Skip to navigation

Security Advisory Critical: firefox security update

Advisory: RHSA-2009:1095-1
Type: Security Advisory
Severity: Critical
Issued on: 2009-06-11
Last updated on: 2009-06-11
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux Long Life (v. 5.3 server)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2009-1392
CVE-2009-1832
CVE-2009-1833
CVE-2009-1834
CVE-2009-1835
CVE-2009-1836
CVE-2009-1837
CVE-2009-1838
CVE-2009-1839
CVE-2009-1840
CVE-2009-1841

Details

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838,
CVE-2009-1841)

Multiple flaws were found in the processing of malformed, local file
content. If a user loaded malicious, local content via the file:// URL, it
was possible for that content to access other local data. (CVE-2009-1835,
CVE-2009-1839)

A script, privilege elevation flaw was found in the way Firefox loaded XML
User Interface Language (XUL) scripts. Firefox and certain add-ons could
load malicious content when certain policy checks did not happen.
(CVE-2009-1840)

A flaw was found in the way Firefox displayed certain Unicode characters in
International Domain Names (IDN). If an IDN contained invalid characters,
they may have been displayed as spaces, making it appear to the user that
they were visiting a trusted site. (CVE-2009-1834)

A flaw was found in the way Firefox handled error responses returned from
proxy servers. If an attacker is able to conduct a man-in-the-middle attack
against a Firefox instance that is using a proxy server, they may be able
to steal sensitive information from the site the user is visiting.
(CVE-2009-1836)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.0.11. You can find a link to the Mozilla
advisories in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.0.11, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
xulrunner-1.9.0.11-3.el5_3.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: 537810f3505c89d26ca271fbe8ed32f3
 
IA-32:
xulrunner-devel-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: defe154a30bd289451ffb392c8246e4d
xulrunner-devel-unstable-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2010:0332
    MD5: 589bbb057cddd067a186ee8e77581977
 
x86_64:
xulrunner-devel-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: defe154a30bd289451ffb392c8246e4d
xulrunner-devel-1.9.0.11-3.el5_3.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: cb7abecdd6afa28206b2ddd9cc4207c7
xulrunner-devel-unstable-1.9.0.11-3.el5_3.x86_64.rpm
File outdated by:  RHSA-2010:0332
    MD5: 8a8b1e85aa2fd5858cc681473dcf0ca9
 
Red Hat Desktop (v. 4)

SRPMS:
firefox-3.0.11-4.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 5915cba975ff24922d8179d24e65042c
 
IA-32:
firefox-3.0.11-4.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 91eff9a617c93f86ff7f7590ce01a869
 
x86_64:
firefox-3.0.11-4.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: f8603ca76fb2319a1e5438967ab92697
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
firefox-3.0.11-2.el5_3.src.rpm
File outdated by:  RHSA-2009:1162
    MD5: 28e02a87a0c8dd414995c55a86e68455
xulrunner-1.9.0.11-3.el5_3.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: 537810f3505c89d26ca271fbe8ed32f3
 
IA-32:
firefox-3.0.11-2.el5_3.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: c500538f723c9b2bd1ca9ab42866ea7e
xulrunner-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: d60b107e07690cd375ebe80f099a2c3c
xulrunner-devel-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: defe154a30bd289451ffb392c8246e4d
xulrunner-devel-unstable-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2010:0332
    MD5: 589bbb057cddd067a186ee8e77581977
 
IA-64:
firefox-3.0.11-2.el5_3.ia64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 15c67c129ca8d94de761b311a0e0f656
xulrunner-1.9.0.11-3.el5_3.ia64.rpm
File outdated by:  RHSA-2013:1476
    MD5: d0a5133012dc1d8d10e4e2f1cde9a27d
xulrunner-devel-1.9.0.11-3.el5_3.ia64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 6c76f754f3aa9681012115aa4d50856e
xulrunner-devel-unstable-1.9.0.11-3.el5_3.ia64.rpm
File outdated by:  RHSA-2010:0332
    MD5: 672dbaf991db1155b71534dff467fd77
 
PPC:
firefox-3.0.11-2.el5_3.ppc.rpm
File outdated by:  RHSA-2014:0310
    MD5: b599fbc558848b7b735f3f4ae5182542
xulrunner-1.9.0.11-3.el5_3.ppc.rpm
File outdated by:  RHSA-2013:1476
    MD5: d49fff1c1802efef1fbcc407308a500c
xulrunner-1.9.0.11-3.el5_3.ppc64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 63a906d0b0f3a1911ab40ffc2af27bb1
xulrunner-devel-1.9.0.11-3.el5_3.ppc.rpm
File outdated by:  RHSA-2013:1476
    MD5: 17a0325a09e456e4200a5874f2a601f8
xulrunner-devel-1.9.0.11-3.el5_3.ppc64.rpm
File outdated by:  RHSA-2013:1476
    MD5: c51a14a113275fcfc37394b3e6aed295
xulrunner-devel-unstable-1.9.0.11-3.el5_3.ppc.rpm
File outdated by:  RHSA-2010:0332
    MD5: 4e395488580bb2391c1ccc361d034808
 
