Pardus: 2010-107: Firefox: Multiple Vulnerabilities
Posted by Benjamin D. Thomas   
Multiple vulnerabilities have been fixed in Firefox.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-107           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-08-11
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
======
Multiple vulnerabilities have been fixed in Firefox.


Description
==========
The new firefox update fixes the vulnerabilities below. Please see  the
mozilla security page for more information.



MFSA 2010-47 Cross-origin data leakage from script  filename  in  error
messages

MFSA 2010-46 Cross-domain data theft using CSS

MFSA 2010-45 Multiple location bar spoofing vulnerabilities

MFSA 2010-44 Characters mapped to  U+FFFD  in  8  bit  encodings  cause
subsequent

character to vanish

MFSA 2010-43 Same-origin bypass using canvas context

MFSA  2010-42 Cross-origin  data  disclosure  via  Web   Workers   and
importScripts

MFSA 2010-41 Remote code execution using malformed PNG image

MFSA 2010-40 nsTreeSelection dangling pointer remote code execution

vulnerability

MFSA 2010-39 nsCSSValue::Array index integer overflow

MFSA 2010-38 Arbitrary  code  execution  using  SJOW  and  fast  native
function

MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays  remote  code
execution

vulnerability

MFSA 2010-36 Use-after-free error in NodeIterator

MFSA 2010-35 DOM attribute cloning remote code execution vulnerability

MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)


Affected packages:

  Pardus 2009:
    xulrunner, all before 1.9.2.8-34-29
    firefox, all before 3.6.8-131-34



Resolution
=========
There are update(s) for xulrunner, firefox. You  can  update  them  via
Package Manager or with a single command from console:

    pisi up xulrunner firefox

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id887
  * http://www.mozilla.org/security/announce/

------------------------------------------------------------------------