LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Critical: firefox security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. This update has been rated as having critical security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: firefox security update
Advisory ID:       RHSA-2007:0400-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0400.html
Issue date:        2007-05-30
Updated on:        2007-05-30
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-1362 CVE-2007-1562 CVE-2007-2867 
                   CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 
                   CVE-2007-2871 
- ---------------------------------------------------------------------

1. Summary:

Updated firefox packages that fix several security bugs are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed
JavaScript code. A web page containing malicious JavaScript code could
cause Firefox to crash or potentially execute arbitrary code as the user
running Firefox. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV commands. A
malicious FTP server could use this flaw to perform a rudimentary
port-scan of machines behind a user's firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way Firefox handled
certain form and cookie data. A malicious web site that is able to set
arbitrary form and cookie data could prevent Firefox from
functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the addEventListener
JavaScript method. A malicious web site could use this method to access or
modify sensitive data from another web site. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web content. A
malicious web page could generate content that would overlay user
interface elements such as the hostname and security indicators, tricking 
users into thinking they are visiting a different site. (CVE-2007-2871)

Users of Firefox are advised to upgrade to these erratum packages, which
contain Firefox version 1.5.0.12 that corrects these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

241670 - CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.1.el4.src.rpm
b65c0e149c9a2a99e4dd19f127301bcc  firefox-1.5.0.12-0.1.el4.src.rpm

i386:
86978cc9d7fe03d6826c77516ebdadf0  firefox-1.5.0.12-0.1.el4.i386.rpm
47e44ab5f3aabbf46d4a49188ac5fef1  firefox-debuginfo-1.5.0.12-0.1.el4.i386.rpm

ia64:
91a38b7498a5e459ad2be38100282550  firefox-1.5.0.12-0.1.el4.ia64.rpm
aa1bc419ac3f56c05c5f617840610daf  firefox-debuginfo-1.5.0.12-0.1.el4.ia64.rpm

ppc:
30e7be931ea1331c2971df5e108e50eb  firefox-1.5.0.12-0.1.el4.ppc.rpm
c65a76732d020d804326e02dc67eda35  firefox-debuginfo-1.5.0.12-0.1.el4.ppc.rpm

s390:
efb2e30a6beedd50881f3ec66db89d48  firefox-1.5.0.12-0.1.el4.s390.rpm
6e804c9d97559d8c0d7a99d01d0f1d46  firefox-debuginfo-1.5.0.12-0.1.el4.s390.rpm

s390x:
7abeac347fe36f9b99c2da0e7297407b  firefox-1.5.0.12-0.1.el4.s390x.rpm
bed63c7079f11b11196881526b84bbd7  firefox-debuginfo-1.5.0.12-0.1.el4.s390x.rpm

x86_64:
99e6f6963881507969dfc748202452df  firefox-1.5.0.12-0.1.el4.x86_64.rpm
2577b656e6e3ac5b396985878d506040  firefox-debuginfo-1.5.0.12-0.1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.1.el4.src.rpm
b65c0e149c9a2a99e4dd19f127301bcc  firefox-1.5.0.12-0.1.el4.src.rpm

i386:
86978cc9d7fe03d6826c77516ebdadf0  firefox-1.5.0.12-0.1.el4.i386.rpm
47e44ab5f3aabbf46d4a49188ac5fef1  firefox-debuginfo-1.5.0.12-0.1.el4.i386.rpm

x86_64:
99e6f6963881507969dfc748202452df  firefox-1.5.0.12-0.1.el4.x86_64.rpm
2577b656e6e3ac5b396985878d506040  firefox-debuginfo-1.5.0.12-0.1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.1.el4.src.rpm
b65c0e149c9a2a99e4dd19f127301bcc  firefox-1.5.0.12-0.1.el4.src.rpm

i386:
86978cc9d7fe03d6826c77516ebdadf0  firefox-1.5.0.12-0.1.el4.i386.rpm
47e44ab5f3aabbf46d4a49188ac5fef1  firefox-debuginfo-1.5.0.12-0.1.el4.i386.rpm

