Skip to navigation

Security Advisory Critical: firefox security, bug fix, and enhancement update

Advisory: RHSA-2010:0501-2
Type: Security Advisory
Severity: Critical
Issued on: 2010-06-22
Last updated on: 2010-06-25
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2008-5913
CVE-2009-5017
CVE-2010-0182
CVE-2010-1121
CVE-2010-1125
CVE-2010-1196
CVE-2010-1197
CVE-2010-1198
CVE-2010-1199
CVE-2010-1200
CVE-2010-1202
CVE-2010-1203

Details

Updated firefox packages that address several security issues, fix bugs,
add numerous enhancements, and upgrade Firefox to version 3.6.4, are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

[Updated 25 June 2010]
The original packages distributed with this erratum had a bug which could
cause unintended dependencies to be installed when upgrading. We have
updated the packages to correct this bug.

Mozilla Firefox is an open source web browser.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)

A flaw was found in the way browser plug-ins interact. It was possible for
a plug-in to reference the freed memory from a different plug-in, resulting
in the execution of arbitrary code with the privileges of the user running
Firefox. (CVE-2010-1198)

Several integer overflow flaws were found in the processing of malformed
web content. A web page containing malicious content could cause Firefox to
crash or, potentially, execute arbitrary code with the privileges of the
user running Firefox. (CVE-2010-1196, CVE-2010-1199)

A focus stealing flaw was found in the way Firefox handled focus changes. A
malicious website could use this flaw to steal sensitive data from a user,
such as usernames and passwords. (CVE-2010-1125)

A flaw was found in the way Firefox handled the "Content-Disposition:
attachment" HTTP header when the "Content-Type: multipart" HTTP header was
also present. A website that allows arbitrary uploads and relies on the
"Content-Disposition: attachment" HTTP header to prevent content from being
displayed inline, could be used by an attacker to serve malicious content
to users. (CVE-2010-1197)

A flaw was found in the Firefox Math.random() function. This function could
be used to identify a browsing session and track a user across different
websites. (CVE-2008-5913)

A flaw was found in the Firefox XML document loading security checks.
Certain security checks were not being called when an XML document was
loaded. This could possibly be leveraged later by an attacker to load
certain resources that violate the security policies of the browser or its
add-ons. Note that this issue cannot be exploited by only loading an XML
document. (CVE-2010-0182)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.4. You can find a link to the Mozilla advisories
in the References section of this erratum.

This erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due to
the requirements of Firefox 3.6.4, this erratum also provides a number of
other updated packages, including esc, totem, and yelp.

This erratum also contains multiple bug fixes and numerous enhancements.
Space precludes documenting these changes in this advisory. For details
concerning these changes, refer to the Firefox Release Notes links in the
References section of this erratum.

Important: Firefox 3.6.4 is not completely backwards-compatible with all
Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19.
Firefox 3.6 checks compatibility on first-launch, and, depending on the
individual configuration and the installed Add-ons and plug-ins, may
disable said Add-ons and plug-ins, or attempt to check for updates and
upgrade them. Add-ons and plug-ins may have to be manually updated.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.4. After installing the update, Firefox must be
restarted for the changes to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
devhelp-0.12-21.el5.src.rpm
File outdated by:  RHSA-2013:0271		     MD5: f11913dbbc18601bebebcb6debe91edb
SHA-256: 53f4eca753bc870f0921a5ae00ec66628ce2388a83589c65c51736e46ca75e88
totem-2.16.7-7.el5.src.rpm
File outdated by:  RHBA-2011:0215		     MD5: cfd0b30aee7e3d423851fcebe9a399b2
SHA-256: c5911b61bc257473465d9b8b33d8dbc43b883f551ebb61a2d969717c759ca31a
xulrunner-1.9.2.4-10.el5.src.rpm
File outdated by:  RHSA-2013:0820		     MD5: c03d627efa9df977e8c2523472e7e627
SHA-256: a7a26b36f6feeef23d148e29fff7d4f25690927d8c87b5c7cc77113712c846fe
 
IA-32:
devhelp-devel-0.12-21.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: 95c51d0b6ddc6b4096a39a2fab91cb0d
SHA-256: 28b8fac8b757d22d171c689fae0e4f9c9c995b5afc9619d62fdf29f11ca650bc
totem-devel-2.16.7-7.el5.i386.rpm
File outdated by:  RHBA-2011:0215		     MD5: d56c42ed523e837dd0d61eab0f64823c
SHA-256: 62540eed720402b8a6e03d358b6a4feb9eebf7c3d6f993f445a92d8255ff5c2c
xulrunner-devel-1.9.2.4-10.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 9d1a8456b0305153f87afc1700088991
SHA-256: e739b51e7e1d5477101e13cf2eb0132d48b2ad7e8db78826db51884826dfd62e
 
