enterprise-watch-list July 2008 archive
Main Archive Page > Month Archives  > enterprise-watch-list archives
enterprise-watch-list: [RHSA-2008:0597-01] Critical: firefox sec

[RHSA-2008:0597-01] Critical: firefox security update

From: <bugzilla_at_nospam>
Date: Wed Jul 16 2008 - 17:12:34 GMT
To: rhsa-announce@redhat.com, enterprise-watch-list@redhat.com


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1


Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2008:0597-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0597.html Issue date: 2008-07-16 CVE Names: CVE-2008-2785 CVE-2008-2933 =====================================================================
  1. Summary:

Updated firefox packages that fix various security issues are now available for Red Hat Enterprise Linux 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

Mozilla Firefox is an open source Web browser.

An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious web site could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933) All firefox users should upgrade to these updated packages, which contain Firefox 3.0.1 that corrects these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349) 454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-18.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.0.1-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.1-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/yelp-2.16.0-20.el5.src.rpm

i386: devhelp-0.12-18.el5.i386.rpm devhelp-debuginfo-0.12-18.el5.i386.rpm firefox-3.0.1-1.el5.i386.rpm firefox-debuginfo-3.0.1-1.el5.i386.rpm xulrunner-1.9.0.1-1.el5.i386.rpm
xulrunner-debuginfo-1.9.0.1-1.el5.i386.rpm yelp-2.16.0-20.el5.i386.rpm
yelp-debuginfo-2.16.0-20.el5.i386.rpm

x86_64: devhelp-0.12-18.el5.i386.rpm devhelp-0.12-18.el5.x86_64.rpm devhelp-debuginfo-0.12-18.el5.i386.rpm devhelp-debuginfo-0.12-18.el5.x86_64.rpm firefox-3.0.1-1.el5.i386.rpm firefox-3.0.1-1.el5.x86_64.rpm firefox-debuginfo-3.0.1-1.el5.i386.rpm firefox-debuginfo-3.0.1-1.el5.x86_64.rpm xulrunner-1.9.0.1-1.el5.i386.rpm xulrunner-1.9.0.1-1.el5.x86_64.rpm xulrunner-debuginfo-1.9.0.1-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.1-1.el5.x86_64.rpm yelp-2.16.0-20.el5.x86_64.rpm
yelp-debuginfo-2.16.0-20.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-18.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.1-1.el5.src.rpm

i386: devhelp-debuginfo-0.12-18.el5.i386.rpm devhelp-devel-0.12-18.el5.i386.rpm xulrunner-debuginfo-1.9.0.1-1.el5.i386.rpm xulrunner-devel-1.9.0.1-1.el5.i386.rpm
xulrunner-devel-unstable-1.9.0.1-1.el5.i386.rpm

x86_64: devhelp-debuginfo-0.12-18.el5.i386.rpm devhelp-debuginfo-0.12-18.el5.x86_64.rpm devhelp-devel-0.12-18.el5.i386.rpm devhelp-devel-0.12-18.el5.x86_64.rpm xulrunner-debuginfo-1.9.0.1-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.1-1.el5.x86_64.rpm xulrunner-devel-1.9.0.1-1.el5.i386.rpm
xulrunner-devel-1.9.0.1-1.el5.x86_64.rpm xulrunner-devel-unstable-1.9.0.1-1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/devhelp-0.12-18.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.0.1-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.0.1-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/yelp-2.16.0-20.el5.src.rpm

i386: devhelp-0.12-18.el5.i386.rpm devhelp-debuginfo-0.12-18.el5.i386.rpm devhelp-devel-0.12-18.el5.i386.rpm firefox-3.0.1-1.el5.i386.rpm firefox-debuginfo-3.0.1-1.el5.i386.rpm xulrunner-1.9.0.1-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.1-1.el5.i386.rpm xulrunner-devel-1.9.0.1-1.el5.i386.rpm
xulrunner-devel-unstable-1.9.0.1-1.el5.i386.rpm yelp-2.16.0-20.el5.i386.rpm
yelp-debuginfo-2.16.0-20.el5.i386.rpm