ia64:
91a38b7498a5e459ad2be38100282550  firefox-1.5.0.12-0.1.el4.ia64.rpm
aa1bc419ac3f56c05c5f617840610daf  firefox-debuginfo-1.5.0.12-0.1.el4.ia64.rpm

x86_64:
99e6f6963881507969dfc748202452df  firefox-1.5.0.12-0.1.el4.x86_64.rpm
2577b656e6e3ac5b396985878d506040  firefox-debuginfo-1.5.0.12-0.1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.1.el4.src.rpm
b65c0e149c9a2a99e4dd19f127301bcc  firefox-1.5.0.12-0.1.el4.src.rpm

i386:
86978cc9d7fe03d6826c77516ebdadf0  firefox-1.5.0.12-0.1.el4.i386.rpm
47e44ab5f3aabbf46d4a49188ac5fef1  firefox-debuginfo-1.5.0.12-0.1.el4.i386.rpm

ia64:
91a38b7498a5e459ad2be38100282550  firefox-1.5.0.12-0.1.el4.ia64.rpm
aa1bc419ac3f56c05c5f617840610daf  firefox-debuginfo-1.5.0.12-0.1.el4.ia64.rpm

x86_64:
99e6f6963881507969dfc748202452df  firefox-1.5.0.12-0.1.el4.x86_64.rpm
2577b656e6e3ac5b396985878d506040  firefox-debuginfo-1.5.0.12-0.1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-11.el5.src.rpm
85adab21471a9e46c5d0cb5816bbbcff  devhelp-0.12-11.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-1.el5.src.rpm
b0645efeba60c77ad740a212d465b453  firefox-1.5.0.12-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/yelp-2.16.0-15.el5.src.rpm
ed0f92a5a1721891f10cfadf08b3782f  yelp-2.16.0-15.el5.src.rpm

i386:
b7958042531e8f6b5931605a0f2d17fc  devhelp-0.12-11.el5.i386.rpm
ca85406a19b36f412dfdb129b29a71c9  devhelp-debuginfo-0.12-11.el5.i386.rpm
7b959d51178a768c437bdc1fd1dc3e3c  firefox-1.5.0.12-1.el5.i386.rpm
4d1671461afeb3ec1784d591ecb134f5  firefox-debuginfo-1.5.0.12-1.el5.i386.rpm
c0e883b6c8d47a1fbce33dc3133161de  yelp-2.16.0-15.el5.i386.rpm
165c0d376519fa7f46dfef9412dfbe6d  yelp-debuginfo-2.16.0-15.el5.i386.rpm

x86_64:
b7958042531e8f6b5931605a0f2d17fc  devhelp-0.12-11.el5.i386.rpm
47012533019d250c132ebbd97e87d227  devhelp-0.12-11.el5.x86_64.rpm
ca85406a19b36f412dfdb129b29a71c9  devhelp-debuginfo-0.12-11.el5.i386.rpm
b09ba06d46894a888f8ea6ae04cf416e  devhelp-debuginfo-0.12-11.el5.x86_64.rpm
7b959d51178a768c437bdc1fd1dc3e3c  firefox-1.5.0.12-1.el5.i386.rpm
244bb754d6039cc48c144c5f45052260  firefox-1.5.0.12-1.el5.x86_64.rpm
4d1671461afeb3ec1784d591ecb134f5  firefox-debuginfo-1.5.0.12-1.el5.i386.rpm
21bf5480e44a66710ba5f90eaef52294  firefox-debuginfo-1.5.0.12-1.el5.x86_64.rpm
35f3463a249179df63b98239cf4e3cbc  yelp-2.16.0-15.el5.x86_64.rpm
6fbdcb7e6b7586a7f7c2b4a17ab2e2fa  yelp-debuginfo-2.16.0-15.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-11.el5.src.rpm
85adab21471a9e46c5d0cb5816bbbcff  devhelp-0.12-11.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-1.el5.src.rpm
b0645efeba60c77ad740a212d465b453  firefox-1.5.0.12-1.el5.src.rpm

i386:
ca85406a19b36f412dfdb129b29a71c9  devhelp-debuginfo-0.12-11.el5.i386.rpm
77fe09441514cd6482f4596362485343  devhelp-devel-0.12-11.el5.i386.rpm
4d1671461afeb3ec1784d591ecb134f5  firefox-debuginfo-1.5.0.12-1.el5.i386.rpm
fa39c7e1fd6232e62b3d9a4f53acbc9b  firefox-devel-1.5.0.12-1.el5.i386.rpm

x86_64:
ca85406a19b36f412dfdb129b29a71c9  devhelp-debuginfo-0.12-11.el5.i386.rpm
b09ba06d46894a888f8ea6ae04cf416e  devhelp-debuginfo-0.12-11.el5.x86_64.rpm
77fe09441514cd6482f4596362485343  devhelp-devel-0.12-11.el5.i386.rpm
141d1df1f9e83521808efafd42f944fc  devhelp-devel-0.12-11.el5.x86_64.rpm
4d1671461afeb3ec1784d591ecb134f5  firefox-debuginfo-1.5.0.12-1.el5.i386.rpm
21bf5480e44a66710ba5f90eaef52294  firefox-debuginfo-1.5.0.12-1.el5.x86_64.rpm
fa39c7e1fd6232e62b3d9a4f53acbc9b  firefox-devel-1.5.0.12-1.el5.i386.rpm
e048eb9adb9dd967d1630c1fe4778f98  firefox-devel-1.5.0.12-1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/devhelp-0.12-11.el5.src.rpm
85adab21471a9e46c5d0cb5816bbbcff  devhelp-0.12-11.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.12-1.el5.src.rpm
b0645efeba60c77ad740a212d465b453  firefox-1.5.0.12-1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/yelp-2.16.0-15.el5.src.rpm
ed0f92a5a1721891f10cfadf08b3782f  yelp-2.16.0-15.el5.src.rpm

i386:
b7958042531e8f6b5931605a0f2d17fc  devhelp-0.12-11.el5.i386.rpm
ca85406a19b36f412dfdb129b29a71c9  devhelp-debuginfo-0.12-11.el5.i386.rpm
77fe09441514cd6482f4596362485343  devhelp-devel-0.12-11.el5.i386.rpm
7b959d51178a768c437bdc1fd1dc3e3c  firefox-1.5.0.12-1.el5.i386.rpm
4d1671461afeb3ec1784d591ecb134f5  firefox-debuginfo-1.5.0.12-1.el5.i386.rpm
fa39c7e1fd6232e62b3d9a4f53acbc9b  firefox-devel-1.5.0.12-1.el5.i386.rpm
c0e883b6c8d47a1fbce33dc3133161de  yelp-2.16.0-15.el5.i386.rpm
165c0d376519fa7f46dfef9412dfbe6d  yelp-debuginfo-2.16.0-15.el5.i386.rpm

ia64:
bb162cf991018497ba2107bd312acb48  devhelp-0.12-11.el5.ia64.rpm
570bd03ebe8669998c0b76df1a00bbcb  devhelp-debuginfo-0.12-11.el5.ia64.rpm
b565891923dc59b5d4d8d1e9261dba0b  devhelp-devel-0.12-11.el5.ia64.rpm
76e85b583ef60111b84983938e96004d  firefox-1.5.0.12-1.el5.ia64.rpm
382d26b8141480f8937a24216936d2ce  firefox-debuginfo-1.5.0.12-1.el5.ia64.rpm
035d9cf222fe66a807e63c1d346376ac  firefox-devel-1.5.0.12-1.el5.ia64.rpm
e1fc1489d821f1175b30f7af2bf80bb2  yelp-2.16.0-15.el5.ia64.rpm
b3318cd359029f8fb0ffb49d363cda96  yelp-debuginfo-2.16.0-15.el5.ia64.rpm

