Skip to navigation

Security Advisory Critical: firefox security update

Advisory: RHSA-2008:0207-6
Type: Security Advisory
Severity: Critical
Issued on: 2008-03-26
Last updated on: 2008-03-26
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.6.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.6.z)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2008-1233
CVE-2008-1234
CVE-2008-1235
CVE-2008-1236
CVE-2008-1237
CVE-2008-1238
CVE-2008-1241

Details

Updated firefox packages that fix several security bugs are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the processing of some malformed web content. A
web page containing such malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)

Several flaws were found in the display of malformed web content. A web
page containing specially-crafted content could, potentially, trick a
Firefox user into surrendering sensitive information. (CVE-2008-1234,
CVE-2008-1238, CVE-2008-1241)

All Firefox users should upgrade to these updated packages, which contain
backported patches that correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
firefox-1.5.0.12-14.el5_1.src.rpm
File outdated by:  RHSA-2008:0222
    MD5: d4e5ee5927cdda3946f86c271e553573
 
IA-32:
firefox-devel-1.5.0.12-14.el5_1.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: a95f6d3f7e0acf6fcf957a54528c1126
 
x86_64:
firefox-devel-1.5.0.12-14.el5_1.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: a95f6d3f7e0acf6fcf957a54528c1126
firefox-devel-1.5.0.12-14.el5_1.x86_64.rpm
File outdated by:  RHSA-2008:0222
    MD5: 31cbe9fa5c07a8e16778db8797be5acb
 
Red Hat Desktop (v. 4)

SRPMS:
firefox-1.5.0.12-0.14.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: c13fe6b5677ce69df87aa2deb7b883b3
 
IA-32:
firefox-1.5.0.12-0.14.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: c77531bb53ea25794efb59c63ea3a624
 
x86_64:
firefox-1.5.0.12-0.14.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: f9db3b3ec287e6d453c0680fd32f7e49
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
firefox-1.5.0.12-14.el5_1.src.rpm
File outdated by:  RHSA-2008:0222
    MD5: d4e5ee5927cdda3946f86c271e553573
 
IA-32:
firefox-1.5.0.12-14.el5_1.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: dac0ee575bae80ef7a2eb8182b8dd775
firefox-devel-1.5.0.12-14.el5_1.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: a95f6d3f7e0acf6fcf957a54528c1126
 
IA-64:
firefox-1.5.0.12-14.el5_1.ia64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 1604dc54cf0df17d99e1077238a31650
firefox-devel-1.5.0.12-14.el5_1.ia64.rpm
File outdated by:  RHSA-2008:0222
    MD5: 7b82c474d70ad967e98a1f46a1bb5ff4
 
PPC:
firefox-1.5.0.12-14.el5_1.ppc.rpm
File outdated by:  RHSA-2014:0310
    MD5: 34c9512d76a7efa3c5f3e83fda939b19
firefox-devel-1.5.0.12-14.el5_1.ppc.rpm
File outdated by:  RHSA-2008:0222
    MD5: e79dcf92ad0d1c2732349c1db53fca84
 
s390x:
firefox-1.5.0.12-14.el5_1.s390.rpm
File outdated by:  RHSA-2014:0310
    MD5: 3a43164c50f7f663c385acc20d59be59
firefox-1.5.0.12-14.el5_1.s390x.rpm
File outdated by:  RHSA-2014:0310
    MD5: 87320fe005d84b815e7edc2d0dc50d2b
firefox-devel-1.5.0.12-14.el5_1.s390.rpm
File outdated by:  RHSA-2008:0222
    MD5: c2c1437da2f8b72fc50fb2fd31e14550
firefox-devel-1.5.0.12-14.el5_1.s390x.rpm
File outdated by:  RHSA-2008:0222
    MD5: 4984e20af19d80a179b10a324e46a3a9
 
x86_64:
firefox-1.5.0.12-14.el5_1.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: dac0ee575bae80ef7a2eb8182b8dd775
firefox-1.5.0.12-14.el5_1.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: a88ba1cd4581e597b4353a1a2c6f23c7
firefox-devel-1.5.0.12-14.el5_1.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: a95f6d3f7e0acf6fcf957a54528c1126
firefox-devel-1.5.0.12-14.el5_1.x86_64.rpm
File outdated by:  RHSA-2008:0222
    MD5: 31cbe9fa5c07a8e16778db8797be5acb
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
firefox-1.5.0.12-0.14.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: c13fe6b5677ce69df87aa2deb7b883b3
 
