RHSA-2007:0724-01 Critical: firefox security update
Posted on: 07/19/2007 03:55 AM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2007:0724-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0724.html
Issue date: 2007-07-18
Updated on: 2007-07-18
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-3089 CVE-2007-3656 CVE-2007-3734
CVE-2007-3735 CVE-2007-3736 CVE-2007-3737
CVE-2007-3738
- ---------------------------------------------------------------------

1. Summary:

Updated firefox packages that fix several security bugs are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed
JavaScript code. A web page containing malicious JavaScript code could
cause Firefox to crash or potentially execute arbitrary code as the user
running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738)

Several content injection flaws were found in the way Firefox handled
certain JavaScript code. A web page containing malicious JavaScript code
could inject arbitrary content into other web pages. (CVE-2007-3736,
CVE-2007-3089)

A flaw was found in the way Firefox cached web pages on the local disk. A
malicious web page may be able to inject arbitrary HTML into a browsing
session if the user reloads a targeted site. (CVE-2007-3656)

Users of Firefox are advised to upgrade to these erratum packages, which
contain backported patches that correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

248518 - CVE-2007-3089 various flaws in mozilla products (CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3656 CVE-2007-3738)

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.3.el4.src.rpm
f07113979e83ca0e3b0f9caa8e34a4a6 firefox-1.5.0.12-0.3.el4.src.rpm

i386:
7622fec562eb6248eed19ac4903695fb firefox-1.5.0.12-0.3.el4.i386.rpm
6359107ef13d6a6a21e1acd6e22b12cb firefox-debuginfo-1.5.0.12-0.3.el4.i386.rpm

ia64:
27da182682ae877ea07b154c45ea8edc firefox-1.5.0.12-0.3.el4.ia64.rpm
aeee3e428309d64bbe9c4714ad48b28d firefox-debuginfo-1.5.0.12-0.3.el4.ia64.rpm

ppc:
732fe2238d90fd91ae72be8816fe8772 firefox-1.5.0.12-0.3.el4.ppc.rpm
89fea0cc921d3cc113dd28b6eed91022 firefox-debuginfo-1.5.0.12-0.3.el4.ppc.rpm

s390:
666483674e567946cb9c07e202814518 firefox-1.5.0.12-0.3.el4.s390.rpm
68f501a441bac6e34fca1582ca871b52 firefox-debuginfo-1.5.0.12-0.3.el4.s390.rpm

s390x:
9af7bbfc652a0e7f6b58b72fa2f598e9 firefox-1.5.0.12-0.3.el4.s390x.rpm
91c6e2324de24864de6cfbde5d058567 firefox-debuginfo-1.5.0.12-0.3.el4.s390x.rpm

x86_64:
ee0e7204d23c2a6109baf4610593c5af firefox-1.5.0.12-0.3.el4.x86_64.rpm
29f780a7080136522b9339ac46af2414 firefox-debuginfo-1.5.0.12-0.3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.3.el4.src.rpm
f07113979e83ca0e3b0f9caa8e34a4a6 firefox-1.5.0.12-0.3.el4.src.rpm

i386:
7622fec562eb6248eed19ac4903695fb firefox-1.5.0.12-0.3.el4.i386.rpm
6359107ef13d6a6a21e1acd6e22b12cb firefox-debuginfo-1.5.0.12-0.3.el4.i386.rpm

x86_64:
ee0e7204d23c2a6109baf4610593c5af firefox-1.5.0.12-0.3.el4.x86_64.rpm
29f780a7080136522b9339ac46af2414 firefox-debuginfo-1.5.0.12-0.3.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.3.el4.src.rpm
f07113979e83ca0e3b0f9caa8e34a4a6 firefox-1.5.0.12-0.3.el4.src.rpm

i386:
7622fec562eb6248eed19ac4903695fb firefox-1.5.0.12-0.3.el4.i386.rpm
6359107ef13d6a6a21e1acd6e22b12cb firefox-debuginfo-1.5.0.12-0.3.el4.i386.rpm

ia64:
27da182682ae877ea07b154c45ea8edc firefox-1.5.0.12-0.3.el4.ia64.rpm
aeee3e428309d64bbe9c4714ad48b28d firefox-debuginfo-1.5.0.12-0.3.el4.ia64.rpm

x86_64:
ee0e7204d23c2a6109baf4610593c5af firefox-1.5.0.12-0.3.el4.x86_64.rpm
29f780a7080136522b9339ac46af2414 firefox-debuginfo-1.5.0.12-0.3.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.3.el4.src.rpm
f07113979e83ca0e3b0f9caa8e34a4a6 firefox-1.5.0.12-0.3.el4.src.rpm

i386:
7622fec562eb6248eed19ac4903695fb firefox-1.5.0.12-0.3.el4.i386.rpm
6359107ef13d6a6a21e1acd6e22b12cb firefox-debuginfo-1.5.0.12-0.3.el4.i386.rpm

ia64:
27da182682ae877ea07b154c45ea8edc firefox-1.5.0.12-0.3.el4.ia64.rpm
aeee3e428309d64bbe9c4714ad48b28d firefox-debuginfo-1.5.0.12-0.3.el4.ia64.rpm