ppc:
71d19c30096ca87d8fbc8740652e9a00  devhelp-0.12-11.el5.ppc.rpm
12ca05b2dcbcc34dd8c51b8e6eaf3d0b  devhelp-debuginfo-0.12-11.el5.ppc.rpm
6aefe858236f2e1e1406cd5fea314d02  devhelp-devel-0.12-11.el5.ppc.rpm
88a37e6d10a175a50737a8b6c767c561  firefox-1.5.0.12-1.el5.ppc.rpm
26398c53bc44663d49e7dabf14c37100  firefox-debuginfo-1.5.0.12-1.el5.ppc.rpm
cf551a704d6cc2f33ce8086dcb6f4884  firefox-devel-1.5.0.12-1.el5.ppc.rpm
2fda60703e56ff7998740ce624c4157c  yelp-2.16.0-15.el5.ppc.rpm
829c9d72ece2a5fcd7d4be637d799d65  yelp-debuginfo-2.16.0-15.el5.ppc.rpm

s390x:
96802b267541ad3c0d5d8253eac7a0f6  devhelp-0.12-11.el5.s390.rpm
25fdb9f47687b447a85fdabdf9df80e5  devhelp-0.12-11.el5.s390x.rpm
9691ea4d3ca3db1eeeda64de5202bdc5  devhelp-debuginfo-0.12-11.el5.s390.rpm
4f18514595059a8e7dde34a42e0089e2  devhelp-debuginfo-0.12-11.el5.s390x.rpm
fa7ccd2ecc5ef946a26963e99fbb5ce1  devhelp-devel-0.12-11.el5.s390.rpm
b4f3cbab3249f5e63c659a4787f76af1  devhelp-devel-0.12-11.el5.s390x.rpm
7ea83a23a6e3de26b34d0585b7c12d10  firefox-1.5.0.12-1.el5.s390.rpm
bd45b8871ccbcbc35ff43b25a36210fa  firefox-1.5.0.12-1.el5.s390x.rpm
09e81d147f861ec7ed9bf0a7c4aa7a5b  firefox-debuginfo-1.5.0.12-1.el5.s390.rpm
b5172e50a9ceac771a47337f79e61751  firefox-debuginfo-1.5.0.12-1.el5.s390x.rpm
71196dd2cad1dc1b89b1354937abfa22  firefox-devel-1.5.0.12-1.el5.s390.rpm
fdb884e4d38b109868c6d7445b8c454b  firefox-devel-1.5.0.12-1.el5.s390x.rpm
1b84f778dcc83da7ca2a3fd4a92206a1  yelp-2.16.0-15.el5.s390x.rpm
e7b25ab33671e71edb7b57502738f55c  yelp-debuginfo-2.16.0-15.el5.s390x.rpm

x86_64:
b7958042531e8f6b5931605a0f2d17fc  devhelp-0.12-11.el5.i386.rpm
47012533019d250c132ebbd97e87d227  devhelp-0.12-11.el5.x86_64.rpm
ca85406a19b36f412dfdb129b29a71c9  devhelp-debuginfo-0.12-11.el5.i386.rpm
b09ba06d46894a888f8ea6ae04cf416e  devhelp-debuginfo-0.12-11.el5.x86_64.rpm
77fe09441514cd6482f4596362485343  devhelp-devel-0.12-11.el5.i386.rpm
141d1df1f9e83521808efafd42f944fc  devhelp-devel-0.12-11.el5.x86_64.rpm
7b959d51178a768c437bdc1fd1dc3e3c  firefox-1.5.0.12-1.el5.i386.rpm
244bb754d6039cc48c144c5f45052260  firefox-1.5.0.12-1.el5.x86_64.rpm
4d1671461afeb3ec1784d591ecb134f5  firefox-debuginfo-1.5.0.12-1.el5.i386.rpm
21bf5480e44a66710ba5f90eaef52294  firefox-debuginfo-1.5.0.12-1.el5.x86_64.rpm
fa39c7e1fd6232e62b3d9a4f53acbc9b  firefox-devel-1.5.0.12-1.el5.i386.rpm
e048eb9adb9dd967d1630c1fe4778f98  firefox-devel-1.5.0.12-1.el5.x86_64.rpm
35f3463a249179df63b98239cf4e3cbc  yelp-2.16.0-15.el5.x86_64.rpm
6fbdcb7e6b7586a7f7c2b4a17ab2e2fa  yelp-debuginfo-2.16.0-15.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2871
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
NSA keeps low profile at hacker conventions despite past appearances
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.