CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.7%
CentOS Errata and Security Advisory CESA-2007:0400
Mozilla Firefox is an open source Web browser.
Several flaws were found in the way Firefox processed certain malformed
JavaScript code. A web page containing malicious JavaScript code could
cause Firefox to crash or potentially execute arbitrary code as the user
running Firefox. (CVE-2007-2867, CVE-2007-2868)
A flaw was found in the way Firefox handled certain FTP PASV commands. A
malicious FTP server could use this flaw to perform a rudimentary
port-scan of machines behind a user’s firewall. (CVE-2007-1562)
Several denial of service flaws were found in the way Firefox handled
certain form and cookie data. A malicious web site that is able to set
arbitrary form and cookie data could prevent Firefox from
functioning properly. (CVE-2007-1362, CVE-2007-2869)
A flaw was found in the way Firefox handled the addEventListener
JavaScript method. A malicious web site could use this method to access or
modify sensitive data from another web site. (CVE-2007-2870)
A flaw was found in the way Firefox displayed certain web content. A
malicious web page could generate content that would overlay user
interface elements such as the hostname and security indicators, tricking
users into thinking they are visiting a different site. (CVE-2007-2871)
Users of Firefox are advised to upgrade to these erratum packages, which
contain Firefox version 1.5.0.12 that corrects these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-June/076016.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076019.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076021.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076022.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076023.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076024.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076025.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076026.html
https://lists.centos.org/pipermail/centos-announce/2007-May/076003.html
https://lists.centos.org/pipermail/centos-announce/2007-May/076004.html
https://lists.centos.org/pipermail/centos-announce/2007-May/076011.html
https://lists.centos.org/pipermail/centos-announce/2007-May/076012.html
Affected packages:
devhelp
devhelp-devel
firefox
firefox-devel
yelp
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0400
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | i386 | firefox | < 1.5.0.12-0.1.el4.centos | firefox-1.5.0.12-0.1.el4.centos.i386.rpm |
CentOS | 4 | x86_64 | firefox | < 1.5.0.12-0.1.el4.centos | firefox-1.5.0.12-0.1.el4.centos.x86_64.rpm |
CentOS | 4 | i386 | firefox | < 1.5.0.12-0.1.el4.centos3 | firefox-1.5.0.12-0.1.el4.centos3.i386.rpm |
CentOS | 4 | x86_64 | firefox | < 1.5.0.12-0.1.el4.centos3 | firefox-1.5.0.12-0.1.el4.centos3.x86_64.rpm |
CentOS | 4 | ia64 | firefox | < 1.5.0.12-0.1.el4.centos | firefox-1.5.0.12-0.1.el4.centos.ia64.rpm |
CentOS | 4 | s390 | firefox | < 1.5.0.12-0.1.el4.centos | firefox-1.5.0.12-0.1.el4.centos.s390.rpm |
CentOS | 4 | s390x | firefox | < 1.5.0.12-0.1.el4.centos | firefox-1.5.0.12-0.1.el4.centos.s390x.rpm |
CentOS | 5 | i386 | firefox | < 1.5.0.12-1.el5.centos | firefox-1.5.0.12-1.el5.centos.i386.rpm |
CentOS | 5 | i386 | firefox-devel | < 1.5.0.12-1.el5.centos | firefox-devel-1.5.0.12-1.el5.centos.i386.rpm |
CentOS | 5 | i386 | firefox | < 1.5.0.12-1.el5.centos | firefox-1.5.0.12-1.el5.centos.i386.rpm |