- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Critical: Firefox security update
Advisory ID:       RHSA-2006:0328-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2006:0328.html
Issue date:        2006-04-14
Updated on:        2006-04-14
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-0749 CVE-2006-1724 CVE-2006-1727 
                   CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 
                   CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 
                   CVE-2006-1734 CVE-2006-1735 CVE-2006-1737 
                   CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 
                   CVE-2006-1741 CVE-2006-1742 
- ---------------------------------------------------------------------1. Summary:

Updated firefox packages that fix several security bugs are now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla Firefox is an open source Web browser.

Several bugs were found in the way Firefox processes malformed javascript.
A malicious web page could modify the content of a different open web page,
possibly stealing sensitive information or conducting a cross-site
scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Firefox processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of "chrome", allowing the page to steal
sensitive information or install browser malware. (CVE-2006-1727,
CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)

Several bugs were found in the way Firefox processes malformed web pages.
A carefully crafted malicious web page could cause the execution of
arbitrary code as the user running Firefox. (CVE-2006-0749, CVE-2006-1724,
CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739) 

A bug was found in the way Firefox displays the secure site icon. If a
browser is configured to display the non-default secure site modal warning
dialog, it may be possible to trick a user into believing they are viewing
a secure site. (CVE-2006-1740)

A bug was found in the way Firefox allows javascript mutation events on
"input" form elements. A malicious web page could be created in such a way
that when a user submits a form, an arbitrary file could be uploaded to the
attacker. (CVE-2006-1729)

Users of Firefox are advised to upgrade to these updated packages
containing Firefox version 1.0.8 which corrects these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

183537 - CVE-2006-0749 Firefox Tag Order Vulnerability
188814 - CVE-2006-1741 Cross-site JavaScript injection using event handlers
188816 - CVE-2006-1742 JavaScript garbage-collection hazard audit
188818 - CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739)
188820 - CVE-2006-1740 Secure-site spoof (requires security warning dialog)
188822 - CVE-2006-1735 Privilege escalation via XBL.method.eval
188824 - CVE-2006-1734 Privilege escalation using a JavaScript function's cloned parent
188826 - CVE-2006-1733 Accessing XBL compilation scope via valueOf.call()
188828 - CVE-2006-1732 cross-site scripting through window.controllers
188830 - CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
188832 - CVE-2006-1731 Cross-site scripting using .valueOf.call()
188834 - CVE-2006-1724 Crashes with evidence of memory corruption (1.5.0.2)
188836 - CVE-2006-1730 CSS Letter-Spacing Heap Overflow Vulnerability
188838 - CVE-2006-1729 File stealing by changing input type
188840 - CVE-2006-1728 Privilege escalation using crypto.generateCRMFRequest
188842 - CVE-2006-1727 Privilege escalation through Print Preview

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
56b5c27ea2ddbd0867f8ee87eda96cd9  firefox-1.0.8-1.4.1.src.rpm

i386:
d092a0e383f0d171a515cf3c1b50a310  firefox-1.0.8-1.4.1.i386.rpm
4f66c3525cd7904e42d1477e806a583c  firefox-debuginfo-1.0.8-1.4.1.i386.rpm

ia64:
826bc0089706ec833a75c82dd4c16555  firefox-1.0.8-1.4.1.ia64.rpm
fdb7a7c2a79ddfa19a890104abca06f4  firefox-debuginfo-1.0.8-1.4.1.ia64.rpm

ppc:
8c201529a81f5b75c23adc15dca47f9e  firefox-1.0.8-1.4.1.ppc.rpm
443c4fbffe45dd4b400c4f226b3c7d42  firefox-debuginfo-1.0.8-1.4.1.ppc.rpm

s390:
577c0d3f56cca04343d77eadf5b1680f  firefox-1.0.8-1.4.1.s390.rpm
3e9ff99420d652af75538e2ea99b3ce0  firefox-debuginfo-1.0.8-1.4.1.s390.rpm

s390x:
1e31976de69cb4eef9171bbfb1fb7621  firefox-1.0.8-1.4.1.s390x.rpm
977147cba3f966482f561d93c881a8d3  firefox-debuginfo-1.0.8-1.4.1.s390x.rpm

x86_64:
2cc4c552d8942f0b7e44457069fbaa67  firefox-1.0.8-1.4.1.x86_64.rpm
db96f3e2d520ef51ed5ebbd4e99d52a6  firefox-debuginfo-1.0.8-1.4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
56b5c27ea2ddbd0867f8ee87eda96cd9  firefox-1.0.8-1.4.1.src.rpm

