Security Advisory Critical: firefox security update

Advisory: RHSA-2008:0978-6
Type: Security Advisory
Severity: Critical
Issued on: 2008-11-12
Last updated on: 2008-11-12
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20080978.xml
CVEs (cve.mitre.org): CVE-2008-0017
CVE-2008-5014
CVE-2008-5015
CVE-2008-5016
CVE-2008-5017
CVE-2008-5018
CVE-2008-5019
CVE-2008-5021
CVE-2008-5022
CVE-2008-5023
CVE-2008-5024

Details

An updated firefox package that fixes various security issues is now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017,
CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)

Several flaws were found in the way malformed content was processed. A web
site containing specially-crafted content could potentially trick a Firefox
user into surrendering sensitive information. (CVE-2008-5022,
CVE-2008-5023, CVE-2008-5024)

A flaw was found in the way Firefox opened "file:" URIs. If a file: URI was
loaded in the same tab as a chrome or privileged "about:" page, the file:
URI could execute arbitrary code with the permissions of the user running
Firefox. (CVE-2008-5015)

For technical details regarding these flaws, please see the Mozilla
security advisories for Firefox 3.0.4. You can find a link to the Mozilla
advisories in the References section.

All firefox users should upgrade to these updated packages, which contain
backported patches that correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188


Updated packages

RHEL Desktop Workstation (v. 5 client)

IA-32:
devhelp-devel-0.12-20.el5.i386.rpm     f33301b7f476fdf940651064e81a818b
nss-devel-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    5ff2c94ed1e863e250804a84adad7d4d
nss-pkcs11-devel-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    5144d4461637b0deb839e53f801e259a
xulrunner-devel-1.9.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    ef2ec0f68c3d412722d0f9c1f3c18b07
xulrunner-devel-unstable-1.9.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    b3505ac44afe4594967d2c172cbadc74
 
x86_64:
devhelp-devel-0.12-20.el5.i386.rpm     f33301b7f476fdf940651064e81a818b
devhelp-devel-0.12-20.el5.x86_64.rpm     c0fc2cf780e6c7df76f62a5a7a21e51a
nss-devel-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    5ff2c94ed1e863e250804a84adad7d4d
nss-devel-3.12.1.1-3.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    fa35ff48db85256e8f064d1c43e399ea
nss-pkcs11-devel-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    5144d4461637b0deb839e53f801e259a
nss-pkcs11-devel-3.12.1.1-3.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    4af6c28a491950520ba8f0131dd0d669
xulrunner-devel-1.9.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    ef2ec0f68c3d412722d0f9c1f3c18b07
xulrunner-devel-1.9.0.4-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    9630aa7dbca32a3fb2f0cb02edfbf484
xulrunner-devel-unstable-1.9.0.4-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    19fe2b4f2fd40c4e63178edc01d13811
 
Red Hat Desktop (v. 4)

SRPMS:
firefox-3.0.4-1.el4.src.rpm
File outdated by:  RHSA-2008:1036
    4129e6f61f1fc3437690251fecdf5679
nss-3.12.1.1-3.el4.src.rpm
File outdated by:  RHSA-2008:1036
    8d000fe56eadad0a8c629eaf7541702f
 
IA-32:
firefox-3.0.4-1.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    bef4175530124d6906997d1e30684b33
nss-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    23a8509ee4468189d8b386b12cc58daf
nss-devel-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    bfbc5822c7b6f6e71142ff9fd779523a
 
x86_64:
firefox-3.0.4-1.el4.x86_64.rpm
File outdated by:  RHSA-2008:1036
    2f148a2a76cd3c4aab7612b6dfc4405b
nss-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    23a8509ee4468189d8b386b12cc58daf
nss-3.12.1.1-3.el4.x86_64.rpm
File outdated by:  RHSA-2008:1036
    db7cf11128acf270d8a51e767b90e5e9
nss-devel-3.12.1.1-3.el4.x86_64.rpm
File outdated by:  RHSA-2008:1036
    6ebee12c754db4755d6d88e957113a33
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
devhelp-0.12-20.el5.src.rpm     9d5223cebd450c06649689fc1c7426f8
firefox-3.0.4-1.el5.src.rpm
File outdated by:  RHSA-2008:1036
    5b2ca5a05860884e81c9410bbfcd975a
nss-3.12.1.1-3.el5.src.rpm
File outdated by:  RHSA-2008:1036
    55823c9dc7f25e8249db6b6fc55c338f
xulrunner-1.9.0.4-1.el5.src.rpm
File outdated by:  RHSA-2008:1036
    39261122eefdc92d055add8899efb99f
yelp-2.16.0-22.el5.src.rpm     9c9cce44d6844d7c52c8e1f1089e6f75
 
