Skip to navigation

Security Advisory Critical: firefox security update

Advisory: RHSA-2010:0547-1
Type: Security Advisory
Severity: Critical
Issued on: 2010-07-20
Last updated on: 2010-07-20
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2010-0654
CVE-2010-1205
CVE-2010-1206
CVE-2010-1207
CVE-2010-1208
CVE-2010-1209
CVE-2010-1210
CVE-2010-1211
CVE-2010-1212
CVE-2010-1213
CVE-2010-1214
CVE-2010-1215
CVE-2010-2751
CVE-2010-2752
CVE-2010-2753
CVE-2010-2754

Details

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212,
CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753)

A memory corruption flaw was found in the way Firefox decoded certain PNG
images. An attacker could create a specially-crafted PNG image that, when
opened, could cause Firefox to crash or, potentially, execute arbitrary
code with the privileges of the user running Firefox. (CVE-2010-1205)

Several same-origin policy bypass flaws were found in Firefox. An attacker
could create a malicious web page that, when viewed by a victim, could
steal private data from a different website the victim has loaded with
Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754)

A flaw was found in the way Firefox presented the location bar to a user. A
malicious website could trick a user into thinking they are visiting the
site reported by the location bar, when the page is actually content
controlled by an attacker. (CVE-2010-1206)

A flaw was found in the way Firefox displayed the location bar when
visiting a secure web page. A malicious server could use this flaw to
present data that appears to originate from a secure server, even though it
does not. (CVE-2010-2751)

A flaw was found in the way Firefox displayed certain malformed characters.
A malicious web page could use this flaw to bypass certain string
sanitization methods, allowing it to display malicious information to
users. (CVE-2010-1210)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories
in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.7, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
xulrunner-1.9.2.7-2.el5.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: e4f12262deb5c52fede4e1a2823332fa
SHA-256: 50cf21f3f50e08a81b16a5752fb31ed13b18bedf432c3dc80c53d1ac492274e3
 
IA-32:
xulrunner-devel-1.9.2.7-2.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: fd46c9519dc5930b63d288829f98f448
SHA-256: 3aa1b4a7dcfc5d7528ebb75792c8ed9dbedfb1fa521f9845b5d1ffaa63e491bb
 
x86_64:
xulrunner-devel-1.9.2.7-2.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: fd46c9519dc5930b63d288829f98f448
SHA-256: 3aa1b4a7dcfc5d7528ebb75792c8ed9dbedfb1fa521f9845b5d1ffaa63e491bb
xulrunner-devel-1.9.2.7-2.el5.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 38df1aa793b3898196d9566597e6f86f
SHA-256: cc4d7e8c83f1a8f3f88650b7b21a5e3c66c6ce23e00ad3f1fbcf60365088a127
 
Red Hat Desktop (v. 4)

SRPMS:
firefox-3.6.7-2.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: fb590463386d24f2df53f125fc2884e4
SHA-256: af370f1f5af451cababca6592f72c87d77d3275083688a67528ef903ac6ae67c
 
IA-32:
firefox-3.6.7-2.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 38a23fa4d973c4dcd4106af3b9fd6424
SHA-256: 8832a67911b46d7534ff26a61bbb03b90a2cb5723371753d828bd9f202caf29f
 
x86_64:
firefox-3.6.7-2.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 53661b2ef8213b79d6c1b67bace3a959
SHA-256: 8e04929c405cd1d1e6dd558b422d084e3b766a0925a6582b04acfbf51fc62c6e
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
firefox-3.6.7-2.el5.src.rpm
File outdated by:  RHSA-2014:0310
    MD5: 51508932c86474e100753cefd8e97dde
SHA-256: d5ffe8a281302aac93e94f80b9b8452ba908bac31930719767ce873767203b84
xulrunner-1.9.2.7-2.el5.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: e4f12262deb5c52fede4e1a2823332fa
SHA-256: 50cf21f3f50e08a81b16a5752fb31ed13b18bedf432c3dc80c53d1ac492274e3
 
