Security Advisory Critical: firefox security update

Advisory: RHSA-2008:0879-6
Type: Security Advisory
Severity: Critical
Issued on: 2008-09-23
Last updated on: 2008-09-23
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.7.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.7.z)
Red Hat Enterprise Linux EUS (v. 5.2.z server)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20080879.xml
CVEs (cve.mitre.org): CVE-2008-3837
CVE-2008-4058
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068

Details

An updated firefox package that fixes various security issues is now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,
CVE-2008-4063, CVE-2008-4064)

Several flaws were found in the way malformed web content was displayed. A
web page containing specially crafted content could potentially trick a
Firefox user into surrendering sensitive information. (CVE-2008-4067,
CVE-2008-4068)

A flaw was found in the way Firefox handles mouse click events. A web page
containing specially crafted JavaScript code could move the content window
while a mouse-button was pressed, causing any item under the pointer to be
dragged. This could, potentially, cause the user to perform an unsafe
drag-and-drop action. (CVE-2008-3837)

A flaw was found in Firefox that caused certain characters to be stripped
from JavaScript code. This flaw could allow malicious JavaScript to bypass
or evade script filters. (CVE-2008-4065)

For technical details regarding these flaws, please see the Mozilla
security advisories for Firefox 3.0.2. You can find a link to the Mozilla
advisories in the References section.

All firefox users should upgrade to this updated package, which contains
backported patches that correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
devhelp-0.12-19.el5.src.rpm
File outdated by:  RHSA-2008:0978		     0ccfcd11ff6f4d4a300f12a0e2d4d919
nss-3.12.1.1-1.el5.src.rpm
File outdated by:  RHSA-2009:0256		     51285e77aa3f2dc9b842be3f7135f7a0
xulrunner-1.9.0.2-5.el5.src.rpm
File outdated by:  RHSA-2009:1095		     c3a0509253bda951146ba9e2edcc2475
 
IA-32:
devhelp-devel-0.12-19.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     fe2945c6113c9e4d89e3423056077c11
nss-devel-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     d0a73bcf8817f74579f355d22d0b745a
nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     8efd670cc8d90275f8387099e1d92120
xulrunner-devel-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     f7a98c64e0dc0e3845ad43d92ece0c69
xulrunner-devel-unstable-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     42116a55b34d41c0aad86a05cc504818
 
x86_64:
devhelp-devel-0.12-19.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     fe2945c6113c9e4d89e3423056077c11
devhelp-devel-0.12-19.el5.x86_64.rpm
File outdated by:  RHSA-2008:0978		     18c4d12a34abd6b7db8a09dc60bf172e
nss-devel-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     d0a73bcf8817f74579f355d22d0b745a
nss-devel-3.12.1.1-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:0256		     b2d2859782f31a8487f4ee96d5db772d
nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     8efd670cc8d90275f8387099e1d92120
nss-pkcs11-devel-3.12.1.1-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:0256		     058ed931c0ec2110c837a035f4dcf34f
xulrunner-devel-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     f7a98c64e0dc0e3845ad43d92ece0c69
xulrunner-devel-1.9.0.2-5.el5.x86_64.rpm
File outdated by:  RHSA-2009:1095		     fc0f3a691e74d7425e16d9658eda0684
xulrunner-devel-unstable-1.9.0.2-5.el5.x86_64.rpm
File outdated by:  RHSA-2009:1095		     6e96e9e905464f599b3ca92bc93a7d34
 
Red Hat Desktop (v. 4)
SRPMS:
firefox-3.0.2-3.el4.src.rpm
File outdated by:  RHSA-2009:1095		     49a212d901d93445e98e3abe05a1aa92
 
IA-32:
firefox-3.0.2-3.el4.i386.rpm
File outdated by:  RHSA-2009:1095		     cd158bb7e59108e7d122ec61245753fa
 
x86_64:
firefox-3.0.2-3.el4.x86_64.rpm
File outdated by:  RHSA-2009:1095		     d4e929e24ff38aced383d7267129337d
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
devhelp-0.12-19.el5.src.rpm
File outdated by:  RHSA-2008:0978		     0ccfcd11ff6f4d4a300f12a0e2d4d919
firefox-3.0.2-3.el5.src.rpm
File outdated by:  RHSA-2008:1036		     36ef92df796da62e77e513a31ec42e8d
nss-3.12.1.1-1.el5.src.rpm
File outdated by:  RHSA-2009:0256		     51285e77aa3f2dc9b842be3f7135f7a0
xulrunner-1.9.0.2-5.el5.src.rpm
File outdated by:  RHSA-2009:1095		     c3a0509253bda951146ba9e2edcc2475
yelp-2.16.0-21.el5.src.rpm
File outdated by:  RHSA-2008:0978		     ab60ef44d3d6018c17fdb8146c515c23
 
