[SECURITY] Fedora 7 Update: firefox-2.0.0.10-1.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:45:27 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3952
2007-11-29 01:44:21.449766
--------------------------------------------------------------------------------

Name        : firefox
Product     : Fedora 7
Version     : 2.0.0.10
Release     : 1.fc7
URL         : http://www.mozilla.org/projects/firefox/
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 26 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.10-1
- Update to 2.0.0.10
* Mon Nov  5 2007 Martin Stransky <stransky at redhat.com> - 2.0.0.9-1
- Update to 2.0.0.9
* Fri Oct 19 2007 Christopher Aillon <caillon at redhat.com> - 2.0.0.8-1
- Update to 2.0.0.8
* Tue Oct 16 2007 Martin Stransky <stransky at redhat.com>
- added fix for #246248 - firefox crashes when searching
* Wed Jul 18 2007 Kai Engert <kengert at redhat.com> - 2.0.0.5-1
- Update to 2.0.0.5
* Fri Jun 29 2007 Martin Stransky <stransky at redhat.com> 2.0.0.4-3
- backported pango patches from FC6 (1.5.0.12)
* Sun Jun  3 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.4-2
- Properly clean up threads with newer NSPR
* Wed May 30 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.4-1
- Final version
* Wed May 23 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.4-0.rc3
- Update to 2.0.0.4 RC3
--------------------------------------------------------------------------------
Updated packages:

5f82702a784c18ca7d95e40cac357a8a270ec0ef firefox-2.0.0.10-1.fc7.ppc64.rpm
c5b65c29ec1ac0894ca8e97e04408fb5517312a6 firefox-devel-2.0.0.10-1.fc7.ppc64.rpm
f9c562f877641658be04d0eea9dd2271a420a981 firefox-debuginfo-2.0.0.10-1.fc7.ppc64.rpm
5b7429aa2da63128d205c4f4ecec70a3e7857058 firefox-devel-2.0.0.10-1.fc7.i386.rpm
3336f3e9a798970f7bbee58f131df1bffdd64261 firefox-debuginfo-2.0.0.10-1.fc7.i386.rpm
9119dfbf1255b77a9e716253f85f489bf808ca91 firefox-2.0.0.10-1.fc7.i386.rpm
d77ecd089cf879bded44d4a7511db13f1e86bbea firefox-2.0.0.10-1.fc7.x86_64.rpm
fbec7cd5600ac4adf25e5bae5ee3a13a7f1630aa firefox-devel-2.0.0.10-1.fc7.x86_64.rpm
d45a47a2e3d2cbf3cef8a0b1a95975b3eec41501 firefox-debuginfo-2.0.0.10-1.fc7.x86_64.rpm
d6c62a8d2bd9d1c458d48e65017a0140aab0eba5 firefox-debuginfo-2.0.0.10-1.fc7.ppc.rpm
8e84244029764b858651deee75aa5cc398df0636 firefox-2.0.0.10-1.fc7.ppc.rpm
ff108dfe5450667292bd145bd7d298ba8b1f2aa1 firefox-devel-2.0.0.10-1.fc7.ppc.rpm
2beb6aa9a394af9dca72f410dd723513516cfec8 firefox-2.0.0.10-1.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update firefox' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the package-announce mailing list