Synopsis
Critical: firefox security update
Type/Severity
Security Advisory: Critical
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Description
Mozilla Firefox is an open source Web browser.
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)
A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)
Users of Firefox are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
-
Red Hat Enterprise Linux Server 5 x86_64
-
Red Hat Enterprise Linux Server 5 ia64
-
Red Hat Enterprise Linux Server 5 i386
-
Red Hat Enterprise Linux Server 4 x86_64
-
Red Hat Enterprise Linux Server 4 ia64
-
Red Hat Enterprise Linux Server 4 i386
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 ia64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 i386
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 ia64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 i386
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
-
Red Hat Enterprise Linux Workstation 5 x86_64
-
Red Hat Enterprise Linux Workstation 5 i386
-
Red Hat Enterprise Linux Workstation 4 x86_64
-
Red Hat Enterprise Linux Workstation 4 ia64
-
Red Hat Enterprise Linux Workstation 4 i386
-
Red Hat Enterprise Linux Desktop 5 x86_64
-
Red Hat Enterprise Linux Desktop 5 i386
-
Red Hat Enterprise Linux Desktop 4 x86_64
-
Red Hat Enterprise Linux Desktop 4 i386
-
Red Hat Enterprise Linux for IBM z Systems 5 s390x
-
Red Hat Enterprise Linux for IBM z Systems 4 s390x
-
Red Hat Enterprise Linux for IBM z Systems 4 s390
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
-
Red Hat Enterprise Linux for Power, big endian 5 ppc
-
Red Hat Enterprise Linux for Power, big endian 4 ppc
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1 ppc
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6 ppc
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc
-
Red Hat Enterprise Linux Server from RHUI 5 x86_64
-
Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
-
BZ - 394211
- CVE-2007-5947 Mozilla jar: protocol XSS
-
BZ - 394241
- CVE-2007-5959 Multiple flaws in Firefox
-
BZ - 394261
- CVE-2007-5960 Mozilla Cross-site Request Forgery flaw
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 5
SRPM |
firefox-1.5.0.12-7.el5.src.rpm
|
SHA-256: 41e50c0170c31c69c964b2e8d324ac31c0ad82976025a130396d6d608956e9ca |
x86_64 |
firefox-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 1cc22924205165ee1a7964ea1ff30d6257660bd61440a38933cbae61012a31e4 |
firefox-1.5.0.12-7.el5.x86_64.rpm
|
SHA-256: 5cc2ccb80064a1e7caefcb07415204ab0afff0f4044beb0e194a4ca6d1319e2f |
firefox-devel-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 38ff962d8edaa60948f8077a6467b5786757086d0e4a9229c84e64d2d1521958 |
firefox-devel-1.5.0.12-7.el5.x86_64.rpm
|
SHA-256: 062ddf0cd999e192ecde7bc33442626a032cce4cb53d72885128d7d2490f8ff7 |
ia64 |
firefox-1.5.0.12-7.el5.ia64.rpm
|
SHA-256: 3d73970d117576e4b55eb5c69158bf3bd34f509dead1faa3dca222ab3a6c07f9 |
firefox-devel-1.5.0.12-7.el5.ia64.rpm
|
SHA-256: 37a4891ac786e81ea5c7cc1acdb3415abe6ac65d2cedb6dff3bef2fe0efaed4d |
i386 |
firefox-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 1cc22924205165ee1a7964ea1ff30d6257660bd61440a38933cbae61012a31e4 |
firefox-devel-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 38ff962d8edaa60948f8077a6467b5786757086d0e4a9229c84e64d2d1521958 |
Red Hat Enterprise Linux Server 4
SRPM |
firefox-1.5.0.12-0.8.el4.src.rpm
|
SHA-256: 8a2cf3cbd6d4d686be7b5ecc6ab6f4a0f633940e3c92084488a127a7ab0d49c9 |
x86_64 |
firefox-1.5.0.12-0.8.el4.x86_64.rpm
|
SHA-256: e374e8cf27e8916267853f38234807d71807c5ace3f1c16f8e7f03a6bcbbc431 |
firefox-1.5.0.12-0.8.el4.x86_64.rpm
|
SHA-256: e374e8cf27e8916267853f38234807d71807c5ace3f1c16f8e7f03a6bcbbc431 |
ia64 |
firefox-1.5.0.12-0.8.el4.ia64.rpm
|
SHA-256: bc0be10bd26b598bced32184fabd0b168ec998b6add9f93a21337579fd1690f0 |
firefox-1.5.0.12-0.8.el4.ia64.rpm
|
SHA-256: bc0be10bd26b598bced32184fabd0b168ec998b6add9f93a21337579fd1690f0 |
i386 |
firefox-1.5.0.12-0.8.el4.i386.rpm
|
SHA-256: db1044d7fcd0a850fef5fadfb2d42a5a3bca131976c25024891d0ba80b2d07d0 |
firefox-1.5.0.12-0.8.el4.i386.rpm
|
SHA-256: db1044d7fcd0a850fef5fadfb2d42a5a3bca131976c25024891d0ba80b2d07d0 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6
SRPM |
firefox-1.5.0.12-0.8.el4.src.rpm
|
SHA-256: 8a2cf3cbd6d4d686be7b5ecc6ab6f4a0f633940e3c92084488a127a7ab0d49c9 |
x86_64 |
firefox-1.5.0.12-0.8.el4.x86_64.rpm
|
SHA-256: e374e8cf27e8916267853f38234807d71807c5ace3f1c16f8e7f03a6bcbbc431 |
firefox-1.5.0.12-0.8.el4.x86_64.rpm
|
SHA-256: e374e8cf27e8916267853f38234807d71807c5ace3f1c16f8e7f03a6bcbbc431 |
ia64 |
firefox-1.5.0.12-0.8.el4.ia64.rpm
|
SHA-256: bc0be10bd26b598bced32184fabd0b168ec998b6add9f93a21337579fd1690f0 |
firefox-1.5.0.12-0.8.el4.ia64.rpm
|
SHA-256: bc0be10bd26b598bced32184fabd0b168ec998b6add9f93a21337579fd1690f0 |
i386 |
firefox-1.5.0.12-0.8.el4.i386.rpm
|
SHA-256: db1044d7fcd0a850fef5fadfb2d42a5a3bca131976c25024891d0ba80b2d07d0 |
firefox-1.5.0.12-0.8.el4.i386.rpm
|
SHA-256: db1044d7fcd0a850fef5fadfb2d42a5a3bca131976c25024891d0ba80b2d07d0 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5
SRPM |
firefox-1.5.0.12-0.8.el4.src.rpm
|
SHA-256: 8a2cf3cbd6d4d686be7b5ecc6ab6f4a0f633940e3c92084488a127a7ab0d49c9 |
x86_64 |
firefox-1.5.0.12-0.8.el4.x86_64.rpm
|
SHA-256: e374e8cf27e8916267853f38234807d71807c5ace3f1c16f8e7f03a6bcbbc431 |
firefox-1.5.0.12-0.8.el4.x86_64.rpm
|
SHA-256: e374e8cf27e8916267853f38234807d71807c5ace3f1c16f8e7f03a6bcbbc431 |
ia64 |
firefox-1.5.0.12-0.8.el4.ia64.rpm
|
SHA-256: bc0be10bd26b598bced32184fabd0b168ec998b6add9f93a21337579fd1690f0 |
firefox-1.5.0.12-0.8.el4.ia64.rpm
|
SHA-256: bc0be10bd26b598bced32184fabd0b168ec998b6add9f93a21337579fd1690f0 |
i386 |
firefox-1.5.0.12-0.8.el4.i386.rpm
|
SHA-256: db1044d7fcd0a850fef5fadfb2d42a5a3bca131976c25024891d0ba80b2d07d0 |
firefox-1.5.0.12-0.8.el4.i386.rpm
|
SHA-256: db1044d7fcd0a850fef5fadfb2d42a5a3bca131976c25024891d0ba80b2d07d0 |
Red Hat Enterprise Linux Workstation 5
SRPM |
firefox-1.5.0.12-7.el5.src.rpm
|
SHA-256: 41e50c0170c31c69c964b2e8d324ac31c0ad82976025a130396d6d608956e9ca |
x86_64 |
firefox-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 1cc22924205165ee1a7964ea1ff30d6257660bd61440a38933cbae61012a31e4 |
firefox-1.5.0.12-7.el5.x86_64.rpm
|
SHA-256: 5cc2ccb80064a1e7caefcb07415204ab0afff0f4044beb0e194a4ca6d1319e2f |
firefox-devel-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 38ff962d8edaa60948f8077a6467b5786757086d0e4a9229c84e64d2d1521958 |
firefox-devel-1.5.0.12-7.el5.x86_64.rpm
|
SHA-256: 062ddf0cd999e192ecde7bc33442626a032cce4cb53d72885128d7d2490f8ff7 |
i386 |
firefox-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 1cc22924205165ee1a7964ea1ff30d6257660bd61440a38933cbae61012a31e4 |
firefox-devel-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 38ff962d8edaa60948f8077a6467b5786757086d0e4a9229c84e64d2d1521958 |
Red Hat Enterprise Linux Workstation 4
SRPM |
firefox-1.5.0.12-0.8.el4.src.rpm
|
SHA-256: 8a2cf3cbd6d4d686be7b5ecc6ab6f4a0f633940e3c92084488a127a7ab0d49c9 |
x86_64 |
firefox-1.5.0.12-0.8.el4.x86_64.rpm
|
SHA-256: e374e8cf27e8916267853f38234807d71807c5ace3f1c16f8e7f03a6bcbbc431 |
ia64 |
firefox-1.5.0.12-0.8.el4.ia64.rpm
|
SHA-256: bc0be10bd26b598bced32184fabd0b168ec998b6add9f93a21337579fd1690f0 |
i386 |
firefox-1.5.0.12-0.8.el4.i386.rpm
|
SHA-256: db1044d7fcd0a850fef5fadfb2d42a5a3bca131976c25024891d0ba80b2d07d0 |
Red Hat Enterprise Linux Desktop 5
SRPM |
firefox-1.5.0.12-7.el5.src.rpm
|
SHA-256: 41e50c0170c31c69c964b2e8d324ac31c0ad82976025a130396d6d608956e9ca |
x86_64 |
firefox-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 1cc22924205165ee1a7964ea1ff30d6257660bd61440a38933cbae61012a31e4 |
firefox-1.5.0.12-7.el5.x86_64.rpm
|
SHA-256: 5cc2ccb80064a1e7caefcb07415204ab0afff0f4044beb0e194a4ca6d1319e2f |
i386 |
firefox-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 1cc22924205165ee1a7964ea1ff30d6257660bd61440a38933cbae61012a31e4 |
Red Hat Enterprise Linux Desktop 4
SRPM |
firefox-1.5.0.12-0.8.el4.src.rpm
|
SHA-256: 8a2cf3cbd6d4d686be7b5ecc6ab6f4a0f633940e3c92084488a127a7ab0d49c9 |
x86_64 |
firefox-1.5.0.12-0.8.el4.x86_64.rpm
|
SHA-256: e374e8cf27e8916267853f38234807d71807c5ace3f1c16f8e7f03a6bcbbc431 |
i386 |
firefox-1.5.0.12-0.8.el4.i386.rpm
|
SHA-256: db1044d7fcd0a850fef5fadfb2d42a5a3bca131976c25024891d0ba80b2d07d0 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM |
firefox-1.5.0.12-7.el5.src.rpm
|
SHA-256: 41e50c0170c31c69c964b2e8d324ac31c0ad82976025a130396d6d608956e9ca |
s390x |
firefox-1.5.0.12-7.el5.s390.rpm
|
SHA-256: 3f1de3d0124730a5be75d0dd70ebf365357f4b3edc40b0475af4e47eb933e815 |
firefox-1.5.0.12-7.el5.s390x.rpm
|
SHA-256: 02acfbf3c91583c680e53ba48ed7ff6dc06be15b3bff2b4fcc7a6d562fba4ad4 |
firefox-devel-1.5.0.12-7.el5.s390.rpm
|
SHA-256: 7a7f2e191d392f9b4a7256ca278a921c5470ae6251ca7c3cec14b625866d91fc |
firefox-devel-1.5.0.12-7.el5.s390x.rpm
|
SHA-256: f3841d257308d4703518797fb056f1f757e31ab4be310cde48db32e8980a2cd1 |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM |
firefox-1.5.0.12-0.8.el4.src.rpm
|
SHA-256: 8a2cf3cbd6d4d686be7b5ecc6ab6f4a0f633940e3c92084488a127a7ab0d49c9 |
s390x |
firefox-1.5.0.12-0.8.el4.s390x.rpm
|
SHA-256: 1056a12c13595519d7a3595a6e57365c218562ab37b04e4160c7070d79c7e678 |
s390 |
firefox-1.5.0.12-0.8.el4.s390.rpm
|
