Skip to navigation

Security Advisory Critical: firefox security update

Advisory: RHSA-2007:0400-3
Type: Security Advisory
Severity: Critical
Issued on: 2007-05-30
Last updated on: 2007-05-30
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-1362
CVE-2007-1562
CVE-2007-2867
CVE-2007-2868
CVE-2007-2869
CVE-2007-2870
CVE-2007-2871

Details

Updated firefox packages that fix several security bugs are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed
JavaScript code. A web page containing malicious JavaScript code could
cause Firefox to crash or potentially execute arbitrary code as the user
running Firefox. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV commands. A
malicious FTP server could use this flaw to perform a rudimentary
port-scan of machines behind a user's firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way Firefox handled
certain form and cookie data. A malicious web site that is able to set
arbitrary form and cookie data could prevent Firefox from
functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the addEventListener
JavaScript method. A malicious web site could use this method to access or
modify sensitive data from another web site. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web content. A
malicious web page could generate content that would overlay user
interface elements such as the hostname and security indicators, tricking
users into thinking they are visiting a different site. (CVE-2007-2871)

Users of Firefox are advised to upgrade to these erratum packages, which
contain Firefox version 1.5.0.12 that corrects these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
devhelp-0.12-11.el5.src.rpm
File outdated by:  RHSA-2013:0271		     MD5: 85adab21471a9e46c5d0cb5816bbbcff
firefox-1.5.0.12-1.el5.src.rpm
File outdated by:  RHSA-2008:0222		     MD5: b0645efeba60c77ad740a212d465b453
 
IA-32:
devhelp-devel-0.12-11.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: 77fe09441514cd6482f4596362485343
firefox-devel-1.5.0.12-1.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: fa39c7e1fd6232e62b3d9a4f53acbc9b
 
x86_64:
devhelp-devel-0.12-11.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: 77fe09441514cd6482f4596362485343
devhelp-devel-0.12-11.el5.x86_64.rpm
File outdated by:  RHSA-2013:0271		     MD5: 141d1df1f9e83521808efafd42f944fc
firefox-devel-1.5.0.12-1.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: fa39c7e1fd6232e62b3d9a4f53acbc9b
firefox-devel-1.5.0.12-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:0222		     MD5: e048eb9adb9dd967d1630c1fe4778f98
 
Red Hat Desktop (v. 4)
SRPMS:
firefox-1.5.0.12-0.1.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: b65c0e149c9a2a99e4dd19f127301bcc
 
IA-32:
firefox-1.5.0.12-0.1.el4.i386.rpm
File outdated by:  RHSA-2012:0142		     MD5: 86978cc9d7fe03d6826c77516ebdadf0
 
x86_64:
firefox-1.5.0.12-0.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 99e6f6963881507969dfc748202452df
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
devhelp-0.12-11.el5.src.rpm
File outdated by:  RHSA-2013:0271		     MD5: 85adab21471a9e46c5d0cb5816bbbcff
firefox-1.5.0.12-1.el5.src.rpm
File outdated by:  RHSA-2008:0222		     MD5: b0645efeba60c77ad740a212d465b453
yelp-2.16.0-15.el5.src.rpm
File outdated by:  RHSA-2013:0271		     MD5: ed0f92a5a1721891f10cfadf08b3782f
 
IA-32:
devhelp-0.12-11.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: b7958042531e8f6b5931605a0f2d17fc
devhelp-devel-0.12-11.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: 77fe09441514cd6482f4596362485343
firefox-1.5.0.12-1.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 7b959d51178a768c437bdc1fd1dc3e3c
firefox-devel-1.5.0.12-1.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: fa39c7e1fd6232e62b3d9a4f53acbc9b
yelp-2.16.0-15.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: c0e883b6c8d47a1fbce33dc3133161de
 
IA-64:
devhelp-0.12-11.el5.ia64.rpm
File outdated by:  RHSA-2013:0271		     MD5: bb162cf991018497ba2107bd312acb48
devhelp-devel-0.12-11.el5.ia64.rpm
File outdated by:  RHSA-2013:0271		     MD5: b565891923dc59b5d4d8d1e9261dba0b
firefox-1.5.0.12-1.el5.ia64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 76e85b583ef60111b84983938e96004d
firefox-devel-1.5.0.12-1.el5.ia64.rpm
File outdated by:  RHSA-2008:0222		     MD5: 035d9cf222fe66a807e63c1d346376ac
yelp-2.16.0-15.el5.ia64.rpm
File outdated by:  RHSA-2013:0271		     MD5: e1fc1489d821f1175b30f7af2bf80bb2
 
