Skip to navigation

Security Advisory Critical: firefox security update

Advisory: RHSA-2009:1530-1
Type: Security Advisory
Severity: Critical
Issued on: 2009-10-27
Last updated on: 2009-10-27
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux EUS (v. 5.4.z server)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2009-1563
CVE-2009-3274
CVE-2009-3370
CVE-2009-3372
CVE-2009-3373
CVE-2009-3374
CVE-2009-3375
CVE-2009-3376
CVE-2009-3380
CVE-2009-3382
CVE-2009-3384

Details

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox. nspr provides the Netscape
Portable Runtime (NSPR).

A flaw was found in the way Firefox handles form history. A malicious web
page could steal saved form data by synthesizing input events, causing the
browser to auto-fill form fields (which could then be read by an attacker).
(CVE-2009-3370)

A flaw was found in the way Firefox creates temporary file names for
downloaded files. If a local attacker knows the name of a file Firefox is
going to download, they can replace the contents of that file with
arbitrary contents. (CVE-2009-3274)

A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file
processor. If Firefox loads a malicious PAC file, it could crash Firefox
or, potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2009-3372)

A heap-based buffer overflow flaw was found in the Firefox GIF image
processor. A malicious GIF image could crash Firefox or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2009-3373)

A heap-based buffer overflow flaw was found in the Firefox string to
floating point conversion routines. A web page containing malicious
JavaScript could crash Firefox or, potentially, execute arbitrary code with
the privileges of the user running Firefox. (CVE-2009-1563)

A flaw was found in the way Firefox handles text selection. A malicious
website may be able to read highlighted text in a different domain (e.g.
another website the user is viewing), bypassing the same-origin policy.
(CVE-2009-3375)

A flaw was found in the way Firefox displays a right-to-left override
character when downloading a file. In these cases, the name displayed in
the title bar differs from the name displayed in the dialog body. An
attacker could use this flaw to trick a user into downloading a file that
has a file name or extension that differs from what the user expected.
(CVE-2009-3376)

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.0.15. You can find a link to the Mozilla
advisories in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.0.15, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
nspr-4.7.6-1.el5_4.src.rpm
File outdated by:  RHSA-2011:1282		     MD5: 599aa013c7d475a61523fef8c58bada7
xulrunner-1.9.0.15-3.el5_4.src.rpm
File outdated by:  RHSA-2012:0079		     MD5: 46b4ee33df12ad0292a50d7e50857f5a
 
IA-32:
nspr-devel-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 05e5bed3704fb9f4437159c49185b1ec
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 9a09ae3b4722e22bc94a976e2b946c15
xulrunner-devel-unstable-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2010:0332		     MD5: c5b28bcf10ca73aa6d1ba76e7415bd2c
 
x86_64:
nspr-devel-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 05e5bed3704fb9f4437159c49185b1ec
nspr-devel-4.7.6-1.el5_4.x86_64.rpm
File outdated by:  RHSA-2011:1282		     MD5: 30293bea4e882e5d82b60b7f41b49f6d
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 9a09ae3b4722e22bc94a976e2b946c15
xulrunner-devel-1.9.0.15-3.el5_4.x86_64.rpm
File outdated by:  RHSA-2012:0079		     MD5: 69b44244a76a413c8094db4b4a345b86
xulrunner-devel-unstable-1.9.0.15-3.el5_4.x86_64.rpm
File outdated by:  RHSA-2010:0332		     MD5: e03739bb0e02f7a94134325f68c3b210
 
Red Hat Desktop (v. 4)
SRPMS:
firefox-3.0.15-3.el4.src.rpm
File outdated by:  RHSA-2012:0079		     MD5: 7c2bad4b5d997d3d052a56eb412edd36
 
IA-32:
firefox-3.0.15-3.el4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 14d3826d79c62b976a5488d89567d1a4
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-devel-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 024cb632ec0a220e4c213889f4f0650a
 
x86_64:
firefox-3.0.15-3.el4.x86_64.rpm
File outdated by:  RHSA-2012:0079		     MD5: 71f58634ce858328f4c51b40a328698a
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.x86_64.rpm
File outdated by:  RHSA-2011:1282		     MD5: fc5cb319ee26656afe33793c3f1c4920
nspr-devel-4.7.6-1.el4_8.x86_64.rpm
File outdated by:  RHSA-2011:1282		     MD5: b75fe07a4f5af523fe9e30d8d727fed5
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
firefox-3.0.15-3.el5_4.src.rpm
File outdated by:  RHSA-2010:0112		     MD5: c19569e55e7a60f60c7063a42dd8d649
nspr-4.7.6-1.el5_4.src.rpm
File outdated by:  RHSA-2011:1282		     MD5: 599aa013c7d475a61523fef8c58bada7
xulrunner-1.9.0.15-3.el5_4.src.rpm
File outdated by:  RHSA-2012:0079		     MD5: 46b4ee33df12ad0292a50d7e50857f5a
 
