Security Advisory Critical: firefox security update

Advisory: RHSA-2009:1530-1
Type: Security Advisory
Severity: Critical
Issued on: 2009-10-27
Last updated on: 2009-10-27
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux EUS (v. 5.4.z server)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20091530.xml
CVEs (cve.mitre.org): CVE-2009-1563
CVE-2009-3274
CVE-2009-3370
CVE-2009-3372
CVE-2009-3373
CVE-2009-3374
CVE-2009-3375
CVE-2009-3376
CVE-2009-3380
CVE-2009-3382

Details

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox. nspr provides the Netscape
Portable Runtime (NSPR).

A flaw was found in the way Firefox handles form history. A malicious web
page could steal saved form data by synthesizing input events, causing the
browser to auto-fill form fields (which could then be read by an attacker).
(CVE-2009-3370)

A flaw was found in the way Firefox creates temporary file names for
downloaded files. If a local attacker knows the name of a file Firefox is
going to download, they can replace the contents of that file with
arbitrary contents. (CVE-2009-3274)

A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file
processor. If Firefox loads a malicious PAC file, it could crash Firefox
or, potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2009-3372)

A heap-based buffer overflow flaw was found in the Firefox GIF image
processor. A malicious GIF image could crash Firefox or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2009-3373)

A heap-based buffer overflow flaw was found in the Firefox string to
floating point conversion routines. A web page containing malicious
JavaScript could crash Firefox or, potentially, execute arbitrary code with
the privileges of the user running Firefox. (CVE-2009-1563)

A flaw was found in the way Firefox handles text selection. A malicious
website may be able to read highlighted text in a different domain (e.g.
another website the user is viewing), bypassing the same-origin policy.
(CVE-2009-3375)

A flaw was found in the way Firefox displays a right-to-left override
character when downloading a file. In these cases, the name displayed in
the title bar differs from the name displayed in the dialog body. An
attacker could use this flaw to trick a user into downloading a file that
has a file name or extension that differs from what the user expected.
(CVE-2009-3376)

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.0.15. You can find a link to the Mozilla
advisories in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.0.15, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
nspr-4.7.6-1.el5_4.src.rpm     599aa013c7d475a61523fef8c58bada7
xulrunner-1.9.0.15-3.el5_4.src.rpm     46b4ee33df12ad0292a50d7e50857f5a
 
IA-32:
nspr-devel-4.7.6-1.el5_4.i386.rpm     05e5bed3704fb9f4437159c49185b1ec
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm     9a09ae3b4722e22bc94a976e2b946c15
xulrunner-devel-unstable-1.9.0.15-3.el5_4.i386.rpm     c5b28bcf10ca73aa6d1ba76e7415bd2c
 
x86_64:
nspr-devel-4.7.6-1.el5_4.i386.rpm     05e5bed3704fb9f4437159c49185b1ec
nspr-devel-4.7.6-1.el5_4.x86_64.rpm     30293bea4e882e5d82b60b7f41b49f6d
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm     9a09ae3b4722e22bc94a976e2b946c15
xulrunner-devel-1.9.0.15-3.el5_4.x86_64.rpm     69b44244a76a413c8094db4b4a345b86
xulrunner-devel-unstable-1.9.0.15-3.el5_4.x86_64.rpm     e03739bb0e02f7a94134325f68c3b210
 
Red Hat Desktop (v. 4)
SRPMS:
firefox-3.0.15-3.el4.src.rpm     7c2bad4b5d997d3d052a56eb412edd36
nspr-4.7.6-1.el4_8.src.rpm     da29fd02b15a67e24ccc2957503ef069
 
