Skip to navigation

Security Advisory firefox security update

Advisory: RHSA-2005:336-03
Type: Security Advisory
Severity: Critical
Issued on: 2005-03-23
Last updated on: 2005-03-23
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-0399
CVE-2005-0401
CVE-2005-0402

Details

Updated firefox packages that fix various bugs are now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

A buffer overflow bug was found in the way Firefox processes GIF images. It
is possible for an attacker to create a specially crafted GIF image, which
when viewed by a victim will execute arbitrary code as the victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0399 to this issue.

A bug was found in the way Firefox processes XUL content. If a malicious
web page can trick a user into dragging an object, it is possible to load
malicious XUL content. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0401 to this issue.

A bug was found in the way Firefox bookmarks content to the sidebar. If a
user can be tricked into bookmarking a malicious web page into the sidebar
panel, that page could execute arbitrary programs. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0402 to this issue.

Users of Firefox are advised to upgrade to this updated package which
contains Firefox version 1.0.2 and is not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)

IA-32:
firefox-1.0.2-1.4.1.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 08057be5ef2e887f407eef14c3b871f2
 
x86_64:
firefox-1.0.2-1.4.1.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: f922c5283e24f14d0ac5128bb58f85d1
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
firefox-1.0.2-1.4.1.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 08057be5ef2e887f407eef14c3b871f2
 
IA-64:
firefox-1.0.2-1.4.1.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: d8006388e5625a9baf65fa0bd6a7fc16
 
PPC:
firefox-1.0.2-1.4.1.ppc.rpm
File outdated by:  RHSA-2012:0142
    MD5: 661a3b104b9a4e5ddd04dcd56113a365
 
s390:
firefox-1.0.2-1.4.1.s390.rpm
File outdated by:  RHSA-2012:0142
    MD5: 36441f3878cd58dd420c8ecb9774bb97
 
s390x:
firefox-1.0.2-1.4.1.s390x.rpm
File outdated by:  RHSA-2012:0142
    MD5: e2c20602640075d8f4424cb88fcf9145
 
x86_64:
firefox-1.0.2-1.4.1.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: f922c5283e24f14d0ac5128bb58f85d1
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
firefox-1.0.2-1.4.1.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 08057be5ef2e887f407eef14c3b871f2
 
IA-64:
firefox-1.0.2-1.4.1.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: d8006388e5625a9baf65fa0bd6a7fc16
 
x86_64:
firefox-1.0.2-1.4.1.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: f922c5283e24f14d0ac5128bb58f85d1
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
firefox-1.0.2-1.4.1.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 08057be5ef2e887f407eef14c3b871f2
 
IA-64:
firefox-1.0.2-1.4.1.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: d8006388e5625a9baf65fa0bd6a7fc16
 
x86_64:
firefox-1.0.2-1.4.1.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: f922c5283e24f14d0ac5128bb58f85d1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

150877 - CAN-2005-0399 firefox GIF buffer overflow
151153 - CAN-2005-0402 arbitrary code execution via sidebar
151714 - CAN-2005-0401 Drag and drop loading of privileged XUL


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/