x86_64:
devhelp-devel-0.12-21.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: 95c51d0b6ddc6b4096a39a2fab91cb0d
SHA-256: 28b8fac8b757d22d171c689fae0e4f9c9c995b5afc9619d62fdf29f11ca650bc
devhelp-devel-0.12-21.el5.x86_64.rpm
File outdated by:  RHSA-2013:0271		     MD5: 29116bdc2b89fb6c0cea1f1f3207d3c1
SHA-256: 26d0590a1988cb9b0ed2bc2201f4ae4de61afc6b83a5e2ed3ba857b06405c8db
totem-devel-2.16.7-7.el5.i386.rpm
File outdated by:  RHBA-2011:0215		     MD5: d56c42ed523e837dd0d61eab0f64823c
SHA-256: 62540eed720402b8a6e03d358b6a4feb9eebf7c3d6f993f445a92d8255ff5c2c
totem-devel-2.16.7-7.el5.x86_64.rpm
File outdated by:  RHBA-2011:0215		     MD5: 981e1284b5e9a092e8bf4d5b89fe9155
SHA-256: dde4c4e164b64ca4c76df7705b2628c35e8966d5dedc4dec0865a1603b27adae
xulrunner-devel-1.9.2.4-10.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 9d1a8456b0305153f87afc1700088991
SHA-256: e739b51e7e1d5477101e13cf2eb0132d48b2ad7e8db78826db51884826dfd62e
xulrunner-devel-1.9.2.4-10.el5.x86_64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 9486f41492c4d086da5a31dc607c8ef9
SHA-256: c108c0098b63147260bc00fa5b14b55fc1db358a16a705590cd3e78277e4d3e7
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
devhelp-0.12-21.el5.src.rpm
File outdated by:  RHSA-2013:0271		     MD5: f11913dbbc18601bebebcb6debe91edb
SHA-256: 53f4eca753bc870f0921a5ae00ec66628ce2388a83589c65c51736e46ca75e88
esc-1.1.0-12.el5.src.rpm
File outdated by:  RHBA-2013:0734		     MD5: 5567648aa83bc0834e3ad515cf17c9f5
SHA-256: 5d2f24fba1b63c20abd6185b922a4e8af80d30ae33b98c68d183489341f00488
firefox-3.6.4-8.el5.src.rpm
File outdated by:  RHSA-2013:0820		     MD5: 4c10675b4ea0ce42328278524166b148
SHA-256: 012bdb25f9fdc5e1ce0d7ec4b86c24e3906f2209b25e223d5b5c5b050e912dca
gnome-python2-extras-2.14.2-7.el5.src.rpm     MD5: f7f26ca864a5074761d8a44df8f48c1b
SHA-256: 181982828fd0c014ee0479b4204136ff41defef86516daaf4626f6e75a95f804
totem-2.16.7-7.el5.src.rpm
File outdated by:  RHBA-2011:0215		     MD5: cfd0b30aee7e3d423851fcebe9a399b2
SHA-256: c5911b61bc257473465d9b8b33d8dbc43b883f551ebb61a2d969717c759ca31a
xulrunner-1.9.2.4-10.el5.src.rpm
File outdated by:  RHSA-2013:0820		     MD5: c03d627efa9df977e8c2523472e7e627
SHA-256: a7a26b36f6feeef23d148e29fff7d4f25690927d8c87b5c7cc77113712c846fe
yelp-2.16.0-26.el5.src.rpm
File outdated by:  RHSA-2013:0271		     MD5: 65d54c980629f8d4116d6854795b9c36
SHA-256: 0a1aa6497ab4b12fb3f2c8628e432151c458d3aaa4f530f710704fe07534c15b
 
IA-32:
devhelp-0.12-21.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: 4f35a1bd958059f0ee9a2f29cea87104
SHA-256: 8cf2811b99f189964dd9a334a63f75e508b819e68c044b95f0a7112270613df6
devhelp-devel-0.12-21.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: 95c51d0b6ddc6b4096a39a2fab91cb0d
SHA-256: 28b8fac8b757d22d171c689fae0e4f9c9c995b5afc9619d62fdf29f11ca650bc
esc-1.1.0-12.el5.i386.rpm
File outdated by:  RHBA-2013:0734		     MD5: 6aacfe36a0cf957226e09e8b77db5535
SHA-256: bdc6ac39a91f4276e84121f2cf54f2dc36e219b6da1b4233aca54da9acc0a442
firefox-3.6.4-8.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: ef767449a3b417c23cf063aa70b8b4da
SHA-256: c0fbe4b189bb6b8d40924837327d9b75abb4cbe8f3a98cf7ee2ec6f4669a4d89
gnome-python2-extras-2.14.2-7.el5.i386.rpm     MD5: 4b88b63bc343f1c419c4cfbecf0a07e0
SHA-256: 309c548c2d1508fa1e05441224046751e0f73e1570a16715c81e3bdf08f1ec1a
gnome-python2-gtkhtml2-2.14.2-7.el5.i386.rpm     MD5: f1f045d397de30befea230297925568e
SHA-256: 0d116ecde2ac29106dc7ae5ebea72f64750e369c13e90d724839c24765cc062c
gnome-python2-gtkmozembed-2.14.2-7.el5.i386.rpm     MD5: d3b37bdf7ee6d8362220b13b2211da7c
SHA-256: 848409ea3dab45cf159306e06bb9f5d0be5822b12f07ba20e4c901b41642f465
gnome-python2-gtkspell-2.14.2-7.el5.i386.rpm     MD5: 58b2ca7bc26bcbdef1c3d547053e6bc4
SHA-256: 13a7af508fb085c76fed3be021816557ab0877aa29cbccf45660dd2cf7d1464f
gnome-python2-libegg-2.14.2-7.el5.i386.rpm     MD5: 38cc981bdc5c1d33739d04e9aa8b7055
SHA-256: b2f5e645dd98ed67d018fc82727090bd495f9328eae5da85bc75f4dc91a38562
totem-2.16.7-7.el5.i386.rpm
File outdated by:  RHBA-2011:0215		     MD5: fcc995b4401c30584c27f387051abca2
SHA-256: 2645a668d741ce34c579ec6970252f1f0d6424d9b349ffcf0d8568684ea16276
totem-devel-2.16.7-7.el5.i386.rpm
File outdated by:  RHBA-2011:0215		     MD5: d56c42ed523e837dd0d61eab0f64823c
SHA-256: 62540eed720402b8a6e03d358b6a4feb9eebf7c3d6f993f445a92d8255ff5c2c
totem-mozplugin-2.16.7-7.el5.i386.rpm
File outdated by:  RHBA-2011:0215		     MD5: e002cdd13571d5661ddb7adbb7b15e2e
SHA-256: f3690ce138c1f0340c643db95b34fd7db009715d1fc483cff9a98d9265d4ab61
xulrunner-1.9.2.4-10.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 8e12bbb227c862740072f1a2984c95de
SHA-256: 0a886ce31caa6d26fb7605e18826ed14eb8f49e19c2b75d9e1990ddb5a533be3
xulrunner-devel-1.9.2.4-10.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 9d1a8456b0305153f87afc1700088991
SHA-256: e739b51e7e1d5477101e13cf2eb0132d48b2ad7e8db78826db51884826dfd62e
yelp-2.16.0-26.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: e84c935abad8e96c71fa5b595b554a86
SHA-256: 860abe7aa39edd346c7b25571c9888eea809f44a09e4363ab3c0a84bbb2cd4ff
 