IA-32:
firefox-3.0.15-3.el4.i386.rpm     14d3826d79c62b976a5488d89567d1a4
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-devel-4.7.6-1.el4_8.i386.rpm     024cb632ec0a220e4c213889f4f0650a
 
x86_64:
firefox-3.0.15-3.el4.x86_64.rpm     71f58634ce858328f4c51b40a328698a
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.x86_64.rpm     fc5cb319ee26656afe33793c3f1c4920
nspr-devel-4.7.6-1.el4_8.x86_64.rpm     b75fe07a4f5af523fe9e30d8d727fed5
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
firefox-3.0.15-3.el5_4.src.rpm     c19569e55e7a60f60c7063a42dd8d649
nspr-4.7.6-1.el5_4.src.rpm     599aa013c7d475a61523fef8c58bada7
xulrunner-1.9.0.15-3.el5_4.src.rpm     46b4ee33df12ad0292a50d7e50857f5a
 
IA-32:
firefox-3.0.15-3.el5_4.i386.rpm     4d5dd2a5cdaf4e2ae1361588e40affa4
nspr-4.7.6-1.el5_4.i386.rpm     abfb8be724a2afe4cc9711de33beaa5a
nspr-devel-4.7.6-1.el5_4.i386.rpm     05e5bed3704fb9f4437159c49185b1ec
xulrunner-1.9.0.15-3.el5_4.i386.rpm     80024858f17fa3ae918a1b206c9540f3
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm     9a09ae3b4722e22bc94a976e2b946c15
xulrunner-devel-unstable-1.9.0.15-3.el5_4.i386.rpm     c5b28bcf10ca73aa6d1ba76e7415bd2c
 
IA-64:
firefox-3.0.15-3.el5_4.ia64.rpm     caff4f98814fa8e75202e6d74b44c1d8
nspr-4.7.6-1.el5_4.i386.rpm     abfb8be724a2afe4cc9711de33beaa5a
nspr-4.7.6-1.el5_4.ia64.rpm     75bf7e74ba99e13a3e3b294e5ef8bb92
nspr-devel-4.7.6-1.el5_4.ia64.rpm     04683f90fde74f7dcc0fe2d906a91993
xulrunner-1.9.0.15-3.el5_4.ia64.rpm     e1f928d512e91f34867d02d0dc8a980a
xulrunner-devel-1.9.0.15-3.el5_4.ia64.rpm     dfc16fb349898fa74b31545171791ab6
xulrunner-devel-unstable-1.9.0.15-3.el5_4.ia64.rpm     b64ac36287ccfac3ffcf059d24d65766
 
PPC:
firefox-3.0.15-3.el5_4.ppc.rpm     653bac77735017e7a2b95e3ea6288db3
nspr-4.7.6-1.el5_4.ppc.rpm     3e258777f59412a71bf3e3e3268ab786
nspr-4.7.6-1.el5_4.ppc64.rpm     387fc371fe3d1406167a0d83bc26100b
nspr-devel-4.7.6-1.el5_4.ppc.rpm     5162505996b1acb5a8755c8d3776ff93
nspr-devel-4.7.6-1.el5_4.ppc64.rpm     4ac6b9d16a62863a9a5c40bfc986d1c3
xulrunner-1.9.0.15-3.el5_4.ppc.rpm     42f1248e07fe988da1d96727a4031bf8
xulrunner-1.9.0.15-3.el5_4.ppc64.rpm     2c999806c8b1dfea50a01b72963c0ff4
xulrunner-devel-1.9.0.15-3.el5_4.ppc.rpm     5c98fdd013ffc6da294418b27b1a875b
xulrunner-devel-1.9.0.15-3.el5_4.ppc64.rpm     e1c7b7bc4d6657e1e30b4869bff2a24b
xulrunner-devel-unstable-1.9.0.15-3.el5_4.ppc.rpm     67603fd36b861b701f9052d5d16483a7
 