IA-32:
devhelp-0.12-19.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     610b8eba980495aeeb7606b743f04a10
devhelp-devel-0.12-19.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     fe2945c6113c9e4d89e3423056077c11
firefox-3.0.2-3.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     fddc262f8dd9bd7ffd3415a476c8184f
nss-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     8374c8c85d32758059884f38498f178a
nss-devel-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     d0a73bcf8817f74579f355d22d0b745a
nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     8efd670cc8d90275f8387099e1d92120
nss-tools-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     867e304607e86069f5977f6b7816221d
xulrunner-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     23e42bfeb8759c8393b1d53c74e857f6
xulrunner-devel-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     f7a98c64e0dc0e3845ad43d92ece0c69
xulrunner-devel-unstable-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     42116a55b34d41c0aad86a05cc504818
yelp-2.16.0-21.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     6e2e41b58a5912af6cd28d193a50ec85
 
IA-64:
devhelp-0.12-19.el5.ia64.rpm
File outdated by:  RHSA-2008:0978		     f69921fb80bc813a5ee6cdf2a6c8aa1b
devhelp-devel-0.12-19.el5.ia64.rpm
File outdated by:  RHSA-2008:0978		     e86506c4597e0370d013c9d3c2457e91
firefox-3.0.2-3.el5.ia64.rpm
File outdated by:  RHSA-2009:1095		     5d25fc01b4acf051e30f1fe6e85c407d
nss-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     8374c8c85d32758059884f38498f178a
nss-3.12.1.1-1.el5.ia64.rpm
File outdated by:  RHSA-2009:0256		     e6d5b1f40c698d1c25b4422be9588340
nss-devel-3.12.1.1-1.el5.ia64.rpm
File outdated by:  RHSA-2009:0256		     2ad545c38b9e6c8578bc1d1b1157a4fd
nss-pkcs11-devel-3.12.1.1-1.el5.ia64.rpm
File outdated by:  RHSA-2009:0256		     a1448dca0bdcfce0a30cfdb606d2e984
nss-tools-3.12.1.1-1.el5.ia64.rpm
File outdated by:  RHSA-2009:0256		     faac221f8f2d7ccdc92347a10880ae1d
xulrunner-1.9.0.2-5.el5.ia64.rpm
File outdated by:  RHSA-2009:1095		     331bbb838545a057565e21d494acea4f
xulrunner-devel-1.9.0.2-5.el5.ia64.rpm
File outdated by:  RHSA-2009:1095		     700490f335afb0645530f263b895f403
xulrunner-devel-unstable-1.9.0.2-5.el5.ia64.rpm
File outdated by:  RHSA-2009:1095		     bb3290c2cc64da83c0aa883c942225ee
yelp-2.16.0-21.el5.ia64.rpm
File outdated by:  RHSA-2008:0978		     79150174e4b0b8018d5984bda787766d
 