x86_64:
ee0e7204d23c2a6109baf4610593c5af firefox-1.5.0.12-0.3.el4.x86_64.rpm
29f780a7080136522b9339ac46af2414 firefox-debuginfo-1.5.0.12-0.3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-3.el5.src.rpm
9c788fafd5691d3345f053e3134ca2ea firefox-1.5.0.12-3.el5.src.rpm

i386:
41f9235be61710608c049fed0c39ba19 firefox-1.5.0.12-3.el5.i386.rpm
d4d2e8f63a26bb7137ca0f62a034446c firefox-debuginfo-1.5.0.12-3.el5.i386.rpm

x86_64:
41f9235be61710608c049fed0c39ba19 firefox-1.5.0.12-3.el5.i386.rpm
5d2539b4e150e2ebea6c6304a4c08325 firefox-1.5.0.12-3.el5.x86_64.rpm
d4d2e8f63a26bb7137ca0f62a034446c firefox-debuginfo-1.5.0.12-3.el5.i386.rpm
9848654d72200a04b5e7c729711412f1 firefox-debuginfo-1.5.0.12-3.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-3.el5.src.rpm
9c788fafd5691d3345f053e3134ca2ea firefox-1.5.0.12-3.el5.src.rpm

i386:
d4d2e8f63a26bb7137ca0f62a034446c firefox-debuginfo-1.5.0.12-3.el5.i386.rpm
be1322bcd982139d6bd88a739af188a8 firefox-devel-1.5.0.12-3.el5.i386.rpm

x86_64:
d4d2e8f63a26bb7137ca0f62a034446c firefox-debuginfo-1.5.0.12-3.el5.i386.rpm
9848654d72200a04b5e7c729711412f1 firefox-debuginfo-1.5.0.12-3.el5.x86_64.rpm
be1322bcd982139d6bd88a739af188a8 firefox-devel-1.5.0.12-3.el5.i386.rpm
ecfcecad587c5b5a87ecb990407768c1 firefox-devel-1.5.0.12-3.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.12-3.el5.src.rpm
9c788fafd5691d3345f053e3134ca2ea firefox-1.5.0.12-3.el5.src.rpm

i386:
41f9235be61710608c049fed0c39ba19 firefox-1.5.0.12-3.el5.i386.rpm
d4d2e8f63a26bb7137ca0f62a034446c firefox-debuginfo-1.5.0.12-3.el5.i386.rpm
be1322bcd982139d6bd88a739af188a8 firefox-devel-1.5.0.12-3.el5.i386.rpm

ia64:
6dda2d0463fe1e15117224e263fd8646 firefox-1.5.0.12-3.el5.ia64.rpm
17165a01a2e49f826167d383eae245b2 firefox-debuginfo-1.5.0.12-3.el5.ia64.rpm
8eacfbf523a9e5bf9f7f5f24232da9bf firefox-devel-1.5.0.12-3.el5.ia64.rpm

ppc:
0e17d445a346697a695c708dd4ff7f77 firefox-1.5.0.12-3.el5.ppc.rpm
7df6f3aa268061dbc540b78163c03266 firefox-debuginfo-1.5.0.12-3.el5.ppc.rpm
8a604711c03a1e383e2dc86689c9b1f6 firefox-devel-1.5.0.12-3.el5.ppc.rpm

s390x:
85527cdc87805574e6cea54cd997bf08 firefox-1.5.0.12-3.el5.s390.rpm
ce660ba2b2af5bcea03789ce1c197e5f firefox-1.5.0.12-3.el5.s390x.rpm
1782f86797fd6c8ef1e79628262e4abd firefox-debuginfo-1.5.0.12-3.el5.s390.rpm
d1bfa2b33e6e7115d53d14563b525379 firefox-debuginfo-1.5.0.12-3.el5.s390x.rpm
47818dff9de4c75518ae322ae2887213 firefox-devel-1.5.0.12-3.el5.s390.rpm
1177441caa8e95e7fffab1fe036f7128 firefox-devel-1.5.0.12-3.el5.s390x.rpm

x86_64:
41f9235be61710608c049fed0c39ba19 firefox-1.5.0.12-3.el5.i386.rpm
5d2539b4e150e2ebea6c6304a4c08325 firefox-1.5.0.12-3.el5.x86_64.rpm
d4d2e8f63a26bb7137ca0f62a034446c firefox-debuginfo-1.5.0.12-3.el5.i386.rpm
9848654d72200a04b5e7c729711412f1 firefox-debuginfo-1.5.0.12-3.el5.x86_64.rpm
be1322bcd982139d6bd88a739af188a8 firefox-devel-1.5.0.12-3.el5.i386.rpm
ecfcecad587c5b5a87ecb990407768c1 firefox-devel-1.5.0.12-3.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGntE6XlSAg2UNWIIRAs+0AKC+b+OgzqV5WDh/Yu0Xj004bEVncgCbBY9V
qKRzX2H1qWFJ272wudZIGAM=
=bMiF
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20070724_01_critical_firefox_security_update.html)