s390x:
firefox-3.0.15-3.el5_4.s390.rpm     4a101906a9e17b4e8811a6428120bd83
firefox-3.0.15-3.el5_4.s390x.rpm     a987d9e847219d475d18566cccb78974
nspr-4.7.6-1.el5_4.s390.rpm     07fdbd38c8ce578f6a0785ca0b4304fe
nspr-4.7.6-1.el5_4.s390x.rpm     6c26214b5c5d80034f89fed9e433ce2d
nspr-devel-4.7.6-1.el5_4.s390.rpm     1f7f062c22b560b577fc515cfff1b4e7
nspr-devel-4.7.6-1.el5_4.s390x.rpm     2823c8b3205701e8c44cf322978aa24f
xulrunner-1.9.0.15-3.el5_4.s390.rpm     f21c9b6b575f4001aa266c2f62666549
xulrunner-1.9.0.15-3.el5_4.s390x.rpm     44a9c8d7aeede322e184ac7c7de3d286
xulrunner-devel-1.9.0.15-3.el5_4.s390.rpm     47ca0f99e74c297e020abd25a04cabae
xulrunner-devel-1.9.0.15-3.el5_4.s390x.rpm     ee6f46384961d1656c8a9f72c597387f
xulrunner-devel-unstable-1.9.0.15-3.el5_4.s390x.rpm     70b2382f05c68713e884d6376fe0a243
 
x86_64:
firefox-3.0.15-3.el5_4.i386.rpm     4d5dd2a5cdaf4e2ae1361588e40affa4
firefox-3.0.15-3.el5_4.x86_64.rpm     c6cf6f26c6fe9efc6e12dbc5e31a115c
nspr-4.7.6-1.el5_4.i386.rpm     abfb8be724a2afe4cc9711de33beaa5a
nspr-4.7.6-1.el5_4.x86_64.rpm     db012c5c5dcedb963f6366aed6122803
nspr-devel-4.7.6-1.el5_4.i386.rpm     05e5bed3704fb9f4437159c49185b1ec
nspr-devel-4.7.6-1.el5_4.x86_64.rpm     30293bea4e882e5d82b60b7f41b49f6d
xulrunner-1.9.0.15-3.el5_4.i386.rpm     80024858f17fa3ae918a1b206c9540f3
xulrunner-1.9.0.15-3.el5_4.x86_64.rpm     5d95f785e7c32349ab9d93e5a85a087e
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm     9a09ae3b4722e22bc94a976e2b946c15
xulrunner-devel-1.9.0.15-3.el5_4.x86_64.rpm     69b44244a76a413c8094db4b4a345b86
xulrunner-devel-unstable-1.9.0.15-3.el5_4.x86_64.rpm     e03739bb0e02f7a94134325f68c3b210
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
firefox-3.0.15-3.el4.src.rpm     7c2bad4b5d997d3d052a56eb412edd36
nspr-4.7.6-1.el4_8.src.rpm     da29fd02b15a67e24ccc2957503ef069
 
IA-32:
firefox-3.0.15-3.el4.i386.rpm     14d3826d79c62b976a5488d89567d1a4
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-devel-4.7.6-1.el4_8.i386.rpm     024cb632ec0a220e4c213889f4f0650a
 
IA-64:
firefox-3.0.15-3.el4.ia64.rpm     7d537a60cbae64418c704522cd140aaf
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.ia64.rpm     3dd3486d30f8743727f97138ff19db36
nspr-devel-4.7.6-1.el4_8.ia64.rpm     2ac905dfdc9430f41aa694a220d50bc1
 
