---------------------------------------------------------------------Fedora Update Notification
FEDORA-2007-549
2007-05-31
---------------------------------------------------------------------Product     : Fedora Core 6
Name        : firefox
Version     : 1.5.0.12
Release     : 1.fc6
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------Update Information:

Updated firefox packages that fix several security bugs are
now available Fedora Core 6.

This update has been rated as having critical security
impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed
certain malformed JavaScript code. A web page containing
malicious JavaScript code could cause Firefox to crash or
potentially execute arbitrary code as the user running
Firefox. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV
commands. A malicious FTP server could use this flaw to
perform a rudimentary port-scan of machines behind a user's
firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way
Firefox handled certain form and cookie data. A malicious
web site that is able to set arbitrary form and cookie data
could prevent Firefox from functioning properly.
(CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the
addEventListener JavaScript method. A malicious web site
could use this method to access or modify sensitive data
from another web site. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web
content. A malicious web page could generate content that
would overlay user interface elements such as the hostname
and security indicators, tricking users into thinking they
are visiting a different site. (CVE-2007-2871)

Users of Firefox are advised to upgrade to these erratum
packages, which contain Firefox version 1.5.0.12 that
corrects these issues.

---------------------------------------------------------------------* Wed May 30 2007 Christopher Aillon  1.5.0.12-1
- Update to 1.5.0.12

---------------------------------------------------------------------This update can be downloaded from:
    
f20bee9997965a6902a26caf0e3c9f18e96f482a  SRPMS/firefox-1.5.0.12-1.fc6.src.rpm
f20bee9997965a6902a26caf0e3c9f18e96f482a  noarch/firefox-1.5.0.12-1.fc6.src.rpm
a0e7febfb4264f5a0e2a475ac6cdb9371275cbd4  ppc/firefox-devel-1.5.0.12-1.fc6.ppc.rpm
a30ccee95490f6513e559d19994488db50933075  ppc/firefox-1.5.0.12-1.fc6.ppc.rpm
e90ca6294a76270b8b1b930ce51d894b67f949eb  ppc/debug/firefox-debuginfo-1.5.0.12-1.fc6.ppc.rpm
5452ff82e9fbf62cad4ece460ef9415bd47728e0  x86_64/debug/firefox-debuginfo-1.5.0.12-1.fc6.x86_64.rpm
81fc5a70cc7f0591f7ec90eb0f8cf41cf03cfb4a  x86_64/firefox-1.5.0.12-1.fc6.x86_64.rpm
1cce48d2a466f257411cdd421c855eb80fefcdfd  x86_64/firefox-devel-1.5.0.12-1.fc6.x86_64.rpm
deff2b2abdac9925db3f0402075195322b884454  i386/firefox-1.5.0.12-1.fc6.i386.rpm
50f2730f492818d4fc34868710c1cb728cbd35ad  i386/firefox-devel-1.5.0.12-1.fc6.i386.rpm
1abeeac266763742539dcd0a1582e62b97b86645  i386/debug/firefox-debuginfo-1.5.0.12-1.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at .
---------------------------------------------------------------------_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora Core 6 Update: firefox-1.5.0.12-1.fc6

May 31, 2007
Updated firefox packages that fix several security bugs are now available Fedora Core 6

Summary

Mozilla Firefox is an open-source web browser, designed for standards

compliance, performance and portability.

Updated firefox packages that fix several security bugs are

now available Fedora Core 6.

This update has been rated as having critical security

impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed

certain malformed JavaScript code. A web page containing

malicious JavaScript code could cause Firefox to crash or

potentially execute arbitrary code as the user running

Firefox. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV

commands. A malicious FTP server could use this flaw to

perform a rudimentary port-scan of machines behind a user's

firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way

Firefox handled certain form and cookie data. A malicious

web site that is able to set arbitrary form and cookie data

could prevent Firefox from functioning properly.

(CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the

addEventListener JavaScript method. A malicious web site

could use this method to access or modify sensitive data

from another web site. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web

content. A malicious web page could generate content that

would overlay user interface elements such as the hostname

and security indicators, tricking users into thinking they

are visiting a different site. (CVE-2007-2871)

Users of Firefox are advised to upgrade to these erratum

packages, which contain Firefox version 1.5.0.12 that

corrects these issues.

- Update to 1.5.0.12

f20bee9997965a6902a26caf0e3c9f18e96f482a SRPMS/firefox-1.5.0.12-1.fc6.src.rpm

f20bee9997965a6902a26caf0e3c9f18e96f482a noarch/firefox-1.5.0.12-1.fc6.src.rpm

a0e7febfb4264f5a0e2a475ac6cdb9371275cbd4 ppc/firefox-devel-1.5.0.12-1.fc6.ppc.rpm

a30ccee95490f6513e559d19994488db50933075 ppc/firefox-1.5.0.12-1.fc6.ppc.rpm

e90ca6294a76270b8b1b930ce51d894b67f949eb ppc/debug/firefox-debuginfo-1.5.0.12-1.fc6.ppc.rpm

5452ff82e9fbf62cad4ece460ef9415bd47728e0 x86_64/debug/firefox-debuginfo-1.5.0.12-1.fc6.x86_64.rpm

81fc5a70cc7f0591f7ec90eb0f8cf41cf03cfb4a x86_64/firefox-1.5.0.12-1.fc6.x86_64.rpm

1cce48d2a466f257411cdd421c855eb80fefcdfd x86_64/firefox-devel-1.5.0.12-1.fc6.x86_64.rpm

deff2b2abdac9925db3f0402075195322b884454 i386/firefox-1.5.0.12-1.fc6.i386.rpm

50f2730f492818d4fc34868710c1cb728cbd35ad i386/firefox-devel-1.5.0.12-1.fc6.i386.rpm

1abeeac266763742539dcd0a1582e62b97b86645 i386/debug/firefox-debuginfo-1.5.0.12-1.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-package-announce

FEDORA-2007-549 2007-05-31 Name : firefox Version : 1.5.0.12 Release : 1.fc6 Summary : Mozilla Firefox Web browser. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Updated firefox packages that fix several security bugs are now available Fedora Core 6. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562) Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious web site that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious web site could use this method to access or modify sensitive data from another web site. (CVE-2007-2870) A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.12 that corrects these issues. - Update to 1.5.0.12 f20bee9997965a6902a26caf0e3c9f18e96f482a SRPMS/firefox-1.5.0.12-1.fc6.src.rpm f20bee9997965a6902a26caf0e3c9f18e96f482a noarch/firefox-1.5.0.12-1.fc6.src.rpm a0e7febfb4264f5a0e2a475ac6cdb9371275cbd4 ppc/firefox-devel-1.5.0.12-1.fc6.ppc.rpm a30ccee95490f6513e559d19994488db50933075 ppc/firefox-1.5.0.12-1.fc6.ppc.rpm e90ca6294a76270b8b1b930ce51d894b67f949eb ppc/debug/firefox-debuginfo-1.5.0.12-1.fc6.ppc.rpm 5452ff82e9fbf62cad4ece460ef9415bd47728e0 x86_64/debug/firefox-debuginfo-1.5.0.12-1.fc6.x86_64.rpm 81fc5a70cc7f0591f7ec90eb0f8cf41cf03cfb4a x86_64/firefox-1.5.0.12-1.fc6.x86_64.rpm 1cce48d2a466f257411cdd421c855eb80fefcdfd x86_64/firefox-devel-1.5.0.12-1.fc6.x86_64.rpm deff2b2abdac9925db3f0402075195322b884454 i386/firefox-1.5.0.12-1.fc6.i386.rpm 50f2730f492818d4fc34868710c1cb728cbd35ad i386/firefox-devel-1.5.0.12-1.fc6.i386.rpm 1abeeac266763742539dcd0a1582e62b97b86645 i386/debug/firefox-debuginfo-1.5.0.12-1.fc6.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce

Change Log

References

Update Instructions

Severity
Name : firefox
Version : 1.5.0.12
Release : 1.fc6
Summary : Mozilla Firefox Web browser.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved