[SECURITY] Fedora 8 Update: firefox-

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:48:08 UTC 2007

Fedora Update Notification
2007-11-29 01:46:57.290638

Name        : firefox
Product     : Fedora 8
Version     :
Release     : 1.fc8
URL         : http://www.mozilla.org/projects/firefox/
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 8.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.


* Mon Nov 26 2007 Christopher Aillon <caillon at redhat.com>
- Update to
* Mon Nov  5 2007 Martin Stransky <stransky at redhat.com>
- updated to the latest upstream
* Wed Oct 31 2007 Martin Stransky <stransky at redhat.com>
- added mozilla-plugin-config to startup script
Updated packages:

8e65306c9e99f2c4d264417c21d8bf5603f0d32d firefox-
04454d8d9d85cfff51b3b26aaa7fc66e303aaa51 firefox-devel-
4502eb6a201066be9472e9dc922f85f065320e17 firefox-debuginfo-
e9a4a16dee279b652110ec728b05c3866df120d3 firefox-debuginfo-
54cc42e0868de3db77512bed022d7cdae95dfa42 firefox-
be9a116122a094c6dc1c3c32301525c3bfd05e9c firefox-devel-
a70a5f8aac43e0dab4d8965c17780fa0715cfcda firefox-
cdaae7e0c8dceb9731baf36d0f7c4a7ead78586d firefox-debuginfo-
71036ef966374c7e6dda25d9477df2981360ae8e firefox-devel-
02acd98cd485ebe46a412078f2a597d01f575100 firefox-
3ff76155b44c4a3e5d18fe933e53cbfdc5a1e5b5 firefox-devel-
c569b57d2dccb6352016e9418738584d9be61380 firefox-debuginfo-
ebccc2cfe7854641515971389a7e226274890d69 firefox-

This update can be installed with the "yum" update program.  Use 
su -c 'yum update firefox' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.

More information about the Fedora-package-announce mailing list