PPC:
devhelp-0.12-19.el5.ppc.rpm
File outdated by:  RHSA-2008:0978		     356fa3315a32cf1a3323717749da6c94
devhelp-devel-0.12-19.el5.ppc.rpm
File outdated by:  RHSA-2008:0978		     db5c1072d9f006c23f43b0d6ff436149
firefox-3.0.2-3.el5.ppc.rpm
File outdated by:  RHSA-2009:1095		     854a7d069b5625e15c7a8e0b13bc1529
nss-3.12.1.1-1.el5.ppc.rpm
File outdated by:  RHSA-2009:0256		     16ee55b30291d05580b339489d3646d6
nss-3.12.1.1-1.el5.ppc64.rpm
File outdated by:  RHSA-2009:0256		     e5a17d0006acf1b015f0bac76dfeb257
nss-devel-3.12.1.1-1.el5.ppc.rpm
File outdated by:  RHSA-2009:0256		     68b06c489eda31a7d007bda3c2ed9a83
nss-devel-3.12.1.1-1.el5.ppc64.rpm
File outdated by:  RHSA-2009:0256		     7e2c8d6ac04c01c3781ed34dc4e9037f
nss-pkcs11-devel-3.12.1.1-1.el5.ppc.rpm
File outdated by:  RHSA-2009:0256		     fdc64c62a3f2e86e4456ac0401591d76
nss-pkcs11-devel-3.12.1.1-1.el5.ppc64.rpm
File outdated by:  RHSA-2009:0256		     d4accde3e5eea886ab2c9e14fbeb3346
nss-tools-3.12.1.1-1.el5.ppc.rpm
File outdated by:  RHSA-2009:0256		     f1fc56cdff0615b3c0c8fd038c819ef4
xulrunner-1.9.0.2-5.el5.ppc.rpm
File outdated by:  RHSA-2009:1095		     3da69f55c3a7a628115f81dd704cdcaa
xulrunner-1.9.0.2-5.el5.ppc64.rpm
File outdated by:  RHSA-2009:1095		     67384f1c0ff72d0a3bed4a544f4ec396
xulrunner-devel-1.9.0.2-5.el5.ppc.rpm
File outdated by:  RHSA-2009:1095		     37e072ebc952209f70dfff52901fc1f0
xulrunner-devel-1.9.0.2-5.el5.ppc64.rpm
File outdated by:  RHSA-2009:1095		     9b5da9552b75843a33cd86daca592893
xulrunner-devel-unstable-1.9.0.2-5.el5.ppc.rpm
File outdated by:  RHSA-2009:1095		     11bff156e6629aa0294868837eede033
yelp-2.16.0-21.el5.ppc.rpm
File outdated by:  RHSA-2008:0978		     8c5c8c098a91096af59afbe89e14fac2
 
s390x:
devhelp-0.12-19.el5.s390.rpm
File outdated by:  RHSA-2008:0978		     601d51341dda03ba9a8c0631e3d7cf25
devhelp-0.12-19.el5.s390x.rpm
File outdated by:  RHSA-2008:0978		     8134b9486f851a7dfce93518a9d0f48e
devhelp-devel-0.12-19.el5.s390.rpm
File outdated by:  RHSA-2008:0978		     7ef7796a43a699662320adc9868c1078
devhelp-devel-0.12-19.el5.s390x.rpm
File outdated by:  RHSA-2008:0978		     37ed739c1269003a18f477a5ffe12734
firefox-3.0.2-3.el5.s390.rpm
File outdated by:  RHSA-2009:1095		     ea1c80e1cf8b2f81ebde090a6692c801
firefox-3.0.2-3.el5.s390x.rpm
File outdated by:  RHSA-2009:1095		     cf8081de1f7229a48bf5571c98ee1382
nss-3.12.1.1-1.el5.s390.rpm
File outdated by:  RHSA-2009:0256		     9d3250889601c5c450a70049f68dd142
nss-3.12.1.1-1.el5.s390x.rpm
File outdated by:  RHSA-2009:0256		     3ab46d2f06d7a87e49e6cb3f182e4d26
nss-devel-3.12.1.1-1.el5.s390.rpm
File outdated by:  RHSA-2009:0256		     5e7f2fd71cb9f6e67290632bf7068223
nss-devel-3.12.1.1-1.el5.s390x.rpm
File outdated by:  RHSA-2009:0256		     60a8b12e5e46d42a634583e50fc441a0
nss-pkcs11-devel-3.12.1.1-1.el5.s390.rpm
File outdated by:  RHSA-2009:0256		     a841421d0ea7069225954b81c0b88f5e
nss-pkcs11-devel-3.12.1.1-1.el5.s390x.rpm
File outdated by:  RHSA-2009:0256		     3966cce6d512ccfaebfbc5d6c744c868
nss-tools-3.12.1.1-1.el5.s390x.rpm
File outdated by:  RHSA-2009:0256		     f85ccd4df8057051c2e3d100f61c4faa
xulrunner-1.9.0.2-5.el5.s390.rpm
File outdated by:  RHSA-2009:1095		     311278ae616185cee2ca64803e4c5dd1
xulrunner-1.9.0.2-5.el5.s390x.rpm
File outdated by:  RHSA-2009:1095		     4cb196b868ba215fb4b104d578aad156
xulrunner-devel-1.9.0.2-5.el5.s390.rpm
File outdated by:  RHSA-2009:1095		     1baf6b9b535bf7b1e3ca648ac64e69ea
xulrunner-devel-1.9.0.2-5.el5.s390x.rpm
File outdated by:  RHSA-2009:1095		     7aa572c95202639d027c2328103c30f5
xulrunner-devel-unstable-1.9.0.2-5.el5.s390x.rpm
File outdated by:  RHSA-2009:1095		     f6b097f46ab36a839336600ae0a70922
yelp-2.16.0-21.el5.s390x.rpm
File outdated by:  RHSA-2008:0978		     4b33a5f5deb51da1a222247c920efc08
 