IA-64:
devhelp-0.12-21.el5.ia64.rpm
File outdated by:  RHSA-2013:0271		     MD5: b260997f77c58797204e914a5b8c3474
SHA-256: 13ed25bb1db1045a83db0e84829885df3f39b7290bab37ac5caf8f2d07fd0cf2
devhelp-devel-0.12-21.el5.ia64.rpm
File outdated by:  RHSA-2013:0271		     MD5: b5151d5a8d314aef041e09c1509191f3
SHA-256: c8caf99964ff5599205dd7f5361e340e95d929159567d4d7b4a042d0360acc8f
esc-1.1.0-12.el5.ia64.rpm
File outdated by:  RHBA-2013:0734		     MD5: 646b755ce23063138fc8f3567cc4a93a
SHA-256: b156d322e936db0da23a065cead92c9274ca1efd537aefcdf9cb56c53fcdf26b
firefox-3.6.4-8.el5.ia64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 59c84a9721693abb3f155dd9370f0012
SHA-256: 17019413da809e640330ca5cebd491ac6e43f03bdc327714502ef7305923c1ec
gnome-python2-extras-2.14.2-7.el5.ia64.rpm     MD5: d1da1c671dd1198e97a2e7bc1b16a4e7
SHA-256: bd177f86d8c940a077a711253ef051742806d7438fe63b53087cb23a3f873b23
gnome-python2-gtkhtml2-2.14.2-7.el5.ia64.rpm     MD5: 39694cdeaee4c4ffbb4b48ce7f6072fc
SHA-256: 837f556feb33f62704ad0a0e2fe53a4e2211ee12eea2366ed46ad93cdacf5795
gnome-python2-gtkmozembed-2.14.2-7.el5.ia64.rpm     MD5: 84582144ca98dac8f1f6ef88abc48a21
SHA-256: 94bf737664cccd058ecce67befe1ed159086781b86efa9995802cecb88e58f15
gnome-python2-gtkspell-2.14.2-7.el5.ia64.rpm     MD5: 58147aace9f06d11f85c9d383f3074ab
SHA-256: 2a19a8df933f870ec9dcc7b6117acd2749904f2905ec8c19668249eae66575f5
gnome-python2-libegg-2.14.2-7.el5.ia64.rpm     MD5: 0f8c2f3dd33fe5f34f8988fbd3463ac5
SHA-256: 3f71fd9826af38547666d535f89399564864b12c680b7238419ac7f80d2089a5
totem-2.16.7-7.el5.ia64.rpm
File outdated by:  RHBA-2011:0215		     MD5: 13ead918cb1061550b97091e23ff97e8
SHA-256: 4a324239ce02996c2eabb451644a156a84320c1bca859d31ee87001ef9fc35da
totem-devel-2.16.7-7.el5.ia64.rpm
File outdated by:  RHBA-2011:0215		     MD5: 3ad7560b135230a7b01348b66feee57b
SHA-256: ad69da5ec14275fe4974e725116f2c58281f4a513e15b0108c7161bd2649349b
totem-mozplugin-2.16.7-7.el5.ia64.rpm
File outdated by:  RHBA-2011:0215		     MD5: 045eeef1cbcfe38236cef8ef8b0b6e52
SHA-256: 3ac20a705fed493e11dc44acefcb8368acd45d35f920a0e7be7dfd9869893187
xulrunner-1.9.2.4-10.el5.ia64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 49156f5758356e847c7e78ad6306b356
SHA-256: 1be51dc4c6194ff75bc805dba8f566401b7c7e1821bfd0072f7392ac3b9b43d0
xulrunner-devel-1.9.2.4-10.el5.ia64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 958564d9620a8cfa9fb160bb80cd70a6
SHA-256: ce6c914564a7d45c140576ca1b23d70f48236a71eaca763446bfb1e5c5318615
yelp-2.16.0-26.el5.ia64.rpm
File outdated by:  RHSA-2013:0271		     MD5: e3f3abf5f837e0922c5b9d99bad26d72
SHA-256: c3c9e82a6d56c38ce893a3b956c39cf5a635c1b7dcf9ff633ca17822e6294a44
 
