Skip to navigation

Security Advisory Critical: firefox security update

Advisory: RHSA-2009:0436-1
Type: Security Advisory
Severity: Critical
Issued on: 2009-04-21
Last updated on: 2009-04-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.7.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.7.z)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux Long Life (v. 5.3 server)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2009-0652
CVE-2009-1302
CVE-2009-1303
CVE-2009-1304
CVE-2009-1305
CVE-2009-1306
CVE-2009-1307
CVE-2009-1308
CVE-2009-1309
CVE-2009-1310
CVE-2009-1311
CVE-2009-1312

Details

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)

Several flaws were found in the way malformed web content was processed. A
web page containing malicious content could execute arbitrary JavaScript in
the context of the site, possibly presenting misleading data to a user, or
stealing sensitive information such as login credentials. (CVE-2009-0652,
CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310,
CVE-2009-1312)

A flaw was found in the way Firefox saved certain web pages to a local
file. If a user saved the inner frame of a web page containing POST data,
the POST data could be revealed to the inner frame, possibly surrendering
sensitive information such as login credentials. (CVE-2009-1311)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.0.9. You can find a link to the Mozilla advisories
in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.0.9, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
xulrunner-1.9.0.9-1.el5.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: 1d0b0fe7f0e5c5df0daa87b1da6aafa6
 
IA-32:
xulrunner-devel-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: e9b33e20fc9d2e0487558c7b26d2dafd
xulrunner-devel-unstable-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2010:0332
    MD5: 471a7ce2b2d5ea065fcbaf636c22022e
 
x86_64:
xulrunner-devel-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: e9b33e20fc9d2e0487558c7b26d2dafd
xulrunner-devel-1.9.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: f6b956e7de1a57f3e1b8e737eac2ad42
xulrunner-devel-unstable-1.9.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2010:0332
    MD5: 6bd3772f10da1009d948b32004bd9dd2
 
Red Hat Desktop (v. 4)

IA-32:
firefox-3.0.9-1.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 4c6aa6425e2d23d7445f3836baf442ce
 
x86_64:
firefox-3.0.9-1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 5ec95fe08f31896a2d7d4edb5f870b65
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
xulrunner-1.9.0.9-1.el5.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: 1d0b0fe7f0e5c5df0daa87b1da6aafa6
 
IA-32:
firefox-3.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 397f9f40c06235dd2516e9bc5cd6a7f9
xulrunner-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: c03216dc53bdbb829a960fb705cf1647
xulrunner-devel-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: e9b33e20fc9d2e0487558c7b26d2dafd
xulrunner-devel-unstable-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2010:0332
    MD5: 471a7ce2b2d5ea065fcbaf636c22022e
 
IA-64:
firefox-3.0.9-1.el5.ia64.rpm
File outdated by:  RHSA-2014:0310
    MD5: d2affcd12d86078a5eb14c5fde7f6ccf
xulrunner-1.9.0.9-1.el5.ia64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 359df362af2316a93a6bd368f59c9818
xulrunner-devel-1.9.0.9-1.el5.ia64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 3813bb8a129fc1730b1c6534c4d8c22a
xulrunner-devel-unstable-1.9.0.9-1.el5.ia64.rpm
File outdated by:  RHSA-2010:0332
    MD5: ce2b0b1eb7701284f7e2d62fa33be1d9
 
PPC:
firefox-3.0.9-1.el5.ppc.rpm
File outdated by:  RHSA-2014:0310
    MD5: 1a9aef164b19e70e256cb57a05a601a0
xulrunner-1.9.0.9-1.el5.ppc.rpm
File outdated by:  RHSA-2013:1476
    MD5: 205463f61fb0d36a1bf84b94f248e3fb
xulrunner-1.9.0.9-1.el5.ppc64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 5dde0d168e302cb2a5924cb4d5c3f0c7
xulrunner-devel-1.9.0.9-1.el5.ppc.rpm
File outdated by:  RHSA-2013:1476
    MD5: 8ccf1073aea72cd4122b9b114d16a410
xulrunner-devel-1.9.0.9-1.el5.ppc64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 992a9ddd6957e7c6bd321cece0be5c88
xulrunner-devel-unstable-1.9.0.9-1.el5.ppc.rpm
File outdated by:  RHSA-2010:0332
    MD5: 64a73c8ccf35230d79c999ab1deab1e0
 