x86_64:
devhelp-0.12-19.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     610b8eba980495aeeb7606b743f04a10
devhelp-0.12-19.el5.x86_64.rpm
File outdated by:  RHSA-2008:0978		     f08d5737240a6bc5e4f9b23c0ac2f882
devhelp-devel-0.12-19.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     fe2945c6113c9e4d89e3423056077c11
devhelp-devel-0.12-19.el5.x86_64.rpm
File outdated by:  RHSA-2008:0978		     18c4d12a34abd6b7db8a09dc60bf172e
firefox-3.0.2-3.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     fddc262f8dd9bd7ffd3415a476c8184f
firefox-3.0.2-3.el5.x86_64.rpm
File outdated by:  RHSA-2009:1095		     a7333f522fbd077cd9668dbb49f56632
nss-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     8374c8c85d32758059884f38498f178a
nss-3.12.1.1-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:0256		     a8fbfa585f597f0c8194ddc66b2e562a
nss-devel-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     d0a73bcf8817f74579f355d22d0b745a
nss-devel-3.12.1.1-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:0256		     b2d2859782f31a8487f4ee96d5db772d
nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     8efd670cc8d90275f8387099e1d92120
nss-pkcs11-devel-3.12.1.1-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:0256		     058ed931c0ec2110c837a035f4dcf34f
nss-tools-3.12.1.1-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:0256		     47ca2528d57e43ef2f55683ba96dc98a
xulrunner-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     23e42bfeb8759c8393b1d53c74e857f6
xulrunner-1.9.0.2-5.el5.x86_64.rpm
File outdated by:  RHSA-2009:1095		     769070ceb6b63073e20d021bbc16ce93
xulrunner-devel-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     f7a98c64e0dc0e3845ad43d92ece0c69
xulrunner-devel-1.9.0.2-5.el5.x86_64.rpm
File outdated by:  RHSA-2009:1095		     fc0f3a691e74d7425e16d9658eda0684
xulrunner-devel-unstable-1.9.0.2-5.el5.x86_64.rpm
File outdated by:  RHSA-2009:1095		     6e96e9e905464f599b3ca92bc93a7d34
yelp-2.16.0-21.el5.x86_64.rpm
File outdated by:  RHSA-2008:0978		     908edef0541e4defe41b9356aba3f3af
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
firefox-3.0.2-3.el4.src.rpm
File outdated by:  RHSA-2009:1095		     49a212d901d93445e98e3abe05a1aa92
 
IA-32:
firefox-3.0.2-3.el4.i386.rpm
File outdated by:  RHSA-2009:1095		     cd158bb7e59108e7d122ec61245753fa
 
IA-64:
firefox-3.0.2-3.el4.ia64.rpm
File outdated by:  RHSA-2009:1095		     0860d9af59d7c9d508eb91ed602fe289
 
PPC:
firefox-3.0.2-3.el4.ppc.rpm
File outdated by:  RHSA-2009:1095		     cd0d0a3a91c5d75b5e351630dab115ce
 
s390:
firefox-3.0.2-3.el4.s390.rpm
File outdated by:  RHSA-2009:1095		     d49c6d6ecf5e8ea716eb79a143bdb88f
 
s390x:
firefox-3.0.2-3.el4.s390x.rpm
File outdated by:  RHSA-2009:1095		     5f15af080979ff976d27a202d015bc83
 
x86_64:
firefox-3.0.2-3.el4.x86_64.rpm
File outdated by:  RHSA-2009:1095		     d4e929e24ff38aced383d7267129337d
 
Red Hat Enterprise Linux AS (v. 4.7.z)
SRPMS:
firefox-3.0.2-3.el4.src.rpm
File outdated by:  RHSA-2009:1095		     49a212d901d93445e98e3abe05a1aa92
 
IA-32:
firefox-3.0.2-3.el4.i386.rpm
File outdated by:  RHSA-2009:0449		     cd158bb7e59108e7d122ec61245753fa
 
IA-64:
firefox-3.0.2-3.el4.ia64.rpm
File outdated by:  RHSA-2009:0449		     0860d9af59d7c9d508eb91ed602fe289
 