s390x:
firefox-3.0.11-2.el5_3.s390.rpm
File outdated by:  RHSA-2014:0310
    MD5: 0c4130dc53f74f2cf40afa85b1781f5b
firefox-3.0.11-2.el5_3.s390x.rpm
File outdated by:  RHSA-2014:0310
    MD5: 8e8bc8e90f75d8815169e556b8e775d1
xulrunner-1.9.0.11-3.el5_3.s390.rpm
File outdated by:  RHSA-2013:1476
    MD5: c057c5a7fa70a77694dea95c48ef322f
xulrunner-1.9.0.11-3.el5_3.s390x.rpm
File outdated by:  RHSA-2013:1476
    MD5: 908f0d3832cb9d09860e9db44a781636
xulrunner-devel-1.9.0.11-3.el5_3.s390.rpm
File outdated by:  RHSA-2013:1476
    MD5: 72f83e1a98bc6875f8ca8a4514667688
xulrunner-devel-1.9.0.11-3.el5_3.s390x.rpm
File outdated by:  RHSA-2013:1476
    MD5: 6a877debfcac2bfe844781f67b428292
xulrunner-devel-unstable-1.9.0.11-3.el5_3.s390x.rpm
File outdated by:  RHSA-2010:0332
    MD5: 5aaf999a7dfe0493ed42a133df4c9741
 
x86_64:
firefox-3.0.11-2.el5_3.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: c500538f723c9b2bd1ca9ab42866ea7e
firefox-3.0.11-2.el5_3.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 635bc880820722b61b15408b7ad24bea
xulrunner-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: d60b107e07690cd375ebe80f099a2c3c
xulrunner-1.9.0.11-3.el5_3.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 3316fcd7641d5dff3ccc400af626fd59
xulrunner-devel-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: defe154a30bd289451ffb392c8246e4d
xulrunner-devel-1.9.0.11-3.el5_3.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: cb7abecdd6afa28206b2ddd9cc4207c7
xulrunner-devel-unstable-1.9.0.11-3.el5_3.x86_64.rpm
File outdated by:  RHSA-2010:0332
    MD5: 8a8b1e85aa2fd5858cc681473dcf0ca9
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
firefox-3.0.11-4.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 5915cba975ff24922d8179d24e65042c
 
IA-32:
firefox-3.0.11-4.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 91eff9a617c93f86ff7f7590ce01a869
 
IA-64:
firefox-3.0.11-4.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 9ca1524f9752635a535eafe8af779d83
 
PPC:
firefox-3.0.11-4.el4.ppc.rpm
File outdated by:  RHSA-2012:0142
    MD5: 614aa4420a0ba3644f50fb5c7cc9a59c
 
s390:
firefox-3.0.11-4.el4.s390.rpm
File outdated by:  RHSA-2012:0142
    MD5: 5e792ad3c632d4eca92d7f85980e15e6
 
s390x:
firefox-3.0.11-4.el4.s390x.rpm
File outdated by:  RHSA-2012:0142
    MD5: 5124611cdf7a1fa00ce1b7ddd66befab
 
x86_64:
firefox-3.0.11-4.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: f8603ca76fb2319a1e5438967ab92697
 
Red Hat Enterprise Linux AS (v. 4.8.z)

SRPMS:
firefox-3.0.11-4.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 5915cba975ff24922d8179d24e65042c
 
IA-32:
firefox-3.0.11-4.el4.i386.rpm
File outdated by:  RHSA-2011:0885
    MD5: 91eff9a617c93f86ff7f7590ce01a869
 
IA-64:
firefox-3.0.11-4.el4.ia64.rpm
File outdated by:  RHSA-2011:0885
    MD5: 9ca1524f9752635a535eafe8af779d83
 
PPC:
firefox-3.0.11-4.el4.ppc.rpm
File outdated by:  RHSA-2011:0885
    MD5: 614aa4420a0ba3644f50fb5c7cc9a59c
 
s390:
firefox-3.0.11-4.el4.s390.rpm
File outdated by:  RHSA-2011:0885
    MD5: 5e792ad3c632d4eca92d7f85980e15e6
 
s390x:
firefox-3.0.11-4.el4.s390x.rpm
File outdated by:  RHSA-2011:0885
    MD5: 5124611cdf7a1fa00ce1b7ddd66befab
 
x86_64:
firefox-3.0.11-4.el4.x86_64.rpm
File outdated by:  RHSA-2011:0885
    MD5: f8603ca76fb2319a1e5438967ab92697
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
firefox-3.0.11-2.el5_3.src.rpm
File outdated by:  RHSA-2009:1162
    MD5: 28e02a87a0c8dd414995c55a86e68455
xulrunner-1.9.0.11-3.el5_3.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: 537810f3505c89d26ca271fbe8ed32f3
 