s390x:
firefox-3.0.9-1.el5.s390.rpm
File outdated by:  RHSA-2014:0310
    MD5: fcb1b7937a8beda40723f29bda342757
firefox-3.0.9-1.el5.s390x.rpm
File outdated by:  RHSA-2014:0310
    MD5: 4931a5671d17b6a18b2c4f925d7d6d97
xulrunner-1.9.0.9-1.el5.s390.rpm
File outdated by:  RHSA-2013:1476
    MD5: a224b07e2f34b295fee75ebcb30a8f2f
xulrunner-1.9.0.9-1.el5.s390x.rpm
File outdated by:  RHSA-2013:1476
    MD5: bad49b4fbaca9ac8a9d1a61a153b6f16
xulrunner-devel-1.9.0.9-1.el5.s390.rpm
File outdated by:  RHSA-2013:1476
    MD5: c3710c3a417fa921f7164d8564479793
xulrunner-devel-1.9.0.9-1.el5.s390x.rpm
File outdated by:  RHSA-2013:1476
    MD5: bb4a6479ec1c58036905513dfae41a5b
xulrunner-devel-unstable-1.9.0.9-1.el5.s390x.rpm
File outdated by:  RHSA-2010:0332
    MD5: c9cc27cecd3f7efce03cded597fba127
 
x86_64:
firefox-3.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 397f9f40c06235dd2516e9bc5cd6a7f9
firefox-3.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 9b142d91aaacf06f9a8349853f2b6a87
xulrunner-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: c03216dc53bdbb829a960fb705cf1647
xulrunner-1.9.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: a498f2682e3aa0053f241b030edae3d2
xulrunner-devel-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: e9b33e20fc9d2e0487558c7b26d2dafd
xulrunner-devel-1.9.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: f6b956e7de1a57f3e1b8e737eac2ad42
xulrunner-devel-unstable-1.9.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2010:0332
    MD5: 6bd3772f10da1009d948b32004bd9dd2
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
firefox-3.0.9-1.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 4c6aa6425e2d23d7445f3836baf442ce
 
IA-64:
firefox-3.0.9-1.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 901b0179236d1606e3564fedbfb8c470
 
PPC:
firefox-3.0.9-1.el4.ppc.rpm
File outdated by:  RHSA-2012:0142
    MD5: 7a65c2172964d25ce12ed4049208aa5d
 
s390:
firefox-3.0.9-1.el4.s390.rpm
File outdated by:  RHSA-2012:0142
    MD5: 98f12aa1cede7c9a8021210c7ebe1d21
 
s390x:
firefox-3.0.9-1.el4.s390x.rpm
File outdated by:  RHSA-2012:0142
    MD5: 62820e38ff38cd43237595870bc72fd3
 
x86_64:
firefox-3.0.9-1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 5ec95fe08f31896a2d7d4edb5f870b65
 
Red Hat Enterprise Linux AS (v. 4.7.z)

IA-32:
firefox-3.0.9-1.el4.i386.rpm
File outdated by:  RHSA-2009:0449
    MD5: 4c6aa6425e2d23d7445f3836baf442ce
 
IA-64:
firefox-3.0.9-1.el4.ia64.rpm
File outdated by:  RHSA-2009:0449
    MD5: 901b0179236d1606e3564fedbfb8c470
 
PPC:
firefox-3.0.9-1.el4.ppc.rpm
File outdated by:  RHSA-2009:0449
    MD5: 7a65c2172964d25ce12ed4049208aa5d
 
s390:
firefox-3.0.9-1.el4.s390.rpm
File outdated by:  RHSA-2009:0449
    MD5: 98f12aa1cede7c9a8021210c7ebe1d21
 
s390x:
firefox-3.0.9-1.el4.s390x.rpm
File outdated by:  RHSA-2009:0449
    MD5: 62820e38ff38cd43237595870bc72fd3
 
x86_64:
firefox-3.0.9-1.el4.x86_64.rpm
File outdated by:  RHSA-2009:0449
    MD5: 5ec95fe08f31896a2d7d4edb5f870b65
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
xulrunner-1.9.0.9-1.el5.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: 1d0b0fe7f0e5c5df0daa87b1da6aafa6
 
