Skip to navigation

Security Advisory Critical: firefox security update

Advisory: RHSA-2007:0724-4
Type: Security Advisory
Severity: Critical
Issued on: 2007-07-18
Last updated on: 2007-12-04
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-3089
CVE-2007-3656
CVE-2007-3734
CVE-2007-3735
CVE-2007-3736
CVE-2007-3737
CVE-2007-3738

Details

Updated firefox packages that fix several security bugs are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed
JavaScript code. A web page containing malicious JavaScript code could
cause Firefox to crash or potentially execute arbitrary code as the user
running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738)

Several content injection flaws were found in the way Firefox handled
certain JavaScript code. A web page containing malicious JavaScript code
could inject arbitrary content into other web pages. (CVE-2007-3736,
CVE-2007-3089)

A flaw was found in the way Firefox cached web pages on the local disk. A
malicious web page may be able to inject arbitrary HTML into a browsing
session if the user reloads a targeted site. (CVE-2007-3656)

Users of Firefox are advised to upgrade to these erratum packages, which
contain backported patches that correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
firefox-1.5.0.12-3.el5.src.rpm
File outdated by:  RHSA-2008:0222		     MD5: 9c788fafd5691d3345f053e3134ca2ea
 
IA-32:
firefox-devel-1.5.0.12-3.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: be1322bcd982139d6bd88a739af188a8
 
x86_64:
firefox-devel-1.5.0.12-3.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: be1322bcd982139d6bd88a739af188a8
firefox-devel-1.5.0.12-3.el5.x86_64.rpm
File outdated by:  RHSA-2008:0222		     MD5: ecfcecad587c5b5a87ecb990407768c1
 
Red Hat Desktop (v. 4)
SRPMS:
firefox-1.5.0.12-0.3.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: f07113979e83ca0e3b0f9caa8e34a4a6
 
IA-32:
firefox-1.5.0.12-0.3.el4.i386.rpm
File outdated by:  RHSA-2012:0142		     MD5: 7622fec562eb6248eed19ac4903695fb
 
x86_64:
firefox-1.5.0.12-0.3.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142		     MD5: ee0e7204d23c2a6109baf4610593c5af
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
firefox-1.5.0.12-3.el5.src.rpm
File outdated by:  RHSA-2008:0222		     MD5: 9c788fafd5691d3345f053e3134ca2ea
 
IA-32:
firefox-1.5.0.12-3.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 41f9235be61710608c049fed0c39ba19
firefox-devel-1.5.0.12-3.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: be1322bcd982139d6bd88a739af188a8
 
IA-64:
firefox-1.5.0.12-3.el5.ia64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 6dda2d0463fe1e15117224e263fd8646
firefox-devel-1.5.0.12-3.el5.ia64.rpm
File outdated by:  RHSA-2008:0222		     MD5: 8eacfbf523a9e5bf9f7f5f24232da9bf
 
PPC:
firefox-1.5.0.12-3.el5.ppc.rpm
File outdated by:  RHSA-2013:0820		     MD5: 0e17d445a346697a695c708dd4ff7f77
firefox-devel-1.5.0.12-3.el5.ppc.rpm
File outdated by:  RHSA-2008:0222		     MD5: 8a604711c03a1e383e2dc86689c9b1f6
 
s390x:
firefox-1.5.0.12-3.el5.s390.rpm
File outdated by:  RHSA-2013:0820		     MD5: 85527cdc87805574e6cea54cd997bf08
firefox-1.5.0.12-3.el5.s390x.rpm
File outdated by:  RHSA-2013:0820		     MD5: ce660ba2b2af5bcea03789ce1c197e5f
firefox-devel-1.5.0.12-3.el5.s390.rpm
File outdated by:  RHSA-2008:0222		     MD5: 47818dff9de4c75518ae322ae2887213
firefox-devel-1.5.0.12-3.el5.s390x.rpm
File outdated by:  RHSA-2008:0222		     MD5: 1177441caa8e95e7fffab1fe036f7128
 
x86_64:
firefox-1.5.0.12-3.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 41f9235be61710608c049fed0c39ba19
firefox-1.5.0.12-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 5d2539b4e150e2ebea6c6304a4c08325
firefox-devel-1.5.0.12-3.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: be1322bcd982139d6bd88a739af188a8
firefox-devel-1.5.0.12-3.el5.x86_64.rpm
File outdated by:  RHSA-2008:0222		     MD5: ecfcecad587c5b5a87ecb990407768c1
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
firefox-1.5.0.12-0.3.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: f07113979e83ca0e3b0f9caa8e34a4a6
 
IA-32:
firefox-1.5.0.12-0.3.el4.i386.rpm
File outdated by:  RHSA-2012:0142		     MD5: 7622fec562eb6248eed19ac4903695fb
 
IA-64:
firefox-1.5.0.12-0.3.el4.ia64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 27da182682ae877ea07b154c45ea8edc
 
