[SECURITY] Fedora Core 6 Update: firefox-1.5.0.12-7.fc6
Christopher Aillon
caillon at redhat.com
Mon Dec 3 15:43:57 UTC 2007
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-756
2007-12-03
---------------------------------------------------------------------
Product : Fedora Core 6
Name : firefox
Version : 1.5.0.12
Release : 7.fc6
Summary : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
---------------------------------------------------------------------
Update Information:
Updated firefox packages that fix several security issues
are now available for Fedora Core 6.
This update has been rated as having critical security
impact by the Fedora Security Response Team.
Mozilla Firefox is an open source Web browser.
A cross-site scripting flaw was found in the way Firefox
handled the jar: URI scheme. It was possible for a malicious
website to leverage this flaw and conduct a cross-site
scripting attack against a user running Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed
certain malformed web content. A webpage containing
malicious content could cause Firefox to crash, or
potentially execute arbitrary code as the user running
Firefox. (CVE-2007-5959)
A race condition existed when Firefox set the
"window.location" property for a webpage. This flaw could
allow a webpage to set an arbitrary Referer header, which
may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for
protection. (CVE-2007-5960)
Users of Firefox are advised to upgrade to these updated
packages, which contain backported patches to resolve these
issues.
---------------------------------------------------------------------
* Thu Nov 22 2007 Christopher Aillon <caillon at redhat.com> - 1.5.0.12-7
- Add patches for mozilla bugs:
369814,373911,391028,393326,402649,403331
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
21acdc500393fa89ac842b73ca03e868f91f7ebf SRPMS/firefox-1.5.0.12-7.fc6.src.rpm
21acdc500393fa89ac842b73ca03e868f91f7ebf noarch/firefox-1.5.0.12-7.fc6.src.rpm
110485359839ac5c88ac8746d90d500f52c86f36 ppc/firefox-devel-1.5.0.12-7.fc6.ppc.rpm
25714f423b1edfde6bb3011f998fccf989f1f02e ppc/debug/firefox-debuginfo-1.5.0.12-7.fc6.ppc.rpm
e40822b009bb9d3807930d70f09e8db1d10a56e3 ppc/firefox-1.5.0.12-7.fc6.ppc.rpm
7b7a0e72648f74c3e4b355087fe24f6395bd9eff x86_64/firefox-1.5.0.12-7.fc6.x86_64.rpm
d7abe306f7b17fdf2614f3d32e1982bdc8b58ea5 x86_64/firefox-devel-1.5.0.12-7.fc6.x86_64.rpm
b19b21045af141d4bb0dd72470c177d190eebb6b x86_64/debug/firefox-debuginfo-1.5.0.12-7.fc6.x86_64.rpm
840f0704883ab3156808267ec79f189a49ea500d i386/firefox-1.5.0.12-7.fc6.i386.rpm
385b9eac86bcd357ea38778ee0c09bdfc014dd75 i386/firefox-devel-1.5.0.12-7.fc6.i386.rpm
cf7741bea37d5b1dda2d85c66a868dc29e4ac5e3 i386/debug/firefox-debuginfo-1.5.0.12-7.fc6.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
More information about the package-announce
mailing list