[SECURITY] Fedora 7 Update: firefox-

updates at fedoraproject.org updates at fedoraproject.org
Thu May 31 18:08:08 UTC 2007

Fedora Update Notification

Name        : firefox
Product     : Fedora 7
Version     :
Release     : 1.fc7
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

Update Information:

Updated firefox packages that fix several security bugs are now available for Fedora Core 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious web site that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious web site could use this method to access or modify sensitive data from another web site. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871)

Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version that corrects these issues.

* Wed May 30 2007 Christopher Aillon <caillon at redhat.com>
- Final version
* Wed May 23 2007 Christopher Aillon <caillon at redhat.com>
- Update to RC3

  Bug #241840 - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241840
  CVE-2007-1362 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1362
  CVE-2007-1562 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1562
  CVE-2007-2867 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867
  CVE-2007-2868 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868
  CVE-2007-2869 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2869
  CVE-2007-2870 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2870
  CVE-2007-2871 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2871
Updated packages:

18c29736efa5d1b4727e4cd202f5e0155e897a53 firefox-debuginfo-
bc29016cee75b9f7fc5b9cb07a1122c37021bd62 firefox-devel-
42aa46f5b3fbfd5ba298a404b8a7fba1246b8c20 firefox-
9f4cd34855dfca83f5b4125b6ea3ca396643732e firefox-debuginfo-
5fcf42599604c2fe48c575a07ecb78990ac96e25 firefox-
76ac8b455fa63a690544f43146f4f249afbfe5a4 firefox-devel-
6ac169395f65e5a17430b1c6a4a3a32dbd1aae91 firefox-
e83da4ee0c5f2ed01494f6169f3e4f8b4d1631c6 firefox-devel-
c06b4a2604549fad7af51b4c128d7835780c6273 firefox-debuginfo-
bc4610a1b5c90849b85ca5bed576eef1bf2b5530 firefox-debuginfo-
94f0b1d0431054d16e7f67be994e26cdd48a2e0b firefox-
edae97c5880043e1aad745594d5fdd2eb650666c firefox-devel-
17f2bfe4b2792faa84f9e46d6e88e8e240eb342b firefox-

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.

More information about the Fedora-package-announce mailing list