IA-32:
firefox-3.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 397f9f40c06235dd2516e9bc5cd6a7f9
xulrunner-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: c03216dc53bdbb829a960fb705cf1647
 
x86_64:
firefox-3.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 397f9f40c06235dd2516e9bc5cd6a7f9
firefox-3.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 9b142d91aaacf06f9a8349853f2b6a87
xulrunner-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: c03216dc53bdbb829a960fb705cf1647
xulrunner-1.9.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: a498f2682e3aa0053f241b030edae3d2
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
firefox-3.0.9-1.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 4c6aa6425e2d23d7445f3836baf442ce
 
IA-64:
firefox-3.0.9-1.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 901b0179236d1606e3564fedbfb8c470
 
x86_64:
firefox-3.0.9-1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 5ec95fe08f31896a2d7d4edb5f870b65
 
Red Hat Enterprise Linux ES (v. 4.7.z)

IA-32:
firefox-3.0.9-1.el4.i386.rpm
File outdated by:  RHSA-2009:0449
    MD5: 4c6aa6425e2d23d7445f3836baf442ce
 
IA-64:
firefox-3.0.9-1.el4.ia64.rpm
File outdated by:  RHSA-2009:0449
    MD5: 901b0179236d1606e3564fedbfb8c470
 
x86_64:
firefox-3.0.9-1.el4.x86_64.rpm
File outdated by:  RHSA-2009:0449
    MD5: 5ec95fe08f31896a2d7d4edb5f870b65
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)

SRPMS:
xulrunner-1.9.0.9-1.el5.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: 1d0b0fe7f0e5c5df0daa87b1da6aafa6
 
IA-32:
firefox-3.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: 397f9f40c06235dd2516e9bc5cd6a7f9
xulrunner-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: c03216dc53bdbb829a960fb705cf1647
xulrunner-devel-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: e9b33e20fc9d2e0487558c7b26d2dafd
xulrunner-devel-unstable-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: 471a7ce2b2d5ea065fcbaf636c22022e
 
IA-64:
firefox-3.0.9-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: d2affcd12d86078a5eb14c5fde7f6ccf
xulrunner-1.9.0.9-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 359df362af2316a93a6bd368f59c9818
xulrunner-devel-1.9.0.9-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 3813bb8a129fc1730b1c6534c4d8c22a
xulrunner-devel-unstable-1.9.0.9-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: ce2b0b1eb7701284f7e2d62fa33be1d9
 
PPC:
firefox-3.0.9-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1162
    MD5: 1a9aef164b19e70e256cb57a05a601a0
xulrunner-1.9.0.9-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1162
    MD5: 205463f61fb0d36a1bf84b94f248e3fb
xulrunner-1.9.0.9-1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 5dde0d168e302cb2a5924cb4d5c3f0c7
xulrunner-devel-1.9.0.9-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1162
    MD5: 8ccf1073aea72cd4122b9b114d16a410
xulrunner-devel-1.9.0.9-1.el5.ppc64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 992a9ddd6957e7c6bd321cece0be5c88
xulrunner-devel-unstable-1.9.0.9-1.el5.ppc.rpm
File outdated by:  RHSA-2009:1162
    MD5: 64a73c8ccf35230d79c999ab1deab1e0
 
s390x:
firefox-3.0.9-1.el5.s390.rpm
File outdated by:  RHSA-2009:1162
    MD5: fcb1b7937a8beda40723f29bda342757
firefox-3.0.9-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1162
    MD5: 4931a5671d17b6a18b2c4f925d7d6d97
xulrunner-1.9.0.9-1.el5.s390.rpm
File outdated by:  RHSA-2009:1162
    MD5: a224b07e2f34b295fee75ebcb30a8f2f
xulrunner-1.9.0.9-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1162
    MD5: bad49b4fbaca9ac8a9d1a61a153b6f16
xulrunner-devel-1.9.0.9-1.el5.s390.rpm
File outdated by:  RHSA-2009:1162
    MD5: c3710c3a417fa921f7164d8564479793
xulrunner-devel-1.9.0.9-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1162
    MD5: bb4a6479ec1c58036905513dfae41a5b
xulrunner-devel-unstable-1.9.0.9-1.el5.s390x.rpm
File outdated by:  RHSA-2009:1162
    MD5: c9cc27cecd3f7efce03cded597fba127
 