PPC:
firefox-3.0.15-3.el4.ppc.rpm     f62a49382a84b86fbf87e634c5cf57ae
nspr-4.7.6-1.el4_8.ppc.rpm     0f564e8fc4e6e991960face72eca1396
nspr-4.7.6-1.el4_8.ppc64.rpm     c93fe1ba65de4fb7a16a8b3f60458a00
nspr-devel-4.7.6-1.el4_8.ppc.rpm     7621270c0ac510491b7618ff0a0d7f49
 
s390:
firefox-3.0.15-3.el4.s390.rpm     2dd9bab12a7fe11d6e5d657749bdfdf2
nspr-4.7.6-1.el4_8.s390.rpm     5ce6904e11e821f35dc5e2afdfbc39ae
nspr-devel-4.7.6-1.el4_8.s390.rpm     5bd9353f991eb6dbb5b7ed132b469476
 
s390x:
firefox-3.0.15-3.el4.s390x.rpm     41cee49367af670563639edfa4f0c294
nspr-4.7.6-1.el4_8.s390.rpm     5ce6904e11e821f35dc5e2afdfbc39ae
nspr-4.7.6-1.el4_8.s390x.rpm     c2fb64dab30d142fc49d4664cc418a14
nspr-devel-4.7.6-1.el4_8.s390x.rpm     245359e73cd4d7557605af704eb8d078
 
x86_64:
firefox-3.0.15-3.el4.x86_64.rpm     71f58634ce858328f4c51b40a328698a
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.x86_64.rpm     fc5cb319ee26656afe33793c3f1c4920
nspr-devel-4.7.6-1.el4_8.x86_64.rpm     b75fe07a4f5af523fe9e30d8d727fed5
 
Red Hat Enterprise Linux AS (v. 4.8.z)
SRPMS:
firefox-3.0.15-3.el4.src.rpm     7c2bad4b5d997d3d052a56eb412edd36
nspr-4.7.6-1.el4_8.src.rpm     da29fd02b15a67e24ccc2957503ef069
 
IA-32:
firefox-3.0.15-3.el4.i386.rpm     14d3826d79c62b976a5488d89567d1a4
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-devel-4.7.6-1.el4_8.i386.rpm     024cb632ec0a220e4c213889f4f0650a
 
IA-64:
firefox-3.0.15-3.el4.ia64.rpm     7d537a60cbae64418c704522cd140aaf
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.ia64.rpm     3dd3486d30f8743727f97138ff19db36
nspr-devel-4.7.6-1.el4_8.ia64.rpm     2ac905dfdc9430f41aa694a220d50bc1
 
PPC:
firefox-3.0.15-3.el4.ppc.rpm     f62a49382a84b86fbf87e634c5cf57ae
nspr-4.7.6-1.el4_8.ppc.rpm     0f564e8fc4e6e991960face72eca1396
nspr-4.7.6-1.el4_8.ppc64.rpm     c93fe1ba65de4fb7a16a8b3f60458a00
nspr-devel-4.7.6-1.el4_8.ppc.rpm     7621270c0ac510491b7618ff0a0d7f49
 
s390:
firefox-3.0.15-3.el4.s390.rpm     2dd9bab12a7fe11d6e5d657749bdfdf2
nspr-4.7.6-1.el4_8.s390.rpm     5ce6904e11e821f35dc5e2afdfbc39ae
nspr-devel-4.7.6-1.el4_8.s390.rpm     5bd9353f991eb6dbb5b7ed132b469476
 
s390x:
firefox-3.0.15-3.el4.s390x.rpm     41cee49367af670563639edfa4f0c294
nspr-4.7.6-1.el4_8.s390.rpm     5ce6904e11e821f35dc5e2afdfbc39ae
nspr-4.7.6-1.el4_8.s390x.rpm     c2fb64dab30d142fc49d4664cc418a14
nspr-devel-4.7.6-1.el4_8.s390x.rpm     245359e73cd4d7557605af704eb8d078
 
x86_64:
firefox-3.0.15-3.el4.x86_64.rpm     71f58634ce858328f4c51b40a328698a
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.x86_64.rpm     fc5cb319ee26656afe33793c3f1c4920
nspr-devel-4.7.6-1.el4_8.x86_64.rpm     b75fe07a4f5af523fe9e30d8d727fed5
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
firefox-3.0.15-3.el5_4.src.rpm     c19569e55e7a60f60c7063a42dd8d649
nspr-4.7.6-1.el5_4.src.rpm     599aa013c7d475a61523fef8c58bada7
xulrunner-1.9.0.15-3.el5_4.src.rpm     46b4ee33df12ad0292a50d7e50857f5a
 
