[SECURITY] Fedora Core 6 Update: firefox-

Christopher Aillon caillon at redhat.com
Mon Dec 3 15:43:57 UTC 2007

Fedora Update Notification

Product     : Fedora Core 6
Name        : firefox
Version     :
Release     : 7.fc6
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

Update Information:

Updated firefox packages that fix several security issues
are now available for Fedora Core 6.

This update has been rated as having critical security
impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox
handled the jar: URI scheme. It was possible for a malicious
website to leverage this flaw and conduct a cross-site
scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed
certain malformed web content. A webpage containing
malicious content could cause Firefox to crash, or
potentially execute arbitrary code as the user running
Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the
"window.location" property for a webpage. This flaw could
allow a webpage to set an arbitrary Referer header, which
may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for
protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated
packages, which contain backported patches to resolve these
* Thu Nov 22 2007 Christopher Aillon <caillon at redhat.com> -
- Add patches for mozilla bugs:

This update can be downloaded from:

21acdc500393fa89ac842b73ca03e868f91f7ebf  SRPMS/firefox-
21acdc500393fa89ac842b73ca03e868f91f7ebf  noarch/firefox-
110485359839ac5c88ac8746d90d500f52c86f36  ppc/firefox-devel-
25714f423b1edfde6bb3011f998fccf989f1f02e  ppc/debug/firefox-debuginfo-
e40822b009bb9d3807930d70f09e8db1d10a56e3  ppc/firefox-
7b7a0e72648f74c3e4b355087fe24f6395bd9eff  x86_64/firefox-
d7abe306f7b17fdf2614f3d32e1982bdc8b58ea5  x86_64/firefox-devel-
b19b21045af141d4bb0dd72470c177d190eebb6b  x86_64/debug/firefox-debuginfo-
840f0704883ab3156808267ec79f189a49ea500d  i386/firefox-
385b9eac86bcd357ea38778ee0c09bdfc014dd75  i386/firefox-devel-
cf7741bea37d5b1dda2d85c66a868dc29e4ac5e3  i386/debug/firefox-debuginfo-

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.

More information about the Fedora-package-announce mailing list