IA-32:
firefox-1.5.0.12-0.14.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: c77531bb53ea25794efb59c63ea3a624
 
IA-64:
firefox-1.5.0.12-0.14.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 499fac7fa29234c86bfd74acc825a6a6
 
PPC:
firefox-1.5.0.12-0.14.el4.ppc.rpm
File outdated by:  RHSA-2012:0142
    MD5: 5c5bb7739030eb31ecf38b3d7ac11380
 
s390:
firefox-1.5.0.12-0.14.el4.s390.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6696453e42f4331ac76debf7196907a0
 
s390x:
firefox-1.5.0.12-0.14.el4.s390x.rpm
File outdated by:  RHSA-2012:0142
    MD5: afaff206d23898cac65d4d3310484eeb
 
x86_64:
firefox-1.5.0.12-0.14.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: f9db3b3ec287e6d453c0680fd32f7e49
 
Red Hat Enterprise Linux AS (v. 4.6.z)

SRPMS:
firefox-1.5.0.12-0.14.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: c13fe6b5677ce69df87aa2deb7b883b3
 
IA-32:
firefox-1.5.0.12-0.14.el4.i386.rpm
File outdated by:  RHSA-2008:0598
    MD5: c77531bb53ea25794efb59c63ea3a624
 
IA-64:
firefox-1.5.0.12-0.14.el4.ia64.rpm
File outdated by:  RHSA-2008:0598
    MD5: 499fac7fa29234c86bfd74acc825a6a6
 
PPC:
firefox-1.5.0.12-0.14.el4.ppc.rpm
File outdated by:  RHSA-2008:0598
    MD5: 5c5bb7739030eb31ecf38b3d7ac11380
 
s390:
firefox-1.5.0.12-0.14.el4.s390.rpm
File outdated by:  RHSA-2008:0598
    MD5: 6696453e42f4331ac76debf7196907a0
 
s390x:
firefox-1.5.0.12-0.14.el4.s390x.rpm
File outdated by:  RHSA-2008:0598
    MD5: afaff206d23898cac65d4d3310484eeb
 
x86_64:
firefox-1.5.0.12-0.14.el4.x86_64.rpm
File outdated by:  RHSA-2008:0598
    MD5: f9db3b3ec287e6d453c0680fd32f7e49
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
firefox-1.5.0.12-14.el5_1.src.rpm
File outdated by:  RHSA-2008:0222
    MD5: d4e5ee5927cdda3946f86c271e553573
 
IA-32:
firefox-1.5.0.12-14.el5_1.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: dac0ee575bae80ef7a2eb8182b8dd775
 
x86_64:
firefox-1.5.0.12-14.el5_1.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: dac0ee575bae80ef7a2eb8182b8dd775
firefox-1.5.0.12-14.el5_1.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: a88ba1cd4581e597b4353a1a2c6f23c7
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
firefox-1.5.0.12-0.14.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: c13fe6b5677ce69df87aa2deb7b883b3
 
IA-32:
firefox-1.5.0.12-0.14.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: c77531bb53ea25794efb59c63ea3a624
 
IA-64:
firefox-1.5.0.12-0.14.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 499fac7fa29234c86bfd74acc825a6a6
 
x86_64:
firefox-1.5.0.12-0.14.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: f9db3b3ec287e6d453c0680fd32f7e49
 
Red Hat Enterprise Linux ES (v. 4.6.z)

SRPMS:
firefox-1.5.0.12-0.14.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: c13fe6b5677ce69df87aa2deb7b883b3
 
IA-32:
firefox-1.5.0.12-0.14.el4.i386.rpm
File outdated by:  RHSA-2008:0598
    MD5: c77531bb53ea25794efb59c63ea3a624
 
IA-64:
firefox-1.5.0.12-0.14.el4.ia64.rpm
File outdated by:  RHSA-2008:0598
    MD5: 499fac7fa29234c86bfd74acc825a6a6
 
x86_64:
firefox-1.5.0.12-0.14.el4.x86_64.rpm
File outdated by:  RHSA-2008:0598
    MD5: f9db3b3ec287e6d453c0680fd32f7e49
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)

SRPMS:
firefox-1.5.0.12-14.el5_1.src.rpm
File outdated by:  RHSA-2008:0222
    MD5: d4e5ee5927cdda3946f86c271e553573
 
IA-32:
firefox-1.5.0.12-14.el5_1.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: dac0ee575bae80ef7a2eb8182b8dd775
firefox-devel-1.5.0.12-14.el5_1.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: a95f6d3f7e0acf6fcf957a54528c1126
 
IA-64:
firefox-1.5.0.12-14.el5_1.ia64.rpm
File outdated by:  RHSA-2008:0222
    MD5: 1604dc54cf0df17d99e1077238a31650
firefox-devel-1.5.0.12-14.el5_1.ia64.rpm
File outdated by:  RHSA-2008:0222
    MD5: 7b82c474d70ad967e98a1f46a1bb5ff4
 
PPC:
firefox-1.5.0.12-14.el5_1.ppc.rpm
File outdated by:  RHSA-2008:0222
    MD5: 34c9512d76a7efa3c5f3e83fda939b19
firefox-devel-1.5.0.12-14.el5_1.ppc.rpm
File outdated by:  RHSA-2008:0222
    MD5: e79dcf92ad0d1c2732349c1db53fca84
 
s390x:
firefox-1.5.0.12-14.el5_1.s390.rpm
File outdated by:  RHSA-2008:0222
    MD5: 3a43164c50f7f663c385acc20d59be59
firefox-1.5.0.12-14.el5_1.s390x.rpm
File outdated by:  RHSA-2008:0222
    MD5: 87320fe005d84b815e7edc2d0dc50d2b
firefox-devel-1.5.0.12-14.el5_1.s390.rpm
File outdated by:  RHSA-2008:0222
    MD5: c2c1437da2f8b72fc50fb2fd31e14550
firefox-devel-1.5.0.12-14.el5_1.s390x.rpm
File outdated by:  RHSA-2008:0222
    MD5: 4984e20af19d80a179b10a324e46a3a9
 
x86_64:
firefox-1.5.0.12-14.el5_1.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: dac0ee575bae80ef7a2eb8182b8dd775
firefox-1.5.0.12-14.el5_1.x86_64.rpm
File outdated by:  RHSA-2008:0222
    MD5: a88ba1cd4581e597b4353a1a2c6f23c7
firefox-devel-1.5.0.12-14.el5_1.i386.rpm
File outdated by:  RHSA-2008:0222
    MD5: a95f6d3f7e0acf6fcf957a54528c1126
firefox-devel-1.5.0.12-14.el5_1.x86_64.rpm
File outdated by:  RHSA-2008:0222
    MD5: 31cbe9fa5c07a8e16778db8797be5acb
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
firefox-1.5.0.12-0.14.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: c13fe6b5677ce69df87aa2deb7b883b3
 
IA-32:
firefox-1.5.0.12-0.14.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: c77531bb53ea25794efb59c63ea3a624
 
IA-64:
firefox-1.5.0.12-0.14.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 499fac7fa29234c86bfd74acc825a6a6
 
x86_64:
firefox-1.5.0.12-0.14.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: f9db3b3ec287e6d453c0680fd32f7e49
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution
438715 - CVE-2008-1234 universal XSS using event handlers
438717 - CVE-2008-1235 chrome privilege via wrong principal
438718 - CVE-2008-1236 browser engine crashes
438721 - CVE-2008-1237 javascript crashes
438724 - CVE-2008-1238 Referrer spoofing bug
438730 - CVE-2008-1241 XUL popup spoofing


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/