IA-32:
firefox-3.0.11-2.el5_3.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: c500538f723c9b2bd1ca9ab42866ea7e
xulrunner-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: d60b107e07690cd375ebe80f099a2c3c
 
x86_64:
firefox-3.0.11-2.el5_3.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: c500538f723c9b2bd1ca9ab42866ea7e
firefox-3.0.11-2.el5_3.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 635bc880820722b61b15408b7ad24bea
xulrunner-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: d60b107e07690cd375ebe80f099a2c3c
xulrunner-1.9.0.11-3.el5_3.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 3316fcd7641d5dff3ccc400af626fd59
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
firefox-3.0.11-4.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 5915cba975ff24922d8179d24e65042c
 
IA-32:
firefox-3.0.11-4.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 91eff9a617c93f86ff7f7590ce01a869
 
IA-64:
firefox-3.0.11-4.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 9ca1524f9752635a535eafe8af779d83
 
x86_64:
firefox-3.0.11-4.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: f8603ca76fb2319a1e5438967ab92697
 
Red Hat Enterprise Linux ES (v. 4.8.z)

SRPMS:
firefox-3.0.11-4.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 5915cba975ff24922d8179d24e65042c
 
IA-32:
firefox-3.0.11-4.el4.i386.rpm
File outdated by:  RHSA-2011:0885
    MD5: 91eff9a617c93f86ff7f7590ce01a869
 
IA-64:
firefox-3.0.11-4.el4.ia64.rpm
File outdated by:  RHSA-2011:0885
    MD5: 9ca1524f9752635a535eafe8af779d83
 
x86_64:
firefox-3.0.11-4.el4.x86_64.rpm
File outdated by:  RHSA-2011:0885
    MD5: f8603ca76fb2319a1e5438967ab92697
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)

SRPMS:
firefox-3.0.11-2.el5_3.src.rpm
File outdated by:  RHSA-2009:1162
    MD5: 28e02a87a0c8dd414995c55a86e68455
xulrunner-1.9.0.11-3.el5_3.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: 537810f3505c89d26ca271fbe8ed32f3
 
IA-32:
firefox-3.0.11-2.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: c500538f723c9b2bd1ca9ab42866ea7e
xulrunner-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: d60b107e07690cd375ebe80f099a2c3c
xulrunner-devel-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: defe154a30bd289451ffb392c8246e4d
xulrunner-devel-unstable-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: 589bbb057cddd067a186ee8e77581977
 
IA-64:
firefox-3.0.11-2.el5_3.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 15c67c129ca8d94de761b311a0e0f656
xulrunner-1.9.0.11-3.el5_3.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: d0a5133012dc1d8d10e4e2f1cde9a27d
xulrunner-devel-1.9.0.11-3.el5_3.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 6c76f754f3aa9681012115aa4d50856e
xulrunner-devel-unstable-1.9.0.11-3.el5_3.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 672dbaf991db1155b71534dff467fd77
 
PPC:
firefox-3.0.11-2.el5_3.ppc.rpm
File outdated by:  RHSA-2009:1162
    MD5: b599fbc558848b7b735f3f4ae5182542
xulrunner-1.9.0.11-3.el5_3.ppc.rpm
File outdated by:  RHSA-2009:1162
    MD5: d49fff1c1802efef1fbcc407308a500c
xulrunner-1.9.0.11-3.el5_3.ppc64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 63a906d0b0f3a1911ab40ffc2af27bb1
xulrunner-devel-1.9.0.11-3.el5_3.ppc.rpm
File outdated by:  RHSA-2009:1162
    MD5: 17a0325a09e456e4200a5874f2a601f8
xulrunner-devel-1.9.0.11-3.el5_3.ppc64.rpm
File outdated by:  RHSA-2009:1162
    MD5: c51a14a113275fcfc37394b3e6aed295
xulrunner-devel-unstable-1.9.0.11-3.el5_3.ppc.rpm
File outdated by:  RHSA-2009:1162
    MD5: 4e395488580bb2391c1ccc361d034808
 