IA-32:
firefox-3.6.7-2.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 7006391c41d8f8c3c7ec8987a2d6aa6f
SHA-256: 9e71fb44ca00d276154550646af2ecdb670a0dcbca8d97ef95595a90ecb9cb8d
xulrunner-1.9.2.7-2.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: 8c58a18b600da81a1c36dc278e6b59eb
SHA-256: 111ac8dc175d8dd261a0042105a2d0d38548d668d53fded50cc28d69bc26ea8a
xulrunner-devel-1.9.2.7-2.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: fd46c9519dc5930b63d288829f98f448
SHA-256: 3aa1b4a7dcfc5d7528ebb75792c8ed9dbedfb1fa521f9845b5d1ffaa63e491bb
 
IA-64:
firefox-3.6.7-2.el5.ia64.rpm
File outdated by:  RHSA-2014:0310
    MD5: c89d20f911d4183bbc49251491bffdc2
SHA-256: b7b335784b2be9efee1e6f51c92bffd7ee55ed0a07cfc93fdc2dfc800805ea47
xulrunner-1.9.2.7-2.el5.ia64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 136e1febd01634df466061bdbfb8c13b
SHA-256: e2f5bad4e3a3932d6f13e14405dffc431fda03563af8eed2e6410eb8eee0c5e6
xulrunner-devel-1.9.2.7-2.el5.ia64.rpm
File outdated by:  RHSA-2013:1476
    MD5: b9eee366db3c9dd92d5319c07d86e8b2
SHA-256: 6f32f2fcf40b12d78aa264ff26a1506564bb7925994790e877d2ee90bfa30927
 
PPC:
firefox-3.6.7-2.el5.ppc.rpm
File outdated by:  RHSA-2014:0310
    MD5: e3fc23855bf3de31b55be6479819aaa7
SHA-256: aaf39c8958d35e1c072bda0c07d9ed7eab6d91eaa9159ada8d467f09a95029f2
xulrunner-1.9.2.7-2.el5.ppc.rpm
File outdated by:  RHSA-2013:1476
    MD5: 36ec5253e81b0b0f63a9f27289a7ff3e
SHA-256: 5d81847d0f7e6187417378bf6a807b1b3b0e02398a084beab021305f8c5d9512
xulrunner-1.9.2.7-2.el5.ppc64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 3d3bb413395b2cd9493c340e56cdbe5f
SHA-256: d687cfb8a5891f70096a7afba874cf139c1c68c586ba373b7f5705252f294498
xulrunner-devel-1.9.2.7-2.el5.ppc.rpm
File outdated by:  RHSA-2013:1476
    MD5: 249584c8f06bec189a95bf060136ed81
SHA-256: 54fc22c2d25a966cd0139bbd138378620e57efad98bbf7355cb5ac83f09df907
xulrunner-devel-1.9.2.7-2.el5.ppc64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 3131880337447aa7839569c96d913b37
SHA-256: 8a988c66689c48ac6f19ec238bf90ef2f2ef3b8431b4b0ad0c84b27cd0199e53
 
s390x:
firefox-3.6.7-2.el5.s390.rpm
File outdated by:  RHSA-2014:0310
    MD5: ddef3a02891f40589031b7f3eeae7911
SHA-256: bd0688cf652138281fece54a407caa7f3a48564c9b8a09f899e1969a303660d1
firefox-3.6.7-2.el5.s390x.rpm
File outdated by:  RHSA-2014:0310
    MD5: 2a78194914567e68e0a2b082dbffeae4
SHA-256: e896bbbe9f4e970cf27b1e8cc2f33bf5df3a22e31197de715e283a8037d5492f
xulrunner-1.9.2.7-2.el5.s390.rpm
File outdated by:  RHSA-2013:1476
    MD5: 4a296ba3dfd105bf10e41a879777a925
SHA-256: 42f098a7f3d62bd053f94a7dde021db993ac1dfa88136b0159c7c0e417c31207
xulrunner-1.9.2.7-2.el5.s390x.rpm
File outdated by:  RHSA-2013:1476
    MD5: b56004675575ef1347268fff6494ee74
SHA-256: 9979f5481dc8e154c32894a60d4e80fac0fd7bec3e2c5adb9775b78fec1863f3
xulrunner-devel-1.9.2.7-2.el5.s390.rpm
File outdated by:  RHSA-2013:1476
    MD5: bbdd428b6ace14ffd6e9a6cd5d2d9b9a
SHA-256: 084be61912e2d4312f4df1f5c9d85c505edfd17c21ba8ca1fc49835e25135ecf
xulrunner-devel-1.9.2.7-2.el5.s390x.rpm
File outdated by:  RHSA-2013:1476
    MD5: 1ed3c144e3ad327a672643487ea82448
SHA-256: 7fe08b73a7352d0efd72f0710f7f49919c890083bca88de2dbe7665b92929814
 