IA-32:
firefox-3.0.15-3.el5_4.i386.rpm     4d5dd2a5cdaf4e2ae1361588e40affa4
nspr-4.7.6-1.el5_4.i386.rpm     abfb8be724a2afe4cc9711de33beaa5a
xulrunner-1.9.0.15-3.el5_4.i386.rpm     80024858f17fa3ae918a1b206c9540f3
 
x86_64:
firefox-3.0.15-3.el5_4.i386.rpm     4d5dd2a5cdaf4e2ae1361588e40affa4
firefox-3.0.15-3.el5_4.x86_64.rpm     c6cf6f26c6fe9efc6e12dbc5e31a115c
nspr-4.7.6-1.el5_4.i386.rpm     abfb8be724a2afe4cc9711de33beaa5a
nspr-4.7.6-1.el5_4.x86_64.rpm     db012c5c5dcedb963f6366aed6122803
xulrunner-1.9.0.15-3.el5_4.i386.rpm     80024858f17fa3ae918a1b206c9540f3
xulrunner-1.9.0.15-3.el5_4.x86_64.rpm     5d95f785e7c32349ab9d93e5a85a087e
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
firefox-3.0.15-3.el4.src.rpm     7c2bad4b5d997d3d052a56eb412edd36
nspr-4.7.6-1.el4_8.src.rpm     da29fd02b15a67e24ccc2957503ef069
 
IA-32:
firefox-3.0.15-3.el4.i386.rpm     14d3826d79c62b976a5488d89567d1a4
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-devel-4.7.6-1.el4_8.i386.rpm     024cb632ec0a220e4c213889f4f0650a
 
IA-64:
firefox-3.0.15-3.el4.ia64.rpm     7d537a60cbae64418c704522cd140aaf
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.ia64.rpm     3dd3486d30f8743727f97138ff19db36
nspr-devel-4.7.6-1.el4_8.ia64.rpm     2ac905dfdc9430f41aa694a220d50bc1
 
x86_64:
firefox-3.0.15-3.el4.x86_64.rpm     71f58634ce858328f4c51b40a328698a
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.x86_64.rpm     fc5cb319ee26656afe33793c3f1c4920
nspr-devel-4.7.6-1.el4_8.x86_64.rpm     b75fe07a4f5af523fe9e30d8d727fed5
 
Red Hat Enterprise Linux ES (v. 4.8.z)
SRPMS:
firefox-3.0.15-3.el4.src.rpm     7c2bad4b5d997d3d052a56eb412edd36
nspr-4.7.6-1.el4_8.src.rpm     da29fd02b15a67e24ccc2957503ef069
 
IA-32:
firefox-3.0.15-3.el4.i386.rpm     14d3826d79c62b976a5488d89567d1a4
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-devel-4.7.6-1.el4_8.i386.rpm     024cb632ec0a220e4c213889f4f0650a
 
IA-64:
firefox-3.0.15-3.el4.ia64.rpm     7d537a60cbae64418c704522cd140aaf
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.ia64.rpm     3dd3486d30f8743727f97138ff19db36
nspr-devel-4.7.6-1.el4_8.ia64.rpm     2ac905dfdc9430f41aa694a220d50bc1
 
x86_64:
firefox-3.0.15-3.el4.x86_64.rpm     71f58634ce858328f4c51b40a328698a
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.x86_64.rpm     fc5cb319ee26656afe33793c3f1c4920
nspr-devel-4.7.6-1.el4_8.x86_64.rpm     b75fe07a4f5af523fe9e30d8d727fed5
 