IA-32:
devhelp-0.12-20.el5.i386.rpm     1e74257a1472b3f1088e71cb5bd4f795
devhelp-devel-0.12-20.el5.i386.rpm     f33301b7f476fdf940651064e81a818b
firefox-3.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    cba1cc7ffe351f172f09313d122ff6d6
nss-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    a8742d91c56ecff46c7d91a4180425ac
nss-devel-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    5ff2c94ed1e863e250804a84adad7d4d
nss-pkcs11-devel-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    5144d4461637b0deb839e53f801e259a
nss-tools-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    c1d14a5ddffa35b501579274f1e44e6f
xulrunner-1.9.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    e1d075574cc9fef647fa0bef327cfa47
xulrunner-devel-1.9.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    ef2ec0f68c3d412722d0f9c1f3c18b07
xulrunner-devel-unstable-1.9.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    b3505ac44afe4594967d2c172cbadc74
yelp-2.16.0-22.el5.i386.rpm     a3dda554904802e9b4be54fe13e7d611
 
IA-64:
devhelp-0.12-20.el5.ia64.rpm     eb4c8893d22d8195debad6fe2c85d07a
devhelp-devel-0.12-20.el5.ia64.rpm     bddad1b41901f519920ea50f9d872906
firefox-3.0.4-1.el5.ia64.rpm
File outdated by:  RHSA-2008:1036
    119477eb743ff6ebfc0c59ea7ded8af1
nss-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    a8742d91c56ecff46c7d91a4180425ac
nss-3.12.1.1-3.el5.ia64.rpm
File outdated by:  RHSA-2008:1036
    f71e230d45f57c96cdbefd99fe1f5599
nss-devel-3.12.1.1-3.el5.ia64.rpm
File outdated by:  RHSA-2008:1036
    fadd9515e693690b6cd70fcd2a8eeae2
nss-pkcs11-devel-3.12.1.1-3.el5.ia64.rpm
File outdated by:  RHSA-2008:1036
    9b2b0497485756e7b96cc776f7acba1a
nss-tools-3.12.1.1-3.el5.ia64.rpm
File outdated by:  RHSA-2008:1036
    08c1d65b5ed05ea2cd18d88e60e3dce3
xulrunner-1.9.0.4-1.el5.ia64.rpm
File outdated by:  RHSA-2008:1036
    c7b3c983f997c9b3a32ef7b328e874f1
xulrunner-devel-1.9.0.4-1.el5.ia64.rpm
File outdated by:  RHSA-2008:1036
    3961aa4778c4b9760215a431e88ec032
xulrunner-devel-unstable-1.9.0.4-1.el5.ia64.rpm
File outdated by:  RHSA-2008:1036
    aef4da4d086cb4cd726bb84d45cfa840
yelp-2.16.0-22.el5.ia64.rpm     20ca383ecc154a4e334e29352769f29d
 