PPC:
firefox-3.0.2-3.el4.ppc.rpm
File outdated by:  RHSA-2009:0449		     cd0d0a3a91c5d75b5e351630dab115ce
 
s390:
firefox-3.0.2-3.el4.s390.rpm
File outdated by:  RHSA-2009:0449		     d49c6d6ecf5e8ea716eb79a143bdb88f
 
s390x:
firefox-3.0.2-3.el4.s390x.rpm
File outdated by:  RHSA-2009:0449		     5f15af080979ff976d27a202d015bc83
 
x86_64:
firefox-3.0.2-3.el4.x86_64.rpm
File outdated by:  RHSA-2009:0449		     d4e929e24ff38aced383d7267129337d
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
devhelp-0.12-19.el5.src.rpm
File outdated by:  RHSA-2008:0978		     0ccfcd11ff6f4d4a300f12a0e2d4d919
firefox-3.0.2-3.el5.src.rpm
File outdated by:  RHSA-2008:1036		     36ef92df796da62e77e513a31ec42e8d
nss-3.12.1.1-1.el5.src.rpm
File outdated by:  RHSA-2009:0256		     51285e77aa3f2dc9b842be3f7135f7a0
xulrunner-1.9.0.2-5.el5.src.rpm
File outdated by:  RHSA-2009:1095		     c3a0509253bda951146ba9e2edcc2475
yelp-2.16.0-21.el5.src.rpm
File outdated by:  RHSA-2008:0978		     ab60ef44d3d6018c17fdb8146c515c23
 
IA-32:
devhelp-0.12-19.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     610b8eba980495aeeb7606b743f04a10
firefox-3.0.2-3.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     fddc262f8dd9bd7ffd3415a476c8184f
nss-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     8374c8c85d32758059884f38498f178a
nss-tools-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     867e304607e86069f5977f6b7816221d
xulrunner-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     23e42bfeb8759c8393b1d53c74e857f6
yelp-2.16.0-21.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     6e2e41b58a5912af6cd28d193a50ec85
 
x86_64:
devhelp-0.12-19.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     610b8eba980495aeeb7606b743f04a10
devhelp-0.12-19.el5.x86_64.rpm
File outdated by:  RHSA-2008:0978		     f08d5737240a6bc5e4f9b23c0ac2f882
firefox-3.0.2-3.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     fddc262f8dd9bd7ffd3415a476c8184f
firefox-3.0.2-3.el5.x86_64.rpm
File outdated by:  RHSA-2009:1095		     a7333f522fbd077cd9668dbb49f56632
nss-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2009:0256		     8374c8c85d32758059884f38498f178a
nss-3.12.1.1-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:0256		     a8fbfa585f597f0c8194ddc66b2e562a
nss-tools-3.12.1.1-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:0256		     47ca2528d57e43ef2f55683ba96dc98a
xulrunner-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2009:1095		     23e42bfeb8759c8393b1d53c74e857f6
xulrunner-1.9.0.2-5.el5.x86_64.rpm
File outdated by:  RHSA-2009:1095		     769070ceb6b63073e20d021bbc16ce93
yelp-2.16.0-21.el5.x86_64.rpm
File outdated by:  RHSA-2008:0978		     908edef0541e4defe41b9356aba3f3af
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
firefox-3.0.2-3.el4.src.rpm
File outdated by:  RHSA-2009:1095		     49a212d901d93445e98e3abe05a1aa92
 
IA-32:
firefox-3.0.2-3.el4.i386.rpm
File outdated by:  RHSA-2009:1095		     cd158bb7e59108e7d122ec61245753fa
 
IA-64:
firefox-3.0.2-3.el4.ia64.rpm
File outdated by:  RHSA-2009:1095		     0860d9af59d7c9d508eb91ed602fe289
 
x86_64:
firefox-3.0.2-3.el4.x86_64.rpm
File outdated by:  RHSA-2009:1095		     d4e929e24ff38aced383d7267129337d
 
Red Hat Enterprise Linux ES (v. 4.7.z)
SRPMS:
firefox-3.0.2-3.el4.src.rpm
File outdated by:  RHSA-2009:1095		     49a212d901d93445e98e3abe05a1aa92
 
IA-32:
firefox-3.0.2-3.el4.i386.rpm
File outdated by:  RHSA-2009:0449		     cd158bb7e59108e7d122ec61245753fa
 
IA-64:
firefox-3.0.2-3.el4.ia64.rpm
File outdated by:  RHSA-2009:0449		     0860d9af59d7c9d508eb91ed602fe289
 
x86_64:
firefox-3.0.2-3.el4.x86_64.rpm
File outdated by:  RHSA-2009:0449		     d4e929e24ff38aced383d7267129337d
 
