English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: firefox security update
Advisory ID:       RHSA-2007:0724-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0724.html
Issue date:        2007-07-18
Updated on:        2007-07-18
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 
                   CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 
                   CVE-2007-3738 
- ---------------------------------------------------------------------

1. Summary:

Updated firefox packages that fix several security bugs are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed
JavaScript code. A web page containing malicious JavaScript code could
cause Firefox to crash or potentially execute arbitrary code as the user
running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738)

Several content injection flaws were found in the way Firefox handled
certain JavaScript code. A web page containing malicious JavaScript code
could inject arbitrary content into other web pages. (CVE-2007-3736,
CVE-2007-3089)

A flaw was found in the way Firefox cached web pages on the local disk. A
malicious web page may be able to inject arbitrary HTML into a browsing
session if the user reloads a targeted site. (CVE-2007-3656)

Users of Firefox are advised to upgrade to these erratum packages, which
contain backported patches that correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

248518 - CVE-2007-3089 various flaws in mozilla products (CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3656 CVE-2007-3738)

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.3.el4.src.rpm
f07113979e83ca0e3b0f9caa8e34a4a6  firefox-1.5.0.12-0.3.el4.src.rpm

i386:
7622fec562eb6248eed19ac4903695fb  firefox-1.5.0.12-0.3.el4.i386.rpm
6359107ef13d6a6a21e1acd6e22b12cb  firefox-debuginfo-1.5.0.12-0.3.el4.i386.rpm

ia64:
27da182682ae877ea07b154c45ea8edc  firefox-1.5.0.12-0.3.el4.ia64.rpm
aeee3e428309d64bbe9c4714ad48b28d  firefox-debuginfo-1.5.0.12-0.3.el4.ia64.rpm

ppc:
732fe2238d90fd91ae72be8816fe8772  firefox-1.5.0.12-0.3.el4.ppc.rpm
89fea0cc921d3cc113dd28b6eed91022  firefox-debuginfo-1.5.0.12-0.3.el4.ppc.rpm

s390:
666483674e567946cb9c07e202814518  firefox-1.5.0.12-0.3.el4.s390.rpm
68f501a441bac6e34fca1582ca871b52  firefox-debuginfo-1.5.0.12-0.3.el4.s390.rpm

s390x:
9af7bbfc652a0e7f6b58b72fa2f598e9  firefox-1.5.0.12-0.3.el4.s390x.rpm
91c6e2324de24864de6cfbde5d058567  firefox-debuginfo-1.5.0.12-0.3.el4.s390x.rpm

x86_64:
ee0e7204d23c2a6109baf4610593c5af  firefox-1.5.0.12-0.3.el4.x86_64.rpm
29f780a7080136522b9339ac46af2414  firefox-debuginfo-1.5.0.12-0.3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.3.el4.src.rpm
f07113979e83ca0e3b0f9caa8e34a4a6  firefox-1.5.0.12-0.3.el4.src.rpm

i386:
7622fec562eb6248eed19ac4903695fb  firefox-1.5.0.12-0.3.el4.i386.rpm
6359107ef13d6a6a21e1acd6e22b12cb  firefox-debuginfo-1.5.0.12-0.3.el4.i386.rpm

x86_64:
ee0e7204d23c2a6109baf4610593c5af  firefox-1.5.0.12-0.3.el4.x86_64.rpm
29f780a7080136522b9339ac46af2414  firefox-debuginfo-1.5.0.12-0.3.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.3.el4.src.rpm
f07113979e83ca0e3b0f9caa8e34a4a6  firefox-1.5.0.12-0.3.el4.src.rpm

i386:
7622fec562eb6248eed19ac4903695fb  firefox-1.5.0.12-0.3.el4.i386.rpm
6359107ef13d6a6a21e1acd6e22b12cb  firefox-debuginfo-1.5.0.12-0.3.el4.i386.rpm

ia64:
27da182682ae877ea07b154c45ea8edc  firefox-1.5.0.12-0.3.el4.ia64.rpm
aeee3e428309d64bbe9c4714ad48b28d  firefox-debuginfo-1.5.0.12-0.3.el4.ia64.rpm

x86_64:
ee0e7204d23c2a6109baf4610593c5af  firefox-1.5.0.12-0.3.el4.x86_64.rpm
29f780a7080136522b9339ac46af2414  firefox-debuginfo-1.5.0.12-0.3.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.3.el4.src.rpm
f07113979e83ca0e3b0f9caa8e34a4a6  firefox-1.5.0.12-0.3.el4.src.rpm

i386:
7622fec562eb6248eed19ac4903695fb  firefox-1.5.0.12-0.3.el4.i386.rpm
6359107ef13d6a6a21e1acd6e22b12cb  firefox-debuginfo-1.5.0.12-0.3.el4.i386.rpm

ia64:
27da182682ae877ea07b154c45ea8edc  firefox-1.5.0.12-0.3.el4.ia64.rpm
aeee3e428309d64bbe9c4714ad48b28d  firefox-debuginfo-1.5.0.12-0.3.el4.ia64.rpm