IA-32:
firefox-3.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 4d5dd2a5cdaf4e2ae1361588e40affa4
nspr-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: abfb8be724a2afe4cc9711de33beaa5a
nspr-devel-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 05e5bed3704fb9f4437159c49185b1ec
xulrunner-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 80024858f17fa3ae918a1b206c9540f3
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 9a09ae3b4722e22bc94a976e2b946c15
xulrunner-devel-unstable-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2010:0332		     MD5: c5b28bcf10ca73aa6d1ba76e7415bd2c
 
IA-64:
firefox-3.0.15-3.el5_4.ia64.rpm
File outdated by:  RHSA-2012:0079		     MD5: caff4f98814fa8e75202e6d74b44c1d8
nspr-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: abfb8be724a2afe4cc9711de33beaa5a
nspr-4.7.6-1.el5_4.ia64.rpm
File outdated by:  RHSA-2011:1282		     MD5: 75bf7e74ba99e13a3e3b294e5ef8bb92
nspr-devel-4.7.6-1.el5_4.ia64.rpm
File outdated by:  RHSA-2011:1282		     MD5: 04683f90fde74f7dcc0fe2d906a91993
xulrunner-1.9.0.15-3.el5_4.ia64.rpm
File outdated by:  RHSA-2012:0079		     MD5: e1f928d512e91f34867d02d0dc8a980a
xulrunner-devel-1.9.0.15-3.el5_4.ia64.rpm
File outdated by:  RHSA-2012:0079		     MD5: dfc16fb349898fa74b31545171791ab6
xulrunner-devel-unstable-1.9.0.15-3.el5_4.ia64.rpm
File outdated by:  RHSA-2010:0332		     MD5: b64ac36287ccfac3ffcf059d24d65766
 
PPC:
firefox-3.0.15-3.el5_4.ppc.rpm
File outdated by:  RHSA-2012:0079		     MD5: 653bac77735017e7a2b95e3ea6288db3
nspr-4.7.6-1.el5_4.ppc.rpm
File outdated by:  RHSA-2011:1282		     MD5: 3e258777f59412a71bf3e3e3268ab786
nspr-4.7.6-1.el5_4.ppc64.rpm
File outdated by:  RHSA-2011:1282		     MD5: 387fc371fe3d1406167a0d83bc26100b
nspr-devel-4.7.6-1.el5_4.ppc.rpm
File outdated by:  RHSA-2011:1282		     MD5: 5162505996b1acb5a8755c8d3776ff93
nspr-devel-4.7.6-1.el5_4.ppc64.rpm
File outdated by:  RHSA-2011:1282		     MD5: 4ac6b9d16a62863a9a5c40bfc986d1c3
xulrunner-1.9.0.15-3.el5_4.ppc.rpm
File outdated by:  RHSA-2012:0079		     MD5: 42f1248e07fe988da1d96727a4031bf8
xulrunner-1.9.0.15-3.el5_4.ppc64.rpm
File outdated by:  RHSA-2012:0079		     MD5: 2c999806c8b1dfea50a01b72963c0ff4
xulrunner-devel-1.9.0.15-3.el5_4.ppc.rpm
File outdated by:  RHSA-2012:0079		     MD5: 5c98fdd013ffc6da294418b27b1a875b
xulrunner-devel-1.9.0.15-3.el5_4.ppc64.rpm
File outdated by:  RHSA-2012:0079		     MD5: e1c7b7bc4d6657e1e30b4869bff2a24b
xulrunner-devel-unstable-1.9.0.15-3.el5_4.ppc.rpm
File outdated by:  RHSA-2010:0332		     MD5: 67603fd36b861b701f9052d5d16483a7
 