Red Hat Enterprise Linux EUS (v. 5.4.z server)
SRPMS:
firefox-3.0.15-3.el5_4.src.rpm     c19569e55e7a60f60c7063a42dd8d649
nspr-4.7.6-1.el5_4.src.rpm     599aa013c7d475a61523fef8c58bada7
xulrunner-1.9.0.15-3.el5_4.src.rpm     46b4ee33df12ad0292a50d7e50857f5a
 
IA-32:
firefox-3.0.15-3.el5_4.i386.rpm     4d5dd2a5cdaf4e2ae1361588e40affa4
nspr-4.7.6-1.el5_4.i386.rpm     abfb8be724a2afe4cc9711de33beaa5a
nspr-devel-4.7.6-1.el5_4.i386.rpm     05e5bed3704fb9f4437159c49185b1ec
xulrunner-1.9.0.15-3.el5_4.i386.rpm     80024858f17fa3ae918a1b206c9540f3
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm     9a09ae3b4722e22bc94a976e2b946c15
xulrunner-devel-unstable-1.9.0.15-3.el5_4.i386.rpm     c5b28bcf10ca73aa6d1ba76e7415bd2c
 
IA-64:
firefox-3.0.15-3.el5_4.ia64.rpm     caff4f98814fa8e75202e6d74b44c1d8
nspr-4.7.6-1.el5_4.i386.rpm     abfb8be724a2afe4cc9711de33beaa5a
nspr-4.7.6-1.el5_4.ia64.rpm     75bf7e74ba99e13a3e3b294e5ef8bb92
nspr-devel-4.7.6-1.el5_4.ia64.rpm     04683f90fde74f7dcc0fe2d906a91993
xulrunner-1.9.0.15-3.el5_4.ia64.rpm     e1f928d512e91f34867d02d0dc8a980a
xulrunner-devel-1.9.0.15-3.el5_4.ia64.rpm     dfc16fb349898fa74b31545171791ab6
xulrunner-devel-unstable-1.9.0.15-3.el5_4.ia64.rpm     b64ac36287ccfac3ffcf059d24d65766
 
PPC:
firefox-3.0.15-3.el5_4.ppc.rpm     653bac77735017e7a2b95e3ea6288db3
nspr-4.7.6-1.el5_4.ppc.rpm     3e258777f59412a71bf3e3e3268ab786
nspr-4.7.6-1.el5_4.ppc64.rpm     387fc371fe3d1406167a0d83bc26100b
nspr-devel-4.7.6-1.el5_4.ppc.rpm     5162505996b1acb5a8755c8d3776ff93
nspr-devel-4.7.6-1.el5_4.ppc64.rpm     4ac6b9d16a62863a9a5c40bfc986d1c3
xulrunner-1.9.0.15-3.el5_4.ppc.rpm     42f1248e07fe988da1d96727a4031bf8
xulrunner-1.9.0.15-3.el5_4.ppc64.rpm     2c999806c8b1dfea50a01b72963c0ff4
xulrunner-devel-1.9.0.15-3.el5_4.ppc.rpm     5c98fdd013ffc6da294418b27b1a875b
xulrunner-devel-1.9.0.15-3.el5_4.ppc64.rpm     e1c7b7bc4d6657e1e30b4869bff2a24b
xulrunner-devel-unstable-1.9.0.15-3.el5_4.ppc.rpm     67603fd36b861b701f9052d5d16483a7
 