PPC:
devhelp-0.12-21.el5.ppc.rpm
File outdated by:  RHSA-2013:0271		     MD5: 09dce6f2939f8a7569a72d73e906b996
SHA-256: b74dc1334b42627e893cf12353ea0c5ffc0dfd36611af78ac03fcb0452c4e67e
devhelp-devel-0.12-21.el5.ppc.rpm
File outdated by:  RHSA-2013:0271		     MD5: 1929e508408c7105d0f60f2466dfb73a
SHA-256: 096a5941d266df8cc2ce8f6b9f23f028154eccdfa85cd6cbb1006a2795c81f95
esc-1.1.0-12.el5.ppc.rpm
File outdated by:  RHBA-2013:0734		     MD5: 2a2bf44fa48c19a332ffe67d51f4fbb6
SHA-256: fc836357fca8765f83a198a3b2bfe29117bf8850b6eec23497ec03a538e24e94
firefox-3.6.4-8.el5.ppc.rpm
File outdated by:  RHSA-2013:0820		     MD5: 7109a844075582f7e18b081198dab4c1
SHA-256: 32e50c5fdffff3b9747fa1867c1e8820156a4427624874859fd83d59d535b89b
gnome-python2-extras-2.14.2-7.el5.ppc.rpm     MD5: b86de761f32b09a7eb8c8b3e05c47789
SHA-256: 23eb286ffce8ca6346c6c919691bf946915566fd5de50320b5260fdb6fe1addb
gnome-python2-gtkhtml2-2.14.2-7.el5.ppc.rpm     MD5: e4cd30099d4aa6c5e3b2deb708835359
SHA-256: 8df318d90738373153e25836c055a9730517aefbddfff9e96cb507d875fd7f59
gnome-python2-gtkmozembed-2.14.2-7.el5.ppc.rpm     MD5: 9865e894ddc274f2363e82585972ba95
SHA-256: 28963ba22079ed5f838d9e29030f9a9f80450de9e1d9f25da9f16061f0231787
gnome-python2-gtkspell-2.14.2-7.el5.ppc.rpm     MD5: 4635fdd8e2349e5e5fd0f0451d4ce2a9
SHA-256: d5b763daf75edb0ff8c8fb1ab3026c4ec6e1d925c1a22bf78b56cc6941c62b37
gnome-python2-libegg-2.14.2-7.el5.ppc.rpm     MD5: 8cea9308a110a08568e29c3d56a76455
SHA-256: d5fc0dd4745002115ab0e60cc30f0930cb916115a807473e34b4fcd64fa15932
totem-2.16.7-7.el5.ppc.rpm
File outdated by:  RHBA-2011:0215		     MD5: e870565d1d9cb6185389fa51668e6af2
SHA-256: b7a7a62a91650caae266734a36d263c6000b9a8e7fdb1e39709f6e2ded143325
totem-2.16.7-7.el5.ppc64.rpm
File outdated by:  RHBA-2011:0215		     MD5: 468538a24ae623efb1da441d26af61b9
SHA-256: 5cfb701cfa75c115acdd7879f80c633a991bb8aa6cca2dc920a575af567f0bbd
totem-devel-2.16.7-7.el5.ppc.rpm
File outdated by:  RHBA-2011:0215		     MD5: 3ed2d9dde7d0c485f77622ce4b19922b
SHA-256: 64a3c668bf0f032e4b213b27cc636298869635b3248d40804a3890122094bc49
totem-devel-2.16.7-7.el5.ppc64.rpm
File outdated by:  RHBA-2011:0215		     MD5: c79d7979c90b7c5098748a56f2b0daeb
SHA-256: 576a5e4d4d7dff8c16131e9b8bf70f19886ab41704e1fe06ac1b8e62c48d35eb
totem-mozplugin-2.16.7-7.el5.ppc.rpm
File outdated by:  RHBA-2011:0215		     MD5: ad5d118398780d9e0a0813f7f26b6344
SHA-256: a1f55972cc9d72e8a09887e7bda3fa8e15c1e218411a9ac7c78191385bf2b448
xulrunner-1.9.2.4-10.el5.ppc.rpm
File outdated by:  RHSA-2013:0820		     MD5: 8c5b209f73afe915358e0cad402f54f3
SHA-256: 8f7db390c22bddb9f77fe9c2ce3e63767e034466a6186f3f933e2a69ccdd9ca5
xulrunner-1.9.2.4-10.el5.ppc64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 1638b3453121dc0e53ea3b24b22157e2
SHA-256: 50d63895af1ba0fbba7de19daa3c94d61be16706bd6ef8f11f728334bae47d9a
xulrunner-devel-1.9.2.4-10.el5.ppc.rpm
File outdated by:  RHSA-2013:0820		     MD5: 0ae130547c54b62e444c3183aed4a6df
SHA-256: 72b6dc2e23efda7cdc27980132183506418d8415d1dd36a1fa0d99310e73ee34
xulrunner-devel-1.9.2.4-10.el5.ppc64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 654dd7a05a69f436d9e0d5eb35c6aabf
SHA-256: 916017edbf9dfd84d20699f7357959501c84602a047bc756f6998a81698a7705
yelp-2.16.0-26.el5.ppc.rpm
File outdated by:  RHSA-2013:0271		     MD5: 514a2827bc58a943f95f8be920efba97
SHA-256: 50e892b2e16fa72434d9d7ea066342a587e8c50098f4aedf961407df743f635b
 