s390x:
firefox-3.0.11-2.el5_3.s390.rpm
File outdated by:  RHSA-2009:1162
    MD5: 0c4130dc53f74f2cf40afa85b1781f5b
firefox-3.0.11-2.el5_3.s390x.rpm
File outdated by:  RHSA-2009:1162
    MD5: 8e8bc8e90f75d8815169e556b8e775d1
xulrunner-1.9.0.11-3.el5_3.s390.rpm
File outdated by:  RHSA-2009:1162
    MD5: c057c5a7fa70a77694dea95c48ef322f
xulrunner-1.9.0.11-3.el5_3.s390x.rpm
File outdated by:  RHSA-2009:1162
    MD5: 908f0d3832cb9d09860e9db44a781636
xulrunner-devel-1.9.0.11-3.el5_3.s390.rpm
File outdated by:  RHSA-2009:1162
    MD5: 72f83e1a98bc6875f8ca8a4514667688
xulrunner-devel-1.9.0.11-3.el5_3.s390x.rpm
File outdated by:  RHSA-2009:1162
    MD5: 6a877debfcac2bfe844781f67b428292
xulrunner-devel-unstable-1.9.0.11-3.el5_3.s390x.rpm
File outdated by:  RHSA-2009:1162
    MD5: 5aaf999a7dfe0493ed42a133df4c9741
 
x86_64:
firefox-3.0.11-2.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: c500538f723c9b2bd1ca9ab42866ea7e
firefox-3.0.11-2.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 635bc880820722b61b15408b7ad24bea
xulrunner-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: d60b107e07690cd375ebe80f099a2c3c
xulrunner-1.9.0.11-3.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 3316fcd7641d5dff3ccc400af626fd59
xulrunner-devel-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: defe154a30bd289451ffb392c8246e4d
xulrunner-devel-1.9.0.11-3.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: cb7abecdd6afa28206b2ddd9cc4207c7
xulrunner-devel-unstable-1.9.0.11-3.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 8a8b1e85aa2fd5858cc681473dcf0ca9
 
Red Hat Enterprise Linux Long Life (v. 5.3 server)

SRPMS:
firefox-3.0.11-2.el5_3.src.rpm
File outdated by:  RHSA-2009:1162
    MD5: 28e02a87a0c8dd414995c55a86e68455
xulrunner-1.9.0.11-3.el5_3.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: 537810f3505c89d26ca271fbe8ed32f3
 
IA-32:
firefox-3.0.11-2.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: c500538f723c9b2bd1ca9ab42866ea7e
xulrunner-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: d60b107e07690cd375ebe80f099a2c3c
xulrunner-devel-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: defe154a30bd289451ffb392c8246e4d
xulrunner-devel-unstable-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: 589bbb057cddd067a186ee8e77581977
 
IA-64:
firefox-3.0.11-2.el5_3.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 15c67c129ca8d94de761b311a0e0f656
xulrunner-1.9.0.11-3.el5_3.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: d0a5133012dc1d8d10e4e2f1cde9a27d
xulrunner-devel-1.9.0.11-3.el5_3.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 6c76f754f3aa9681012115aa4d50856e
xulrunner-devel-unstable-1.9.0.11-3.el5_3.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 672dbaf991db1155b71534dff467fd77
 
x86_64:
firefox-3.0.11-2.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: c500538f723c9b2bd1ca9ab42866ea7e
firefox-3.0.11-2.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 635bc880820722b61b15408b7ad24bea
xulrunner-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: d60b107e07690cd375ebe80f099a2c3c
xulrunner-1.9.0.11-3.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 3316fcd7641d5dff3ccc400af626fd59
xulrunner-devel-1.9.0.11-3.el5_3.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: defe154a30bd289451ffb392c8246e4d
xulrunner-devel-1.9.0.11-3.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: cb7abecdd6afa28206b2ddd9cc4207c7
xulrunner-devel-unstable-1.9.0.11-3.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 8a8b1e85aa2fd5858cc681473dcf0ca9
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
firefox-3.0.11-4.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 5915cba975ff24922d8179d24e65042c
 
IA-32:
firefox-3.0.11-4.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 91eff9a617c93f86ff7f7590ce01a869
 
IA-64:
firefox-3.0.11-4.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 9ca1524f9752635a535eafe8af779d83
 
x86_64:
firefox-3.0.11-4.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: f8603ca76fb2319a1e5438967ab92697
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

488570 - frequent firefox crashes against clearspace
503568 - CVE-2009-1392 Firefox browser engine crashes
503569 - CVE-2009-1832 Firefox double frame construction flaw
503570 - CVE-2009-1833 Firefox JavaScript engine crashes
503573 - CVE-2009-1834 Firefox URL spoofing with invalid unicode characters
503576 - CVE-2009-1835 Firefox Arbitrary domain cookie access by local file: resources
503578 - CVE-2009-1836 Firefox SSL tampering via non-200 responses to proxy CONNECT requests
503579 - CVE-2009-1837 Firefox Race condition while accessing the private data of a NPObject JS wrapper class object
503580 - CVE-2009-1838 Firefox arbitrary code execution flaw
503581 - CVE-2009-1839 Firefox information disclosure flaw
503582 - CVE-2009-1840 Firefox XUL scripts skip some security checks
503583 - CVE-2009-1841 Firefox JavaScript arbitrary code execution


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/