s390x:
firefox-3.0.15-3.el5_4.s390.rpm     4a101906a9e17b4e8811a6428120bd83
firefox-3.0.15-3.el5_4.s390x.rpm     a987d9e847219d475d18566cccb78974
nspr-4.7.6-1.el5_4.s390.rpm     07fdbd38c8ce578f6a0785ca0b4304fe
nspr-4.7.6-1.el5_4.s390x.rpm     6c26214b5c5d80034f89fed9e433ce2d
nspr-devel-4.7.6-1.el5_4.s390.rpm     1f7f062c22b560b577fc515cfff1b4e7
nspr-devel-4.7.6-1.el5_4.s390x.rpm     2823c8b3205701e8c44cf322978aa24f
xulrunner-1.9.0.15-3.el5_4.s390.rpm     f21c9b6b575f4001aa266c2f62666549
xulrunner-1.9.0.15-3.el5_4.s390x.rpm     44a9c8d7aeede322e184ac7c7de3d286
xulrunner-devel-1.9.0.15-3.el5_4.s390.rpm     47ca0f99e74c297e020abd25a04cabae
xulrunner-devel-1.9.0.15-3.el5_4.s390x.rpm     ee6f46384961d1656c8a9f72c597387f
xulrunner-devel-unstable-1.9.0.15-3.el5_4.s390x.rpm     70b2382f05c68713e884d6376fe0a243
 
x86_64:
firefox-3.0.15-3.el5_4.i386.rpm     4d5dd2a5cdaf4e2ae1361588e40affa4
firefox-3.0.15-3.el5_4.x86_64.rpm     c6cf6f26c6fe9efc6e12dbc5e31a115c
nspr-4.7.6-1.el5_4.i386.rpm     abfb8be724a2afe4cc9711de33beaa5a
nspr-4.7.6-1.el5_4.x86_64.rpm     db012c5c5dcedb963f6366aed6122803
nspr-devel-4.7.6-1.el5_4.i386.rpm     05e5bed3704fb9f4437159c49185b1ec
nspr-devel-4.7.6-1.el5_4.x86_64.rpm     30293bea4e882e5d82b60b7f41b49f6d
xulrunner-1.9.0.15-3.el5_4.i386.rpm     80024858f17fa3ae918a1b206c9540f3
xulrunner-1.9.0.15-3.el5_4.x86_64.rpm     5d95f785e7c32349ab9d93e5a85a087e
xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm     9a09ae3b4722e22bc94a976e2b946c15
xulrunner-devel-1.9.0.15-3.el5_4.x86_64.rpm     69b44244a76a413c8094db4b4a345b86
xulrunner-devel-unstable-1.9.0.15-3.el5_4.x86_64.rpm     e03739bb0e02f7a94134325f68c3b210
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
firefox-3.0.15-3.el4.src.rpm     7c2bad4b5d997d3d052a56eb412edd36
nspr-4.7.6-1.el4_8.src.rpm     da29fd02b15a67e24ccc2957503ef069
 
IA-32:
firefox-3.0.15-3.el4.i386.rpm     14d3826d79c62b976a5488d89567d1a4
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-devel-4.7.6-1.el4_8.i386.rpm     024cb632ec0a220e4c213889f4f0650a
 
IA-64:
firefox-3.0.15-3.el4.ia64.rpm     7d537a60cbae64418c704522cd140aaf
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.ia64.rpm     3dd3486d30f8743727f97138ff19db36
nspr-devel-4.7.6-1.el4_8.ia64.rpm     2ac905dfdc9430f41aa694a220d50bc1
 
x86_64:
firefox-3.0.15-3.el4.x86_64.rpm     71f58634ce858328f4c51b40a328698a
nspr-4.7.6-1.el4_8.i386.rpm     8ae2bc7f71ca877897ccb86b33e53beb
nspr-4.7.6-1.el4_8.x86_64.rpm     fc5cb319ee26656afe33793c3f1c4920
nspr-devel-4.7.6-1.el4_8.x86_64.rpm     b75fe07a4f5af523fe9e30d8d727fed5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use
530151 - CVE-2009-3370 Firefox form history vulnerable to stealing
530155 - CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing
530156 - CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser
530157 - CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS()
530162 - CVE-2009-1563 Firefox heap buffer overflow in string to number conversion
530167 - CVE-2009-3375 Firefox cross-origin data theft through document.getSelection()
530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override
530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption
530569 - CVE-2009-3382 Firefox crashes with evidence of memory corruption


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382
http://www.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.15

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/