Skip to navigation

Security Advisory Critical: firefox security update

Advisory: RHSA-2007:1082-5
Type: Security Advisory
Severity: Critical
Issued on: 2007-11-26
Last updated on: 2007-11-26
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux AS (v. 4.6.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 4.6.z)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-5947
CVE-2007-5959
CVE-2007-5960

Details

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
firefox-1.5.0.12-7.el5.src.rpm
File outdated by:  RHSA-2008:0222		     MD5: 9e6f9f8659b25e6420a1f395bbe09896
 
IA-32:
firefox-devel-1.5.0.12-7.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: 06509ba586d9f37e71483107137f7843
 
x86_64:
firefox-devel-1.5.0.12-7.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: 06509ba586d9f37e71483107137f7843
firefox-devel-1.5.0.12-7.el5.x86_64.rpm
File outdated by:  RHSA-2008:0222		     MD5: ca90b71f3c70b0543a91cea11aec9b08
 
Red Hat Desktop (v. 4)
SRPMS:
firefox-1.5.0.12-0.8.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: e2c978d4b14f9cf19a8e39de02583008
 
IA-32:
firefox-1.5.0.12-0.8.el4.i386.rpm
File outdated by:  RHSA-2012:0142		     MD5: 7c65767dfdaed3f752ff8d2432bbbb87
 
x86_64:
firefox-1.5.0.12-0.8.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 07ae1640a44aed479a5d6afb668ed6ee
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
firefox-1.5.0.12-7.el5.src.rpm
File outdated by:  RHSA-2008:0222		     MD5: 9e6f9f8659b25e6420a1f395bbe09896
 
IA-32:
firefox-1.5.0.12-7.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: e1b690ba4dfdd41e20aacfbb9d8fbb9a
firefox-devel-1.5.0.12-7.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: 06509ba586d9f37e71483107137f7843
 
IA-64:
firefox-1.5.0.12-7.el5.ia64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 695649f81669a4bafb978c88c642a39d
firefox-devel-1.5.0.12-7.el5.ia64.rpm
File outdated by:  RHSA-2008:0222		     MD5: e83a2c4bbf2b8a8047eff54a92c73cf0
 
PPC:
firefox-1.5.0.12-7.el5.ppc.rpm
File outdated by:  RHSA-2013:0820		     MD5: 2cd4f2936f18ce3aadc7738dcd1f64a5
firefox-devel-1.5.0.12-7.el5.ppc.rpm
File outdated by:  RHSA-2008:0222		     MD5: f974e753a4a1406e0f2c765bd1c6a903
 
s390x:
firefox-1.5.0.12-7.el5.s390.rpm
File outdated by:  RHSA-2013:0820		     MD5: 275ec90ac2e5119ef3a368f3635a6bed
firefox-1.5.0.12-7.el5.s390x.rpm
File outdated by:  RHSA-2013:0820		     MD5: f555a92ba6d9ccdab5b4f02dc6e0d486
firefox-devel-1.5.0.12-7.el5.s390.rpm
File outdated by:  RHSA-2008:0222		     MD5: 6047f5e8ba382cca4e49bd203382ff33
firefox-devel-1.5.0.12-7.el5.s390x.rpm
File outdated by:  RHSA-2008:0222		     MD5: 9ecba47676489b65b5975f32c3332d0f
 
x86_64:
firefox-1.5.0.12-7.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: e1b690ba4dfdd41e20aacfbb9d8fbb9a
firefox-1.5.0.12-7.el5.x86_64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 88f3e7c170437da320696055350436dc
firefox-devel-1.5.0.12-7.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: 06509ba586d9f37e71483107137f7843
firefox-devel-1.5.0.12-7.el5.x86_64.rpm
File outdated by:  RHSA-2008:0222		     MD5: ca90b71f3c70b0543a91cea11aec9b08
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
firefox-1.5.0.12-0.8.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: e2c978d4b14f9cf19a8e39de02583008
 
IA-32:
firefox-1.5.0.12-0.8.el4.i386.rpm
File outdated by:  RHSA-2012:0142		     MD5: 7c65767dfdaed3f752ff8d2432bbbb87
 
IA-64:
firefox-1.5.0.12-0.8.el4.ia64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 1cf6f4a4b1555f8da1c9f6a69ad7f51a
 
