system-config-firewall is vulnerable to privilege escalation. It was found that system-config-firewall used the Python pickle module in an insecure way when sending data (via D-Bus) to the privileged back-end mechanism. A local user authorized to configure firewall rules using system-config-firewall could use this flaw to execute arbitrary code with root privileges, by sending a specially-crafted serialized object.
lists.fedoraproject.org/pipermail/package-announce/2011-August/063314.html
secunia.com/advisories/45294
securitytracker.com/id?1025793
www.openwall.com/lists/oss-security/2011/07/18/6
www.redhat.com/support/errata/RHSA-2011-0953.html
www.securityfocus.com/bid/48715
access.redhat.com/errata/RHSA-2011:0953
access.redhat.com/security/cve/CVE-2011-2520
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=717985
exchange.xforce.ibmcloud.com/vulnerabilities/68734