[SECURITY] Fedora 7 Update: firefox-2.0.0.5-1.fc7

updates at fedoraproject.org updates at fedoraproject.org
Wed Jul 18 20:56:30 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-1142
2007-07-18 13:56:13.283230
--------------------------------------------------------------------------------

Name        : firefox
Product     : Fedora 7
Version     : 2.0.0.5
Release     : 1.fc7
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735)

Several flaws were found in the way Firefox handles certain
JavaScript code. A web page containing malicious JavaScript
code could inject arbitrary content into other web pages.
(CVE-2007-3736, CVE-2007-3089)

A flaw was found in the way Firefox cached web pages on the
local disk. A malicious web page may be able to inject
arbitrary HTML into a browsing session if the user reloads a
targeted site. (CVE-2007-3656)

A flaw was found in the way Firefox processes certain web
content. A web page containing malicious content could
execute arbitrary commands as the user running Firefox.
(CVE-2007-3737, CVE-2007-3738)

Users of Firefox are advised to upgrade to these erratum
packages, which contain patches that correct
these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 18 2007 Kai Engert <kengert at redhat.com> - 2.0.0.5-1
- Update to 2.0.0.5
* Fri Jun 29 2007 Martin Stransky <stransky at redhat.com> 2.0.0.4-3
- backported pango patches from FC6 (1.5.0.12)
* Sun Jun  3 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.4-2
- Properly clean up threads with newer NSPR
* Wed May 30 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.4-1
- Final version
* Wed May 23 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.4-0.rc3
- Update to 2.0.0.4 RC3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #248518
        https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248518
  [ 2 ] CVE-2007-3734
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
  [ 3 ] CVE-2007-3735
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735
  [ 4 ] CVE-2007-3736
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736
  [ 5 ] CVE-2007-3089
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089
  [ 6 ] CVE-2007-3737
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737
  [ 7 ] CVE-2007-3656
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656
  [ 8 ] CVE-2007-3738
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738
--------------------------------------------------------------------------------
Updated packages:

75d591e5cfdaaf8016b3879d5855a26e89eab224 firefox-debuginfo-2.0.0.5-1.fc7.ppc64.rpm
2890e5080cee1755468bef43da4c99fe5ed55480 firefox-devel-2.0.0.5-1.fc7.ppc64.rpm
c0995eeff554d978b1fd3ae6c764a596ff51bbb6 firefox-2.0.0.5-1.fc7.ppc64.rpm
e1dfc4edd5bbf6f7ff86f3c47acafb35bb1559be firefox-debuginfo-2.0.0.5-1.fc7.i386.rpm
769376394b2dfb6e35a23310debad7f96b9f9e9a firefox-2.0.0.5-1.fc7.i386.rpm
a310fbf2c3e20f3718b994009b82e19e54861a9f firefox-devel-2.0.0.5-1.fc7.i386.rpm
8ffb6692d8877f4ddadeb74c48ba6e8c04166ab7 firefox-debuginfo-2.0.0.5-1.fc7.x86_64.rpm
9e4a8f2054cc4dfd10bcffac4768ebeb74c870c3 firefox-devel-2.0.0.5-1.fc7.x86_64.rpm
b28df6c4a91a5c67da78a72e40a52dd19f9a903d firefox-2.0.0.5-1.fc7.x86_64.rpm
f2b2fb576dbc31e74000f91ecdad16b9fd937495 firefox-debuginfo-2.0.0.5-1.fc7.ppc.rpm
19e9f429b9fe6c2482732f9da501158bd927236b firefox-devel-2.0.0.5-1.fc7.ppc.rpm
f3a136c44866684ef268992ecc66bf7e009b1ce7 firefox-2.0.0.5-1.fc7.ppc.rpm
cde1466ff83f6e8086cb0c70e13e44c223dffa56 firefox-2.0.0.5-1.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the package-announce mailing list