Skip to navigation

Security Advisory Critical: firefox security update

Advisory: RHSA-2008:0103-7
Type: Security Advisory
Severity: Critical
Issued on: 2008-02-07
Last updated on: 2008-02-07
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.6.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.6.z)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2008-0412
CVE-2008-0413
CVE-2008-0415
CVE-2008-0416
CVE-2008-0417
CVE-2008-0418
CVE-2008-0419
CVE-2008-0420
CVE-2008-0591
CVE-2008-0592
CVE-2008-0593

Details

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)

Several flaws were found in the way Firefox displayed malformed web
content. A webpage containing specially-crafted content could trick a user
into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)

A flaw was found in the way Firefox stored password data. If a user saves
login information for a malicious website, it could be possible to corrupt
the password database, preventing the user from properly accessing saved
password data. (CVE-2008-0417)

A flaw was found in the way Firefox handles certain chrome URLs. If a user
has certain extensions installed, it could allow a malicious website to
steal sensitive session data. Note: this flaw does not affect a default
installation of Firefox. (CVE-2008-0418)

A flaw was found in the way Firefox saves certain text files. If a
website offers a file of type "plain/text", rather than "text/plain",
Firefox will not show future "text/plain" content to the user in the
browser, forcing them to save those files locally to view the content.
(CVE-2008-0592)

Users of firefox are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
firefox-1.5.0.12-9.el5.src.rpm
File outdated by:  RHSA-2008:0222
    MD5: ef0760d08757233d7b66be192a7c66c2
 
IA-32:
firefox-devel-1.5.0.12-9.el5.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: 1bb7eb880086ff119a405a56895275ce
 
x86_64:
firefox-devel-1.5.0.12-9.el5.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: 1bb7eb880086ff119a405a56895275ce
firefox-devel-1.5.0.12-9.el5.x86_64.rpm
File outdated by:  RHSA-2008:0222
    MD5: 006b67dcb77c4682caa69f705a184a0b
 
Red Hat Desktop (v. 4)

SRPMS:
firefox-1.5.0.12-0.10.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6d882e2b400bc99bd4604f79fad1b269
 
IA-32:
firefox-1.5.0.12-0.10.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: aa34ca7e1e8b9d59169350f1626e0499
 
x86_64:
firefox-1.5.0.12-0.10.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: d060488f560fdf250253913a3e6b7f61
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
firefox-1.5.0.12-9.el5.src.rpm
File outdated by:  RHSA-2008:0222
    MD5: ef0760d08757233d7b66be192a7c66c2
 
IA-32:
firefox-1.5.0.12-9.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 98156de9c8786d12f21557381c505468
firefox-devel-1.5.0.12-9.el5.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: 1bb7eb880086ff119a405a56895275ce
 
IA-64:
firefox-1.5.0.12-9.el5.ia64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 347fd862db0318d801529e744b298548
firefox-devel-1.5.0.12-9.el5.ia64.rpm
File outdated by:  RHSA-2008:0222
    MD5: 7fbe8ac09c6ffebb7063d05d0e6a45ee
 
PPC:
firefox-1.5.0.12-9.el5.ppc.rpm
File outdated by:  RHSA-2014:0310
    MD5: 14b94cd140c6021fafb4f0112e0afa49
firefox-devel-1.5.0.12-9.el5.ppc.rpm
File outdated by:  RHSA-2008:0222
    MD5: 2311468caa7f94365f0997768ff49ff9
 
s390x:
firefox-1.5.0.12-9.el5.s390.rpm
File outdated by:  RHSA-2014:0310
    MD5: 089d916d5b7690ad2eb9d7e7dc1102fd
firefox-1.5.0.12-9.el5.s390x.rpm
File outdated by:  RHSA-2014:0310
    MD5: 5334c215fbaf2e9494a796b05c717b36
firefox-devel-1.5.0.12-9.el5.s390.rpm
File outdated by:  RHSA-2008:0222
    MD5: 94f5873fa979d6467806f549dff63e58
firefox-devel-1.5.0.12-9.el5.s390x.rpm
File outdated by:  RHSA-2008:0222
    MD5: 46bd369a60187973eb7118afbdca2fba
 
x86_64:
firefox-1.5.0.12-9.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 98156de9c8786d12f21557381c505468
firefox-1.5.0.12-9.el5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 7feb239e773cd8630494b49915ba664d
firefox-devel-1.5.0.12-9.el5.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: 1bb7eb880086ff119a405a56895275ce
firefox-devel-1.5.0.12-9.el5.x86_64.rpm
File outdated by:  RHSA-2008:0222
    MD5: 006b67dcb77c4682caa69f705a184a0b
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
firefox-1.5.0.12-0.10.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6d882e2b400bc99bd4604f79fad1b269
 