PPC:
firefox-1.5.0.12-0.3.el4.ppc.rpm
File outdated by:  RHSA-2012:0142		     MD5: 732fe2238d90fd91ae72be8816fe8772
 
s390:
firefox-1.5.0.12-0.3.el4.s390.rpm
File outdated by:  RHSA-2012:0142		     MD5: 666483674e567946cb9c07e202814518
 
s390x:
firefox-1.5.0.12-0.3.el4.s390x.rpm
File outdated by:  RHSA-2012:0142		     MD5: 9af7bbfc652a0e7f6b58b72fa2f598e9
 
x86_64:
firefox-1.5.0.12-0.3.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142		     MD5: ee0e7204d23c2a6109baf4610593c5af
 
Red Hat Enterprise Linux AS (v. 4.5.z)
SRPMS:
firefox-1.5.0.12-0.3.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: f07113979e83ca0e3b0f9caa8e34a4a6
 
IA-32:
firefox-1.5.0.12-0.3.el4.i386.rpm
File outdated by:  RHSA-2008:0598		     MD5: 7622fec562eb6248eed19ac4903695fb
 
IA-64:
firefox-1.5.0.12-0.3.el4.ia64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 27da182682ae877ea07b154c45ea8edc
 
PPC:
firefox-1.5.0.12-0.3.el4.ppc.rpm
File outdated by:  RHSA-2008:0598		     MD5: 732fe2238d90fd91ae72be8816fe8772
 
s390:
firefox-1.5.0.12-0.3.el4.s390.rpm
File outdated by:  RHSA-2008:0598		     MD5: 666483674e567946cb9c07e202814518
 
s390x:
firefox-1.5.0.12-0.3.el4.s390x.rpm
File outdated by:  RHSA-2008:0598		     MD5: 9af7bbfc652a0e7f6b58b72fa2f598e9
 
x86_64:
firefox-1.5.0.12-0.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0598		     MD5: ee0e7204d23c2a6109baf4610593c5af
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
firefox-1.5.0.12-3.el5.src.rpm
File outdated by:  RHSA-2008:0222		     MD5: 9c788fafd5691d3345f053e3134ca2ea
 
IA-32:
firefox-1.5.0.12-3.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 41f9235be61710608c049fed0c39ba19
 
x86_64:
firefox-1.5.0.12-3.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 41f9235be61710608c049fed0c39ba19
firefox-1.5.0.12-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 5d2539b4e150e2ebea6c6304a4c08325
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
firefox-1.5.0.12-0.3.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: f07113979e83ca0e3b0f9caa8e34a4a6
 
IA-32:
firefox-1.5.0.12-0.3.el4.i386.rpm
File outdated by:  RHSA-2012:0142		     MD5: 7622fec562eb6248eed19ac4903695fb
 
IA-64:
firefox-1.5.0.12-0.3.el4.ia64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 27da182682ae877ea07b154c45ea8edc
 
x86_64:
firefox-1.5.0.12-0.3.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142		     MD5: ee0e7204d23c2a6109baf4610593c5af
 
Red Hat Enterprise Linux ES (v. 4.5.z)
SRPMS:
firefox-1.5.0.12-0.3.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: f07113979e83ca0e3b0f9caa8e34a4a6
 
IA-32:
firefox-1.5.0.12-0.3.el4.i386.rpm
File outdated by:  RHSA-2008:0598		     MD5: 7622fec562eb6248eed19ac4903695fb
 
IA-64:
firefox-1.5.0.12-0.3.el4.ia64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 27da182682ae877ea07b154c45ea8edc
 
x86_64:
firefox-1.5.0.12-0.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0598		     MD5: ee0e7204d23c2a6109baf4610593c5af
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
firefox-1.5.0.12-0.3.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: f07113979e83ca0e3b0f9caa8e34a4a6
 
IA-32:
firefox-1.5.0.12-0.3.el4.i386.rpm
File outdated by:  RHSA-2012:0142		     MD5: 7622fec562eb6248eed19ac4903695fb
 
IA-64:
firefox-1.5.0.12-0.3.el4.ia64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 27da182682ae877ea07b154c45ea8edc
 
x86_64:
firefox-1.5.0.12-0.3.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142		     MD5: ee0e7204d23c2a6109baf4610593c5af
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

248518 - CVE-2007-3089 various flaws in mozilla products (CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3656 CVE-2007-3738)


References

https://www.redhat.com/security/data/cve/CVE-2007-3089.html
https://www.redhat.com/security/data/cve/CVE-2007-3656.html
https://www.redhat.com/security/data/cve/CVE-2007-3734.html
https://www.redhat.com/security/data/cve/CVE-2007-3735.html
https://www.redhat.com/security/data/cve/CVE-2007-3736.html
https://www.redhat.com/security/data/cve/CVE-2007-3737.html
https://www.redhat.com/security/data/cve/CVE-2007-3738.html
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/