Mozilla Firefox is an open source Web browser.
Several flaws were found in the way Firefox processed certain malformed
JavaScript code. A malicious web page could execute JavaScript code in such
a way that may result in Firefox crashing or executing arbitrary code as
the user running Firefox. (CVE-2007-0775, CVE-2007-0777)
Several cross-site scripting (XSS) flaws were found in the way Firefox
processed certain malformed web pages. A malicious web page could display
misleading information which may result in a user unknowingly divulging
sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995,
CVE-2007-0996)
A flaw was found in the way Firefox cached web pages on the local disk. A
malicious web page may be able to inject arbitrary HTML into a browsing
session if the user reloads a targeted site. (CVE-2007-0778)
A flaw was found in the way Firefox displayed certain web content. A
malicious web page could generate content which could overlay user
interface elements such as the hostname and security indicators, tricking a
user into thinking they are visiting a different site. (CVE-2007-0779)
Two flaws were found in the way Firefox displayed blocked popup windows. If
a user can be convinced to open a blocked popup, it is possible to read
arbitrary local files, or conduct an XSS attack against the user.
(CVE-2007-0780, CVE-2007-0800)
Two buffer overflow flaws were found in the Network Security Services (NSS)
code for processing the SSLv2 protocol. Connecting to a malicious secure
web server could cause the execution of arbitrary code as the user running
Firefox. (CVE-2007-0008, CVE-2007-0009)
A flaw was found in the way Firefox handled the “location.hostname” value
during certain browser domain checks. This flaw could allow a malicious web
site to set domain cookies for an arbitrary site, or possibly perform an
XSS attack. (CVE-2007-0981)
Users of Firefox are advised to upgrade to these erratum packages, which
contain Firefox version 1.5.0.10 that corrects these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 4 | ia64 | firefox | < 1.5.0.10-0.1.el4 | firefox-1.5.0.10-0.1.el4.ia64.rpm |
RedHat | 4 | x86_64 | firefox | < 1.5.0.10-0.1.el4 | firefox-1.5.0.10-0.1.el4.x86_64.rpm |
RedHat | 4 | s390 | firefox | < 1.5.0.10-0.1.el4 | firefox-1.5.0.10-0.1.el4.s390.rpm |
RedHat | 4 | src | firefox | < 1.5.0.10-0.1.el4 | firefox-1.5.0.10-0.1.el4.src.rpm |
RedHat | 4 | i386 | firefox | < 1.5.0.10-0.1.el4 | firefox-1.5.0.10-0.1.el4.i386.rpm |
RedHat | 4 | s390x | firefox | < 1.5.0.10-0.1.el4 | firefox-1.5.0.10-0.1.el4.s390x.rpm |
RedHat | 4 | ppc | firefox | < 1.5.0.10-0.1.el4 | firefox-1.5.0.10-0.1.el4.ppc.rpm |