Fedora Core 6 Update: firefox-1.5.0.12-4.fc6 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: February 6th, 2012

Linux Advisory Watch: February 3rd, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora Core 6 Update: firefox-1.5.0.12-4.fc6

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox.

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-642
2007-07-20
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : firefox
Version     : 1.5.0.12
Release     : 4.fc6
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------
Update Information:

Mozilla Firefox is an open-source web browser, designed for
standards compliance, performance and portability.

Several flaws were found in the way Firefox processed
certain malformed JavaScript code. A web page containing
malicious JavaScript code could cause Firefox to crash or
potentially execute arbitrary code as the user running
Firefox. (CVE-2007-3734, CVE-2007-3735)

Several flaws were found in the way Firefox handles certain
JavaScript code. A web page containing malicious JavaScript
code could inject arbitrary content into other web pages.
(CVE-2007-3736, CVE-2007-3089)

A flaw was found in the way Firefox cached web pages on the
local disk. A malicious web page may be able to inject
arbitrary HTML into a browsing session if the user reloads a
targeted site. (CVE-2007-3656)

A flaw was found in the way Firefox processes certain web
content. A web page containing malicious content could
execute arbitrary commands as the user running Firefox.
(CVE-2007-3737, CVE-2007-3738)

Users of Firefox are advised to upgrade to these erratum
packages, which contain backported patches that correct
these issues.
---------------------------------------------------------------------
* Wed Jul 18 2007 Kai Engert  - 1.5.0.12-4
- fix tar ball mistake
* Wed Jul 18 2007 Kai Engert  - 1.5.0.12-3
- Add a patch to stick with major versions 1.5.0.12 / 1.8.0.12
* Tue Jul 17 2007 Kai Engert  - 1.5.0.12-2
- Update to latest snapshot of Mozilla 1.8.0 branch
- Include patches for Mozilla bugs 379245, 384925, 178993,
  381300 (+382686), 358594 (+380933), 382532 (+382503)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

04db587478c5865e44645faaa08a2105f9c565e7  SRPMS/firefox-1.5.0.12-4.fc6.src.rpm
04db587478c5865e44645faaa08a2105f9c565e7  noarch/firefox-1.5.0.12-4.fc6.src.rpm
f1b14a2ec88fb32af73367cf268fcce0d9f7a494  ppc/debug/firefox-debuginfo-1.5.0.12-4.fc6.ppc.rpm
4810057d98164845f5e773f9371a96f694cb1ec7  ppc/firefox-1.5.0.12-4.fc6.ppc.rpm
b0bdbb8d7799c301f78c63c6d0aedac119869c18  ppc/firefox-devel-1.5.0.12-4.fc6.ppc.rpm
ffbe5e5e08488c57799bdc9c68f98f3767c0daf7  x86_64/firefox-1.5.0.12-4.fc6.x86_64.rpm
01bdf0e33965ff1247dd2381ba4ee69739ce9d46  x86_64/debug/firefox-debuginfo-1.5.0.12-4.fc6.x86_64.rpm
252e41424130a8f463ca63044cc9f4d15cb7d503  x86_64/firefox-devel-1.5.0.12-4.fc6.x86_64.rpm
2bfd3305921f9f3e98d92fb2761ab253af92dba8  i386/firefox-1.5.0.12-4.fc6.i386.rpm
dae4f9c1ba9723b94a4b058720e878af23635646  i386/firefox-devel-1.5.0.12-4.fc6.i386.rpm
d92d064ee92b21887704d5e7c4560a367573976c  i386/debug/firefox-debuginfo-1.5.0.12-4.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce