From Fedora Project Wiki

< FSA‎ | F7

[SECURITY] Fedora 7 Update: firefox-2.0.0.5-1.fc7

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-1142
2007-07-18 13:56:13.283230
--------------------------------------------------------------------------------

Name        : firefox
Product     : Fedora 7
Version     : 2.0.0.5
Release     : 1.fc7
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Mozilla Firefox is an open-source web browser, designed for standards compliance,
performance and portability.

Several flaws were found in the way Firefox processed certain malformed JavaScript
code. A web page containing malicious JavaScript code could cause Firefox to crash
or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-3734, CVE-2007-3735)

Several flaws were found in the way Firefox handles certain
JavaScript code. A web page containing malicious JavaScript
code could inject arbitrary content into other web pages.
(CVE-2007-3736, CVE-2007-3089)

A flaw was found in the way Firefox cached web pages on the
local disk. A malicious web page may be able to inject
arbitrary HTML into a browsing session if the user reloads a
targeted site. (CVE-2007-3656)

A flaw was found in the way Firefox processes certain web
content. A web page containing malicious content could
execute arbitrary commands as the user running Firefox.
(CVE-2007-3737, CVE-2007-3738)

Users of Firefox are advised to upgrade to these erratum
packages, which contain patches that correct
these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 18 2007 Kai Engert <kengert@redhat.com> - 2.0.0.5-1
- Update to 2.0.0.5
* Fri Jun 29 2007 Martin Stransky <stransky@redhat.com> 2.0.0.4-3
- backported pango patches from FC6 (1.5.0.12)
* Sun Jun  3 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.4-2
- Properly clean up threads with newer NSPR
* Wed May 30 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.4-1
- Final version
* Wed May 23 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.4-0.rc3
- Update to 2.0.0.4 RC3
--------------------------------------------------------------------------------
References:

[ 1 ]  Bug #248518
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248518
[ 2 ]  CVE-2007-3734
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
[ 3 ]  CVE-2007-3735
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735
[ 4 ]  CVE-2007-3736
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736
[ 5 ]  CVE-2007-3089
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089
[ 6 ]  CVE-2007-3737
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737
[ 7 ]  CVE-2007-3656
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656
[ 8 ]  CVE-2007-3738
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738
--------------------------------------------------------------------------------
Updated packages:

75d591e5cfdaaf8016b3879d5855a26e89eab224 firefox-debuginfo-2.0.0.5-1.fc7.ppc64.rpm
2890e5080cee1755468bef43da4c99fe5ed55480 firefox-devel-2.0.0.5-1.fc7.ppc64.rpm
c0995eeff554d978b1fd3ae6c764a596ff51bbb6 firefox-2.0.0.5-1.fc7.ppc64.rpm
e1dfc4edd5bbf6f7ff86f3c47acafb35bb1559be firefox-debuginfo-2.0.0.5-1.fc7.i386.rpm
769376394b2dfb6e35a23310debad7f96b9f9e9a firefox-2.0.0.5-1.fc7.i386.rpm
a310fbf2c3e20f3718b994009b82e19e54861a9f firefox-devel-2.0.0.5-1.fc7.i386.rpm
8ffb6692d8877f4ddadeb74c48ba6e8c04166ab7 firefox-debuginfo-2.0.0.5-1.fc7.x86_64.rpm
9e4a8f2054cc4dfd10bcffac4768ebeb74c870c3 firefox-devel-2.0.0.5-1.fc7.x86_64.rpm
b28df6c4a91a5c67da78a72e40a52dd19f9a903d firefox-2.0.0.5-1.fc7.x86_64.rpm
f2b2fb576dbc31e74000f91ecdad16b9fd937495 firefox-debuginfo-2.0.0.5-1.fc7.ppc.rpm
19e9f429b9fe6c2482732f9da501158bd927236b firefox-devel-2.0.0.5-1.fc7.ppc.rpm
f3a136c44866684ef268992ecc66bf7e009b1ce7 firefox-2.0.0.5-1.fc7.ppc.rpm
cde1466ff83f6e8086cb0c70e13e44c223dffa56 firefox-2.0.0.5-1.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------