PPC:
devhelp-0.12-20.el5.ppc.rpm     2eff636d327936c1e0ed55e4429c6ccc
devhelp-devel-0.12-20.el5.ppc.rpm     3a5fcd4dc3e68536cb3f2d706575e162
firefox-3.0.4-1.el5.ppc.rpm
File outdated by:  RHSA-2008:1036
    3e27a17d47f896ddb8093c698334e73b
nss-3.12.1.1-3.el5.ppc.rpm
File outdated by:  RHSA-2008:1036
    f8b23bc8852afc390b57d6abad6cb56c
nss-3.12.1.1-3.el5.ppc64.rpm
File outdated by:  RHSA-2008:1036
    5471b09e977df289e220a83e09ecf114
nss-devel-3.12.1.1-3.el5.ppc.rpm
File outdated by:  RHSA-2008:1036
    de9d7a9a92ecb663b2ad8d585771d8ed
nss-devel-3.12.1.1-3.el5.ppc64.rpm
File outdated by:  RHSA-2008:1036
    fbf35e72b48e43886f2021c885b05446
nss-pkcs11-devel-3.12.1.1-3.el5.ppc.rpm
File outdated by:  RHSA-2008:1036
    ca4e5d7aa203cfaeb0ffbef8a92ab913
nss-pkcs11-devel-3.12.1.1-3.el5.ppc64.rpm
File outdated by:  RHSA-2008:1036
    9a12316a1bbaec9f22fbe6bf2858f363
nss-tools-3.12.1.1-3.el5.ppc.rpm
File outdated by:  RHSA-2008:1036
    7bd038366fdcccf42642662bbd4f1d98
xulrunner-1.9.0.4-1.el5.ppc.rpm
File outdated by:  RHSA-2008:1036
    f2a8abae170f4fdb6559d46d1fcfe730
xulrunner-1.9.0.4-1.el5.ppc64.rpm
File outdated by:  RHSA-2008:1036
    5a91c6e107109b2c147ee7d3b0b9b2c8
xulrunner-devel-1.9.0.4-1.el5.ppc.rpm
File outdated by:  RHSA-2008:1036
    4442e539e1032f9007cace9bc98112e9
xulrunner-devel-1.9.0.4-1.el5.ppc64.rpm
File outdated by:  RHSA-2008:1036
    0df6ae0a482d2246fb7bb79d41e36a6b
xulrunner-devel-unstable-1.9.0.4-1.el5.ppc.rpm
File outdated by:  RHSA-2008:1036
    dfb98d3d5dad21874699db16cb4cc67a
yelp-2.16.0-22.el5.ppc.rpm     77114fe2d4fe2337b6f886869d35a95a
 
s390x:
devhelp-0.12-20.el5.s390.rpm     2eaa6985706088bdcfbd7060a9131921
devhelp-0.12-20.el5.s390x.rpm     c32736a66f9a7da1fd110d09bd4bd4c7
devhelp-devel-0.12-20.el5.s390.rpm     d96de14c6d61bd5d17241fafb231d6d4
devhelp-devel-0.12-20.el5.s390x.rpm     556da432223213fbf48ecea2c8be722c
firefox-3.0.4-1.el5.s390.rpm
File outdated by:  RHSA-2008:1036
    acec080001a9722418667201348ce51d
firefox-3.0.4-1.el5.s390x.rpm
File outdated by:  RHSA-2008:1036
    77a1326c826225c04c949f9b4b1a9088
nss-3.12.1.1-3.el5.s390.rpm
File outdated by:  RHSA-2008:1036
    94bceda8d6882d6b012b375730e76225
nss-3.12.1.1-3.el5.s390x.rpm
File outdated by:  RHSA-2008:1036
    f1a53e0cdd35f1e0c9bd32022800c381
nss-devel-3.12.1.1-3.el5.s390.rpm
File outdated by:  RHSA-2008:1036
    4e0343baaf1adab95fe977f819c8855a
nss-devel-3.12.1.1-3.el5.s390x.rpm
File outdated by:  RHSA-2008:1036
    31733948165fdffb1cd14a8c68b9274c
nss-pkcs11-devel-3.12.1.1-3.el5.s390.rpm
File outdated by:  RHSA-2008:1036
    d81c7b3ea7e37bca896c1063347bf5b7
nss-pkcs11-devel-3.12.1.1-3.el5.s390x.rpm
File outdated by:  RHSA-2008:1036
    8987e689d41f5b1e4936fcf825860098
nss-tools-3.12.1.1-3.el5.s390x.rpm
File outdated by:  RHSA-2008:1036
    8165f04e28040758700406f02cac0dfc
xulrunner-1.9.0.4-1.el5.s390.rpm
File outdated by:  RHSA-2008:1036
    673ca5739ad11f51c82b62112cb87d9c
xulrunner-1.9.0.4-1.el5.s390x.rpm
File outdated by:  RHSA-2008:1036
    8c4c6d6da45f74fd126d871c52fbedbf
xulrunner-devel-1.9.0.4-1.el5.s390.rpm
File outdated by:  RHSA-2008:1036
    0074dc019b936f9eed4fa0ad314f9faa
xulrunner-devel-1.9.0.4-1.el5.s390x.rpm
File outdated by:  RHSA-2008:1036
    cc963406d7c5f87e186bf469efeaef60
xulrunner-devel-unstable-1.9.0.4-1.el5.s390x.rpm
File outdated by:  RHSA-2008:1036
    62bf79e182427d39328959cce231ceca
yelp-2.16.0-22.el5.s390x.rpm     ec0db16f94cc2965fa83e9c4787cc364
 
