Critical: firefox security update
| Advisory: | RHSA-2010:0556-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Critical |
| Issued on: | 2010-07-23 |
| Last updated on: | 2010-07-23 |
| Affected Products: | RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) |
| CVEs (cve.mitre.org): |
CVE-2010-2755 |
Details
Updated firefox and xulrunner packages that fix a security issue are now
available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
An invalid free flaw was found in Firefox's plugin handler. Malicious web
content could result in an invalid memory pointer being freed, causing Firefox
to crash or, potentially, execute arbitrary code with the privileges of the user
running the Firefox application. (CVE-2010-2755)
All Firefox users should upgrade to these updated packages, which contain a
backported patch that corrects this issue. After installing the update, Firefox
must be restarted for the changes to take effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Updated packages
| RHEL Desktop Workstation (v. 5 client) | |
| SRPMS: | |
| xulrunner-1.9.2.7-3.el5.src.rpm File outdated by: RHSA-2013:0820 |
MD5: 8b7f58bf43918f895db54af30c55d67f SHA-256: 4876544f61ecddb395f85746f95c7720d304d265c25c9fa28781732561505bd4 |
| IA-32: | |
| xulrunner-devel-1.9.2.7-3.el5.i386.rpm File outdated by: RHSA-2013:0820 |
MD5: 375f7f171e735be805d133cb15017724 SHA-256: aa030efd45087ed01d34eeb546b5cdbf5d7dc8f701e968318f7266365e4903e4 |
| x86_64: | |
| xulrunner-devel-1.9.2.7-3.el5.i386.rpm File outdated by: RHSA-2013:0820 |
MD5: 375f7f171e735be805d133cb15017724 SHA-256: aa030efd45087ed01d34eeb546b5cdbf5d7dc8f701e968318f7266365e4903e4 |
| xulrunner-devel-1.9.2.7-3.el5.x86_64.rpm File outdated by: RHSA-2013:0820 |
MD5: eaa02e800d11a5d51a9c227b4de5a5af SHA-256: e961238e9129bbd78edd34a6098d6b9df1d90cd5b281bc406feee354ba11f92f |
| Red Hat Enterprise Linux (v. 5 server) | |
| SRPMS: | |
| firefox-3.6.7-3.el5.src.rpm File outdated by: RHSA-2013:0820 |
MD5: a893f4d2839e633627368b55041f2d3e SHA-256: ea5177d5f7dac46131a596cd7839340311d6c8111314ee977e5a325575d6969b |
| xulrunner-1.9.2.7-3.el5.src.rpm File outdated by: RHSA-2013:0820 |
MD5: 8b7f58bf43918f895db54af30c55d67f SHA-256: 4876544f61ecddb395f85746f95c7720d304d265c25c9fa28781732561505bd4 |
| IA-32: | |
| firefox-3.6.7-3.el5.i386.rpm File outdated by: RHSA-2013:0820 |
MD5: 56e3eab27344bd354efb3e9b65047ebc SHA-256: 6545595a08785384c2918788ee1afd2f957bda428b5014ba71fe530e6090f34b |
| xulrunner-1.9.2.7-3.el5.i386.rpm File outdated by: RHSA-2013:0820 |
MD5: a0a7c16d74c3831ccf6d3b3886220b71 SHA-256: 85a11fcf2681a0a9a07ffcc592f761c3ea1b773862c3517bee2d93496c3f1ec2 |
| xulrunner-devel-1.9.2.7-3.el5.i386.rpm File outdated by: RHSA-2013:0820 |
MD5: 375f7f171e735be805d133cb15017724 SHA-256: aa030efd45087ed01d34eeb546b5cdbf5d7dc8f701e968318f7266365e4903e4 |