PPC:
firefox-1.5.0.12-0.8.el4.ppc.rpm
File outdated by:  RHSA-2012:0142		     MD5: 2849e6a776fe9d7427f373d2634051bd
 
s390:
firefox-1.5.0.12-0.8.el4.s390.rpm
File outdated by:  RHSA-2012:0142		     MD5: 39c83103495fb726421799de80f8553d
 
s390x:
firefox-1.5.0.12-0.8.el4.s390x.rpm
File outdated by:  RHSA-2012:0142		     MD5: 719c9da1a4d6c07b5ffa970859d687bf
 
x86_64:
firefox-1.5.0.12-0.8.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 07ae1640a44aed479a5d6afb668ed6ee
 
Red Hat Enterprise Linux AS (v. 4.5.z)
SRPMS:
firefox-1.5.0.12-0.8.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: e2c978d4b14f9cf19a8e39de02583008
 
IA-32:
firefox-1.5.0.12-0.8.el4.i386.rpm
File outdated by:  RHSA-2008:0598		     MD5: 7c65767dfdaed3f752ff8d2432bbbb87
 
IA-64:
firefox-1.5.0.12-0.8.el4.ia64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 1cf6f4a4b1555f8da1c9f6a69ad7f51a
 
PPC:
firefox-1.5.0.12-0.8.el4.ppc.rpm
File outdated by:  RHSA-2008:0598		     MD5: 2849e6a776fe9d7427f373d2634051bd
 
s390:
firefox-1.5.0.12-0.8.el4.s390.rpm
File outdated by:  RHSA-2008:0598		     MD5: 39c83103495fb726421799de80f8553d
 
s390x:
firefox-1.5.0.12-0.8.el4.s390x.rpm
File outdated by:  RHSA-2008:0598		     MD5: 719c9da1a4d6c07b5ffa970859d687bf
 
x86_64:
firefox-1.5.0.12-0.8.el4.x86_64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 07ae1640a44aed479a5d6afb668ed6ee
 
Red Hat Enterprise Linux AS (v. 4.6.z)
SRPMS:
firefox-1.5.0.12-0.8.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: e2c978d4b14f9cf19a8e39de02583008
 
IA-32:
firefox-1.5.0.12-0.8.el4.i386.rpm
File outdated by:  RHSA-2008:0598		     MD5: 7c65767dfdaed3f752ff8d2432bbbb87
 
IA-64:
firefox-1.5.0.12-0.8.el4.ia64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 1cf6f4a4b1555f8da1c9f6a69ad7f51a
 
PPC:
firefox-1.5.0.12-0.8.el4.ppc.rpm
File outdated by:  RHSA-2008:0598		     MD5: 2849e6a776fe9d7427f373d2634051bd
 
s390:
firefox-1.5.0.12-0.8.el4.s390.rpm
File outdated by:  RHSA-2008:0598		     MD5: 39c83103495fb726421799de80f8553d
 
s390x:
firefox-1.5.0.12-0.8.el4.s390x.rpm
File outdated by:  RHSA-2008:0598		     MD5: 719c9da1a4d6c07b5ffa970859d687bf
 
x86_64:
firefox-1.5.0.12-0.8.el4.x86_64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 07ae1640a44aed479a5d6afb668ed6ee
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
firefox-1.5.0.12-7.el5.src.rpm
File outdated by:  RHSA-2008:0222		     MD5: 9e6f9f8659b25e6420a1f395bbe09896
 
IA-32:
firefox-1.5.0.12-7.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: e1b690ba4dfdd41e20aacfbb9d8fbb9a
 
x86_64:
firefox-1.5.0.12-7.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: e1b690ba4dfdd41e20aacfbb9d8fbb9a
firefox-1.5.0.12-7.el5.x86_64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 88f3e7c170437da320696055350436dc
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
firefox-1.5.0.12-0.8.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: e2c978d4b14f9cf19a8e39de02583008
 
IA-32:
firefox-1.5.0.12-0.8.el4.i386.rpm
File outdated by:  RHSA-2012:0142		     MD5: 7c65767dfdaed3f752ff8d2432bbbb87
 
IA-64:
firefox-1.5.0.12-0.8.el4.ia64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 1cf6f4a4b1555f8da1c9f6a69ad7f51a
 
x86_64:
firefox-1.5.0.12-0.8.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 07ae1640a44aed479a5d6afb668ed6ee
 
Red Hat Enterprise Linux ES (v. 4.5.z)
SRPMS:
firefox-1.5.0.12-0.8.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: e2c978d4b14f9cf19a8e39de02583008
 
IA-32:
firefox-1.5.0.12-0.8.el4.i386.rpm
File outdated by:  RHSA-2008:0598		     MD5: 7c65767dfdaed3f752ff8d2432bbbb87
 
IA-64:
firefox-1.5.0.12-0.8.el4.ia64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 1cf6f4a4b1555f8da1c9f6a69ad7f51a
 
x86_64:
firefox-1.5.0.12-0.8.el4.x86_64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 07ae1640a44aed479a5d6afb668ed6ee
 
Red Hat Enterprise Linux ES (v. 4.6.z)
SRPMS:
firefox-1.5.0.12-0.8.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: e2c978d4b14f9cf19a8e39de02583008
 
IA-32:
firefox-1.5.0.12-0.8.el4.i386.rpm
File outdated by:  RHSA-2008:0598		     MD5: 7c65767dfdaed3f752ff8d2432bbbb87
 
IA-64:
firefox-1.5.0.12-0.8.el4.ia64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 1cf6f4a4b1555f8da1c9f6a69ad7f51a
 
x86_64:
firefox-1.5.0.12-0.8.el4.x86_64.rpm
File outdated by:  RHSA-2008:0598		     MD5: 07ae1640a44aed479a5d6afb668ed6ee
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)
SRPMS:
firefox-1.5.0.12-7.el5.src.rpm
File outdated by:  RHSA-2008:0222		     MD5: 9e6f9f8659b25e6420a1f395bbe09896
 
IA-32:
firefox-1.5.0.12-7.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: e1b690ba4dfdd41e20aacfbb9d8fbb9a
firefox-devel-1.5.0.12-7.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: 06509ba586d9f37e71483107137f7843
 
IA-64:
firefox-1.5.0.12-7.el5.ia64.rpm
File outdated by:  RHSA-2008:0222		     MD5: 695649f81669a4bafb978c88c642a39d
firefox-devel-1.5.0.12-7.el5.ia64.rpm
File outdated by:  RHSA-2008:0222		     MD5: e83a2c4bbf2b8a8047eff54a92c73cf0
 
PPC:
firefox-1.5.0.12-7.el5.ppc.rpm
File outdated by:  RHSA-2008:0222		     MD5: 2cd4f2936f18ce3aadc7738dcd1f64a5
firefox-devel-1.5.0.12-7.el5.ppc.rpm
File outdated by:  RHSA-2008:0222		     MD5: f974e753a4a1406e0f2c765bd1c6a903
 
s390x:
firefox-1.5.0.12-7.el5.s390.rpm
File outdated by:  RHSA-2008:0222		     MD5: 275ec90ac2e5119ef3a368f3635a6bed
firefox-1.5.0.12-7.el5.s390x.rpm
File outdated by:  RHSA-2008:0222		     MD5: f555a92ba6d9ccdab5b4f02dc6e0d486
firefox-devel-1.5.0.12-7.el5.s390.rpm
File outdated by:  RHSA-2008:0222		     MD5: 6047f5e8ba382cca4e49bd203382ff33
firefox-devel-1.5.0.12-7.el5.s390x.rpm
File outdated by:  RHSA-2008:0222		     MD5: 9ecba47676489b65b5975f32c3332d0f
 
x86_64:
firefox-1.5.0.12-7.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: e1b690ba4dfdd41e20aacfbb9d8fbb9a
firefox-1.5.0.12-7.el5.x86_64.rpm
File outdated by:  RHSA-2008:0222		     MD5: 88f3e7c170437da320696055350436dc
firefox-devel-1.5.0.12-7.el5.i386.rpm
File outdated by:  RHSA-2008:0222		     MD5: 06509ba586d9f37e71483107137f7843
firefox-devel-1.5.0.12-7.el5.x86_64.rpm
File outdated by:  RHSA-2008:0222		     MD5: ca90b71f3c70b0543a91cea11aec9b08
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
firefox-1.5.0.12-0.8.el4.src.rpm
File outdated by:  RHSA-2012:0142		     MD5: e2c978d4b14f9cf19a8e39de02583008
 
IA-32:
firefox-1.5.0.12-0.8.el4.i386.rpm
File outdated by:  RHSA-2012:0142		     MD5: 7c65767dfdaed3f752ff8d2432bbbb87
 
IA-64:
firefox-1.5.0.12-0.8.el4.ia64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 1cf6f4a4b1555f8da1c9f6a69ad7f51a
 
x86_64:
firefox-1.5.0.12-0.8.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142		     MD5: 07ae1640a44aed479a5d6afb668ed6ee
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

394211 - CVE-2007-5947 Mozilla jar: protocol XSS
394241 - CVE-2007-5959 Multiple flaws in Firefox
394261 - CVE-2007-5960 Mozilla Cross-site Request Forgery flaw


References

https://www.redhat.com/security/data/cve/CVE-2007-5947.html
https://www.redhat.com/security/data/cve/CVE-2007-5959.html
https://www.redhat.com/security/data/cve/CVE-2007-5960.html
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/