s390x:
devhelp-0.12-21.el5.s390.rpm
File outdated by:  RHSA-2013:0271		     MD5: 4deb1f18c3dde64a7f7e2a68678e9cbc
SHA-256: fe45958e2e14d5ee33c1b79a77e5e8ae546d0fb596406eac8cc52df3aca79aa8
devhelp-0.12-21.el5.s390x.rpm
File outdated by:  RHSA-2013:0271		     MD5: 678757087bc3101ba787f8d8598f8bf0
SHA-256: 9cf0181fb50549f6f529893f69d4bb70f13eb1b30da9ed021fc9351eda81e94f
devhelp-devel-0.12-21.el5.s390.rpm
File outdated by:  RHSA-2013:0271		     MD5: 76a44d95f1da0c3b320beb1017737357
SHA-256: 753fffbbcf2cf0c70c1d43477cdac170609c10c245891b448270e5bd4ebef178
devhelp-devel-0.12-21.el5.s390x.rpm
File outdated by:  RHSA-2013:0271		     MD5: 7076130d4880dae483e4cbaf46155c33
SHA-256: 4d6f3ef9d4e69ab80d22b32ded91b95a8a9bc406c333993a00e5c6ffa8df7a25
firefox-3.6.4-8.el5.s390.rpm
File outdated by:  RHSA-2013:0820		     MD5: 878c39b39b2b0236c39431992a4174d4
SHA-256: b6da6134bd71d64426ac1ec4087b4bc41145273779e0cf28676d5008bddd68eb
firefox-3.6.4-8.el5.s390x.rpm
File outdated by:  RHSA-2013:0820		     MD5: fac108e5e14f7ff457e0234f5d72a182
SHA-256: 323237bd62dc9a3fa978cf4307028f37324910670c78aa3e952dd44e5cc0977e
gnome-python2-extras-2.14.2-7.el5.s390x.rpm     MD5: a78b6b3d3329962b16d20b808d0baa29
SHA-256: aa3714cc50b996965eb40d531ed51329229ff96cca01456e6acd45e365f66aaa
gnome-python2-gtkhtml2-2.14.2-7.el5.s390x.rpm     MD5: b9daa839d8013444bda2c759dc76e539
SHA-256: 3d0275e9f6fdfcf39161b294558bca097e6b3dff8d62aba86d238d92416ec115
gnome-python2-gtkmozembed-2.14.2-7.el5.s390x.rpm     MD5: 9bf3296fb6ef95f8db4f718bcb6b13ee
SHA-256: e2fbded0699e8f568b528fdcfd200f21ced04ef802d1414499068e1223aa6e91
gnome-python2-gtkspell-2.14.2-7.el5.s390x.rpm     MD5: 6b0766650b96dbee4b2e82f0629b890b
SHA-256: d9258de949105c95f90d5035be315001f0182875132c9088d417fb51f99e4937
gnome-python2-libegg-2.14.2-7.el5.s390x.rpm     MD5: e8b13635962d166feb5d4545be545afc
SHA-256: 7654fb7459d3eedff5209ac2aa7a60bcda8de03b74c109564bd80cba5173498b
totem-2.16.7-7.el5.s390.rpm
File outdated by:  RHBA-2011:0215		     MD5: 6c6da1cb5c935353efff9b3427862880
SHA-256: 5e1d999126918db9655ab6bc3c45401551c41354294f5e2550b96e35957e8612
totem-2.16.7-7.el5.s390x.rpm
File outdated by:  RHBA-2011:0215		     MD5: a78993823b56edf9870682017d06ef90
SHA-256: 02ef1d00e2bb1ed7a3c8bc544582c373ac004766ec19ad2214c34a40091d46b4
totem-devel-2.16.7-7.el5.s390.rpm
File outdated by:  RHBA-2011:0215		     MD5: 1948a7d7dd71112fd24ef12afd5e951d
SHA-256: a4ed8606b6931d33b07d3f29abb9ee5d7fe1277b323f8624f36e9c75063004a8
totem-devel-2.16.7-7.el5.s390x.rpm
File outdated by:  RHBA-2011:0215		     MD5: 7689aab504e1aeed66c98ba73497dd6f
SHA-256: e1f69b8593e20aad52135570823ed79bba7b3d6de6f30eb4763e7c13c2ed9513
totem-mozplugin-2.16.7-7.el5.s390x.rpm
File outdated by:  RHBA-2011:0215		     MD5: d027fb3cf3044544ea2c790d542ba8ca
SHA-256: fbcb80275dbdf1d7a050bf6f4975b88c48d44af30fdb6a69512d09dc083f6e77
xulrunner-1.9.2.4-10.el5.s390.rpm
File outdated by:  RHSA-2013:0820		     MD5: e41a876035b5177c125d67481b50ccf2
SHA-256: 30aaa5b52c3c037f04d007265b1b8e43df8d2a9f0d72008309f4f63586fd05ea
xulrunner-1.9.2.4-10.el5.s390x.rpm
File outdated by:  RHSA-2013:0820		     MD5: cc45836f4d276f8f046bf8fa3dab58bf
SHA-256: c3bfd8c1e8ee93fc6d0dd7aef5bbdb30a29f2898dee5c8791a20a475d6395a8d
xulrunner-devel-1.9.2.4-10.el5.s390.rpm
File outdated by:  RHSA-2013:0820		     MD5: aaa64859d5fa8f47893d72ed618a2f8d
SHA-256: bcdaff742fc0361ca417b150a44bd432aff8389987f0aab2fa6be0f06933ba5e
xulrunner-devel-1.9.2.4-10.el5.s390x.rpm
File outdated by:  RHSA-2013:0820		     MD5: bd235308656d1aeefffbeb27f04cc5d5
SHA-256: a3262d8b37242ffc69c53c2b861252592ac51e460e83cb3a1017a908f1c4095a
yelp-2.16.0-26.el5.s390x.rpm
File outdated by:  RHSA-2013:0271		     MD5: 0bfd96a569f53265388182b42aab126d
SHA-256: f035bce8d6c5378db35b34cace70413166651db23d6fddd07303b123e9d70e63
 
