Security Advisory Critical: firefox security update

Advisory: RHSA-2009:0315-4
Type: Security Advisory
Severity: Critical
Issued on: 2009-03-04
Last updated on: 2009-03-04
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.7.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.7.z)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20090315.xml
CVEs (cve.mitre.org): CVE-2009-0040
CVE-2009-0771
CVE-2009-0772
CVE-2009-0773
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
CVE-2009-0777

Details

An updated firefox package that fixes various security issues is now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774,
CVE-2009-0775)

Several flaws were found in the way malformed content was processed. A
website containing specially-crafted content could, potentially, trick a
Firefox user into surrendering sensitive information. (CVE-2009-0776,
CVE-2009-0777)

For technical details regarding these flaws, please see the Mozilla
security advisories for Firefox 3.0.7. You can find a link to the Mozilla
advisories in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.0.7, and which correct these issues. After installing the
update, Firefox must be restarted for the changes to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
xulrunner-1.9.0.7-1.el5.src.rpm
File outdated by:  RHSA-2009:1530		     7d91738fe8fbef9638f6491ad0946898
 
IA-32:
xulrunner-devel-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     abdaa13d616e00d5e409d20fc0f1fbfd
xulrunner-devel-unstable-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     c493efd29177cd9599235c4a770b3250
 
x86_64:
xulrunner-devel-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     abdaa13d616e00d5e409d20fc0f1fbfd
xulrunner-devel-1.9.0.7-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1530		     59cf23d7c97bc0a3ecaa680acca6a8e2
xulrunner-devel-unstable-1.9.0.7-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1530		     83d696d503436a7f49d88bd0e51f87e9
 
Red Hat Desktop (v. 4)
SRPMS:
firefox-3.0.7-1.el4.src.rpm
File outdated by:  RHSA-2009:1530		     8a692d010ae8be0573d6afc19a17b47a
 
IA-32:
firefox-3.0.7-1.el4.i386.rpm
File outdated by:  RHSA-2009:1530		     6dc481b72523b69c86c7881a1acda5d2
 
x86_64:
firefox-3.0.7-1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1530		     564ab39d3ac84a8c951d9493b311036c
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
firefox-3.0.7-1.el5.src.rpm
File outdated by:  RHSA-2009:1162		     99f78687f60c5ffab1c9dc937b7b6e1a
xulrunner-1.9.0.7-1.el5.src.rpm
File outdated by:  RHSA-2009:1530		     7d91738fe8fbef9638f6491ad0946898
 
IA-32:
firefox-3.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     57b99bfb8b1d6b2a81e93f9e880ebab5
xulrunner-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     a6846547602e4727703cc72869e96dd3
xulrunner-devel-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     abdaa13d616e00d5e409d20fc0f1fbfd
xulrunner-devel-unstable-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     c493efd29177cd9599235c4a770b3250
 
IA-64:
firefox-3.0.7-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1530		     0c3c65bf902bbefd15e40a10e23084d6
xulrunner-1.9.0.7-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1530		     94562fdd9512a472fa91b51e3a1815d8
xulrunner-devel-1.9.0.7-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1530		     c6fae295e71dcfca72c70d0074da4f78
xulrunner-devel-unstable-1.9.0.7-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1530		     4e32b838710ee6521d4d54204b9bf595
 
PPC:
firefox-3.0.7-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1530		     c5b863d5f4a07d351d29e539abe63236
xulrunner-1.9.0.7-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1530		     e8a74950fbc307112c60e17da08c8036
xulrunner-1.9.0.7-1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1530		     0d171c570b947085e08bd912aa800fb3
xulrunner-devel-1.9.0.7-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1530		     6903178c97014ec28892f3d5de0f2afb
xulrunner-devel-1.9.0.7-1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1530		     6943c275e1c06de8d00246405cc90d14
xulrunner-devel-unstable-1.9.0.7-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1530		     3c90ee150e53fba402264f0adbd8c8a9
 
s390x:
firefox-3.0.7-1.el5.s390.rpm
File outdated by:  RHSA-2009:1530		     7f8a62d24bb1ce3f2039d19904a6a995
firefox-3.0.7-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1530		     a42a8f3d112614fbd8f32a1c8f7c6e68
xulrunner-1.9.0.7-1.el5.s390.rpm
File outdated by:  RHSA-2009:1530		     f64875e86cad4ea01292baba797cd1e8
xulrunner-1.9.0.7-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1530		     54b042b09b778df853bea8c4347bb481
xulrunner-devel-1.9.0.7-1.el5.s390.rpm
File outdated by:  RHSA-2009:1530		     b47969ca62f648468a035594a18fe489
xulrunner-devel-1.9.0.7-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1530		     6e24bfec782b30c4235aa6f1425199d3
xulrunner-devel-unstable-1.9.0.7-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1530		     ab0ec6b5833d430eab248135fc35ea72
 