i386:
d092a0e383f0d171a515cf3c1b50a310  firefox-1.0.8-1.4.1.i386.rpm
4f66c3525cd7904e42d1477e806a583c  firefox-debuginfo-1.0.8-1.4.1.i386.rpm

x86_64:
2cc4c552d8942f0b7e44457069fbaa67  firefox-1.0.8-1.4.1.x86_64.rpm
db96f3e2d520ef51ed5ebbd4e99d52a6  firefox-debuginfo-1.0.8-1.4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
56b5c27ea2ddbd0867f8ee87eda96cd9  firefox-1.0.8-1.4.1.src.rpm

i386:
d092a0e383f0d171a515cf3c1b50a310  firefox-1.0.8-1.4.1.i386.rpm
4f66c3525cd7904e42d1477e806a583c  firefox-debuginfo-1.0.8-1.4.1.i386.rpm

ia64:
826bc0089706ec833a75c82dd4c16555  firefox-1.0.8-1.4.1.ia64.rpm
fdb7a7c2a79ddfa19a890104abca06f4  firefox-debuginfo-1.0.8-1.4.1.ia64.rpm

x86_64:
2cc4c552d8942f0b7e44457069fbaa67  firefox-1.0.8-1.4.1.x86_64.rpm
db96f3e2d520ef51ed5ebbd4e99d52a6  firefox-debuginfo-1.0.8-1.4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
56b5c27ea2ddbd0867f8ee87eda96cd9  firefox-1.0.8-1.4.1.src.rpm

i386:
d092a0e383f0d171a515cf3c1b50a310  firefox-1.0.8-1.4.1.i386.rpm
4f66c3525cd7904e42d1477e806a583c  firefox-debuginfo-1.0.8-1.4.1.i386.rpm

ia64:
826bc0089706ec833a75c82dd4c16555  firefox-1.0.8-1.4.1.ia64.rpm
fdb7a7c2a79ddfa19a890104abca06f4  firefox-debuginfo-1.0.8-1.4.1.ia64.rpm

x86_64:
2cc4c552d8942f0b7e44457069fbaa67  firefox-1.0.8-1.4.1.x86_64.rpm
db96f3e2d520ef51ed5ebbd4e99d52a6  firefox-debuginfo-1.0.8-1.4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742
https://website-archive.mozilla.org/www.mozilla.org/firefox_releasenotes/en-us/firefox/releases/1.0.8
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.

RedHat: Critical: Firefox security update RHSA-2006:0328-01

Updated firefox packages that fix several security bugs are now available

Summary



Summary

Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox processes malformed javascript. A malicious web page could modify the content of a different open web page, possibly stealing sensitive information or conducting a cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741) Several bugs were found in the way Firefox processes certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742) Several bugs were found in the way Firefox processes malformed web pages. A carefully crafted malicious web page could cause the execution of arbitrary code as the user running Firefox. (CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739) A bug was found in the way Firefox displays the secure site icon. If a browser is configured to display the non-default secure site modal warning dialog, it may be possible to trick a user into believing they are viewing a secure site. (CVE-2006-1740) A bug was found in the way Firefox allows javascript mutation events on "input" form elements. A malicious web page could be created in such a way that when a user submits a form, an arbitrary file could be uploaded to the attacker. (CVE-2006-1729) Users of Firefox are advised to upgrade to these updated packages containing Firefox version 1.0.8 which corrects these issues.