x86_64:
devhelp-0.12-21.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: 4f35a1bd958059f0ee9a2f29cea87104
SHA-256: 8cf2811b99f189964dd9a334a63f75e508b819e68c044b95f0a7112270613df6
devhelp-0.12-21.el5.x86_64.rpm
File outdated by:  RHSA-2013:0271		     MD5: e576afab22ef20e13f4534f966bf4137
SHA-256: 127ca64a97c91d718b80efe709f867383b0d22fbb039c4a5db62dd9c70b9c4e6
devhelp-devel-0.12-21.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: 95c51d0b6ddc6b4096a39a2fab91cb0d
SHA-256: 28b8fac8b757d22d171c689fae0e4f9c9c995b5afc9619d62fdf29f11ca650bc
devhelp-devel-0.12-21.el5.x86_64.rpm
File outdated by:  RHSA-2013:0271		     MD5: 29116bdc2b89fb6c0cea1f1f3207d3c1
SHA-256: 26d0590a1988cb9b0ed2bc2201f4ae4de61afc6b83a5e2ed3ba857b06405c8db
esc-1.1.0-12.el5.x86_64.rpm
File outdated by:  RHBA-2013:0734		     MD5: fd030a5d9a24cbbaf0bef4dd82479d36
SHA-256: 3fdcfece609cd7b35eac2b2e1f15233a2edc43a1ff0c6020d07769cb098a1d19
firefox-3.6.4-8.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: ef767449a3b417c23cf063aa70b8b4da
SHA-256: c0fbe4b189bb6b8d40924837327d9b75abb4cbe8f3a98cf7ee2ec6f4669a4d89
firefox-3.6.4-8.el5.x86_64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 9050ed9a37fa6186fb0df152ecd06e81
SHA-256: 99ba17bc9d41c094295b0824b85fc8408e843f32b2ffcaf188d27c4615cf3b13
gnome-python2-extras-2.14.2-7.el5.x86_64.rpm     MD5: bc6969bc858ba41267e8c2006a5388d1
SHA-256: a1cc44a551ffee46a6665f24533941bfedb55ab077c3acfcf8cb96f273a6352e
gnome-python2-gtkhtml2-2.14.2-7.el5.x86_64.rpm     MD5: 455072880f6e248f94393e05b55c884c
SHA-256: fb01a996d6fdcd0334ff8e1a7ef18501fddb37ae8b5d4a977557a6c887080735
gnome-python2-gtkmozembed-2.14.2-7.el5.x86_64.rpm     MD5: 720368615878786d7a271d5d87df3fe6
SHA-256: ae06d4e4e4b0809bb116f81e054d0c8bcfe2f315b70e5d510a1796c68396c44b
gnome-python2-gtkspell-2.14.2-7.el5.x86_64.rpm     MD5: 6cae6a701d311057bbb8d25a05a2a250
SHA-256: b7d3f2bccf7fd0ca07828a1718fe8131f02bbd3d39d074df997df60bf7a8008e
gnome-python2-libegg-2.14.2-7.el5.x86_64.rpm     MD5: 05006c0d097972afd9aa62205f31461a
SHA-256: fb6eebbf87094d423d0ae40fa44553ad96877103c5507445708ceaf953277c2e
totem-2.16.7-7.el5.i386.rpm
File outdated by:  RHBA-2011:0215		     MD5: fcc995b4401c30584c27f387051abca2
SHA-256: 2645a668d741ce34c579ec6970252f1f0d6424d9b349ffcf0d8568684ea16276
totem-2.16.7-7.el5.x86_64.rpm
File outdated by:  RHBA-2011:0215		     MD5: 3a63ffde2ad4f2756be81152eee62050
SHA-256: adc3b33fd560b7e1850d33b280577df18bfda6f92077c0d7f3ee2d2455b17a16
totem-devel-2.16.7-7.el5.i386.rpm
File outdated by:  RHBA-2011:0215		     MD5: d56c42ed523e837dd0d61eab0f64823c
SHA-256: 62540eed720402b8a6e03d358b6a4feb9eebf7c3d6f993f445a92d8255ff5c2c
totem-devel-2.16.7-7.el5.x86_64.rpm
File outdated by:  RHBA-2011:0215		     MD5: 981e1284b5e9a092e8bf4d5b89fe9155
SHA-256: dde4c4e164b64ca4c76df7705b2628c35e8966d5dedc4dec0865a1603b27adae
totem-mozplugin-2.16.7-7.el5.x86_64.rpm
File outdated by:  RHBA-2011:0215		     MD5: 3e13c1cd6d9561e9eff756c72442e5c8
SHA-256: 41e1b8bc3f1b74f16a929d20814e046f9bf691885cf8084f41d44ac5bcb703eb
xulrunner-1.9.2.4-10.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 8e12bbb227c862740072f1a2984c95de
SHA-256: 0a886ce31caa6d26fb7605e18826ed14eb8f49e19c2b75d9e1990ddb5a533be3
xulrunner-1.9.2.4-10.el5.x86_64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 591a3f6ee74d07d6e6743e70bdfab014
SHA-256: 9477c699ff44765a50b79f31cb9d0ea4d628055f3b0bbc7feb929980fc15e92b
xulrunner-devel-1.9.2.4-10.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 9d1a8456b0305153f87afc1700088991
SHA-256: e739b51e7e1d5477101e13cf2eb0132d48b2ad7e8db78826db51884826dfd62e
xulrunner-devel-1.9.2.4-10.el5.x86_64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 9486f41492c4d086da5a31dc607c8ef9
SHA-256: c108c0098b63147260bc00fa5b14b55fc1db358a16a705590cd3e78277e4d3e7
yelp-2.16.0-26.el5.x86_64.rpm
File outdated by:  RHSA-2013:0271		     MD5: 6aaa061d61c56c846d2ac8c75d94d149
SHA-256: 244609961f2f6a41956bd0f1e50eecbd5534212b7bc8ddbff06c9126dbae1037
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
devhelp-0.12-21.el5.src.rpm
File outdated by:  RHSA-2013:0271		     MD5: f11913dbbc18601bebebcb6debe91edb
SHA-256: 53f4eca753bc870f0921a5ae00ec66628ce2388a83589c65c51736e46ca75e88
esc-1.1.0-12.el5.src.rpm
File outdated by:  RHBA-2013:0734		     MD5: 5567648aa83bc0834e3ad515cf17c9f5
SHA-256: 5d2f24fba1b63c20abd6185b922a4e8af80d30ae33b98c68d183489341f00488
firefox-3.6.4-8.el5.src.rpm
File outdated by:  RHSA-2013:0820		     MD5: 4c10675b4ea0ce42328278524166b148
SHA-256: 012bdb25f9fdc5e1ce0d7ec4b86c24e3906f2209b25e223d5b5c5b050e912dca
gnome-python2-extras-2.14.2-7.el5.src.rpm     MD5: f7f26ca864a5074761d8a44df8f48c1b
SHA-256: 181982828fd0c014ee0479b4204136ff41defef86516daaf4626f6e75a95f804
totem-2.16.7-7.el5.src.rpm
File outdated by:  RHBA-2011:0215		     MD5: cfd0b30aee7e3d423851fcebe9a399b2
SHA-256: c5911b61bc257473465d9b8b33d8dbc43b883f551ebb61a2d969717c759ca31a
xulrunner-1.9.2.4-10.el5.src.rpm
File outdated by:  RHSA-2013:0820		     MD5: c03d627efa9df977e8c2523472e7e627
SHA-256: a7a26b36f6feeef23d148e29fff7d4f25690927d8c87b5c7cc77113712c846fe
yelp-2.16.0-26.el5.src.rpm
File outdated by:  RHSA-2013:0271		     MD5: 65d54c980629f8d4116d6854795b9c36
SHA-256: 0a1aa6497ab4b12fb3f2c8628e432151c458d3aaa4f530f710704fe07534c15b
 