Red Hat Enterprise Linux EUS (v. 5.2.z server)
SRPMS:
devhelp-0.12-19.el5.src.rpm
File outdated by:  RHSA-2008:0978		     0ccfcd11ff6f4d4a300f12a0e2d4d919
firefox-3.0.2-3.el5.src.rpm
File outdated by:  RHSA-2008:1036		     36ef92df796da62e77e513a31ec42e8d
nss-3.12.1.1-1.el5.src.rpm
File outdated by:  RHSA-2009:0256		     51285e77aa3f2dc9b842be3f7135f7a0
xulrunner-1.9.0.2-5.el5.src.rpm
File outdated by:  RHSA-2009:1095		     c3a0509253bda951146ba9e2edcc2475
yelp-2.16.0-21.el5.src.rpm
File outdated by:  RHSA-2008:0978		     ab60ef44d3d6018c17fdb8146c515c23
 
IA-32:
devhelp-0.12-19.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     610b8eba980495aeeb7606b743f04a10
devhelp-devel-0.12-19.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     fe2945c6113c9e4d89e3423056077c11
firefox-3.0.2-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     fddc262f8dd9bd7ffd3415a476c8184f
nss-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     8374c8c85d32758059884f38498f178a
nss-devel-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     d0a73bcf8817f74579f355d22d0b745a
nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     8efd670cc8d90275f8387099e1d92120
nss-tools-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     867e304607e86069f5977f6b7816221d
xulrunner-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     23e42bfeb8759c8393b1d53c74e857f6
xulrunner-devel-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     f7a98c64e0dc0e3845ad43d92ece0c69
xulrunner-devel-unstable-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     42116a55b34d41c0aad86a05cc504818
yelp-2.16.0-21.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     6e2e41b58a5912af6cd28d193a50ec85
 
IA-64:
devhelp-0.12-19.el5.ia64.rpm
File outdated by:  RHSA-2008:0978		     f69921fb80bc813a5ee6cdf2a6c8aa1b
devhelp-devel-0.12-19.el5.ia64.rpm
File outdated by:  RHSA-2008:0978		     e86506c4597e0370d013c9d3c2457e91
firefox-3.0.2-3.el5.ia64.rpm
File outdated by:  RHSA-2008:1036		     5d25fc01b4acf051e30f1fe6e85c407d
nss-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     8374c8c85d32758059884f38498f178a
nss-3.12.1.1-1.el5.ia64.rpm
File outdated by:  RHSA-2008:1036		     e6d5b1f40c698d1c25b4422be9588340
nss-devel-3.12.1.1-1.el5.ia64.rpm
File outdated by:  RHSA-2008:1036		     2ad545c38b9e6c8578bc1d1b1157a4fd
nss-pkcs11-devel-3.12.1.1-1.el5.ia64.rpm
File outdated by:  RHSA-2008:1036		     a1448dca0bdcfce0a30cfdb606d2e984
nss-tools-3.12.1.1-1.el5.ia64.rpm
File outdated by:  RHSA-2008:1036		     faac221f8f2d7ccdc92347a10880ae1d
xulrunner-1.9.0.2-5.el5.ia64.rpm
File outdated by:  RHSA-2008:1036		     331bbb838545a057565e21d494acea4f
xulrunner-devel-1.9.0.2-5.el5.ia64.rpm
File outdated by:  RHSA-2008:1036		     700490f335afb0645530f263b895f403
xulrunner-devel-unstable-1.9.0.2-5.el5.ia64.rpm
File outdated by:  RHSA-2008:1036		     bb3290c2cc64da83c0aa883c942225ee
yelp-2.16.0-21.el5.ia64.rpm
File outdated by:  RHSA-2008:0978		     79150174e4b0b8018d5984bda787766d
 