x86_64:
firefox-3.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     57b99bfb8b1d6b2a81e93f9e880ebab5
firefox-3.0.7-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1530		     080126515252364c916ef7c77e91485c
xulrunner-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     a6846547602e4727703cc72869e96dd3
xulrunner-1.9.0.7-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1530		     3c758c3c78ea2b626910a737985811e2
xulrunner-devel-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     abdaa13d616e00d5e409d20fc0f1fbfd
xulrunner-devel-1.9.0.7-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1530		     59cf23d7c97bc0a3ecaa680acca6a8e2
xulrunner-devel-unstable-1.9.0.7-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1530		     83d696d503436a7f49d88bd0e51f87e9
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
firefox-3.0.7-1.el4.src.rpm
File outdated by:  RHSA-2009:1530		     8a692d010ae8be0573d6afc19a17b47a
 
IA-32:
firefox-3.0.7-1.el4.i386.rpm
File outdated by:  RHSA-2009:1530		     6dc481b72523b69c86c7881a1acda5d2
 
IA-64:
firefox-3.0.7-1.el4.ia64.rpm
File outdated by:  RHSA-2009:1530		     298ef7d272acf898e83f8661ff352280
 
PPC:
firefox-3.0.7-1.el4.ppc.rpm
File outdated by:  RHSA-2009:1530		     e7d873d454a2ed16248e204a2a409b20
 
s390:
firefox-3.0.7-1.el4.s390.rpm
File outdated by:  RHSA-2009:1530		     ba89a57c279d419fb1c309e514fb0ec6
 
s390x:
firefox-3.0.7-1.el4.s390x.rpm
File outdated by:  RHSA-2009:1530		     df5b507e0953f940a0f6539563a48133
 
x86_64:
firefox-3.0.7-1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1530		     564ab39d3ac84a8c951d9493b311036c
 
Red Hat Enterprise Linux AS (v. 4.7.z)
SRPMS:
firefox-3.0.7-1.el4.src.rpm
File outdated by:  RHSA-2009:1530		     8a692d010ae8be0573d6afc19a17b47a
 
IA-32:
firefox-3.0.7-1.el4.i386.rpm
File outdated by:  RHSA-2009:0449		     6dc481b72523b69c86c7881a1acda5d2
 
IA-64:
firefox-3.0.7-1.el4.ia64.rpm
File outdated by:  RHSA-2009:0449		     298ef7d272acf898e83f8661ff352280
 
PPC:
firefox-3.0.7-1.el4.ppc.rpm
File outdated by:  RHSA-2009:0449		     e7d873d454a2ed16248e204a2a409b20
 
s390:
firefox-3.0.7-1.el4.s390.rpm
File outdated by:  RHSA-2009:0449		     ba89a57c279d419fb1c309e514fb0ec6
 
s390x:
firefox-3.0.7-1.el4.s390x.rpm
File outdated by:  RHSA-2009:0449		     df5b507e0953f940a0f6539563a48133
 
x86_64:
firefox-3.0.7-1.el4.x86_64.rpm
File outdated by:  RHSA-2009:0449		     564ab39d3ac84a8c951d9493b311036c
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
firefox-3.0.7-1.el5.src.rpm
File outdated by:  RHSA-2009:1162		     99f78687f60c5ffab1c9dc937b7b6e1a
xulrunner-1.9.0.7-1.el5.src.rpm
File outdated by:  RHSA-2009:1530		     7d91738fe8fbef9638f6491ad0946898
 
IA-32:
firefox-3.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     57b99bfb8b1d6b2a81e93f9e880ebab5
xulrunner-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     a6846547602e4727703cc72869e96dd3
 
x86_64:
firefox-3.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     57b99bfb8b1d6b2a81e93f9e880ebab5
firefox-3.0.7-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1530		     080126515252364c916ef7c77e91485c
xulrunner-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1530		     a6846547602e4727703cc72869e96dd3
xulrunner-1.9.0.7-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1530		     3c758c3c78ea2b626910a737985811e2
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
firefox-3.0.7-1.el4.src.rpm
File outdated by:  RHSA-2009:1530		     8a692d010ae8be0573d6afc19a17b47a
 
IA-32:
firefox-3.0.7-1.el4.i386.rpm
File outdated by:  RHSA-2009:1530		     6dc481b72523b69c86c7881a1acda5d2
 
IA-64:
firefox-3.0.7-1.el4.ia64.rpm
File outdated by:  RHSA-2009:1530		     298ef7d272acf898e83f8661ff352280
 
x86_64:
firefox-3.0.7-1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1530		     564ab39d3ac84a8c951d9493b311036c
 
Red Hat Enterprise Linux ES (v. 4.7.z)
SRPMS:
firefox-3.0.7-1.el4.src.rpm
File outdated by:  RHSA-2009:1530		     8a692d010ae8be0573d6afc19a17b47a
 