s390x:
firefox-3.0.15-3.el5_4.s390.rpm
File outdated by:  RHSA-2012:0079		     MD5: 4a101906a9e17b4e8811a6428120bd83
firefox-3.0.15-3.el5_4.s390x.rpm
File outdated by:  RHSA-2012:0079		     MD5: a987d9e847219d475d18566cccb78974
nspr-4.7.6-1.el5_4.s390.rpm
File outdated by:  RHSA-2011:1282		     MD5: 07fdbd38c8ce578f6a0785ca0b4304fe
nspr-4.7.6-1.el5_4.s390x.rpm
File outdated by:  RHSA-2011:1282		     MD5: 6c26214b5c5d80034f89fed9e433ce2d
nspr-devel-4.7.6-1.el5_4.s390.rpm
File outdated by:  RHSA-2011:1282		     MD5: 1f7f062c22b560b577fc515cfff1b4e7
nspr-devel-4.7.6-1.el5_4.s390x.rpm
File outdated by:  RHSA-2011:1282		     MD5: 2823c8b3205701e8c44cf322978aa24f
xulrunner-1.9.0.15-3.el5_4.s390.rpm
File outdated by:  RHSA-2012:0079		     MD5: f21c9b6b575f4001aa266c2f62666549
xulrunner-1.9.0.15-3.el5_4.s390x.rpm
File outdated by:  RHSA-2012:0079		     MD5: 44a9c8d7aeede322e184ac7c7de3d286
xulrunner-devel-1.9.0.15-3.el5_4.s390.rpm
File outdated by:  RHSA-2012:0079		     MD5: 47ca0f99e74c297e020abd25a04cabae
xulrunner-devel-1.9.0.15-3.el5_4.s390x.rpm
File outdated by:  RHSA-2012:0079		     MD5: ee6f46384961d1656c8a9f72c597387f
xulrunner-devel-unstable-1.9.0.15-3.el5_4.s390x.rpm
File outdated by:  RHSA-2010:0332		     MD5: 70b2382f05c68713e884d6376fe0a243
 
x86_64:
firefox-3.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 4d5dd2a5cdaf4e2ae1361588e40affa4
firefox-3.0.15-3.el5_4.x86_64.rpm
File outdated by:  RHSA-2012:0079		     MD5: c6cf6f26c6fe9efc6e12dbc5e31a115c
nspr-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: abfb8be724a2afe4cc9711de33beaa5a
nspr-4.7.6-1.el5_4.x86_64.rpm
File outdated by:  RHSA-2011:1282		     MD5: db012c5c5dcedb963f6366aed6122803
nspr-devel-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 05e5bed3704fb9f4437159c49185b1ec
nspr-devel-4.7.6-1.el5_4.x86_64.rpm
File outdated by:  RHSA-2011:1282		     MD5: 30293bea4e882e5d82b60b7f41b49f6d
xulrunner-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 80024858f17fa3ae918a1b206c9540f3
xulrunner-1.9.0.15-3.el5_4.x86_64.rpm
File outdated by:  RHSA-2012:0079		     MD5: 5d95f785e7c32349ab9d93e5a85a087e
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 9a09ae3b4722e22bc94a976e2b946c15
xulrunner-devel-1.9.0.15-3.el5_4.x86_64.rpm
File outdated by:  RHSA-2012:0079		     MD5: 69b44244a76a413c8094db4b4a345b86
xulrunner-devel-unstable-1.9.0.15-3.el5_4.x86_64.rpm
File outdated by:  RHSA-2010:0332		     MD5: e03739bb0e02f7a94134325f68c3b210
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
firefox-3.0.15-3.el4.src.rpm
File outdated by:  RHSA-2012:0079		     MD5: 7c2bad4b5d997d3d052a56eb412edd36
 
IA-32:
firefox-3.0.15-3.el4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 14d3826d79c62b976a5488d89567d1a4
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-devel-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 024cb632ec0a220e4c213889f4f0650a
 
IA-64:
firefox-3.0.15-3.el4.ia64.rpm
File outdated by:  RHSA-2012:0079		     MD5: 7d537a60cbae64418c704522cd140aaf
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.ia64.rpm
File outdated by:  RHSA-2011:1282		     MD5: 3dd3486d30f8743727f97138ff19db36
nspr-devel-4.7.6-1.el4_8.ia64.rpm
File outdated by:  RHSA-2011:1282		     MD5: 2ac905dfdc9430f41aa694a220d50bc1
 