PPC:
devhelp-0.12-19.el5.ppc.rpm
File outdated by:  RHSA-2008:0978		     356fa3315a32cf1a3323717749da6c94
devhelp-devel-0.12-19.el5.ppc.rpm
File outdated by:  RHSA-2008:0978		     db5c1072d9f006c23f43b0d6ff436149
firefox-3.0.2-3.el5.ppc.rpm
File outdated by:  RHSA-2008:1036		     854a7d069b5625e15c7a8e0b13bc1529
nss-3.12.1.1-1.el5.ppc.rpm
File outdated by:  RHSA-2008:1036		     16ee55b30291d05580b339489d3646d6
nss-3.12.1.1-1.el5.ppc64.rpm
File outdated by:  RHSA-2008:1036		     e5a17d0006acf1b015f0bac76dfeb257
nss-devel-3.12.1.1-1.el5.ppc.rpm
File outdated by:  RHSA-2008:1036		     68b06c489eda31a7d007bda3c2ed9a83
nss-devel-3.12.1.1-1.el5.ppc64.rpm
File outdated by:  RHSA-2008:1036		     7e2c8d6ac04c01c3781ed34dc4e9037f
nss-pkcs11-devel-3.12.1.1-1.el5.ppc.rpm
File outdated by:  RHSA-2008:1036		     fdc64c62a3f2e86e4456ac0401591d76
nss-pkcs11-devel-3.12.1.1-1.el5.ppc64.rpm
File outdated by:  RHSA-2008:1036		     d4accde3e5eea886ab2c9e14fbeb3346
nss-tools-3.12.1.1-1.el5.ppc.rpm
File outdated by:  RHSA-2008:1036		     f1fc56cdff0615b3c0c8fd038c819ef4
xulrunner-1.9.0.2-5.el5.ppc.rpm
File outdated by:  RHSA-2008:1036		     3da69f55c3a7a628115f81dd704cdcaa
xulrunner-1.9.0.2-5.el5.ppc64.rpm
File outdated by:  RHSA-2008:1036		     67384f1c0ff72d0a3bed4a544f4ec396
xulrunner-devel-1.9.0.2-5.el5.ppc.rpm
File outdated by:  RHSA-2008:1036		     37e072ebc952209f70dfff52901fc1f0
xulrunner-devel-1.9.0.2-5.el5.ppc64.rpm
File outdated by:  RHSA-2008:1036		     9b5da9552b75843a33cd86daca592893
xulrunner-devel-unstable-1.9.0.2-5.el5.ppc.rpm
File outdated by:  RHSA-2008:1036		     11bff156e6629aa0294868837eede033
yelp-2.16.0-21.el5.ppc.rpm
File outdated by:  RHSA-2008:0978		     8c5c8c098a91096af59afbe89e14fac2
 
s390x:
devhelp-0.12-19.el5.s390.rpm
File outdated by:  RHSA-2008:0978		     601d51341dda03ba9a8c0631e3d7cf25
devhelp-0.12-19.el5.s390x.rpm
File outdated by:  RHSA-2008:0978		     8134b9486f851a7dfce93518a9d0f48e
devhelp-devel-0.12-19.el5.s390.rpm
File outdated by:  RHSA-2008:0978		     7ef7796a43a699662320adc9868c1078
devhelp-devel-0.12-19.el5.s390x.rpm
File outdated by:  RHSA-2008:0978		     37ed739c1269003a18f477a5ffe12734
firefox-3.0.2-3.el5.s390.rpm
File outdated by:  RHSA-2008:1036		     ea1c80e1cf8b2f81ebde090a6692c801
firefox-3.0.2-3.el5.s390x.rpm
File outdated by:  RHSA-2008:1036		     cf8081de1f7229a48bf5571c98ee1382
nss-3.12.1.1-1.el5.s390.rpm
File outdated by:  RHSA-2008:1036		     9d3250889601c5c450a70049f68dd142
nss-3.12.1.1-1.el5.s390x.rpm
File outdated by:  RHSA-2008:1036		     3ab46d2f06d7a87e49e6cb3f182e4d26
nss-devel-3.12.1.1-1.el5.s390.rpm
File outdated by:  RHSA-2008:1036		     5e7f2fd71cb9f6e67290632bf7068223
nss-devel-3.12.1.1-1.el5.s390x.rpm
File outdated by:  RHSA-2008:1036		     60a8b12e5e46d42a634583e50fc441a0
nss-pkcs11-devel-3.12.1.1-1.el5.s390.rpm
File outdated by:  RHSA-2008:1036		     a841421d0ea7069225954b81c0b88f5e
nss-pkcs11-devel-3.12.1.1-1.el5.s390x.rpm
File outdated by:  RHSA-2008:1036		     3966cce6d512ccfaebfbc5d6c744c868
nss-tools-3.12.1.1-1.el5.s390x.rpm
File outdated by:  RHSA-2008:1036		     f85ccd4df8057051c2e3d100f61c4faa
xulrunner-1.9.0.2-5.el5.s390.rpm
File outdated by:  RHSA-2008:1036		     311278ae616185cee2ca64803e4c5dd1
xulrunner-1.9.0.2-5.el5.s390x.rpm
File outdated by:  RHSA-2008:1036		     4cb196b868ba215fb4b104d578aad156
xulrunner-devel-1.9.0.2-5.el5.s390.rpm
File outdated by:  RHSA-2008:1036		     1baf6b9b535bf7b1e3ca648ac64e69ea
xulrunner-devel-1.9.0.2-5.el5.s390x.rpm
File outdated by:  RHSA-2008:1036		     7aa572c95202639d027c2328103c30f5
xulrunner-devel-unstable-1.9.0.2-5.el5.s390x.rpm
File outdated by:  RHSA-2008:1036		     f6b097f46ab36a839336600ae0a70922
yelp-2.16.0-21.el5.s390x.rpm
File outdated by:  RHSA-2008:0978		     4b33a5f5deb51da1a222247c920efc08
 