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
183537 - CVE-2006-0749 Firefox Tag Order Vulnerability 188814 - CVE-2006-1741 Cross-site JavaScript injection using event handlers 188816 - CVE-2006-1742 JavaScript garbage-collection hazard audit 188818 - CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739) 188820 - CVE-2006-1740 Secure-site spoof (requires security warning dialog) 188822 - CVE-2006-1735 Privilege escalation via XBL.method.eval 188824 - CVE-2006-1734 Privilege escalation using a JavaScript function's cloned parent 188826 - CVE-2006-1733 Accessing XBL compilation scope via valueOf.call() 188828 - CVE-2006-1732 cross-site scripting through window.controllers 188830 - CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability 188832 - CVE-2006-1731 Cross-site scripting using .valueOf.call() 188834 - CVE-2006-1724 Crashes with evidence of memory corruption (1.5.0.2) 188836 - CVE-2006-1730 CSS Letter-Spacing Heap Overflow Vulnerability 188838 - CVE-2006-1729 File stealing by changing input type 188840 - CVE-2006-1728 Privilege escalation using crypto.generateCRMFRequest 188842 - CVE-2006-1727 Privilege escalation through Print Preview
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: 56b5c27ea2ddbd0867f8ee87eda96cd9 firefox-1.0.8-1.4.1.src.rpm
i386: d092a0e383f0d171a515cf3c1b50a310 firefox-1.0.8-1.4.1.i386.rpm 4f66c3525cd7904e42d1477e806a583c firefox-debuginfo-1.0.8-1.4.1.i386.rpm
ia64: 826bc0089706ec833a75c82dd4c16555 firefox-1.0.8-1.4.1.ia64.rpm fdb7a7c2a79ddfa19a890104abca06f4 firefox-debuginfo-1.0.8-1.4.1.ia64.rpm
ppc: 8c201529a81f5b75c23adc15dca47f9e firefox-1.0.8-1.4.1.ppc.rpm 443c4fbffe45dd4b400c4f226b3c7d42 firefox-debuginfo-1.0.8-1.4.1.ppc.rpm
s390: 577c0d3f56cca04343d77eadf5b1680f firefox-1.0.8-1.4.1.s390.rpm 3e9ff99420d652af75538e2ea99b3ce0 firefox-debuginfo-1.0.8-1.4.1.s390.rpm
s390x: 1e31976de69cb4eef9171bbfb1fb7621 firefox-1.0.8-1.4.1.s390x.rpm 977147cba3f966482f561d93c881a8d3 firefox-debuginfo-1.0.8-1.4.1.s390x.rpm
x86_64: 2cc4c552d8942f0b7e44457069fbaa67 firefox-1.0.8-1.4.1.x86_64.rpm db96f3e2d520ef51ed5ebbd4e99d52a6 firefox-debuginfo-1.0.8-1.4.1.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: 56b5c27ea2ddbd0867f8ee87eda96cd9 firefox-1.0.8-1.4.1.src.rpm
i386: d092a0e383f0d171a515cf3c1b50a310 firefox-1.0.8-1.4.1.i386.rpm 4f66c3525cd7904e42d1477e806a583c firefox-debuginfo-1.0.8-1.4.1.i386.rpm
x86_64: 2cc4c552d8942f0b7e44457069fbaa67 firefox-1.0.8-1.4.1.x86_64.rpm db96f3e2d520ef51ed5ebbd4e99d52a6 firefox-debuginfo-1.0.8-1.4.1.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: 56b5c27ea2ddbd0867f8ee87eda96cd9 firefox-1.0.8-1.4.1.src.rpm
i386: d092a0e383f0d171a515cf3c1b50a310 firefox-1.0.8-1.4.1.i386.rpm 4f66c3525cd7904e42d1477e806a583c firefox-debuginfo-1.0.8-1.4.1.i386.rpm
ia64: 826bc0089706ec833a75c82dd4c16555 firefox-1.0.8-1.4.1.ia64.rpm fdb7a7c2a79ddfa19a890104abca06f4 firefox-debuginfo-1.0.8-1.4.1.ia64.rpm
x86_64: 2cc4c552d8942f0b7e44457069fbaa67 firefox-1.0.8-1.4.1.x86_64.rpm db96f3e2d520ef51ed5ebbd4e99d52a6 firefox-debuginfo-1.0.8-1.4.1.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: 56b5c27ea2ddbd0867f8ee87eda96cd9 firefox-1.0.8-1.4.1.src.rpm
i386: d092a0e383f0d171a515cf3c1b50a310 firefox-1.0.8-1.4.1.i386.rpm 4f66c3525cd7904e42d1477e806a583c firefox-debuginfo-1.0.8-1.4.1.i386.rpm
ia64: 826bc0089706ec833a75c82dd4c16555 firefox-1.0.8-1.4.1.ia64.rpm fdb7a7c2a79ddfa19a890104abca06f4 firefox-debuginfo-1.0.8-1.4.1.ia64.rpm
x86_64: 2cc4c552d8942f0b7e44457069fbaa67 firefox-1.0.8-1.4.1.x86_64.rpm db96f3e2d520ef51ed5ebbd4e99d52a6 firefox-debuginfo-1.0.8-1.4.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1724 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742 https://website-archive.mozilla.org/www.mozilla.org/firefox_releasenotes/en-us/firefox/releases/1.0.8 http://www.redhat.com/security/updates/classification/#critical

Package List


Severity
Advisory ID: RHSA-2006:0328-01
Advisory URL: https://access.redhat.com/errata/RHSA-2006:0328.html
Issued Date: : 2006-04-14
Updated on: 2006-04-14
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-0749 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 Updated firefox packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


Bugs Fixed


Related News

6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved