Foresight: firefox
Posted by Bill Keys   
Previous versions of the firefox package are vulnerable to several types of attacks, some of which are understood to allow compromised or malicious sites to run arbitrary code as the user running firefox.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0062-1
Published: 2007-10-28

Rating: Major

Updated Versions:
    firefox=/foresight.rpath.org at fl:1-devel//1/2.0.0.8-2-1[
    group-dist=/foresight.rpath.org at fl:1-devel//1/1.4.1-0.1-11

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1095
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2292
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3511
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5334
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5338
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340

Description:
    Previous versions of the firefox package are vulnerable to several
    types of attacks, some of which are understood to allow compromised
    or malicious sites to run arbitrary code as the user running firefox.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iQIVAwUBRyUnPdfwEn07iAtZAQJUKxAAtcaZZt3wFSB7Re2fwCH+EIWaU00Hm8fl
p88xRZhTYVavaltaOiCv1khnbuIYzAO4PJTgspqh0McjUqEQcDJctgeqalxp2G2s
1LWrPdS8HAcDyrH8wuGbDBbH9w+zZfl4cegW92iJtqefS7SZNX6G6NPkwVbftuUl
XO7Ox0G/oG46/U541yXNOfK61uKhYH9ID8cX/5Z3C7Sm8yze+v2URXSbqgqmIbN9
OjkbkBw4cqv+KUl/9eJ0IhB+aiGXMMExqeyt1VDsN3UtH/eeRIHue8FKZsGDlJBH
UlfUhgyZUSFOURGPp58pNW7ohm4yEf9Zz0kWcOxNHYerh0cX9XBc22djdBVr+FwS
VxpC6ncrDzej39JAABkFfLPtq7aKaaBm4DATdauxtbcPnkFMsPOm0RYkb5jy2eCT
M19zYOMFHzC0I14G3eyA1X/MJpc9x6DrZem4KtqMTBEGAUdAJxQZUzmr5M0WW2rI
qFwiNA+Ol6ogS4NfDXCiC9AVCNEmmzDxvIK/jKSf9f82MuURZaopvouxfG81qBeI
Q+Kdm1gRUlYPNTDSC1Bg7svCvQTDyFV2MLnjEaj8o5rFPbhd00J54u3RUz+DGhOx
sqwLEKPnN1m5bZVJTW14CAWMCCBwKwqYmwytiVX6tqZkxUZGWk8eWA5MyloXNKAW
+6KZ+wCr0Rg=
=b9pq
-----END PGP SIGNATURE-----