Skip to navigation

Security Advisory firefox security update

Advisory: RHSA-2006:0328-15
Type: Security Advisory
Severity: Critical
Issued on: 2006-04-14
Last updated on: 2006-04-25
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2006-0748
CVE-2006-0749
CVE-2006-1724
CVE-2006-1727
CVE-2006-1728
CVE-2006-1729
CVE-2006-1730
CVE-2006-1731
CVE-2006-1732
CVE-2006-1733
CVE-2006-1734
CVE-2006-1735
CVE-2006-1737
CVE-2006-1738
CVE-2006-1739
CVE-2006-1740
CVE-2006-1741
CVE-2006-1742
CVE-2006-1790

Details

Updated firefox packages that fix several security bugs are now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

[Updated 24 Apr 2006]
The erratum text has been updated to include CVE-2006-0748, an issue fixed
by these erratum packages but which was not public at the time of release.
No changes have been made to the packages.

Mozilla Firefox is an open source Web browser.

Several bugs were found in the way Firefox processes malformed javascript.
A malicious web page could modify the content of a different open web page,
possibly stealing sensitive information or conducting a cross-site
scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Firefox processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of "chrome", allowing the page to steal
sensitive information or install browser malware. (CVE-2006-1727,
CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)

Several bugs were found in the way Firefox processes malformed web pages.
A carefully crafted malicious web page could cause the execution of
arbitrary code as the user running Firefox. (CVE-2006-0748, CVE-2006-0749,
CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
CVE-2006-1790)

A bug was found in the way Firefox displays the secure site icon. If a
browser is configured to display the non-default secure site modal warning
dialog, it may be possible to trick a user into believing they are viewing
a secure site. (CVE-2006-1740)

A bug was found in the way Firefox allows javascript mutation events on
"input" form elements. A malicious web page could be created in such a way
that when a user submits a form, an arbitrary file could be uploaded to the
attacker. (CVE-2006-1729)

Users of Firefox are advised to upgrade to these updated packages
containing Firefox version 1.0.8 which corrects these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
firefox-1.0.8-1.4.1.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 56b5c27ea2ddbd0867f8ee87eda96cd9
 
IA-32:
firefox-1.0.8-1.4.1.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: d092a0e383f0d171a515cf3c1b50a310
 
x86_64:
firefox-1.0.8-1.4.1.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 2cc4c552d8942f0b7e44457069fbaa67
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
firefox-1.0.8-1.4.1.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 56b5c27ea2ddbd0867f8ee87eda96cd9
 
IA-32:
firefox-1.0.8-1.4.1.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: d092a0e383f0d171a515cf3c1b50a310
 
IA-64:
firefox-1.0.8-1.4.1.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 826bc0089706ec833a75c82dd4c16555
 
PPC:
firefox-1.0.8-1.4.1.ppc.rpm
File outdated by:  RHSA-2012:0142
    MD5: 8c201529a81f5b75c23adc15dca47f9e
 
s390:
firefox-1.0.8-1.4.1.s390.rpm
File outdated by:  RHSA-2012:0142
    MD5: 577c0d3f56cca04343d77eadf5b1680f
 
s390x:
firefox-1.0.8-1.4.1.s390x.rpm
File outdated by:  RHSA-2012:0142
    MD5: 1e31976de69cb4eef9171bbfb1fb7621
 
x86_64:
firefox-1.0.8-1.4.1.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 2cc4c552d8942f0b7e44457069fbaa67
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
firefox-1.0.8-1.4.1.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 56b5c27ea2ddbd0867f8ee87eda96cd9
 
IA-32:
firefox-1.0.8-1.4.1.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: d092a0e383f0d171a515cf3c1b50a310
 
IA-64:
firefox-1.0.8-1.4.1.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 826bc0089706ec833a75c82dd4c16555
 
x86_64:
firefox-1.0.8-1.4.1.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 2cc4c552d8942f0b7e44457069fbaa67
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
firefox-1.0.8-1.4.1.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 56b5c27ea2ddbd0867f8ee87eda96cd9
 
IA-32:
firefox-1.0.8-1.4.1.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: d092a0e383f0d171a515cf3c1b50a310
 
IA-64:
firefox-1.0.8-1.4.1.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 826bc0089706ec833a75c82dd4c16555
 
x86_64:
firefox-1.0.8-1.4.1.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 2cc4c552d8942f0b7e44457069fbaa67
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

183537 - CVE-2006-0749 Firefox Tag Order Vulnerability
188814 - CVE-2006-1741 Cross-site JavaScript injection using event handlers
188816 - CVE-2006-1742 JavaScript garbage-collection hazard audit
188818 - CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739, CVE-2006-1790))
188820 - CVE-2006-1740 Secure-site spoof (requires security warning dialog)
188822 - CVE-2006-1735 Privilege escalation via XBL.method.eval
188824 - CVE-2006-1734 Privilege escalation using a JavaScript function's cloned parent
188826 - CVE-2006-1733 Accessing XBL compilation scope via valueOf.call()
188828 - CVE-2006-1732 cross-site scripting through window.controllers
188830 - CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
188832 - CVE-2006-1731 Cross-site scripting using .valueOf.call()
188834 - CVE-2006-1724 Crashes with evidence of memory corruption (1.5.0.2)
188836 - CVE-2006-1730 CSS Letter-Spacing Heap Overflow Vulnerability
188838 - CVE-2006-1729 File stealing by changing input type
188840 - CVE-2006-1728 Privilege escalation using crypto.generateCRMFRequest
188842 - CVE-2006-1727 Privilege escalation through Print Preview
188844 - CVE-2006-0748 Table Rebuilding Code Execution Vulnerability


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/