IA-32:
devhelp-0.12-21.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: 4f35a1bd958059f0ee9a2f29cea87104
SHA-256: 8cf2811b99f189964dd9a334a63f75e508b819e68c044b95f0a7112270613df6
esc-1.1.0-12.el5.i386.rpm
File outdated by:  RHBA-2013:0734		     MD5: 6aacfe36a0cf957226e09e8b77db5535
SHA-256: bdc6ac39a91f4276e84121f2cf54f2dc36e219b6da1b4233aca54da9acc0a442
firefox-3.6.4-8.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: ef767449a3b417c23cf063aa70b8b4da
SHA-256: c0fbe4b189bb6b8d40924837327d9b75abb4cbe8f3a98cf7ee2ec6f4669a4d89
gnome-python2-extras-2.14.2-7.el5.i386.rpm     MD5: 4b88b63bc343f1c419c4cfbecf0a07e0
SHA-256: 309c548c2d1508fa1e05441224046751e0f73e1570a16715c81e3bdf08f1ec1a
gnome-python2-gtkhtml2-2.14.2-7.el5.i386.rpm     MD5: f1f045d397de30befea230297925568e
SHA-256: 0d116ecde2ac29106dc7ae5ebea72f64750e369c13e90d724839c24765cc062c
gnome-python2-gtkmozembed-2.14.2-7.el5.i386.rpm     MD5: d3b37bdf7ee6d8362220b13b2211da7c
SHA-256: 848409ea3dab45cf159306e06bb9f5d0be5822b12f07ba20e4c901b41642f465
gnome-python2-gtkspell-2.14.2-7.el5.i386.rpm     MD5: 58b2ca7bc26bcbdef1c3d547053e6bc4
SHA-256: 13a7af508fb085c76fed3be021816557ab0877aa29cbccf45660dd2cf7d1464f
gnome-python2-libegg-2.14.2-7.el5.i386.rpm     MD5: 38cc981bdc5c1d33739d04e9aa8b7055
SHA-256: b2f5e645dd98ed67d018fc82727090bd495f9328eae5da85bc75f4dc91a38562
totem-2.16.7-7.el5.i386.rpm
File outdated by:  RHBA-2011:0215		     MD5: fcc995b4401c30584c27f387051abca2
SHA-256: 2645a668d741ce34c579ec6970252f1f0d6424d9b349ffcf0d8568684ea16276
totem-mozplugin-2.16.7-7.el5.i386.rpm
File outdated by:  RHBA-2011:0215		     MD5: e002cdd13571d5661ddb7adbb7b15e2e
SHA-256: f3690ce138c1f0340c643db95b34fd7db009715d1fc483cff9a98d9265d4ab61
xulrunner-1.9.2.4-10.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 8e12bbb227c862740072f1a2984c95de
SHA-256: 0a886ce31caa6d26fb7605e18826ed14eb8f49e19c2b75d9e1990ddb5a533be3
xulrunner-devel-1.9.2.4-10.el5.i386.rpm
File outdated by:  RHSA-2010:0547		     MD5: 9d1a8456b0305153f87afc1700088991
SHA-256: e739b51e7e1d5477101e13cf2eb0132d48b2ad7e8db78826db51884826dfd62e
yelp-2.16.0-26.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: e84c935abad8e96c71fa5b595b554a86
SHA-256: 860abe7aa39edd346c7b25571c9888eea809f44a09e4363ab3c0a84bbb2cd4ff
 