x86_64:
devhelp-0.12-19.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     610b8eba980495aeeb7606b743f04a10
devhelp-0.12-19.el5.x86_64.rpm
File outdated by:  RHSA-2008:0978		     f08d5737240a6bc5e4f9b23c0ac2f882
devhelp-devel-0.12-19.el5.i386.rpm
File outdated by:  RHSA-2008:0978		     fe2945c6113c9e4d89e3423056077c11
devhelp-devel-0.12-19.el5.x86_64.rpm
File outdated by:  RHSA-2008:0978		     18c4d12a34abd6b7db8a09dc60bf172e
firefox-3.0.2-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     fddc262f8dd9bd7ffd3415a476c8184f
firefox-3.0.2-3.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036		     a7333f522fbd077cd9668dbb49f56632
nss-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     8374c8c85d32758059884f38498f178a
nss-3.12.1.1-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036		     a8fbfa585f597f0c8194ddc66b2e562a
nss-devel-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     d0a73bcf8817f74579f355d22d0b745a
nss-devel-3.12.1.1-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036		     b2d2859782f31a8487f4ee96d5db772d
nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     8efd670cc8d90275f8387099e1d92120
nss-pkcs11-devel-3.12.1.1-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036		     058ed931c0ec2110c837a035f4dcf34f
nss-tools-3.12.1.1-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036		     47ca2528d57e43ef2f55683ba96dc98a
xulrunner-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     23e42bfeb8759c8393b1d53c74e857f6
xulrunner-1.9.0.2-5.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036		     769070ceb6b63073e20d021bbc16ce93
xulrunner-devel-1.9.0.2-5.el5.i386.rpm
File outdated by:  RHSA-2008:1036		     f7a98c64e0dc0e3845ad43d92ece0c69
xulrunner-devel-1.9.0.2-5.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036		     fc0f3a691e74d7425e16d9658eda0684
xulrunner-devel-unstable-1.9.0.2-5.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036		     6e96e9e905464f599b3ca92bc93a7d34
yelp-2.16.0-21.el5.x86_64.rpm
File outdated by:  RHSA-2008:0978		     908edef0541e4defe41b9356aba3f3af
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
firefox-3.0.2-3.el4.src.rpm
File outdated by:  RHSA-2009:1095		     49a212d901d93445e98e3abe05a1aa92
 
IA-32:
firefox-3.0.2-3.el4.i386.rpm
File outdated by:  RHSA-2009:1095		     cd158bb7e59108e7d122ec61245753fa
 
IA-64:
firefox-3.0.2-3.el4.ia64.rpm
File outdated by:  RHSA-2009:1095		     0860d9af59d7c9d508eb91ed602fe289
 
x86_64:
firefox-3.0.2-3.el4.x86_64.rpm
File outdated by:  RHSA-2009:1095		     d4e929e24ff38aced383d7267129337d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

463189 - CVE-2008-3837 Forced mouse drag
463190 - CVE-2008-4058 Mozilla privilege escalation via XPCnativeWrapper pollution
463198 - CVE-2008-4060 Mozilla privilege escalation via XPCnativeWrapper pollution
463199 - CVE-2008-4061 Mozilla layout engine crash
463201 - CVE-2008-4062 Mozilla crashes with evidence of memory corruption
463203 - CVE-2008-4063 Mozilla crashes with evidence of memory corruption
463204 - CVE-2008-4064 Mozilla crashes with evidence of memory corruption
463234 - CVE-2008-4065 Mozilla BOM characters stripped from JavaScript before execution
463246 - CVE-2008-4067 Mozilla resource: traversal vulnerability
463248 - CVE-2008-4068 Mozilla local HTML file recource: bypass


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.2

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/