Foresight: firefox - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

Is Mandatory Access Control Too Much Security For Enterprise's Linux?

	Yes, too difficult to configure and manage.
	No. You can never have enough security.
	Yes. Standard Linux security settings work for us.
	No. Industry demands will demand SELinux.
	Don't know.

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

Emily Ratliff: OS Security

DanWalsh LiveJournal

Security Bloggers Network

Latest Newsletters

Linux Security Week: September 1st, 2008

Linux Advisory Watch: August 29th, 2008

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Foresight: firefox

User Rating:

How can I rate this item?

Posted by Bill Keys

Previous versions of the firefox package are vulnerable to several types of attacks, some of which are understood to allow compromised or malicious sites to run arbitrary code as the user running firefox.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0062-1
Published: 2007-10-28

Rating: Major

Updated Versions:
    firefox=/foresight.rpath.org at fl:1-devel//1/2.0.0.8-2-1[
    group-dist=/foresight.rpath.org at fl:1-devel//1/1.4.1-0.1-11

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1095
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2292
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3511
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5334
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5338
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340

Description:
    Previous versions of the firefox package are vulnerable to several
    types of attacks, some of which are understood to allow compromised
    or malicious sites to run arbitrary code as the user running firefox.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iQIVAwUBRyUnPdfwEn07iAtZAQJUKxAAtcaZZt3wFSB7Re2fwCH+EIWaU00Hm8fl
p88xRZhTYVavaltaOiCv1khnbuIYzAO4PJTgspqh0McjUqEQcDJctgeqalxp2G2s
1LWrPdS8HAcDyrH8wuGbDBbH9w+zZfl4cegW92iJtqefS7SZNX6G6NPkwVbftuUl
XO7Ox0G/oG46/U541yXNOfK61uKhYH9ID8cX/5Z3C7Sm8yze+v2URXSbqgqmIbN9
OjkbkBw4cqv+KUl/9eJ0IhB+aiGXMMExqeyt1VDsN3UtH/eeRIHue8FKZsGDlJBH
UlfUhgyZUSFOURGPp58pNW7ohm4yEf9Zz0kWcOxNHYerh0cX9XBc22djdBVr+FwS
VxpC6ncrDzej39JAABkFfLPtq7aKaaBm4DATdauxtbcPnkFMsPOm0RYkb5jy2eCT
M19zYOMFHzC0I14G3eyA1X/MJpc9x6DrZem4KtqMTBEGAUdAJxQZUzmr5M0WW2rI
qFwiNA+Ol6ogS4NfDXCiC9AVCNEmmzDxvIK/jKSf9f82MuURZaopvouxfG81qBeI
Q+Kdm1gRUlYPNTDSC1Bg7svCvQTDyFV2MLnjEaj8o5rFPbhd00J54u3RUz+DGhOx
sqwLEKPnN1m5bZVJTW14CAWMCCBwKwqYmwytiVX6tqZkxUZGWk8eWA5MyloXNKAW
+6KZ+wCr0Rg=
=b9pq
-----END PGP SIGNATURE-----

< Prev		Next >

Partner:

Latest Features

Review: Hacking Exposed Linux, Third Edition

Security Features of Firefox 3.0

Review: The Book of Wireless

April 2008 Open Source Tool of the Month: sudo

Open Source Tool of March: ZoneMinder

Meet the Anti-Nmap: PSAD

Open Source Tool of February: Nmap!

Yesterday's Edition

New Firefox Plug-In Double-Checks So-Called Unsafe Sites

Google Chrome Flaws Come Soon After Browser Release

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital