Security Advisory Critical: firefox security update

Advisory: RHSA-2008:0222-2
Type: Security Advisory
Severity: Critical
Issued on: 2008-04-16
Last updated on: 2008-04-16
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20080222.xml
CVEs (cve.mitre.org): CVE-2008-1380

Details

Updated firefox packages that fix a security bug are now available for Red
Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

A flaw was found in the processing of malformed JavaScript content. A web
page containing such malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-1380)

All Firefox users should upgrade to these updated packages, which contain
backported patches that correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
IA-32:
firefox-devel-1.5.0.12-15.el5_1.i386.rpm     402f5e13762bd8dcac8555732a93c32b
 
x86_64:
firefox-devel-1.5.0.12-15.el5_1.i386.rpm     402f5e13762bd8dcac8555732a93c32b
firefox-devel-1.5.0.12-15.el5_1.x86_64.rpm     3dfc7a1a5894719acace0b064ab7f94a
 
Red Hat Desktop (v. 4)
SRPMS:
firefox-1.5.0.12-0.15.el4.src.rpm     94e710a1a59458d84c394d9f966b228c
 
IA-32:
firefox-1.5.0.12-0.15.el4.i386.rpm     e388e7f96c9e4bf193e7f6e661533aed
 
x86_64:
firefox-1.5.0.12-0.15.el4.x86_64.rpm     aaee0aa3c12754c6ba132199ea2d99d8
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
firefox-1.5.0.12-15.el5_1.src.rpm     78235214f469e09f8a7454a08ca3e9e0
 
IA-32:
firefox-1.5.0.12-15.el5_1.i386.rpm     7247157c9ec234fcba367a5b725930d1
firefox-devel-1.5.0.12-15.el5_1.i386.rpm     402f5e13762bd8dcac8555732a93c32b
 
IA-64:
firefox-1.5.0.12-15.el5_1.ia64.rpm     2567e9247846d89381df8ad878c25aad
firefox-devel-1.5.0.12-15.el5_1.ia64.rpm     ef8b85b1780bbcf8ad9e44bf483370bf
 
PPC:
firefox-1.5.0.12-15.el5_1.ppc.rpm     0bf90e0c8337f7f5614e7f68d8518e9f
firefox-devel-1.5.0.12-15.el5_1.ppc.rpm     d361bcbba5c2da145e18629dffcd6194
 
s390x:
firefox-1.5.0.12-15.el5_1.s390.rpm     5c6e9969e984072c36c99e1b1cb4ac10
firefox-1.5.0.12-15.el5_1.s390x.rpm     663e4bbb8bc228db553f89c9f0da9341
firefox-devel-1.5.0.12-15.el5_1.s390.rpm     4db932aaf0f0a10c3d6bc761f7c7fbaa
firefox-devel-1.5.0.12-15.el5_1.s390x.rpm     6eda3592d4e569f6ce5ce340da658d91
 
x86_64:
firefox-1.5.0.12-15.el5_1.i386.rpm     7247157c9ec234fcba367a5b725930d1
firefox-1.5.0.12-15.el5_1.x86_64.rpm     7ba7b5607a6850e4b70d8ae920005c66
firefox-devel-1.5.0.12-15.el5_1.i386.rpm     402f5e13762bd8dcac8555732a93c32b
firefox-devel-1.5.0.12-15.el5_1.x86_64.rpm     3dfc7a1a5894719acace0b064ab7f94a
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
firefox-1.5.0.12-0.15.el4.src.rpm     94e710a1a59458d84c394d9f966b228c
 
IA-32:
firefox-1.5.0.12-0.15.el4.i386.rpm     e388e7f96c9e4bf193e7f6e661533aed
 
IA-64:
firefox-1.5.0.12-0.15.el4.ia64.rpm     ed7d5bc3490c1df15fc1e7f01bf58b72
 
PPC:
firefox-1.5.0.12-0.15.el4.ppc.rpm     1084b82a01b810960a3ecb67fbcf50f8
 
s390:
firefox-1.5.0.12-0.15.el4.s390.rpm     cc6b61e481c636ff4ce2d78536ee2f80
 
s390x:
firefox-1.5.0.12-0.15.el4.s390x.rpm     2e0d3f3bc813888dff2b30a5cb662d3e
 
x86_64:
firefox-1.5.0.12-0.15.el4.x86_64.rpm     aaee0aa3c12754c6ba132199ea2d99d8
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
firefox-1.5.0.12-15.el5_1.src.rpm     78235214f469e09f8a7454a08ca3e9e0
 
IA-32:
firefox-1.5.0.12-15.el5_1.i386.rpm     7247157c9ec234fcba367a5b725930d1
 
x86_64:
firefox-1.5.0.12-15.el5_1.i386.rpm     7247157c9ec234fcba367a5b725930d1
firefox-1.5.0.12-15.el5_1.x86_64.rpm     7ba7b5607a6850e4b70d8ae920005c66
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
firefox-1.5.0.12-0.15.el4.src.rpm     94e710a1a59458d84c394d9f966b228c
 
IA-32:
firefox-1.5.0.12-0.15.el4.i386.rpm     e388e7f96c9e4bf193e7f6e661533aed
 
IA-64:
firefox-1.5.0.12-0.15.el4.ia64.rpm     ed7d5bc3490c1df15fc1e7f01bf58b72
 
x86_64:
firefox-1.5.0.12-0.15.el4.x86_64.rpm     aaee0aa3c12754c6ba132199ea2d99d8
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
firefox-1.5.0.12-0.15.el4.src.rpm     94e710a1a59458d84c394d9f966b228c
 
IA-32:
firefox-1.5.0.12-0.15.el4.i386.rpm     e388e7f96c9e4bf193e7f6e661533aed
 
IA-64:
firefox-1.5.0.12-0.15.el4.ia64.rpm     ed7d5bc3490c1df15fc1e7f01bf58b72
 
x86_64:
firefox-1.5.0.12-0.15.el4.x86_64.rpm     aaee0aa3c12754c6ba132199ea2d99d8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

440518 - CVE-2008-1380 Firefox JavaScript garbage collection crash


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/