PPC:
firefox-3.0.15-3.el4.ppc.rpm
File outdated by:  RHSA-2012:0079		     MD5: f62a49382a84b86fbf87e634c5cf57ae
nspr-4.7.6-1.el4_8.ppc.rpm
File outdated by:  RHSA-2011:1282		     MD5: 0f564e8fc4e6e991960face72eca1396
nspr-4.7.6-1.el4_8.ppc64.rpm
File outdated by:  RHSA-2011:1282		     MD5: c93fe1ba65de4fb7a16a8b3f60458a00
nspr-devel-4.7.6-1.el4_8.ppc.rpm
File outdated by:  RHSA-2011:1282		     MD5: 7621270c0ac510491b7618ff0a0d7f49
 
s390:
firefox-3.0.15-3.el4.s390.rpm
File outdated by:  RHSA-2012:0079		     MD5: 2dd9bab12a7fe11d6e5d657749bdfdf2
nspr-4.7.6-1.el4_8.s390.rpm
File outdated by:  RHSA-2011:1282		     MD5: 5ce6904e11e821f35dc5e2afdfbc39ae
nspr-devel-4.7.6-1.el4_8.s390.rpm
File outdated by:  RHSA-2011:1282		     MD5: 5bd9353f991eb6dbb5b7ed132b469476
 
s390x:
firefox-3.0.15-3.el4.s390x.rpm
File outdated by:  RHSA-2012:0079		     MD5: 41cee49367af670563639edfa4f0c294
nspr-4.7.6-1.el4_8.s390.rpm
File outdated by:  RHSA-2011:1282		     MD5: 5ce6904e11e821f35dc5e2afdfbc39ae
nspr-4.7.6-1.el4_8.s390x.rpm
File outdated by:  RHSA-2011:1282		     MD5: c2fb64dab30d142fc49d4664cc418a14
nspr-devel-4.7.6-1.el4_8.s390x.rpm
File outdated by:  RHSA-2011:1282		     MD5: 245359e73cd4d7557605af704eb8d078
 
x86_64:
firefox-3.0.15-3.el4.x86_64.rpm
File outdated by:  RHSA-2012:0079		     MD5: 71f58634ce858328f4c51b40a328698a
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.x86_64.rpm
File outdated by:  RHSA-2011:1282		     MD5: fc5cb319ee26656afe33793c3f1c4920
nspr-devel-4.7.6-1.el4_8.x86_64.rpm
File outdated by:  RHSA-2011:1282		     MD5: b75fe07a4f5af523fe9e30d8d727fed5
 
Red Hat Enterprise Linux AS (v. 4.8.z)
SRPMS:
firefox-3.0.15-3.el4.src.rpm
File outdated by:  RHSA-2012:0079		     MD5: 7c2bad4b5d997d3d052a56eb412edd36
 
IA-32:
firefox-3.0.15-3.el4.i386.rpm
File outdated by:  RHSA-2011:0885		     MD5: 14d3826d79c62b976a5488d89567d1a4
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2010:0681		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-devel-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2010:0681		     MD5: 024cb632ec0a220e4c213889f4f0650a
 
IA-64:
firefox-3.0.15-3.el4.ia64.rpm
File outdated by:  RHSA-2011:0885		     MD5: 7d537a60cbae64418c704522cd140aaf
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2010:0681		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.ia64.rpm
File outdated by:  RHSA-2010:0681		     MD5: 3dd3486d30f8743727f97138ff19db36
nspr-devel-4.7.6-1.el4_8.ia64.rpm
File outdated by:  RHSA-2010:0681		     MD5: 2ac905dfdc9430f41aa694a220d50bc1
 
PPC:
firefox-3.0.15-3.el4.ppc.rpm
File outdated by:  RHSA-2011:0885		     MD5: f62a49382a84b86fbf87e634c5cf57ae
nspr-4.7.6-1.el4_8.ppc.rpm
File outdated by:  RHSA-2010:0681		     MD5: 0f564e8fc4e6e991960face72eca1396
nspr-4.7.6-1.el4_8.ppc64.rpm
File outdated by:  RHSA-2010:0681		     MD5: c93fe1ba65de4fb7a16a8b3f60458a00
nspr-devel-4.7.6-1.el4_8.ppc.rpm
File outdated by:  RHSA-2010:0681		     MD5: 7621270c0ac510491b7618ff0a0d7f49
 