x86_64:
devhelp-0.12-20.el5.i386.rpm     1e74257a1472b3f1088e71cb5bd4f795
devhelp-0.12-20.el5.x86_64.rpm     0fe58ab6d945b81105f1f598d76910e4
devhelp-devel-0.12-20.el5.i386.rpm     f33301b7f476fdf940651064e81a818b
devhelp-devel-0.12-20.el5.x86_64.rpm     c0fc2cf780e6c7df76f62a5a7a21e51a
firefox-3.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    cba1cc7ffe351f172f09313d122ff6d6
firefox-3.0.4-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    e451709fddfb0264881817eff2ab8ad4
nss-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    a8742d91c56ecff46c7d91a4180425ac
nss-3.12.1.1-3.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    ae7ff011aef1a12963db4ee16ee71dd5
nss-devel-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    5ff2c94ed1e863e250804a84adad7d4d
nss-devel-3.12.1.1-3.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    fa35ff48db85256e8f064d1c43e399ea
nss-pkcs11-devel-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    5144d4461637b0deb839e53f801e259a
nss-pkcs11-devel-3.12.1.1-3.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    4af6c28a491950520ba8f0131dd0d669
nss-tools-3.12.1.1-3.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    fb0ad2969ebcb1a3192ad3648b2c63e6
xulrunner-1.9.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    e1d075574cc9fef647fa0bef327cfa47
xulrunner-1.9.0.4-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    b1e7342df87e7a370e69dd7075ef5b68
xulrunner-devel-1.9.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    ef2ec0f68c3d412722d0f9c1f3c18b07
xulrunner-devel-1.9.0.4-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    9630aa7dbca32a3fb2f0cb02edfbf484
xulrunner-devel-unstable-1.9.0.4-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    19fe2b4f2fd40c4e63178edc01d13811
yelp-2.16.0-22.el5.x86_64.rpm     635bc031faa7a07dbf96a9615cd1e26d
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
firefox-3.0.4-1.el4.src.rpm
File outdated by:  RHSA-2008:1036
    4129e6f61f1fc3437690251fecdf5679
nss-3.12.1.1-3.el4.src.rpm
File outdated by:  RHSA-2008:1036
    8d000fe56eadad0a8c629eaf7541702f
 
IA-32:
firefox-3.0.4-1.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    bef4175530124d6906997d1e30684b33
nss-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    23a8509ee4468189d8b386b12cc58daf
nss-devel-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    bfbc5822c7b6f6e71142ff9fd779523a
 
IA-64:
firefox-3.0.4-1.el4.ia64.rpm
File outdated by:  RHSA-2008:1036
    4c22fcf56813e70099c15f75d306359b
nss-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    23a8509ee4468189d8b386b12cc58daf
nss-3.12.1.1-3.el4.ia64.rpm
File outdated by:  RHSA-2008:1036
    197601fa8a8740c66cca073db8403a32
nss-devel-3.12.1.1-3.el4.ia64.rpm
File outdated by:  RHSA-2008:1036
    9834c7be713535d5340bebf8f2a1c922
 
PPC:
firefox-3.0.4-1.el4.ppc.rpm
File outdated by:  RHSA-2008:1036
    3d5b5207c14e648f9af3478be9cca85e
nss-3.12.1.1-3.el4.ppc.rpm
File outdated by:  RHSA-2008:1036
    ccc0e28a907a843f94375b6887dc1612
nss-3.12.1.1-3.el4.ppc64.rpm
File outdated by:  RHSA-2008:1036
    dc101995484f6b5196e446013e27d2fe
nss-devel-3.12.1.1-3.el4.ppc.rpm
File outdated by:  RHSA-2008:1036
    0200cf55cf48e7e9849fe8439ecad5b9
 