x86_64:
firefox-3.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: 397f9f40c06235dd2516e9bc5cd6a7f9
firefox-3.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 9b142d91aaacf06f9a8349853f2b6a87
xulrunner-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: c03216dc53bdbb829a960fb705cf1647
xulrunner-1.9.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: a498f2682e3aa0053f241b030edae3d2
xulrunner-devel-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: e9b33e20fc9d2e0487558c7b26d2dafd
xulrunner-devel-1.9.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: f6b956e7de1a57f3e1b8e737eac2ad42
xulrunner-devel-unstable-1.9.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 6bd3772f10da1009d948b32004bd9dd2
 
Red Hat Enterprise Linux Long Life (v. 5.3 server)

SRPMS:
xulrunner-1.9.0.9-1.el5.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: 1d0b0fe7f0e5c5df0daa87b1da6aafa6
 
IA-32:
firefox-3.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: 397f9f40c06235dd2516e9bc5cd6a7f9
xulrunner-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: c03216dc53bdbb829a960fb705cf1647
xulrunner-devel-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: e9b33e20fc9d2e0487558c7b26d2dafd
xulrunner-devel-unstable-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: 471a7ce2b2d5ea065fcbaf636c22022e
 
IA-64:
firefox-3.0.9-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: d2affcd12d86078a5eb14c5fde7f6ccf
xulrunner-1.9.0.9-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 359df362af2316a93a6bd368f59c9818
xulrunner-devel-1.9.0.9-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 3813bb8a129fc1730b1c6534c4d8c22a
xulrunner-devel-unstable-1.9.0.9-1.el5.ia64.rpm
File outdated by:  RHSA-2009:1162
    MD5: ce2b0b1eb7701284f7e2d62fa33be1d9
 
x86_64:
firefox-3.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: 397f9f40c06235dd2516e9bc5cd6a7f9
firefox-3.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 9b142d91aaacf06f9a8349853f2b6a87
xulrunner-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: c03216dc53bdbb829a960fb705cf1647
xulrunner-1.9.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: a498f2682e3aa0053f241b030edae3d2
xulrunner-devel-1.9.0.9-1.el5.i386.rpm
File outdated by:  RHSA-2009:1162
    MD5: e9b33e20fc9d2e0487558c7b26d2dafd
xulrunner-devel-1.9.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: f6b956e7de1a57f3e1b8e737eac2ad42
xulrunner-devel-unstable-1.9.0.9-1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1162
    MD5: 6bd3772f10da1009d948b32004bd9dd2
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
firefox-3.0.9-1.el4.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: 4c6aa6425e2d23d7445f3836baf442ce
 
IA-64:
firefox-3.0.9-1.el4.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 901b0179236d1606e3564fedbfb8c470
 
x86_64:
firefox-3.0.9-1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 5ec95fe08f31896a2d7d4edb5f870b65
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

486704 - CVE-2009-0652 firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
496252 - CVE-2009-1302 Firefox 3 Layout engine crashes
496253 - CVE-2009-1303 Firefox 2 and 3 Layout engine crash
496255 - CVE-2009-1304 Firefox 3 JavaScript engine crashes
496256 - CVE-2009-1305 Firefox 2 and 3 JavaScript engine crash
496262 - CVE-2009-1306 Firefox jar: scheme ignores the content-disposition: header on the inner URI
496263 - CVE-2009-1307 Firefox Same-origin violations when Adobe Flash loaded via view-source: protocol
496266 - CVE-2009-1308 Firefox XSS hazard using third-party stylesheets and XBL bindings
496267 - CVE-2009-1309 Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
496270 - CVE-2009-1310 Firefox Malicious search plugins can inject code into arbitrary sites
496271 - CVE-2009-1311 Firefox POST data sent to wrong site when saving web page with embedded frame
496274 - CVE-2009-1312 Firefox allows Refresh header to redirect to javascript: URIs


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/