s390:
firefox-3.0.15-3.el4.s390.rpm
File outdated by:  RHSA-2011:0885		     MD5: 2dd9bab12a7fe11d6e5d657749bdfdf2
nspr-4.7.6-1.el4_8.s390.rpm
File outdated by:  RHSA-2010:0681		     MD5: 5ce6904e11e821f35dc5e2afdfbc39ae
nspr-devel-4.7.6-1.el4_8.s390.rpm
File outdated by:  RHSA-2010:0681		     MD5: 5bd9353f991eb6dbb5b7ed132b469476
 
s390x:
firefox-3.0.15-3.el4.s390x.rpm
File outdated by:  RHSA-2011:0885		     MD5: 41cee49367af670563639edfa4f0c294
nspr-4.7.6-1.el4_8.s390.rpm
File outdated by:  RHSA-2010:0681		     MD5: 5ce6904e11e821f35dc5e2afdfbc39ae
nspr-4.7.6-1.el4_8.s390x.rpm
File outdated by:  RHSA-2010:0681		     MD5: c2fb64dab30d142fc49d4664cc418a14
nspr-devel-4.7.6-1.el4_8.s390x.rpm
File outdated by:  RHSA-2010:0681		     MD5: 245359e73cd4d7557605af704eb8d078
 
x86_64:
firefox-3.0.15-3.el4.x86_64.rpm
File outdated by:  RHSA-2011:0885		     MD5: 71f58634ce858328f4c51b40a328698a
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2010:0681		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.x86_64.rpm
File outdated by:  RHSA-2010:0681		     MD5: fc5cb319ee26656afe33793c3f1c4920
nspr-devel-4.7.6-1.el4_8.x86_64.rpm
File outdated by:  RHSA-2010:0681		     MD5: b75fe07a4f5af523fe9e30d8d727fed5
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
firefox-3.0.15-3.el5_4.src.rpm
File outdated by:  RHSA-2010:0112		     MD5: c19569e55e7a60f60c7063a42dd8d649
nspr-4.7.6-1.el5_4.src.rpm
File outdated by:  RHSA-2011:1282		     MD5: 599aa013c7d475a61523fef8c58bada7
xulrunner-1.9.0.15-3.el5_4.src.rpm
File outdated by:  RHSA-2012:0079		     MD5: 46b4ee33df12ad0292a50d7e50857f5a
 
IA-32:
firefox-3.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 4d5dd2a5cdaf4e2ae1361588e40affa4
nspr-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: abfb8be724a2afe4cc9711de33beaa5a
xulrunner-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 80024858f17fa3ae918a1b206c9540f3
 
x86_64:
firefox-3.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 4d5dd2a5cdaf4e2ae1361588e40affa4
firefox-3.0.15-3.el5_4.x86_64.rpm
File outdated by:  RHSA-2012:0079		     MD5: c6cf6f26c6fe9efc6e12dbc5e31a115c
nspr-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: abfb8be724a2afe4cc9711de33beaa5a
nspr-4.7.6-1.el5_4.x86_64.rpm
File outdated by:  RHSA-2011:1282		     MD5: db012c5c5dcedb963f6366aed6122803
xulrunner-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 80024858f17fa3ae918a1b206c9540f3
xulrunner-1.9.0.15-3.el5_4.x86_64.rpm
File outdated by:  RHSA-2012:0079		     MD5: 5d95f785e7c32349ab9d93e5a85a087e
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
firefox-3.0.15-3.el4.src.rpm
File outdated by:  RHSA-2012:0079		     MD5: 7c2bad4b5d997d3d052a56eb412edd36
 
IA-32:
firefox-3.0.15-3.el4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 14d3826d79c62b976a5488d89567d1a4
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-devel-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 024cb632ec0a220e4c213889f4f0650a
 
IA-64:
firefox-3.0.15-3.el4.ia64.rpm
File outdated by:  RHSA-2012:0079		     MD5: 7d537a60cbae64418c704522cd140aaf
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.ia64.rpm
File outdated by:  RHSA-2011:1282		     MD5: 3dd3486d30f8743727f97138ff19db36
nspr-devel-4.7.6-1.el4_8.ia64.rpm
File outdated by:  RHSA-2011:1282		     MD5: 2ac905dfdc9430f41aa694a220d50bc1
 
x86_64:
firefox-3.0.15-3.el4.x86_64.rpm
File outdated by:  RHSA-2012:0079		     MD5: 71f58634ce858328f4c51b40a328698a
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.x86_64.rpm
File outdated by:  RHSA-2011:1282		     MD5: fc5cb319ee26656afe33793c3f1c4920
nspr-devel-4.7.6-1.el4_8.x86_64.rpm
File outdated by:  RHSA-2011:1282		     MD5: b75fe07a4f5af523fe9e30d8d727fed5
 
Red Hat Enterprise Linux ES (v. 4.8.z)
SRPMS:
firefox-3.0.15-3.el4.src.rpm
File outdated by:  RHSA-2012:0079		     MD5: 7c2bad4b5d997d3d052a56eb412edd36
 
IA-32:
firefox-3.0.15-3.el4.i386.rpm
File outdated by:  RHSA-2011:0885		     MD5: 14d3826d79c62b976a5488d89567d1a4
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2010:0681		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-devel-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2010:0681		     MD5: 024cb632ec0a220e4c213889f4f0650a
 
IA-64:
firefox-3.0.15-3.el4.ia64.rpm
File outdated by:  RHSA-2011:0885		     MD5: 7d537a60cbae64418c704522cd140aaf
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2010:0681		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.ia64.rpm
File outdated by:  RHSA-2010:0681		     MD5: 3dd3486d30f8743727f97138ff19db36
nspr-devel-4.7.6-1.el4_8.ia64.rpm
File outdated by:  RHSA-2010:0681		     MD5: 2ac905dfdc9430f41aa694a220d50bc1
 
x86_64:
firefox-3.0.15-3.el4.x86_64.rpm
File outdated by:  RHSA-2011:0885		     MD5: 71f58634ce858328f4c51b40a328698a
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2010:0681		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.x86_64.rpm
File outdated by:  RHSA-2010:0681		     MD5: fc5cb319ee26656afe33793c3f1c4920
nspr-devel-4.7.6-1.el4_8.x86_64.rpm
File outdated by:  RHSA-2010:0681		     MD5: b75fe07a4f5af523fe9e30d8d727fed5
 
Red Hat Enterprise Linux EUS (v. 5.4.z server)
SRPMS:
firefox-3.0.15-3.el5_4.src.rpm
File outdated by:  RHSA-2010:0112		     MD5: c19569e55e7a60f60c7063a42dd8d649
nspr-4.7.6-1.el5_4.src.rpm
File outdated by:  RHSA-2011:1282		     MD5: 599aa013c7d475a61523fef8c58bada7
xulrunner-1.9.0.15-3.el5_4.src.rpm
File outdated by:  RHSA-2012:0079		     MD5: 46b4ee33df12ad0292a50d7e50857f5a
 
IA-32:
firefox-3.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2010:0112		     MD5: 4d5dd2a5cdaf4e2ae1361588e40affa4
nspr-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2010:0165		     MD5: abfb8be724a2afe4cc9711de33beaa5a
nspr-devel-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2010:0165		     MD5: 05e5bed3704fb9f4437159c49185b1ec
xulrunner-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2010:0112		     MD5: 80024858f17fa3ae918a1b206c9540f3
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2010:0112		     MD5: 9a09ae3b4722e22bc94a976e2b946c15
xulrunner-devel-unstable-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2010:0112		     MD5: c5b28bcf10ca73aa6d1ba76e7415bd2c
 
IA-64:
firefox-3.0.15-3.el5_4.ia64.rpm
File outdated by:  RHSA-2010:0112		     MD5: caff4f98814fa8e75202e6d74b44c1d8
nspr-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2010:0165		     MD5: abfb8be724a2afe4cc9711de33beaa5a
nspr-4.7.6-1.el5_4.ia64.rpm
File outdated by:  RHSA-2010:0165		     MD5: 75bf7e74ba99e13a3e3b294e5ef8bb92
nspr-devel-4.7.6-1.el5_4.ia64.rpm
File outdated by:  RHSA-2010:0165		     MD5: 04683f90fde74f7dcc0fe2d906a91993
xulrunner-1.9.0.15-3.el5_4.ia64.rpm
File outdated by:  RHSA-2010:0112		     MD5: e1f928d512e91f34867d02d0dc8a980a
xulrunner-devel-1.9.0.15-3.el5_4.ia64.rpm
File outdated by:  RHSA-2010:0112		     MD5: dfc16fb349898fa74b31545171791ab6
xulrunner-devel-unstable-1.9.0.15-3.el5_4.ia64.rpm
File outdated by:  RHSA-2010:0112		     MD5: b64ac36287ccfac3ffcf059d24d65766
 
PPC:
firefox-3.0.15-3.el5_4.ppc.rpm
File outdated by:  RHSA-2010:0112		     MD5: 653bac77735017e7a2b95e3ea6288db3
nspr-4.7.6-1.el5_4.ppc.rpm
File outdated by:  RHSA-2010:0165		     MD5: 3e258777f59412a71bf3e3e3268ab786
nspr-4.7.6-1.el5_4.ppc64.rpm
File outdated by:  RHSA-2010:0165		     MD5: 387fc371fe3d1406167a0d83bc26100b
nspr-devel-4.7.6-1.el5_4.ppc.rpm
File outdated by:  RHSA-2010:0165		     MD5: 5162505996b1acb5a8755c8d3776ff93
nspr-devel-4.7.6-1.el5_4.ppc64.rpm
File outdated by:  RHSA-2010:0165		     MD5: 4ac6b9d16a62863a9a5c40bfc986d1c3
xulrunner-1.9.0.15-3.el5_4.ppc.rpm
File outdated by:  RHSA-2010:0112		     MD5: 42f1248e07fe988da1d96727a4031bf8
xulrunner-1.9.0.15-3.el5_4.ppc64.rpm
File outdated by:  RHSA-2010:0112		     MD5: 2c999806c8b1dfea50a01b72963c0ff4
xulrunner-devel-1.9.0.15-3.el5_4.ppc.rpm
File outdated by:  RHSA-2010:0112		     MD5: 5c98fdd013ffc6da294418b27b1a875b
xulrunner-devel-1.9.0.15-3.el5_4.ppc64.rpm
File outdated by:  RHSA-2010:0112		     MD5: e1c7b7bc4d6657e1e30b4869bff2a24b
xulrunner-devel-unstable-1.9.0.15-3.el5_4.ppc.rpm
File outdated by:  RHSA-2010:0112		     MD5: 67603fd36b861b701f9052d5d16483a7
 
s390x:
firefox-3.0.15-3.el5_4.s390.rpm
File outdated by:  RHSA-2010:0112		     MD5: 4a101906a9e17b4e8811a6428120bd83
firefox-3.0.15-3.el5_4.s390x.rpm
File outdated by:  RHSA-2010:0112		     MD5: a987d9e847219d475d18566cccb78974
nspr-4.7.6-1.el5_4.s390.rpm
File outdated by:  RHSA-2010:0165		     MD5: 07fdbd38c8ce578f6a0785ca0b4304fe
nspr-4.7.6-1.el5_4.s390x.rpm
File outdated by:  RHSA-2010:0165		     MD5: 6c26214b5c5d80034f89fed9e433ce2d
nspr-devel-4.7.6-1.el5_4.s390.rpm
File outdated by:  RHSA-2010:0165		     MD5: 1f7f062c22b560b577fc515cfff1b4e7
nspr-devel-4.7.6-1.el5_4.s390x.rpm
File outdated by:  RHSA-2010:0165		     MD5: 2823c8b3205701e8c44cf322978aa24f
xulrunner-1.9.0.15-3.el5_4.s390.rpm
File outdated by:  RHSA-2010:0112		     MD5: f21c9b6b575f4001aa266c2f62666549
xulrunner-1.9.0.15-3.el5_4.s390x.rpm
File outdated by:  RHSA-2010:0112		     MD5: 44a9c8d7aeede322e184ac7c7de3d286
xulrunner-devel-1.9.0.15-3.el5_4.s390.rpm
File outdated by:  RHSA-2010:0112		     MD5: 47ca0f99e74c297e020abd25a04cabae
xulrunner-devel-1.9.0.15-3.el5_4.s390x.rpm
File outdated by:  RHSA-2010:0112		     MD5: ee6f46384961d1656c8a9f72c597387f
xulrunner-devel-unstable-1.9.0.15-3.el5_4.s390x.rpm
File outdated by:  RHSA-2010:0112		     MD5: 70b2382f05c68713e884d6376fe0a243
 