ia64: devhelp-0.12-18.el5.ia64.rpm devhelp-debuginfo-0.12-18.el5.ia64.rpm devhelp-devel-0.12-18.el5.ia64.rpm firefox-3.0.1-1.el5.ia64.rpm firefox-debuginfo-3.0.1-1.el5.ia64.rpm xulrunner-1.9.0.1-1.el5.ia64.rpm xulrunner-debuginfo-1.9.0.1-1.el5.ia64.rpm xulrunner-devel-1.9.0.1-1.el5.ia64.rpm
xulrunner-devel-unstable-1.9.0.1-1.el5.ia64.rpm yelp-2.16.0-20.el5.ia64.rpm
yelp-debuginfo-2.16.0-20.el5.ia64.rpm

ppc: devhelp-0.12-18.el5.ppc.rpm devhelp-debuginfo-0.12-18.el5.ppc.rpm devhelp-devel-0.12-18.el5.ppc.rpm firefox-3.0.1-1.el5.ppc.rpm firefox-debuginfo-3.0.1-1.el5.ppc.rpm xulrunner-1.9.0.1-1.el5.ppc.rpm xulrunner-1.9.0.1-1.el5.ppc64.rpm xulrunner-debuginfo-1.9.0.1-1.el5.ppc.rpm xulrunner-debuginfo-1.9.0.1-1.el5.ppc64.rpm xulrunner-devel-1.9.0.1-1.el5.ppc.rpm
xulrunner-devel-1.9.0.1-1.el5.ppc64.rpm
xulrunner-devel-unstable-1.9.0.1-1.el5.ppc.rpm yelp-2.16.0-20.el5.ppc.rpm
yelp-debuginfo-2.16.0-20.el5.ppc.rpm

s390x: devhelp-0.12-18.el5.s390.rpm devhelp-0.12-18.el5.s390x.rpm devhelp-debuginfo-0.12-18.el5.s390.rpm devhelp-debuginfo-0.12-18.el5.s390x.rpm devhelp-devel-0.12-18.el5.s390.rpm devhelp-devel-0.12-18.el5.s390x.rpm firefox-3.0.1-1.el5.s390.rpm firefox-3.0.1-1.el5.s390x.rpm firefox-debuginfo-3.0.1-1.el5.s390.rpm firefox-debuginfo-3.0.1-1.el5.s390x.rpm xulrunner-1.9.0.1-1.el5.s390.rpm xulrunner-1.9.0.1-1.el5.s390x.rpm xulrunner-debuginfo-1.9.0.1-1.el5.s390.rpm xulrunner-debuginfo-1.9.0.1-1.el5.s390x.rpm xulrunner-devel-1.9.0.1-1.el5.s390.rpm
xulrunner-devel-1.9.0.1-1.el5.s390x.rpm
xulrunner-devel-unstable-1.9.0.1-1.el5.s390x.rpm yelp-2.16.0-20.el5.s390x.rpm
yelp-debuginfo-2.16.0-20.el5.s390x.rpm

x86_64: devhelp-0.12-18.el5.i386.rpm devhelp-0.12-18.el5.x86_64.rpm devhelp-debuginfo-0.12-18.el5.i386.rpm devhelp-debuginfo-0.12-18.el5.x86_64.rpm devhelp-devel-0.12-18.el5.i386.rpm devhelp-devel-0.12-18.el5.x86_64.rpm firefox-3.0.1-1.el5.i386.rpm firefox-3.0.1-1.el5.x86_64.rpm firefox-debuginfo-3.0.1-1.el5.i386.rpm firefox-debuginfo-3.0.1-1.el5.x86_64.rpm xulrunner-1.9.0.1-1.el5.i386.rpm xulrunner-1.9.0.1-1.el5.x86_64.rpm xulrunner-debuginfo-1.9.0.1-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.1-1.el5.x86_64.rpm xulrunner-devel-1.9.0.1-1.el5.i386.rpm
xulrunner-devel-1.9.0.1-1.el5.x86_64.rpm xulrunner-devel-unstable-1.9.0.1-1.el5.x86_64.rpm yelp-2.16.0-20.el5.x86_64.rpm
yelp-debuginfo-2.16.0-20.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2933 http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIfiv/XlSAg2UNWIIRAvq7AKCNheU6hBjn3hRNYUbmpy+0o3sBIACePTuQ vXCoV0E+gCDqjB8RcL5fZc8=
=Oy9Z
-----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list