[SECURITY] Fedora 7 Update: firefox-

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:45:27 UTC 2007

Fedora Update Notification
2007-11-29 01:44:21.449766

Name        : firefox
Product     : Fedora 7
Version     :
Release     : 1.fc7
URL         : http://www.mozilla.org/projects/firefox/
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

* Mon Nov 26 2007 Christopher Aillon <caillon at redhat.com>
- Update to
* Mon Nov  5 2007 Martin Stransky <stransky at redhat.com> -
- Update to
* Fri Oct 19 2007 Christopher Aillon <caillon at redhat.com> -
- Update to
* Tue Oct 16 2007 Martin Stransky <stransky at redhat.com>
- added fix for #246248 - firefox crashes when searching
* Wed Jul 18 2007 Kai Engert <kengert at redhat.com> -
- Update to
* Fri Jun 29 2007 Martin Stransky <stransky at redhat.com>
- backported pango patches from FC6 (
* Sun Jun  3 2007 Christopher Aillon <caillon at redhat.com>
- Properly clean up threads with newer NSPR
* Wed May 30 2007 Christopher Aillon <caillon at redhat.com>
- Final version
* Wed May 23 2007 Christopher Aillon <caillon at redhat.com>
- Update to RC3
Updated packages:

5f82702a784c18ca7d95e40cac357a8a270ec0ef firefox-
c5b65c29ec1ac0894ca8e97e04408fb5517312a6 firefox-devel-
f9c562f877641658be04d0eea9dd2271a420a981 firefox-debuginfo-
5b7429aa2da63128d205c4f4ecec70a3e7857058 firefox-devel-
3336f3e9a798970f7bbee58f131df1bffdd64261 firefox-debuginfo-
9119dfbf1255b77a9e716253f85f489bf808ca91 firefox-
d77ecd089cf879bded44d4a7511db13f1e86bbea firefox-
fbec7cd5600ac4adf25e5bae5ee3a13a7f1630aa firefox-devel-
d45a47a2e3d2cbf3cef8a0b1a95975b3eec41501 firefox-debuginfo-
d6c62a8d2bd9d1c458d48e65017a0140aab0eba5 firefox-debuginfo-
8e84244029764b858651deee75aa5cc398df0636 firefox-
ff108dfe5450667292bd145bd7d298ba8b1f2aa1 firefox-devel-
2beb6aa9a394af9dca72f410dd723513516cfec8 firefox-

This update can be installed with the "yum" update program.  Use 
su -c 'yum update firefox' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.

More information about the Fedora-package-announce mailing list