x86_64:
firefox-3.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2010:0112		     MD5: 4d5dd2a5cdaf4e2ae1361588e40affa4
firefox-3.0.15-3.el5_4.x86_64.rpm
File outdated by:  RHSA-2010:0112		     MD5: c6cf6f26c6fe9efc6e12dbc5e31a115c
nspr-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2010:0165		     MD5: abfb8be724a2afe4cc9711de33beaa5a
nspr-4.7.6-1.el5_4.x86_64.rpm
File outdated by:  RHSA-2010:0165		     MD5: db012c5c5dcedb963f6366aed6122803
nspr-devel-4.7.6-1.el5_4.i386.rpm
File outdated by:  RHSA-2010:0165		     MD5: 05e5bed3704fb9f4437159c49185b1ec
nspr-devel-4.7.6-1.el5_4.x86_64.rpm
File outdated by:  RHSA-2010:0165		     MD5: 30293bea4e882e5d82b60b7f41b49f6d
xulrunner-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2010:0112		     MD5: 80024858f17fa3ae918a1b206c9540f3
xulrunner-1.9.0.15-3.el5_4.x86_64.rpm
File outdated by:  RHSA-2010:0112		     MD5: 5d95f785e7c32349ab9d93e5a85a087e
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm
File outdated by:  RHSA-2010:0112		     MD5: 9a09ae3b4722e22bc94a976e2b946c15
xulrunner-devel-1.9.0.15-3.el5_4.x86_64.rpm
File outdated by:  RHSA-2010:0112		     MD5: 69b44244a76a413c8094db4b4a345b86
xulrunner-devel-unstable-1.9.0.15-3.el5_4.x86_64.rpm
File outdated by:  RHSA-2010:0112		     MD5: e03739bb0e02f7a94134325f68c3b210
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
firefox-3.0.15-3.el4.src.rpm
File outdated by:  RHSA-2012:0079		     MD5: 7c2bad4b5d997d3d052a56eb412edd36
 
IA-32:
firefox-3.0.15-3.el4.i386.rpm
File outdated by:  RHSA-2012:0079		     MD5: 14d3826d79c62b976a5488d89567d1a4
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-devel-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 024cb632ec0a220e4c213889f4f0650a
 
IA-64:
firefox-3.0.15-3.el4.ia64.rpm
File outdated by:  RHSA-2012:0079		     MD5: 7d537a60cbae64418c704522cd140aaf
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.ia64.rpm
File outdated by:  RHSA-2011:1282		     MD5: 3dd3486d30f8743727f97138ff19db36
nspr-devel-4.7.6-1.el4_8.ia64.rpm
File outdated by:  RHSA-2011:1282		     MD5: 2ac905dfdc9430f41aa694a220d50bc1
 
x86_64:
firefox-3.0.15-3.el4.x86_64.rpm
File outdated by:  RHSA-2012:0079		     MD5: 71f58634ce858328f4c51b40a328698a
nspr-4.7.6-1.el4_8.i386.rpm
File outdated by:  RHSA-2011:1282		     MD5: 8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.x86_64.rpm
File outdated by:  RHSA-2011:1282		     MD5: fc5cb319ee26656afe33793c3f1c4920
nspr-devel-4.7.6-1.el4_8.x86_64.rpm
File outdated by:  RHSA-2011:1282		     MD5: b75fe07a4f5af523fe9e30d8d727fed5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use
530151 - CVE-2009-3370 Firefox form history vulnerable to stealing
530155 - CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing
530156 - CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser
530157 - CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS()
530162 - CVE-2009-1563 Firefox heap buffer overflow in string to number conversion
530167 - CVE-2009-3375 Firefox cross-origin data theft through document.getSelection()
530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override
530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption
530569 - CVE-2009-3382 Firefox crashes with evidence of memory corruption


References

https://www.redhat.com/security/data/cve/CVE-2009-1563.html
https://www.redhat.com/security/data/cve/CVE-2009-3274.html
https://www.redhat.com/security/data/cve/CVE-2009-3370.html
https://www.redhat.com/security/data/cve/CVE-2009-3372.html
https://www.redhat.com/security/data/cve/CVE-2009-3373.html
https://www.redhat.com/security/data/cve/CVE-2009-3374.html
https://www.redhat.com/security/data/cve/CVE-2009-3375.html
https://www.redhat.com/security/data/cve/CVE-2009-3376.html
https://www.redhat.com/security/data/cve/CVE-2009-3380.html
https://www.redhat.com/security/data/cve/CVE-2009-3382.html
https://www.redhat.com/security/data/cve/CVE-2009-3384.html
http://www.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.15

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/