FSA/F7/FEDORA-2007-1142

[SECURITY] Fedora 7 Update: firefox-2.0.0.5-1.fc7
Fedora Update Notification FEDORA-2007-1142 2007-07-18 13:56:13.283230

Name       : firefox Product    : Fedora 7 Version    : 2.0.0.5 Release    : 1.fc7 Summary    : Mozilla Firefox Web browser. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

Update Information:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735)

Several flaws were found in the way Firefox handles certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089)

A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656)

A flaw was found in the way Firefox processes certain web content. A web page containing malicious content could execute arbitrary commands as the user running Firefox. (CVE-2007-3737, CVE-2007-3738)

Users of Firefox are advised to upgrade to these erratum packages, which contain patches that correct these issues.

ChangeLog:

- Update to 2.0.0.5 - backported pango patches from FC6 (1.5.0.12) - Properly clean up threads with newer NSPR - Final version - Update to 2.0.0.4 RC3
 * Wed Jul 18 2007 Kai Engert  - 2.0.0.5-1
 * Fri Jun 29 2007 Martin Stransky  2.0.0.4-3
 * Sun Jun 3 2007 Christopher Aillon  2.0.0.4-2
 * Wed May 30 2007 Christopher Aillon  2.0.0.4-1
 * Wed May 23 2007 Christopher Aillon  2.0.0.4-0.rc3

References:

[ 1 ] Bug #248518 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248518 [ 2 ] CVE-2007-3734 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734 [ 3 ] CVE-2007-3735 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735 [ 4 ] CVE-2007-3736 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736 [ 5 ] CVE-2007-3089 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089 [ 6 ] CVE-2007-3737 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737 [ 7 ] CVE-2007-3656 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656 [ 8 ] CVE-2007-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738

Updated packages:

75d591e5cfdaaf8016b3879d5855a26e89eab224 firefox-debuginfo-2.0.0.5-1.fc7.ppc64.rpm 2890e5080cee1755468bef43da4c99fe5ed55480 firefox-devel-2.0.0.5-1.fc7.ppc64.rpm c0995eeff554d978b1fd3ae6c764a596ff51bbb6 firefox-2.0.0.5-1.fc7.ppc64.rpm e1dfc4edd5bbf6f7ff86f3c47acafb35bb1559be firefox-debuginfo-2.0.0.5-1.fc7.i386.rpm 769376394b2dfb6e35a23310debad7f96b9f9e9a firefox-2.0.0.5-1.fc7.i386.rpm a310fbf2c3e20f3718b994009b82e19e54861a9f firefox-devel-2.0.0.5-1.fc7.i386.rpm 8ffb6692d8877f4ddadeb74c48ba6e8c04166ab7 firefox-debuginfo-2.0.0.5-1.fc7.x86_64.rpm 9e4a8f2054cc4dfd10bcffac4768ebeb74c870c3 firefox-devel-2.0.0.5-1.fc7.x86_64.rpm b28df6c4a91a5c67da78a72e40a52dd19f9a903d firefox-2.0.0.5-1.fc7.x86_64.rpm f2b2fb576dbc31e74000f91ecdad16b9fd937495 firefox-debuginfo-2.0.0.5-1.fc7.ppc.rpm 19e9f429b9fe6c2482732f9da501158bd927236b firefox-devel-2.0.0.5-1.fc7.ppc.rpm f3a136c44866684ef268992ecc66bf7e009b1ce7 firefox-2.0.0.5-1.fc7.ppc.rpm cde1466ff83f6e8086cb0c70e13e44c223dffa56 firefox-2.0.0.5-1.fc7.src.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://docs.fedoraproject.org/yum/.