x86_64:
firefox-3.6.7-2.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 7006391c41d8f8c3c7ec8987a2d6aa6f
SHA-256: 9e71fb44ca00d276154550646af2ecdb670a0dcbca8d97ef95595a90ecb9cb8d
firefox-3.6.7-2.el5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: dde2994173b14dd29d824119a142f4b1
SHA-256: 48ff37108ef44a8dd80a870bcf1175dcf86939dd986faf3d5a4616b93b4a5aac
xulrunner-1.9.2.7-2.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: 8c58a18b600da81a1c36dc278e6b59eb
SHA-256: 111ac8dc175d8dd261a0042105a2d0d38548d668d53fded50cc28d69bc26ea8a
xulrunner-1.9.2.7-2.el5.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 0ee675fc708eae1eca4ec95085f9e825
SHA-256: 0b083686d569ae1100e46d9173afd561b27b1cdff2e8f4bd672edcaae547230d
xulrunner-devel-1.9.2.7-2.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: fd46c9519dc5930b63d288829f98f448
SHA-256: 3aa1b4a7dcfc5d7528ebb75792c8ed9dbedfb1fa521f9845b5d1ffaa63e491bb
xulrunner-devel-1.9.2.7-2.el5.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 38df1aa793b3898196d9566597e6f86f
SHA-256: cc4d7e8c83f1a8f3f88650b7b21a5e3c66c6ce23e00ad3f1fbcf60365088a127
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
firefox-3.6.7-2.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: fb590463386d24f2df53f125fc2884e4
SHA-256: af370f1f5af451cababca6592f72c87d77d3275083688a67528ef903ac6ae67c
 
IA-32:
firefox-3.6.7-2.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 38a23fa4d973c4dcd4106af3b9fd6424
SHA-256: 8832a67911b46d7534ff26a61bbb03b90a2cb5723371753d828bd9f202caf29f
 
IA-64:
firefox-3.6.7-2.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6fd1f03a38450969cdcb81fb521a4120
SHA-256: 11f03acebd414a353db198d5e392c6cd27e9b561599ea2c9bc08e60d3222c677
 
PPC:
firefox-3.6.7-2.el4.ppc.rpm
File outdated by:  RHSA-2012:0142
    MD5: 12e810fdd847c735325697f5909af178
SHA-256: 03f17d2d0d35e87a20d9937b697a9f1242455fa2304011a3fc72bd24f6c0fd45
 
s390:
firefox-3.6.7-2.el4.s390.rpm
File outdated by:  RHSA-2012:0142
    MD5: e3abfc9596384986bc9be965ee525e62
SHA-256: 80134a77d6922b0ac1304ea9e9e60d0ba8f0ff8beed89f9bf7765068550776fa
 
s390x:
firefox-3.6.7-2.el4.s390x.rpm
File outdated by:  RHSA-2012:0142
    MD5: 0d6eb3abd390118f7726029a04582b89
SHA-256: 06320a71840e48b4276ad37946f35f1ca20462e2b2e9db2595389d2376b5b3a2
 
x86_64:
firefox-3.6.7-2.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 53661b2ef8213b79d6c1b67bace3a959
SHA-256: 8e04929c405cd1d1e6dd558b422d084e3b766a0925a6582b04acfbf51fc62c6e
 
Red Hat Enterprise Linux AS (v. 4.8.z)

SRPMS:
firefox-3.6.7-2.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: fb590463386d24f2df53f125fc2884e4
SHA-256: af370f1f5af451cababca6592f72c87d77d3275083688a67528ef903ac6ae67c
 