IA-32:
firefox-3.0.7-1.el4.i386.rpm
File outdated by:  RHSA-2009:0449		     6dc481b72523b69c86c7881a1acda5d2
 
IA-64:
firefox-3.0.7-1.el4.ia64.rpm
File outdated by:  RHSA-2009:0449		     298ef7d272acf898e83f8661ff352280
 
x86_64:
firefox-3.0.7-1.el4.x86_64.rpm
File outdated by:  RHSA-2009:0449		     564ab39d3ac84a8c951d9493b311036c
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)
SRPMS:
firefox-3.0.7-1.el5.src.rpm
File outdated by:  RHSA-2009:1162		     99f78687f60c5ffab1c9dc937b7b6e1a
xulrunner-1.9.0.7-1.el5.src.rpm
File outdated by:  RHSA-2009:1530		     7d91738fe8fbef9638f6491ad0946898
 
IA-32:
firefox-3.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162		     57b99bfb8b1d6b2a81e93f9e880ebab5
xulrunner-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162		     a6846547602e4727703cc72869e96dd3
xulrunner-devel-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162		     abdaa13d616e00d5e409d20fc0f1fbfd
xulrunner-devel-unstable-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162		     c493efd29177cd9599235c4a770b3250
 
IA-64:
firefox-3.0.7-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1162		     0c3c65bf902bbefd15e40a10e23084d6
xulrunner-1.9.0.7-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1162		     94562fdd9512a472fa91b51e3a1815d8
xulrunner-devel-1.9.0.7-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1162		     c6fae295e71dcfca72c70d0074da4f78
xulrunner-devel-unstable-1.9.0.7-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1162		     4e32b838710ee6521d4d54204b9bf595
 
PPC:
firefox-3.0.7-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1162		     c5b863d5f4a07d351d29e539abe63236
xulrunner-1.9.0.7-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1162		     e8a74950fbc307112c60e17da08c8036
xulrunner-1.9.0.7-1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1162		     0d171c570b947085e08bd912aa800fb3
xulrunner-devel-1.9.0.7-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1162		     6903178c97014ec28892f3d5de0f2afb
xulrunner-devel-1.9.0.7-1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1162		     6943c275e1c06de8d00246405cc90d14
xulrunner-devel-unstable-1.9.0.7-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1162		     3c90ee150e53fba402264f0adbd8c8a9
 
s390x:
firefox-3.0.7-1.el5.s390.rpm
File outdated by:  RHSA-2009:1162		     7f8a62d24bb1ce3f2039d19904a6a995
firefox-3.0.7-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1162		     a42a8f3d112614fbd8f32a1c8f7c6e68
xulrunner-1.9.0.7-1.el5.s390.rpm
File outdated by:  RHSA-2009:1162		     f64875e86cad4ea01292baba797cd1e8
xulrunner-1.9.0.7-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1162		     54b042b09b778df853bea8c4347bb481
xulrunner-devel-1.9.0.7-1.el5.s390.rpm
File outdated by:  RHSA-2009:1162		     b47969ca62f648468a035594a18fe489
xulrunner-devel-1.9.0.7-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1162		     6e24bfec782b30c4235aa6f1425199d3
xulrunner-devel-unstable-1.9.0.7-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1162		     ab0ec6b5833d430eab248135fc35ea72
 
x86_64:
firefox-3.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162		     57b99bfb8b1d6b2a81e93f9e880ebab5
firefox-3.0.7-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1162		     080126515252364c916ef7c77e91485c
xulrunner-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162		     a6846547602e4727703cc72869e96dd3
xulrunner-1.9.0.7-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1162		     3c758c3c78ea2b626910a737985811e2
xulrunner-devel-1.9.0.7-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162		     abdaa13d616e00d5e409d20fc0f1fbfd
xulrunner-devel-1.9.0.7-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1162		     59cf23d7c97bc0a3ecaa680acca6a8e2
xulrunner-devel-unstable-1.9.0.7-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1162		     83d696d503436a7f49d88bd0e51f87e9
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
firefox-3.0.7-1.el4.src.rpm
File outdated by:  RHSA-2009:1530		     8a692d010ae8be0573d6afc19a17b47a
 
IA-32:
firefox-3.0.7-1.el4.i386.rpm
File outdated by:  RHSA-2009:1530		     6dc481b72523b69c86c7881a1acda5d2
 
IA-64:
firefox-3.0.7-1.el4.ia64.rpm
File outdated by:  RHSA-2009:1530		     298ef7d272acf898e83f8661ff352280
 
x86_64:
firefox-3.0.7-1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1530		     564ab39d3ac84a8c951d9493b311036c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

486355 - CVE-2009-0040 libpng arbitrary free() flaw


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777
http://www.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.7

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/