English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 158599 CVE descriptions
and 75017 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: firefox security update
Advisory ID:       RHSA-2007:1082-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-1082.html
Issue date:        2007-11-26
Updated on:        2007-11-26
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-5947 CVE-2007-5959 CVE-2007-5960 
- ---------------------------------------------------------------------

1. Summary:

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux AS version 4.5.z - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux ES version 4.5.z - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

394211 - CVE-2007-5947 Mozilla jar: protocol XSS
394241 - CVE-2007-5959 Multiple flaws in Firefox
394261 - CVE-2007-5960 Mozilla Cross-site Request Forgery flaw

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008  firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87  firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f  firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a  firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a  firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

ppc:
2849e6a776fe9d7427f373d2634051bd  firefox-1.5.0.12-0.8.el4.ppc.rpm
20e0e2ef9266025221beca008d75eaa0  firefox-debuginfo-1.5.0.12-0.8.el4.ppc.rpm

s390:
39c83103495fb726421799de80f8553d  firefox-1.5.0.12-0.8.el4.s390.rpm
d899e6879dbae602227a1326a78d92d2  firefox-debuginfo-1.5.0.12-0.8.el4.s390.rpm

s390x:
719c9da1a4d6c07b5ffa970859d687bf  firefox-1.5.0.12-0.8.el4.s390x.rpm
baa53ea0dd0d4e423acbdbbf06eb9363  firefox-debuginfo-1.5.0.12-0.8.el4.s390x.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee  firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803  firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux AS version 4.5.z:

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4AS-4.5.z/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008  firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87  firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f  firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a  firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a  firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

ppc:
2849e6a776fe9d7427f373d2634051bd  firefox-1.5.0.12-0.8.el4.ppc.rpm
20e0e2ef9266025221beca008d75eaa0  firefox-debuginfo-1.5.0.12-0.8.el4.ppc.rpm

s390:
39c83103495fb726421799de80f8553d  firefox-1.5.0.12-0.8.el4.s390.rpm
d899e6879dbae602227a1326a78d92d2  firefox-debuginfo-1.5.0.12-0.8.el4.s390.rpm

s390x:
719c9da1a4d6c07b5ffa970859d687bf  firefox-1.5.0.12-0.8.el4.s390x.rpm
baa53ea0dd0d4e423acbdbbf06eb9363  firefox-debuginfo-1.5.0.12-0.8.el4.s390x.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee  firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803  firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008  firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87  firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f  firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee  firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803  firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008  firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87  firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f  firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a  firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a  firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee  firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803  firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4.5.z:

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4ES-4.5.z/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008  firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87  firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f  firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a  firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a  firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee  firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803  firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008  firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87  firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f  firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a  firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a  firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee  firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803  firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-7.el5.src.rpm
9e6f9f8659b25e6420a1f395bbe09896  firefox-1.5.0.12-7.el5.src.rpm

i386:
e1b690ba4dfdd41e20aacfbb9d8fbb9a  firefox-1.5.0.12-7.el5.i386.rpm
e576368db6ed9eb70c65a596d5d684aa  firefox-debuginfo-1.5.0.12-7.el5.i386.rpm

x86_64:
e1b690ba4dfdd41e20aacfbb9d8fbb9a  firefox-1.5.0.12-7.el5.i386.rpm
88f3e7c170437da320696055350436dc  firefox-1.5.0.12-7.el5.x86_64.rpm
e576368db6ed9eb70c65a596d5d684aa  firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
bdddabfbc73567c7537291b931abee4c  firefox-debuginfo-1.5.0.12-7.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-7.el5.src.rpm
9e6f9f8659b25e6420a1f395bbe09896  firefox-1.5.0.12-7.el5.src.rpm

i386:
e576368db6ed9eb70c65a596d5d684aa  firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
06509ba586d9f37e71483107137f7843  firefox-devel-1.5.0.12-7.el5.i386.rpm

x86_64:
e576368db6ed9eb70c65a596d5d684aa  firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
bdddabfbc73567c7537291b931abee4c  firefox-debuginfo-1.5.0.12-7.el5.x86_64.rpm
06509ba586d9f37e71483107137f7843  firefox-devel-1.5.0.12-7.el5.i386.rpm
ca90b71f3c70b0543a91cea11aec9b08  firefox-devel-1.5.0.12-7.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.12-7.el5.src.rpm
9e6f9f8659b25e6420a1f395bbe09896  firefox-1.5.0.12-7.el5.src.rpm

i386:
e1b690ba4dfdd41e20aacfbb9d8fbb9a  firefox-1.5.0.12-7.el5.i386.rpm
e576368db6ed9eb70c65a596d5d684aa  firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
06509ba586d9f37e71483107137f7843  firefox-devel-1.5.0.12-7.el5.i386.rpm

ia64:
695649f81669a4bafb978c88c642a39d  firefox-1.5.0.12-7.el5.ia64.rpm
ca793f2ebcfc331a8e268959ee4d6eb4  firefox-debuginfo-1.5.0.12-7.el5.ia64.rpm
e83a2c4bbf2b8a8047eff54a92c73cf0  firefox-devel-1.5.0.12-7.el5.ia64.rpm

ppc:
2cd4f2936f18ce3aadc7738dcd1f64a5  firefox-1.5.0.12-7.el5.ppc.rpm
07bde30423e53504cac2c903b98f166d  firefox-debuginfo-1.5.0.12-7.el5.ppc.rpm
f974e753a4a1406e0f2c765bd1c6a903  firefox-devel-1.5.0.12-7.el5.ppc.rpm

s390x:
275ec90ac2e5119ef3a368f3635a6bed  firefox-1.5.0.12-7.el5.s390.rpm
f555a92ba6d9ccdab5b4f02dc6e0d486  firefox-1.5.0.12-7.el5.s390x.rpm
801eeef24bc79972ffeac00345bc4826  firefox-debuginfo-1.5.0.12-7.el5.s390.rpm
ddeb88632059d8fde675a8bbcb81bb0f  firefox-debuginfo-1.5.0.12-7.el5.s390x.rpm
6047f5e8ba382cca4e49bd203382ff33  firefox-devel-1.5.0.12-7.el5.s390.rpm
9ecba47676489b65b5975f32c3332d0f  firefox-devel-1.5.0.12-7.el5.s390x.rpm

x86_64:
e1b690ba4dfdd41e20aacfbb9d8fbb9a  firefox-1.5.0.12-7.el5.i386.rpm
88f3e7c170437da320696055350436dc  firefox-1.5.0.12-7.el5.x86_64.rpm
e576368db6ed9eb70c65a596d5d684aa  firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
bdddabfbc73567c7537291b931abee4c  firefox-debuginfo-1.5.0.12-7.el5.x86_64.rpm
06509ba586d9f37e71483107137f7843  firefox-devel-1.5.0.12-7.el5.i386.rpm
ca90b71f3c70b0543a91cea11aec9b08  firefox-devel-1.5.0.12-7.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5960
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHS1juXlSAg2UNWIIRAoInAJ40qomr+lUcuk9bAMCHrznL2mnLMgCfYO2s
5B1V7B+O62KTYbKE9vMkCWE=
=xxN3
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.