| IA-64: | |
| firefox-3.6.7-3.el5.ia64.rpm File outdated by: RHSA-2013:0820 |
MD5: 994b7fc8c06e8b1bf1463f0dd3d76f22 SHA-256: 564842d0ca07f2a88b88a29ede44fab90d3b87981358d04a33db2bc33d7a629a |
| xulrunner-1.9.2.7-3.el5.ia64.rpm File outdated by: RHSA-2013:0820 |
MD5: c90fc03d96f100636f9cdfb92706e6e3 SHA-256: 7baacb67eaa9cab3ed7d6ec34eeb695342143b50f2cf98963bbf564280d7d492 |
| xulrunner-devel-1.9.2.7-3.el5.ia64.rpm File outdated by: RHSA-2013:0820 |
MD5: 2b8c2658ba9198ceb0a9fb4387a6c025 SHA-256: aff1c50e0110ade1640959992b53decae54611dac057e036cff596dd17460b26 |
| PPC: | |
| firefox-3.6.7-3.el5.ppc.rpm File outdated by: RHSA-2013:0820 |
MD5: 95d5c8b963f3ca3383ee48122058fb48 SHA-256: a8aca6956c785ed01d4272090c1fda6cbb4e0081de02958027c16b4249c0a728 |
| xulrunner-1.9.2.7-3.el5.ppc.rpm File outdated by: RHSA-2013:0820 |
MD5: 35e5e56c6a2ebe1df479beee6402d7af SHA-256: e464f9e1fc65d48804252c3add5d2dfce3240533639f818d30c94986310bfd77 |
| xulrunner-1.9.2.7-3.el5.ppc64.rpm File outdated by: RHSA-2013:0820 |
MD5: 76fad5ccf7e7ab5b446fc50aedefc024 SHA-256: 1554afdd0feacbdfe60e0df7f5d9a9a7d2f327a0c9f699be0a7fd16ce87617c8 |
| xulrunner-devel-1.9.2.7-3.el5.ppc.rpm File outdated by: RHSA-2013:0820 |
MD5: 88d9208e1cd6a1b141d03caa65005592 SHA-256: 8f20ef0414e3e1bb73051456ff7d809b6d81cff3ec8970cd34ea5e599ea964e3 |
| xulrunner-devel-1.9.2.7-3.el5.ppc64.rpm File outdated by: RHSA-2013:0820 |
MD5: 45b5f00870b18ab5467a9d0ec9bb5a10 SHA-256: 94f583122862eb11568a909eb9eed96bfafc1715621fc1651d0c9416851ab49d |
| s390x: | |
| firefox-3.6.7-3.el5.s390.rpm File outdated by: RHSA-2013:0820 |
MD5: 48ae375a61ce107d1210757d03ebed96 SHA-256: ed67da57a7fd8f15a4a2e41a77b0d6dfbd3818b495fa4670a227bd9689cfe4e4 |
| firefox-3.6.7-3.el5.s390x.rpm File outdated by: RHSA-2013:0820 |
MD5: 3718d4155a24161d71def6101ce8dce5 SHA-256: 8f949dbca84c9e297e0b130ad911674247d5d2f8cf9d0c42db280b6f887a064e |
| xulrunner-1.9.2.7-3.el5.s390.rpm File outdated by: RHSA-2013:0820 |
MD5: 635083f0684cc45a31f6360a31cafeaf SHA-256: 3d4adf262844cb0479144033dc44252c972b9cdf0a8e459a4a050416d9eba0f9 |
| xulrunner-1.9.2.7-3.el5.s390x.rpm File outdated by: RHSA-2013:0820 |
MD5: ad3c46b14a160cba0ab6e63bb7379f89 SHA-256: 46832c45c8ecbf28f7d10f88deac2a3d8ac6fe22f5922cdcc3218d191b11dd71 |
| xulrunner-devel-1.9.2.7-3.el5.s390.rpm File outdated by: RHSA-2013:0820 |
MD5: f7f7f02a72633682bebaf44c0f3ac073 SHA-256: e0bc58faececa2c9b342a217a18bae1a1711e0688b651617dbd034ebd77cb9d5 |
| xulrunner-devel-1.9.2.7-3.el5.s390x.rpm File outdated by: RHSA-2013:0820 |
MD5: dbfc62755a320e891316fbd0c6e9a447 SHA-256: 628418596ab7a954aba208d74720ad8a0f8cc482dbbb1a148fcfff29b8f7c74d |
| x86_64: | |
| firefox-3.6.7-3.el5.i386.rpm File outdated by: RHSA-2013:0820 |
MD5: 56e3eab27344bd354efb3e9b65047ebc SHA-256: 6545595a08785384c2918788ee1afd2f957bda428b5014ba71fe530e6090f34b |