IA-32:
firefox-1.5.0.12-0.10.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: aa34ca7e1e8b9d59169350f1626e0499
 
IA-64:
firefox-1.5.0.12-0.10.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 41ca2561ffb75fae0a406c807cc2559b
 
PPC:
firefox-1.5.0.12-0.10.el4.ppc.rpm
File outdated by:  RHSA-2012:0142
    MD5: ba2f0b1d7fcc09c3a43edc18aa828fcf
 
s390:
firefox-1.5.0.12-0.10.el4.s390.rpm
File outdated by:  RHSA-2012:0142
    MD5: d378bb6c19aad6c52c2dee2c7acaccf3
 
s390x:
firefox-1.5.0.12-0.10.el4.s390x.rpm
File outdated by:  RHSA-2012:0142
    MD5: 531c070b0c9a60444539ff9d1b6fa965
 
x86_64:
firefox-1.5.0.12-0.10.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: d060488f560fdf250253913a3e6b7f61
 
Red Hat Enterprise Linux AS (v. 4.6.z)

SRPMS:
firefox-1.5.0.12-0.10.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6d882e2b400bc99bd4604f79fad1b269
 
IA-32:
firefox-1.5.0.12-0.10.el4.i386.rpm
File outdated by:  RHSA-2008:0598
    MD5: aa34ca7e1e8b9d59169350f1626e0499
 
IA-64:
firefox-1.5.0.12-0.10.el4.ia64.rpm
File outdated by:  RHSA-2008:0598
    MD5: 41ca2561ffb75fae0a406c807cc2559b
 
PPC:
firefox-1.5.0.12-0.10.el4.ppc.rpm
File outdated by:  RHSA-2008:0598
    MD5: ba2f0b1d7fcc09c3a43edc18aa828fcf
 
s390:
firefox-1.5.0.12-0.10.el4.s390.rpm
File outdated by:  RHSA-2008:0598
    MD5: d378bb6c19aad6c52c2dee2c7acaccf3
 
s390x:
firefox-1.5.0.12-0.10.el4.s390x.rpm
File outdated by:  RHSA-2008:0598
    MD5: 531c070b0c9a60444539ff9d1b6fa965
 
x86_64:
firefox-1.5.0.12-0.10.el4.x86_64.rpm
File outdated by:  RHSA-2008:0598
    MD5: d060488f560fdf250253913a3e6b7f61
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
firefox-1.5.0.12-9.el5.src.rpm
File outdated by:  RHSA-2008:0222
    MD5: ef0760d08757233d7b66be192a7c66c2
 
IA-32:
firefox-1.5.0.12-9.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 98156de9c8786d12f21557381c505468
 
x86_64:
firefox-1.5.0.12-9.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 98156de9c8786d12f21557381c505468
firefox-1.5.0.12-9.el5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 7feb239e773cd8630494b49915ba664d
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
firefox-1.5.0.12-0.10.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6d882e2b400bc99bd4604f79fad1b269
 
IA-32:
firefox-1.5.0.12-0.10.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: aa34ca7e1e8b9d59169350f1626e0499
 
IA-64:
firefox-1.5.0.12-0.10.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 41ca2561ffb75fae0a406c807cc2559b
 
x86_64:
firefox-1.5.0.12-0.10.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: d060488f560fdf250253913a3e6b7f61
 
Red Hat Enterprise Linux ES (v. 4.6.z)

SRPMS:
firefox-1.5.0.12-0.10.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6d882e2b400bc99bd4604f79fad1b269
 
IA-32:
firefox-1.5.0.12-0.10.el4.i386.rpm
File outdated by:  RHSA-2008:0598
    MD5: aa34ca7e1e8b9d59169350f1626e0499
 
IA-64:
firefox-1.5.0.12-0.10.el4.ia64.rpm
File outdated by:  RHSA-2008:0598
    MD5: 41ca2561ffb75fae0a406c807cc2559b
 
x86_64:
firefox-1.5.0.12-0.10.el4.x86_64.rpm
File outdated by:  RHSA-2008:0598
    MD5: d060488f560fdf250253913a3e6b7f61
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)

SRPMS:
firefox-1.5.0.12-9.el5.src.rpm
File outdated by:  RHSA-2008:0222
    MD5: ef0760d08757233d7b66be192a7c66c2
 
IA-32:
firefox-1.5.0.12-9.el5.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: 98156de9c8786d12f21557381c505468
firefox-devel-1.5.0.12-9.el5.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: 1bb7eb880086ff119a405a56895275ce
 
IA-64:
firefox-1.5.0.12-9.el5.ia64.rpm
File outdated by:  RHSA-2008:0222
    MD5: 347fd862db0318d801529e744b298548
firefox-devel-1.5.0.12-9.el5.ia64.rpm
File outdated by:  RHSA-2008:0222
    MD5: 7fbe8ac09c6ffebb7063d05d0e6a45ee
 
PPC:
firefox-1.5.0.12-9.el5.ppc.rpm
File outdated by:  RHSA-2008:0222
    MD5: 14b94cd140c6021fafb4f0112e0afa49
firefox-devel-1.5.0.12-9.el5.ppc.rpm
File outdated by:  RHSA-2008:0222
    MD5: 2311468caa7f94365f0997768ff49ff9
 
s390x:
firefox-1.5.0.12-9.el5.s390.rpm
File outdated by:  RHSA-2008:0222
    MD5: 089d916d5b7690ad2eb9d7e7dc1102fd
firefox-1.5.0.12-9.el5.s390x.rpm
File outdated by:  RHSA-2008:0222
    MD5: 5334c215fbaf2e9494a796b05c717b36
firefox-devel-1.5.0.12-9.el5.s390.rpm
File outdated by:  RHSA-2008:0222
    MD5: 94f5873fa979d6467806f549dff63e58
firefox-devel-1.5.0.12-9.el5.s390x.rpm
File outdated by:  RHSA-2008:0222
    MD5: 46bd369a60187973eb7118afbdca2fba
 
x86_64:
firefox-1.5.0.12-9.el5.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: 98156de9c8786d12f21557381c505468
firefox-1.5.0.12-9.el5.x86_64.rpm
File outdated by:  RHSA-2008:0222
    MD5: 7feb239e773cd8630494b49915ba664d
firefox-devel-1.5.0.12-9.el5.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: 1bb7eb880086ff119a405a56895275ce
firefox-devel-1.5.0.12-9.el5.x86_64.rpm
File outdated by:  RHSA-2008:0222
    MD5: 006b67dcb77c4682caa69f705a184a0b
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
firefox-1.5.0.12-0.10.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6d882e2b400bc99bd4604f79fad1b269
 
IA-32:
firefox-1.5.0.12-0.10.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: aa34ca7e1e8b9d59169350f1626e0499
 
IA-64:
firefox-1.5.0.12-0.10.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 41ca2561ffb75fae0a406c807cc2559b
 
x86_64:
firefox-1.5.0.12-0.10.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: d060488f560fdf250253913a3e6b7f61
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

431732 - CVE-2008-0412 Mozilla layout engine crashes
431733 - CVE-2008-0413 Mozilla javascript engine crashes
431739 - CVE-2008-0415 Mozilla arbitrary code execution
431742 - CVE-2008-0417 Mozilla arbitrary code execution
431748 - CVE-2008-0418 Mozilla chrome: directory traversal
431749 - CVE-2008-0419 Mozilla arbitrary code execution
431751 - CVE-2008-0591 Mozilla information disclosure flaw
431752 - CVE-2008-0592 Mozilla text file mishandling
431756 - CVE-2008-0593 Mozilla URL token stealing flaw


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/