s390:
firefox-3.0.4-1.el4.s390.rpm
File outdated by:  RHSA-2008:1036
    3951b4c3e022ccc71ed790f7b6c829ea
nss-3.12.1.1-3.el4.s390.rpm
File outdated by:  RHSA-2008:1036
    8b86ff002d9e9bd1115e8540abdedf8a
nss-devel-3.12.1.1-3.el4.s390.rpm
File outdated by:  RHSA-2008:1036
    055a34133877e605ddd8f5f868717e6d
 
s390x:
firefox-3.0.4-1.el4.s390x.rpm
File outdated by:  RHSA-2008:1036
    f627aba970c07c3425e3640701f42a6d
nss-3.12.1.1-3.el4.s390.rpm
File outdated by:  RHSA-2008:1036
    8b86ff002d9e9bd1115e8540abdedf8a
nss-3.12.1.1-3.el4.s390x.rpm
File outdated by:  RHSA-2008:1036
    42f0220dd85bbaaba23b3a4ff30189f4
nss-devel-3.12.1.1-3.el4.s390x.rpm
File outdated by:  RHSA-2008:1036
    5a92877294d60e1dce89d5dbf54f4e99
 
x86_64:
firefox-3.0.4-1.el4.x86_64.rpm
File outdated by:  RHSA-2008:1036
    2f148a2a76cd3c4aab7612b6dfc4405b
nss-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    23a8509ee4468189d8b386b12cc58daf
nss-3.12.1.1-3.el4.x86_64.rpm
File outdated by:  RHSA-2008:1036
    db7cf11128acf270d8a51e767b90e5e9
nss-devel-3.12.1.1-3.el4.x86_64.rpm
File outdated by:  RHSA-2008:1036
    6ebee12c754db4755d6d88e957113a33
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
devhelp-0.12-20.el5.src.rpm     9d5223cebd450c06649689fc1c7426f8
firefox-3.0.4-1.el5.src.rpm
File outdated by:  RHSA-2008:1036
    5b2ca5a05860884e81c9410bbfcd975a
nss-3.12.1.1-3.el5.src.rpm
File outdated by:  RHSA-2008:1036
    55823c9dc7f25e8249db6b6fc55c338f
xulrunner-1.9.0.4-1.el5.src.rpm
File outdated by:  RHSA-2008:1036
    39261122eefdc92d055add8899efb99f
yelp-2.16.0-22.el5.src.rpm     9c9cce44d6844d7c52c8e1f1089e6f75
 
IA-32:
devhelp-0.12-20.el5.i386.rpm     1e74257a1472b3f1088e71cb5bd4f795
firefox-3.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    cba1cc7ffe351f172f09313d122ff6d6
nss-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    a8742d91c56ecff46c7d91a4180425ac
nss-tools-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    c1d14a5ddffa35b501579274f1e44e6f
xulrunner-1.9.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    e1d075574cc9fef647fa0bef327cfa47
yelp-2.16.0-22.el5.i386.rpm     a3dda554904802e9b4be54fe13e7d611
 
x86_64:
devhelp-0.12-20.el5.i386.rpm     1e74257a1472b3f1088e71cb5bd4f795
devhelp-0.12-20.el5.x86_64.rpm     0fe58ab6d945b81105f1f598d76910e4
firefox-3.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    cba1cc7ffe351f172f09313d122ff6d6
firefox-3.0.4-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    e451709fddfb0264881817eff2ab8ad4
nss-3.12.1.1-3.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    a8742d91c56ecff46c7d91a4180425ac
nss-3.12.1.1-3.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    ae7ff011aef1a12963db4ee16ee71dd5
nss-tools-3.12.1.1-3.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    fb0ad2969ebcb1a3192ad3648b2c63e6
xulrunner-1.9.0.4-1.el5.i386.rpm
File outdated by:  RHSA-2008:1036
    e1d075574cc9fef647fa0bef327cfa47
xulrunner-1.9.0.4-1.el5.x86_64.rpm
File outdated by:  RHSA-2008:1036
    b1e7342df87e7a370e69dd7075ef5b68
yelp-2.16.0-22.el5.x86_64.rpm     635bc031faa7a07dbf96a9615cd1e26d
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
firefox-3.0.4-1.el4.src.rpm
File outdated by:  RHSA-2008:1036
    4129e6f61f1fc3437690251fecdf5679
nss-3.12.1.1-3.el4.src.rpm
File outdated by:  RHSA-2008:1036
    8d000fe56eadad0a8c629eaf7541702f
 
