CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.0%
CentOS Errata and Security Advisory CESA-2006:0758
Mozilla Firefox is an open source Web browser.
Several flaws were found in the way Firefox processes certain malformed
Javascript code. A malicious web page could cause the execution of
Javascript code in such a way that could cause Firefox to crash or execute
arbitrary code as the user running Firefox. (CVE-2006-6498, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)
Several flaws were found in the way Firefox renders web pages. A malicious
web page could cause the browser to crash or possibly execute arbitrary
code as the user running Firefox. (CVE-2006-6497)
Users of Firefox are advised to upgrade to these erratum packages, which
contain Firefox version 1.5.0.9 that corrects these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-December/075610.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075612.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075615.html
https://lists.centos.org/pipermail/centos-announce/2006-December/075618.html
Affected packages:
firefox
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0758
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | i386 | firefox | < 1.5.0.9-0.1.el4.centos4 | firefox-1.5.0.9-0.1.el4.centos4.i386.rpm |
CentOS | 4 | i386 | firefox | < 1.5.0.9-0.1.el4.centos4 | firefox-1.5.0.9-0.1.el4.centos4.i386.rpm |
CentOS | 4 | ia64 | firefox | < 1.5.0.9-0.1.el4.centos4 | firefox-1.5.0.9-0.1.el4.centos4.ia64.rpm |
CentOS | 4 | s390 | firefox | < 1.5.0.9-0.1.el4.centos4 | firefox-1.5.0.9-0.1.el4.centos4.s390.rpm |
CentOS | 4 | s390x | firefox | < 1.5.0.9-0.1.el4.centos4 | firefox-1.5.0.9-0.1.el4.centos4.s390x.rpm |