IA-32:
firefox-3.6.7-2.el4.i386.rpm
File outdated by:  RHSA-2011:0885
    MD5: 38a23fa4d973c4dcd4106af3b9fd6424
SHA-256: 8832a67911b46d7534ff26a61bbb03b90a2cb5723371753d828bd9f202caf29f
 
IA-64:
firefox-3.6.7-2.el4.ia64.rpm
File outdated by:  RHSA-2011:0885
    MD5: 6fd1f03a38450969cdcb81fb521a4120
SHA-256: 11f03acebd414a353db198d5e392c6cd27e9b561599ea2c9bc08e60d3222c677
 
PPC:
firefox-3.6.7-2.el4.ppc.rpm
File outdated by:  RHSA-2011:0885
    MD5: 12e810fdd847c735325697f5909af178
SHA-256: 03f17d2d0d35e87a20d9937b697a9f1242455fa2304011a3fc72bd24f6c0fd45
 
s390:
firefox-3.6.7-2.el4.s390.rpm
File outdated by:  RHSA-2011:0885
    MD5: e3abfc9596384986bc9be965ee525e62
SHA-256: 80134a77d6922b0ac1304ea9e9e60d0ba8f0ff8beed89f9bf7765068550776fa
 
s390x:
firefox-3.6.7-2.el4.s390x.rpm
File outdated by:  RHSA-2011:0885
    MD5: 0d6eb3abd390118f7726029a04582b89
SHA-256: 06320a71840e48b4276ad37946f35f1ca20462e2b2e9db2595389d2376b5b3a2
 
x86_64:
firefox-3.6.7-2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0885
    MD5: 53661b2ef8213b79d6c1b67bace3a959
SHA-256: 8e04929c405cd1d1e6dd558b422d084e3b766a0925a6582b04acfbf51fc62c6e
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
firefox-3.6.7-2.el5.src.rpm
File outdated by:  RHSA-2014:0310
    MD5: 51508932c86474e100753cefd8e97dde
SHA-256: d5ffe8a281302aac93e94f80b9b8452ba908bac31930719767ce873767203b84
xulrunner-1.9.2.7-2.el5.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: e4f12262deb5c52fede4e1a2823332fa
SHA-256: 50cf21f3f50e08a81b16a5752fb31ed13b18bedf432c3dc80c53d1ac492274e3
 
IA-32:
firefox-3.6.7-2.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 7006391c41d8f8c3c7ec8987a2d6aa6f
SHA-256: 9e71fb44ca00d276154550646af2ecdb670a0dcbca8d97ef95595a90ecb9cb8d
xulrunner-1.9.2.7-2.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: 8c58a18b600da81a1c36dc278e6b59eb
SHA-256: 111ac8dc175d8dd261a0042105a2d0d38548d668d53fded50cc28d69bc26ea8a
xulrunner-devel-1.9.2.7-2.el5.i386.rpm     MD5: fd46c9519dc5930b63d288829f98f448
SHA-256: 3aa1b4a7dcfc5d7528ebb75792c8ed9dbedfb1fa521f9845b5d1ffaa63e491bb
 
x86_64:
firefox-3.6.7-2.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 7006391c41d8f8c3c7ec8987a2d6aa6f
SHA-256: 9e71fb44ca00d276154550646af2ecdb670a0dcbca8d97ef95595a90ecb9cb8d
firefox-3.6.7-2.el5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: dde2994173b14dd29d824119a142f4b1
SHA-256: 48ff37108ef44a8dd80a870bcf1175dcf86939dd986faf3d5a4616b93b4a5aac
xulrunner-1.9.2.7-2.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: 8c58a18b600da81a1c36dc278e6b59eb
SHA-256: 111ac8dc175d8dd261a0042105a2d0d38548d668d53fded50cc28d69bc26ea8a
xulrunner-1.9.2.7-2.el5.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 0ee675fc708eae1eca4ec95085f9e825
SHA-256: 0b083686d569ae1100e46d9173afd561b27b1cdff2e8f4bd672edcaae547230d
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
firefox-3.6.7-2.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: fb590463386d24f2df53f125fc2884e4
SHA-256: af370f1f5af451cababca6592f72c87d77d3275083688a67528ef903ac6ae67c
 