| firefox-3.6.7-3.el5.x86_64.rpm File outdated by: RHSA-2013:0820 |
MD5: be1a32f6293169a58df1e19033773645 SHA-256: 083726c99cad290f17d967233a98dc1b69b38653ed189577c56262e47e88b9c3 |
| xulrunner-1.9.2.7-3.el5.i386.rpm File outdated by: RHSA-2013:0820 |
MD5: a0a7c16d74c3831ccf6d3b3886220b71 SHA-256: 85a11fcf2681a0a9a07ffcc592f761c3ea1b773862c3517bee2d93496c3f1ec2 |
| xulrunner-1.9.2.7-3.el5.x86_64.rpm File outdated by: RHSA-2013:0820 |
MD5: b26c703a255d5169c567c9e4c384c4cb SHA-256: 9f580886c05f6074d949dba01cc5bd4bbfda3f624aa255cffb63f456f1de0d1c |
| xulrunner-devel-1.9.2.7-3.el5.i386.rpm File outdated by: RHSA-2013:0820 |
MD5: 375f7f171e735be805d133cb15017724 SHA-256: aa030efd45087ed01d34eeb546b5cdbf5d7dc8f701e968318f7266365e4903e4 |
| xulrunner-devel-1.9.2.7-3.el5.x86_64.rpm File outdated by: RHSA-2013:0820 |
MD5: eaa02e800d11a5d51a9c227b4de5a5af SHA-256: e961238e9129bbd78edd34a6098d6b9df1d90cd5b281bc406feee354ba11f92f |
| Red Hat Enterprise Linux Desktop (v. 5 client) | |
| SRPMS: | |
| firefox-3.6.7-3.el5.src.rpm File outdated by: RHSA-2013:0820 |
MD5: a893f4d2839e633627368b55041f2d3e SHA-256: ea5177d5f7dac46131a596cd7839340311d6c8111314ee977e5a325575d6969b |
| xulrunner-1.9.2.7-3.el5.src.rpm File outdated by: RHSA-2013:0820 |
MD5: 8b7f58bf43918f895db54af30c55d67f SHA-256: 4876544f61ecddb395f85746f95c7720d304d265c25c9fa28781732561505bd4 |
| IA-32: | |
| firefox-3.6.7-3.el5.i386.rpm File outdated by: RHSA-2013:0820 |
MD5: 56e3eab27344bd354efb3e9b65047ebc SHA-256: 6545595a08785384c2918788ee1afd2f957bda428b5014ba71fe530e6090f34b |
| xulrunner-1.9.2.7-3.el5.i386.rpm File outdated by: RHSA-2013:0820 |
MD5: a0a7c16d74c3831ccf6d3b3886220b71 SHA-256: 85a11fcf2681a0a9a07ffcc592f761c3ea1b773862c3517bee2d93496c3f1ec2 |
| x86_64: | |
| firefox-3.6.7-3.el5.i386.rpm File outdated by: RHSA-2013:0820 |
MD5: 56e3eab27344bd354efb3e9b65047ebc SHA-256: 6545595a08785384c2918788ee1afd2f957bda428b5014ba71fe530e6090f34b |
| firefox-3.6.7-3.el5.x86_64.rpm File outdated by: RHSA-2013:0820 |
MD5: be1a32f6293169a58df1e19033773645 SHA-256: 083726c99cad290f17d967233a98dc1b69b38653ed189577c56262e47e88b9c3 |
| xulrunner-1.9.2.7-3.el5.i386.rpm File outdated by: RHSA-2013:0820 |
MD5: a0a7c16d74c3831ccf6d3b3886220b71 SHA-256: 85a11fcf2681a0a9a07ffcc592f761c3ea1b773862c3517bee2d93496c3f1ec2 |
| xulrunner-1.9.2.7-3.el5.x86_64.rpm File outdated by: RHSA-2013:0820 |
MD5: b26c703a255d5169c567c9e4c384c4cb SHA-256: 9f580886c05f6074d949dba01cc5bd4bbfda3f624aa255cffb63f456f1de0d1c |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
617657 - CVE-2010-2755 Mozilla arbitrary free flaw
References
https://www.redhat.com/security/data/cve/CVE-2010-2755.html
http://www.redhat.com/security/updates/classification/#critical
http://www.redhat.com/security/updates/classification/#critical
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