x86_64:
devhelp-0.12-21.el5.i386.rpm
File outdated by:  RHSA-2013:0271		     MD5: 4f35a1bd958059f0ee9a2f29cea87104
SHA-256: 8cf2811b99f189964dd9a334a63f75e508b819e68c044b95f0a7112270613df6
devhelp-0.12-21.el5.x86_64.rpm
File outdated by:  RHSA-2013:0271		     MD5: e576afab22ef20e13f4534f966bf4137
SHA-256: 127ca64a97c91d718b80efe709f867383b0d22fbb039c4a5db62dd9c70b9c4e6
esc-1.1.0-12.el5.x86_64.rpm
File outdated by:  RHBA-2013:0734		     MD5: fd030a5d9a24cbbaf0bef4dd82479d36
SHA-256: 3fdcfece609cd7b35eac2b2e1f15233a2edc43a1ff0c6020d07769cb098a1d19
firefox-3.6.4-8.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: ef767449a3b417c23cf063aa70b8b4da
SHA-256: c0fbe4b189bb6b8d40924837327d9b75abb4cbe8f3a98cf7ee2ec6f4669a4d89
firefox-3.6.4-8.el5.x86_64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 9050ed9a37fa6186fb0df152ecd06e81
SHA-256: 99ba17bc9d41c094295b0824b85fc8408e843f32b2ffcaf188d27c4615cf3b13
gnome-python2-extras-2.14.2-7.el5.x86_64.rpm     MD5: bc6969bc858ba41267e8c2006a5388d1
SHA-256: a1cc44a551ffee46a6665f24533941bfedb55ab077c3acfcf8cb96f273a6352e
gnome-python2-gtkhtml2-2.14.2-7.el5.x86_64.rpm     MD5: 455072880f6e248f94393e05b55c884c
SHA-256: fb01a996d6fdcd0334ff8e1a7ef18501fddb37ae8b5d4a977557a6c887080735
gnome-python2-gtkmozembed-2.14.2-7.el5.x86_64.rpm     MD5: 720368615878786d7a271d5d87df3fe6
SHA-256: ae06d4e4e4b0809bb116f81e054d0c8bcfe2f315b70e5d510a1796c68396c44b
gnome-python2-gtkspell-2.14.2-7.el5.x86_64.rpm     MD5: 6cae6a701d311057bbb8d25a05a2a250
SHA-256: b7d3f2bccf7fd0ca07828a1718fe8131f02bbd3d39d074df997df60bf7a8008e
gnome-python2-libegg-2.14.2-7.el5.x86_64.rpm     MD5: 05006c0d097972afd9aa62205f31461a
SHA-256: fb6eebbf87094d423d0ae40fa44553ad96877103c5507445708ceaf953277c2e
totem-2.16.7-7.el5.i386.rpm
File outdated by:  RHBA-2011:0215		     MD5: fcc995b4401c30584c27f387051abca2
SHA-256: 2645a668d741ce34c579ec6970252f1f0d6424d9b349ffcf0d8568684ea16276
totem-2.16.7-7.el5.x86_64.rpm
File outdated by:  RHBA-2011:0215		     MD5: 3a63ffde2ad4f2756be81152eee62050
SHA-256: adc3b33fd560b7e1850d33b280577df18bfda6f92077c0d7f3ee2d2455b17a16
totem-mozplugin-2.16.7-7.el5.x86_64.rpm
File outdated by:  RHBA-2011:0215		     MD5: 3e13c1cd6d9561e9eff756c72442e5c8
SHA-256: 41e1b8bc3f1b74f16a929d20814e046f9bf691885cf8084f41d44ac5bcb703eb
xulrunner-1.9.2.4-10.el5.i386.rpm
File outdated by:  RHSA-2013:0820		     MD5: 8e12bbb227c862740072f1a2984c95de
SHA-256: 0a886ce31caa6d26fb7605e18826ed14eb8f49e19c2b75d9e1990ddb5a533be3
xulrunner-1.9.2.4-10.el5.x86_64.rpm
File outdated by:  RHSA-2013:0820		     MD5: 591a3f6ee74d07d6e6743e70bdfab014
SHA-256: 9477c699ff44765a50b79f31cb9d0ea4d628055f3b0bbc7feb929980fc15e92b
yelp-2.16.0-26.el5.x86_64.rpm
File outdated by:  RHSA-2013:0271		     MD5: 6aaa061d61c56c846d2ac8c75d94d149
SHA-256: 244609961f2f6a41956bd0f1e50eecbd5534212b7bc8ddbff06c9126dbae1037
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

480938 - CVE-2008-5913 mozilla: in-session phishing attack
577029 - CVE-2010-1121 firefox: arbitrary code execution via memory corruption
577584 - CVE-2010-1125 firefox: keystrokes sent to hidden frame rather than visible frame due to javascript flaw
586580 - CVE-2010-0182 mozilla: XMLDocument::load() doesn't check nsIContentPolicy (MFSA 2010-24)
590804 - CVE-2010-1200 Mozilla Crashes with evidence of memory corruption
590810 - CVE-2010-1202 Mozilla Crashes with evidence of memory corruption
590816 - CVE-2010-1203 Mozilla Crashes with evidence of memory corruption
590828 - CVE-2010-1198 Mozilla Freed object reuse across plugin instances
590830 - CVE-2010-1196 Mozilla Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
590833 - CVE-2010-1199 Mozilla Integer Overflow in XSLT Node Sorting
590850 - CVE-2010-1197 Mozilla Content-Disposition: attachment ignored if Content-Type: multipart also present


References

https://www.redhat.com/security/data/cve/CVE-2008-5913.html
https://www.redhat.com/security/data/cve/CVE-2009-5017.html
https://www.redhat.com/security/data/cve/CVE-2010-0182.html
https://www.redhat.com/security/data/cve/CVE-2010-1121.html
https://www.redhat.com/security/data/cve/CVE-2010-1125.html
https://www.redhat.com/security/data/cve/CVE-2010-1196.html
https://www.redhat.com/security/data/cve/CVE-2010-1197.html
https://www.redhat.com/security/data/cve/CVE-2010-1198.html
https://www.redhat.com/security/data/cve/CVE-2010-1199.html
https://www.redhat.com/security/data/cve/CVE-2010-1200.html
https://www.redhat.com/security/data/cve/CVE-2010-1202.html
https://www.redhat.com/security/data/cve/CVE-2010-1203.html
http://www.redhat.com/security/updates/classification/#critical
http://mozilla.com/en-US/firefox/3.6.4/releasenotes/
http://mozilla.com/en-US/firefox/3.6/releasenotes/
http://mozilla.org/security/known-vulnerabilities/firefox35.html
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.4

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/