Lucene search

RedHatRHSA-2007:0097

HistoryMar 14, 2007 - 12:00 a.m.

(RHSA-2007:0097) Critical: firefox security update

2007-03-1400:00:00

access.redhat.com

EPSS

0.971

Percentile

99.8%

JSON

Mozilla Firefox is an open source Web browser.

Flaws were found in the way Firefox executed malformed JavaScript code. A
malicious web page could cause Firefox to crash or allow arbitrary code
to be executed as the user running Firefox. (CVE-2007-0775, CVE-2007-0777)

Cross-site scripting (XSS) flaws were found in Firefox. A malicious web
page could display misleading information, allowing a user to unknowingly
divulge sensitive information, such as a password. (CVE-2006-6077,
CVE-2007-0995, CVE-2007-0996)

A flaw was found in the way Firefox processed JavaScript contained in
certain tags. A malicious web page could cause Firefox to execute
JavaScript code with the privileges of the user running Firefox.
(CVE-2007-0994)

A flaw was found in the way Firefox cached web pages on the local disk. A
malicious web page may have been able to inject arbitrary HTML into a
browsing session if the user reloaded a targeted site. (CVE-2007-0778)

Certain web content could overlay Firefox user interface elements such as
the hostname and security indicators. A malicious web page could trick a
user into thinking they were visiting a different site. (CVE-2007-0779)

Two flaws were found in Firefox’s displaying of blocked popup windows. If a
user could be convinced to open a blocked popup, it was possible to read
arbitrary local files, or conduct a cross-site scripting attack against the
user.
(CVE-2007-0780, CVE-2007-0800)

Two buffer overflow flaws were found in the Network Security Services (NSS)
code for processing the SSLv2 protocol. Connecting to a malicious secure
web server could cause the execution of arbitrary code as the user running
Firefox. (CVE-2007-0008, CVE-2007-0009)

A flaw was found in the way Firefox handled the “location.hostname” value.
A malicious web page could set domain cookies for an arbitrary site, or
possibly perform a cross-site scripting attack. (CVE-2007-0981)

Users of Firefox are advised to upgrade to this erratum package, containing
Firefox version 1.5.0.10 which is not vulnerable to these issues.

OSVersionArchitecturePackageVersionFilename
RedHat5ia64firefox-devel< 1.5.0.10-2.el5firefox-devel-1.5.0.10-2.el5.ia64.rpm
RedHat5srcyelp< 2.16.0-14.0.1.el5yelp-2.16.0-14.0.1.el5.src.rpm
RedHat5s390devhelp< 0.12-10.0.1.el5devhelp-0.12-10.0.1.el5.s390.rpm
RedHat5x86_64devhelp< 0.12-10.0.1.el5devhelp-0.12-10.0.1.el5.x86_64.rpm
RedHat5i386firefox-devel< 1.5.0.10-2.el5firefox-devel-1.5.0.10-2.el5.i386.rpm
RedHat5ia64yelp< 2.16.0-14.0.1.el5yelp-2.16.0-14.0.1.el5.ia64.rpm
RedHat5s390xdevhelp-devel< 0.12-10.0.1.el5devhelp-devel-0.12-10.0.1.el5.s390x.rpm
RedHat5x86_64devhelp-devel< 0.12-10.0.1.el5devhelp-devel-0.12-10.0.1.el5.x86_64.rpm
RedHat5s390devhelp-devel< 0.12-10.0.1.el5devhelp-devel-0.12-10.0.1.el5.s390.rpm
RedHat5srcdevhelp< 0.12-10.0.1.el5devhelp-0.12-10.0.1.el5.src.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	ia64	firefox-devel	< 1.5.0.10-2.el5	firefox-devel-1.5.0.10-2.el5.ia64.rpm
RedHat	5	src	yelp	< 2.16.0-14.0.1.el5	yelp-2.16.0-14.0.1.el5.src.rpm
RedHat	5	s390	devhelp	< 0.12-10.0.1.el5	devhelp-0.12-10.0.1.el5.s390.rpm
RedHat	5	x86_64	devhelp	< 0.12-10.0.1.el5	devhelp-0.12-10.0.1.el5.x86_64.rpm
RedHat	5	i386	firefox-devel	< 1.5.0.10-2.el5	firefox-devel-1.5.0.10-2.el5.i386.rpm
RedHat	5	ia64	yelp	< 2.16.0-14.0.1.el5	yelp-2.16.0-14.0.1.el5.ia64.rpm
RedHat	5	s390x	devhelp-devel	< 0.12-10.0.1.el5	devhelp-devel-0.12-10.0.1.el5.s390x.rpm
RedHat	5	x86_64	devhelp-devel	< 0.12-10.0.1.el5	devhelp-devel-0.12-10.0.1.el5.x86_64.rpm
RedHat	5	s390	devhelp-devel	< 0.12-10.0.1.el5	devhelp-devel-0.12-10.0.1.el5.s390.rpm
RedHat	5	src	devhelp	< 0.12-10.0.1.el5	devhelp-0.12-10.0.1.el5.src.rpm

Rows per page:

1-10 of 321