SHA-256: 9c8afa5602766ebd82e35b0ccc48d28793614f09c9b0d6d7413291ee52d9b974 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6
SRPM |
firefox-1.5.0.12-0.8.el4.src.rpm
|
SHA-256: 8a2cf3cbd6d4d686be7b5ecc6ab6f4a0f633940e3c92084488a127a7ab0d49c9 |
s390x |
firefox-1.5.0.12-0.8.el4.s390x.rpm
|
SHA-256: 1056a12c13595519d7a3595a6e57365c218562ab37b04e4160c7070d79c7e678 |
s390 |
firefox-1.5.0.12-0.8.el4.s390.rpm
|
SHA-256: 9c8afa5602766ebd82e35b0ccc48d28793614f09c9b0d6d7413291ee52d9b974 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5
SRPM |
firefox-1.5.0.12-0.8.el4.src.rpm
|
SHA-256: 8a2cf3cbd6d4d686be7b5ecc6ab6f4a0f633940e3c92084488a127a7ab0d49c9 |
s390x |
firefox-1.5.0.12-0.8.el4.s390x.rpm
|
SHA-256: 1056a12c13595519d7a3595a6e57365c218562ab37b04e4160c7070d79c7e678 |
s390 |
firefox-1.5.0.12-0.8.el4.s390.rpm
|
SHA-256: 9c8afa5602766ebd82e35b0ccc48d28793614f09c9b0d6d7413291ee52d9b974 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM |
firefox-1.5.0.12-7.el5.src.rpm
|
SHA-256: 41e50c0170c31c69c964b2e8d324ac31c0ad82976025a130396d6d608956e9ca |
ppc |
firefox-1.5.0.12-7.el5.ppc.rpm
|
SHA-256: 27e0961913053585dca6fd57a108d50e5008478204b0cf0f245cb7c403a9daee |
firefox-devel-1.5.0.12-7.el5.ppc.rpm
|
SHA-256: 6f8b2d7952ef86b22367d102632793e556f8aec6e98994d9df766e484824a8f9 |
Red Hat Enterprise Linux for Power, big endian 4
SRPM |
firefox-1.5.0.12-0.8.el4.src.rpm
|
SHA-256: 8a2cf3cbd6d4d686be7b5ecc6ab6f4a0f633940e3c92084488a127a7ab0d49c9 |
ppc |
firefox-1.5.0.12-0.8.el4.ppc.rpm
|
SHA-256: d2aa6a07cfe275783c6cbd683b081f01c3d511cf7f34ba8188ced1a9c9aca785 |
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6
SRPM |
firefox-1.5.0.12-0.8.el4.src.rpm
|
SHA-256: 8a2cf3cbd6d4d686be7b5ecc6ab6f4a0f633940e3c92084488a127a7ab0d49c9 |
ppc |
firefox-1.5.0.12-0.8.el4.ppc.rpm
|
SHA-256: d2aa6a07cfe275783c6cbd683b081f01c3d511cf7f34ba8188ced1a9c9aca785 |
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5
SRPM |
firefox-1.5.0.12-0.8.el4.src.rpm
|
SHA-256: 8a2cf3cbd6d4d686be7b5ecc6ab6f4a0f633940e3c92084488a127a7ab0d49c9 |
ppc |
firefox-1.5.0.12-0.8.el4.ppc.rpm
|
SHA-256: d2aa6a07cfe275783c6cbd683b081f01c3d511cf7f34ba8188ced1a9c9aca785 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM |
firefox-1.5.0.12-7.el5.src.rpm
|
SHA-256: 41e50c0170c31c69c964b2e8d324ac31c0ad82976025a130396d6d608956e9ca |
x86_64 |
firefox-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 1cc22924205165ee1a7964ea1ff30d6257660bd61440a38933cbae61012a31e4 |
firefox-1.5.0.12-7.el5.x86_64.rpm
|
SHA-256: 5cc2ccb80064a1e7caefcb07415204ab0afff0f4044beb0e194a4ca6d1319e2f |
firefox-devel-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 38ff962d8edaa60948f8077a6467b5786757086d0e4a9229c84e64d2d1521958 |
firefox-devel-1.5.0.12-7.el5.x86_64.rpm
|
SHA-256: 062ddf0cd999e192ecde7bc33442626a032cce4cb53d72885128d7d2490f8ff7 |
i386 |
firefox-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 1cc22924205165ee1a7964ea1ff30d6257660bd61440a38933cbae61012a31e4 |
firefox-devel-1.5.0.12-7.el5.i386.rpm
|
SHA-256: 38ff962d8edaa60948f8077a6467b5786757086d0e4a9229c84e64d2d1521958 |