IA-32:
firefox-3.0.4-1.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    bef4175530124d6906997d1e30684b33
nss-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    23a8509ee4468189d8b386b12cc58daf
nss-devel-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    bfbc5822c7b6f6e71142ff9fd779523a
 
IA-64:
firefox-3.0.4-1.el4.ia64.rpm
File outdated by:  RHSA-2008:1036
    4c22fcf56813e70099c15f75d306359b
nss-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    23a8509ee4468189d8b386b12cc58daf
nss-3.12.1.1-3.el4.ia64.rpm
File outdated by:  RHSA-2008:1036
    197601fa8a8740c66cca073db8403a32
nss-devel-3.12.1.1-3.el4.ia64.rpm
File outdated by:  RHSA-2008:1036
    9834c7be713535d5340bebf8f2a1c922
 
x86_64:
firefox-3.0.4-1.el4.x86_64.rpm
File outdated by:  RHSA-2008:1036
    2f148a2a76cd3c4aab7612b6dfc4405b
nss-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    23a8509ee4468189d8b386b12cc58daf
nss-3.12.1.1-3.el4.x86_64.rpm
File outdated by:  RHSA-2008:1036
    db7cf11128acf270d8a51e767b90e5e9
nss-devel-3.12.1.1-3.el4.x86_64.rpm
File outdated by:  RHSA-2008:1036
    6ebee12c754db4755d6d88e957113a33
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
firefox-3.0.4-1.el4.src.rpm
File outdated by:  RHSA-2008:1036
    4129e6f61f1fc3437690251fecdf5679
nss-3.12.1.1-3.el4.src.rpm
File outdated by:  RHSA-2008:1036
    8d000fe56eadad0a8c629eaf7541702f
 
IA-32:
firefox-3.0.4-1.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    bef4175530124d6906997d1e30684b33
nss-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    23a8509ee4468189d8b386b12cc58daf
nss-devel-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    bfbc5822c7b6f6e71142ff9fd779523a
 
IA-64:
firefox-3.0.4-1.el4.ia64.rpm
File outdated by:  RHSA-2008:1036
    4c22fcf56813e70099c15f75d306359b
nss-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    23a8509ee4468189d8b386b12cc58daf
nss-3.12.1.1-3.el4.ia64.rpm
File outdated by:  RHSA-2008:1036
    197601fa8a8740c66cca073db8403a32
nss-devel-3.12.1.1-3.el4.ia64.rpm
File outdated by:  RHSA-2008:1036
    9834c7be713535d5340bebf8f2a1c922
 
x86_64:
firefox-3.0.4-1.el4.x86_64.rpm
File outdated by:  RHSA-2008:1036
    2f148a2a76cd3c4aab7612b6dfc4405b
nss-3.12.1.1-3.el4.i386.rpm
File outdated by:  RHSA-2008:1036
    23a8509ee4468189d8b386b12cc58daf
nss-3.12.1.1-3.el4.x86_64.rpm
File outdated by:  RHSA-2008:1036
    db7cf11128acf270d8a51e767b90e5e9
nss-devel-3.12.1.1-3.el4.x86_64.rpm
File outdated by:  RHSA-2008:1036
    6ebee12c754db4755d6d88e957113a33
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

454283 - firefox-2.0-getstartpage.patch breaks extensions which set homepage
470873 - CVE-2008-5014 Mozilla crash and remote code execution via __proto__ tampering
470876 - CVE-2008-5015 Mozilla file: URIs inherit chrome privileges
470881 - CVE-2008-5016 Mozilla crash with evidence of memory corruption
470883 - CVE-2008-5017 Mozilla crash with evidence of memory corruption
470884 - CVE-2008-5018 Mozilla crash with evidence of memory corruption
470889 - CVE-2008-5019 Mozilla XSS via session restore
470892 - CVE-2008-0017 Mozilla buffer overflow in http-index-format parser
470894 - CVE-2008-5021 Mozilla crash and remote code execution in nsFrameManager
470895 - CVE-2008-5022 Mozilla nsXMLHttpRequest::NotifyEventListeners() same-origin violation
470898 - CVE-2008-5023 Mozilla -moz-binding property bypasses security checks on codebase principals
470902 - CVE-2008-5024 Mozilla parsing error in E4X default namespace


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/