PPC:
devhelp-0.12-11.el5.ppc.rpm
File outdated by:  RHSA-2013:0271		     MD5: 71d19c30096ca87d8fbc8740652e9a00
devhelp-devel-0.12-11.el5.ppc.rpm
File outdated by:  RHSA-2013:0271		     MD5: 6aefe858236f2e1e1406cd5fea314d02
firefox-1.5.0.12-1.el5.ppc.rpm
File outdated by:  RHSA-2013:0820		     MD5: 88a37e6d10a175a50737a8b6c767c561
firefox-devel-1.5.0.12-1.el5.ppc.rpm
File outdated by:  RHSA-2008:0222		     MD5: cf551a704d6cc2f33ce8086dcb6f4884
yelp-2.16.0-15.el5.ppc.rpm
File outdated by:  RHSA-2013:0271		     MD5: 2fda60703e56ff7998740ce624c4157c
 
s390x:
devhelp-0.12-11.el5.s390.rpm
File outdated by:  RHSA-2013:0271		     MD5: 96802b267541ad3c0d5d8253eac7a0f6
devhelp-0.12-11.el5.s390x.rpm
File outdated by:  RHSA-2013:0271		     MD5: 25fdb9f47687b447a85fdabdf9df80e5
devhelp-devel-0.12-11.el5.s390.rpm
File outdated by:  RHSA-2013:0271		     MD5: fa7ccd2ecc5ef946a26963e99fbb5ce1
devhelp-devel-0.12-11.el5.s390x.rpm
File outdated by:  RHSA-2013:0271		     MD5: b4f3cbab3249f5e63c659a4787f76af1
firefox-1.5.0.12-1.el5.s390.rpm
File outdated by:  RHSA-2013:0820		     MD5: 7ea83a23a6e3de26b34d0585b7c12d10
firefox-1.5.0.12-1.el5.s390x.rpm
File outdated by:  RHSA-2013:0820		     MD5: bd45b8871ccbcbc35ff43b25a36210fa
firefox-devel-1.5.0.12-1.el5.s390.rpm
File outdated by:  RHSA-2008:0222		     MD5: 71196dd2cad1dc1b89b1354937abfa22
firefox-devel-1.5.0.12-1.el5.s390x.rpm
File outdated by:  RHSA-2008:0222		     MD5: fdb884e4d38b109868c6d7445b8c454b
yelp-2.16.0-15.el5.s390x.rpm
File outdated by:  RHSA-2013:0271		     MD5: 1b84f778dcc83da7ca2a3fd4a92206a1
 
x86_64:
devhelp-0.12-11.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: b7958042531e8f6b5931605a0f2d17fc
devhelp-0.12-11.el5.x86_64.rpm
File outdated by:  RHSA-2013:0271		     MD5: 47012533019d250c132ebbd97e87d227
devhelp-devel-0.12-11.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: 77fe09441514cd6482f4596362485343
devhelp-devel-0.12-11.el5.x86_64.rpm
File outdated by:  RHSA-2013:0271		     MD5: 141d1df1f9e83521808efafd42f944fc
firefox-1.5.0.12-1.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 7b959d51178a768c437bdc1fd1dc3e3c
firefox-1.5.0.12-1.el5.x86_64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 244bb754d6039cc48c144c5f45052260
firefox-devel-1.5.0.12-1.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: fa39c7e1fd6232e62b3d9a4f53acbc9b
firefox-devel-1.5.0.12-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:0222		     MD5: e048eb9adb9dd967d1630c1fe4778f98
yelp-2.16.0-15.el5.x86_64.rpm
File outdated by:  RHSA-2013:0271		     MD5: 35f3463a249179df63b98239cf4e3cbc
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
firefox-1.5.0.12-0.1.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: b65c0e149c9a2a99e4dd19f127301bcc
 
IA-32:
firefox-1.5.0.12-0.1.el4.i386.rpm
File outdated by:  RHSA-2012:0142		     MD5: 86978cc9d7fe03d6826c77516ebdadf0
 
IA-64:
firefox-1.5.0.12-0.1.el4.ia64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 91a38b7498a5e459ad2be38100282550
 
PPC:
firefox-1.5.0.12-0.1.el4.ppc.rpm
File outdated by:  RHSA-2012:0142		     MD5: 30e7be931ea1331c2971df5e108e50eb
 
s390:
firefox-1.5.0.12-0.1.el4.s390.rpm
File outdated by:  RHSA-2012:0142		     MD5: efb2e30a6beedd50881f3ec66db89d48
 
s390x:
firefox-1.5.0.12-0.1.el4.s390x.rpm
File outdated by:  RHSA-2012:0142		     MD5: 7abeac347fe36f9b99c2da0e7297407b
 
x86_64:
firefox-1.5.0.12-0.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 99e6f6963881507969dfc748202452df
 
Red Hat Enterprise Linux AS (v. 4.5.z)
SRPMS:
firefox-1.5.0.12-0.1.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: b65c0e149c9a2a99e4dd19f127301bcc
 