x86_64:
ee0e7204d23c2a6109baf4610593c5af  firefox-1.5.0.12-0.3.el4.x86_64.rpm
29f780a7080136522b9339ac46af2414  firefox-debuginfo-1.5.0.12-0.3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-3.el5.src.rpm
9c788fafd5691d3345f053e3134ca2ea  firefox-1.5.0.12-3.el5.src.rpm

i386:
41f9235be61710608c049fed0c39ba19  firefox-1.5.0.12-3.el5.i386.rpm
d4d2e8f63a26bb7137ca0f62a034446c  firefox-debuginfo-1.5.0.12-3.el5.i386.rpm

x86_64:
41f9235be61710608c049fed0c39ba19  firefox-1.5.0.12-3.el5.i386.rpm
5d2539b4e150e2ebea6c6304a4c08325  firefox-1.5.0.12-3.el5.x86_64.rpm
d4d2e8f63a26bb7137ca0f62a034446c  firefox-debuginfo-1.5.0.12-3.el5.i386.rpm
9848654d72200a04b5e7c729711412f1  firefox-debuginfo-1.5.0.12-3.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-3.el5.src.rpm
9c788fafd5691d3345f053e3134ca2ea  firefox-1.5.0.12-3.el5.src.rpm

i386:
d4d2e8f63a26bb7137ca0f62a034446c  firefox-debuginfo-1.5.0.12-3.el5.i386.rpm
be1322bcd982139d6bd88a739af188a8  firefox-devel-1.5.0.12-3.el5.i386.rpm

x86_64:
d4d2e8f63a26bb7137ca0f62a034446c  firefox-debuginfo-1.5.0.12-3.el5.i386.rpm
9848654d72200a04b5e7c729711412f1  firefox-debuginfo-1.5.0.12-3.el5.x86_64.rpm
be1322bcd982139d6bd88a739af188a8  firefox-devel-1.5.0.12-3.el5.i386.rpm
ecfcecad587c5b5a87ecb990407768c1  firefox-devel-1.5.0.12-3.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.12-3.el5.src.rpm
9c788fafd5691d3345f053e3134ca2ea  firefox-1.5.0.12-3.el5.src.rpm

i386:
41f9235be61710608c049fed0c39ba19  firefox-1.5.0.12-3.el5.i386.rpm
d4d2e8f63a26bb7137ca0f62a034446c  firefox-debuginfo-1.5.0.12-3.el5.i386.rpm
be1322bcd982139d6bd88a739af188a8  firefox-devel-1.5.0.12-3.el5.i386.rpm

ia64:
6dda2d0463fe1e15117224e263fd8646  firefox-1.5.0.12-3.el5.ia64.rpm
17165a01a2e49f826167d383eae245b2  firefox-debuginfo-1.5.0.12-3.el5.ia64.rpm
8eacfbf523a9e5bf9f7f5f24232da9bf  firefox-devel-1.5.0.12-3.el5.ia64.rpm

ppc:
0e17d445a346697a695c708dd4ff7f77  firefox-1.5.0.12-3.el5.ppc.rpm
7df6f3aa268061dbc540b78163c03266  firefox-debuginfo-1.5.0.12-3.el5.ppc.rpm
8a604711c03a1e383e2dc86689c9b1f6  firefox-devel-1.5.0.12-3.el5.ppc.rpm

s390x:
85527cdc87805574e6cea54cd997bf08  firefox-1.5.0.12-3.el5.s390.rpm
ce660ba2b2af5bcea03789ce1c197e5f  firefox-1.5.0.12-3.el5.s390x.rpm
1782f86797fd6c8ef1e79628262e4abd  firefox-debuginfo-1.5.0.12-3.el5.s390.rpm
d1bfa2b33e6e7115d53d14563b525379  firefox-debuginfo-1.5.0.12-3.el5.s390x.rpm
47818dff9de4c75518ae322ae2887213  firefox-devel-1.5.0.12-3.el5.s390.rpm
1177441caa8e95e7fffab1fe036f7128  firefox-devel-1.5.0.12-3.el5.s390x.rpm

x86_64:
41f9235be61710608c049fed0c39ba19  firefox-1.5.0.12-3.el5.i386.rpm
5d2539b4e150e2ebea6c6304a4c08325  firefox-1.5.0.12-3.el5.x86_64.rpm
d4d2e8f63a26bb7137ca0f62a034446c  firefox-debuginfo-1.5.0.12-3.el5.i386.rpm
9848654d72200a04b5e7c729711412f1  firefox-debuginfo-1.5.0.12-3.el5.x86_64.rpm
be1322bcd982139d6bd88a739af188a8  firefox-devel-1.5.0.12-3.el5.i386.rpm
ecfcecad587c5b5a87ecb990407768c1  firefox-devel-1.5.0.12-3.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGntE6XlSAg2UNWIIRAs+0AKC+b+OgzqV5WDh/Yu0Xj004bEVncgCbBY9V
qKRzX2H1qWFJ272wudZIGAM=
=bMiF
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.