1.9.0.4-1.el5.s390.rpm
xulrunner-devel-1.9.0.4-1.el5.s390x.rpm
xulrunner-devel-unstable-1.9.0.4-1.el5.s390x.rpm
yelp-2.16.0-22.el5.s390x.rpm
yelp-debuginfo-2.16.0-22.el5.s390x.rpm

x86_64:
devhelp-0.12-20.el5.i386.rpm
devhelp-0.12-20.el5.x86_64.rpm
devhelp-debuginfo-0.12-20.el5.i386.rpm
devhelp-debuginfo-0.12-20.el5.x86_64.rpm
devhelp-devel-0.12-20.el5.i386.rpm
devhelp-devel-0.12-20.el5.x86_64.rpm
firefox-3.0.4-1.el5.i386.rpm
firefox-3.0.4-1.el5.x86_64.rpm
firefox-debuginfo-3.0.4-1.el5.i386.rpm
firefox-debuginfo-3.0.4-1.el5.x86_64.rpm
nss-3.12.1.1-3.el5.i386.rpm
nss-3.12.1.1-3.el5.x86_64.rpm
nss-debuginfo-3.12.1.1-3.el5.i386.rpm
nss-debuginfo-3.12.1.1-3.el5.x86_64.rpm
nss-devel-3.12.1.1-3.el5.i386.rpm
nss-devel-3.12.1.1-3.el5.x86_64.rpm
nss-pkcs11-devel-3.12.1.1-3.el5.i386.rpm
nss-pkcs11-devel-3.12.1.1-3.el5.x86_64.rpm
nss-tools-3.12.1.1-3.el5.x86_64.rpm
xulrunner-1.9.0.4-1.el5.i386.rpm
xulrunner-1.9.0.4-1.el5.x86_64.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.i386.rpm
xulrunner-debuginfo-1.9.0.4-1.el5.x86_64.rpm
xulrunner-devel-1.9.0.4-1.el5.i386.rpm
xulrunner-devel-1.9.0.4-1.el5.x86_64.rpm
xulrunner-devel-unstable-1.9.0.4-1.el5.x86_64.rpm
yelp-2.16.0-22.el5.x86_64.rpm
yelp-debuginfo-2.16.0-22.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.4

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJG5U2XlSAg2UNWIIRAocUAJ9AdR+nytI5kXo2YQVAN5 4jOBlNZwCghHzq
8sZ5VWaM+vik90Q9UYiEZsE=
=kYqN
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

All times are GMT. The time now is 07:51 AM.

Page 1 of 4

1

Show 40 post(s) from this thread on one page

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.