IA-32:
firefox-1.5.0.12-0.1.el4.i386.rpm
File outdated by:  RHSA-2008:0598		     MD5: 86978cc9d7fe03d6826c77516ebdadf0
 
IA-64:
firefox-1.5.0.12-0.1.el4.ia64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 91a38b7498a5e459ad2be38100282550
 
PPC:
firefox-1.5.0.12-0.1.el4.ppc.rpm
File outdated by:  RHSA-2008:0598		     MD5: 30e7be931ea1331c2971df5e108e50eb
 
s390:
firefox-1.5.0.12-0.1.el4.s390.rpm
File outdated by:  RHSA-2008:0598		     MD5: efb2e30a6beedd50881f3ec66db89d48
 
s390x:
firefox-1.5.0.12-0.1.el4.s390x.rpm
File outdated by:  RHSA-2008:0598		     MD5: 7abeac347fe36f9b99c2da0e7297407b
 
x86_64:
firefox-1.5.0.12-0.1.el4.x86_64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 99e6f6963881507969dfc748202452df
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
devhelp-0.12-11.el5.src.rpm
File outdated by:  RHSA-2013:0271		     MD5: 85adab21471a9e46c5d0cb5816bbbcff
firefox-1.5.0.12-1.el5.src.rpm
File outdated by:  RHSA-2008:0222		     MD5: b0645efeba60c77ad740a212d465b453
yelp-2.16.0-15.el5.src.rpm
File outdated by:  RHSA-2013:0271		     MD5: ed0f92a5a1721891f10cfadf08b3782f
 
IA-32:
devhelp-0.12-11.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: b7958042531e8f6b5931605a0f2d17fc
firefox-1.5.0.12-1.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 7b959d51178a768c437bdc1fd1dc3e3c
yelp-2.16.0-15.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: c0e883b6c8d47a1fbce33dc3133161de
 
x86_64:
devhelp-0.12-11.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: b7958042531e8f6b5931605a0f2d17fc
devhelp-0.12-11.el5.x86_64.rpm
File outdated by:  RHSA-2013:0271		     MD5: 47012533019d250c132ebbd97e87d227
firefox-1.5.0.12-1.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 7b959d51178a768c437bdc1fd1dc3e3c
firefox-1.5.0.12-1.el5.x86_64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 244bb754d6039cc48c144c5f45052260
yelp-2.16.0-15.el5.x86_64.rpm
File outdated by:  RHSA-2013:0271		     MD5: 35f3463a249179df63b98239cf4e3cbc
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
firefox-1.5.0.12-0.1.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: b65c0e149c9a2a99e4dd19f127301bcc
 
IA-32:
firefox-1.5.0.12-0.1.el4.i386.rpm
File outdated by:  RHSA-2012:0142		     MD5: 86978cc9d7fe03d6826c77516ebdadf0
 
IA-64:
firefox-1.5.0.12-0.1.el4.ia64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 91a38b7498a5e459ad2be38100282550
 
x86_64:
firefox-1.5.0.12-0.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 99e6f6963881507969dfc748202452df
 
Red Hat Enterprise Linux ES (v. 4.5.z)
SRPMS:
firefox-1.5.0.12-0.1.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: b65c0e149c9a2a99e4dd19f127301bcc
 
IA-32:
firefox-1.5.0.12-0.1.el4.i386.rpm
File outdated by:  RHSA-2008:0598		     MD5: 86978cc9d7fe03d6826c77516ebdadf0
 
IA-64:
firefox-1.5.0.12-0.1.el4.ia64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 91a38b7498a5e459ad2be38100282550
 
x86_64:
firefox-1.5.0.12-0.1.el4.x86_64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 99e6f6963881507969dfc748202452df
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
firefox-1.5.0.12-0.1.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: b65c0e149c9a2a99e4dd19f127301bcc
 
IA-32:
firefox-1.5.0.12-0.1.el4.i386.rpm
File outdated by:  RHSA-2012:0142		     MD5: 86978cc9d7fe03d6826c77516ebdadf0
 
IA-64:
firefox-1.5.0.12-0.1.el4.ia64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 91a38b7498a5e459ad2be38100282550
 
x86_64:
firefox-1.5.0.12-0.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 99e6f6963881507969dfc748202452df
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

241670 - CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)


References

https://www.redhat.com/security/data/cve/CVE-2007-1362.html
https://www.redhat.com/security/data/cve/CVE-2007-1562.html
https://www.redhat.com/security/data/cve/CVE-2007-2867.html
https://www.redhat.com/security/data/cve/CVE-2007-2868.html
https://www.redhat.com/security/data/cve/CVE-2007-2869.html
https://www.redhat.com/security/data/cve/CVE-2007-2870.html
https://www.redhat.com/security/data/cve/CVE-2007-2871.html
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/