IA-32:
firefox-3.6.7-2.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 38a23fa4d973c4dcd4106af3b9fd6424
SHA-256: 8832a67911b46d7534ff26a61bbb03b90a2cb5723371753d828bd9f202caf29f
 
IA-64:
firefox-3.6.7-2.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6fd1f03a38450969cdcb81fb521a4120
SHA-256: 11f03acebd414a353db198d5e392c6cd27e9b561599ea2c9bc08e60d3222c677
 
x86_64:
firefox-3.6.7-2.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 53661b2ef8213b79d6c1b67bace3a959
SHA-256: 8e04929c405cd1d1e6dd558b422d084e3b766a0925a6582b04acfbf51fc62c6e
 
Red Hat Enterprise Linux ES (v. 4.8.z)

SRPMS:
firefox-3.6.7-2.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: fb590463386d24f2df53f125fc2884e4
SHA-256: af370f1f5af451cababca6592f72c87d77d3275083688a67528ef903ac6ae67c
 
IA-32:
firefox-3.6.7-2.el4.i386.rpm
File outdated by:  RHSA-2011:0885
    MD5: 38a23fa4d973c4dcd4106af3b9fd6424
SHA-256: 8832a67911b46d7534ff26a61bbb03b90a2cb5723371753d828bd9f202caf29f
 
IA-64:
firefox-3.6.7-2.el4.ia64.rpm
File outdated by:  RHSA-2011:0885
    MD5: 6fd1f03a38450969cdcb81fb521a4120
SHA-256: 11f03acebd414a353db198d5e392c6cd27e9b561599ea2c9bc08e60d3222c677
 
x86_64:
firefox-3.6.7-2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0885
    MD5: 53661b2ef8213b79d6c1b67bace3a959
SHA-256: 8e04929c405cd1d1e6dd558b422d084e3b766a0925a6582b04acfbf51fc62c6e
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
firefox-3.6.7-2.el4.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: fb590463386d24f2df53f125fc2884e4
SHA-256: af370f1f5af451cababca6592f72c87d77d3275083688a67528ef903ac6ae67c
 
IA-32:
firefox-3.6.7-2.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 38a23fa4d973c4dcd4106af3b9fd6424
SHA-256: 8832a67911b46d7534ff26a61bbb03b90a2cb5723371753d828bd9f202caf29f
 
IA-64:
firefox-3.6.7-2.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6fd1f03a38450969cdcb81fb521a4120
SHA-256: 11f03acebd414a353db198d5e392c6cd27e9b561599ea2c9bc08e60d3222c677
 
x86_64:
firefox-3.6.7-2.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 53661b2ef8213b79d6c1b67bace3a959
SHA-256: 8e04929c405cd1d1e6dd558b422d084e3b766a0925a6582b04acfbf51fc62c6e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

568231 - CVE-2010-0654 firefox: cross-domain information disclosure
608238 - CVE-2010-1205 libpng: out-of-bounds memory write
608763 - CVE-2010-1206 Firefox: Spoofing attacks via vectors involving 'No Content' status code or via a windows.stop call
615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards
615456 - CVE-2010-1212 Mozilla miscellaneous memory safety hazards
615458 - CVE-2010-1208 Mozilla DOM attribute cloning remote code execution vulnerability
615459 - CVE-2010-1209 Mozilla Use-after-free error in NodeIterator
615462 - CVE-2010-1214 Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
615463 - CVE-2010-1215 Mozilla Arbitrary code execution using SJOW and fast native function
615464 - CVE-2010-2752 Mozilla nsCSSValue::Array index integer overflow
615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution vulnerability
615471 - CVE-2010-1213 Mozilla Cross-origin data disclosure via Web Workers and importScripts
615472 - CVE-2010-1207 Mozilla Same-origin bypass using canvas context
615474 - CVE-2010-1210 Mozilla Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
615480 - CVE-2010-2751 Mozilla SSL spoofing with history.back() and history.forward()
615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in error messages


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/